From 0d0a02119dd53e0c8adf94afdce557fbeea70010 Mon Sep 17 00:00:00 2001 From: Watson Sato Date: Mon, 4 Mar 2024 16:22:46 +0100 Subject: [PATCH 1/2] Add container-platform SRG URI Update SRG CTR reference to a more specific URI. The application-servers is about Apache, JBoss and other server applications. --- ssg/build_yaml.py | 3 +++ ssg/constants.py | 1 + 2 files changed, 4 insertions(+) diff --git a/ssg/build_yaml.py b/ssg/build_yaml.py index b7aa28b627f..4feffdf9a4c 100644 --- a/ssg/build_yaml.py +++ b/ssg/build_yaml.py @@ -107,6 +107,9 @@ def add_reference_elements(element, references, ref_uri_dict): if ref_type == 'srg': if ref_val.startswith('SRG-OS-'): ref_href = ref_uri_dict['os-srg'] + elif re.match(r'SRG-APP-\d{5,}-CTR-\d{5,}', ref_val): + # The more specific case needs to come first, otherwise the generic SRG-APP will catch everything + ref_href = ref_uri_dict['app-srg-ctr'] elif ref_val.startswith('SRG-APP-'): ref_href = ref_uri_dict['app-srg'] else: diff --git a/ssg/constants.py b/ssg/constants.py index c4a31b54d9d..7f500d12142 100644 --- a/ssg/constants.py +++ b/ssg/constants.py @@ -34,6 +34,7 @@ 'stigid': 'https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux', 'os-srg': 'https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os', 'app-srg': 'https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers', + 'app-srg-ctr': 'https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=container-platform', 'stigref': 'https://public.cyber.mil/stigs/srg-stig-tools/', } From 543d2fc641b67eef8be98d2b16ca546e884d85bf Mon Sep 17 00:00:00 2001 From: Watson Sato Date: Mon, 4 Mar 2024 16:27:42 +0100 Subject: [PATCH 2/2] Ensure app-srg-ctr is include in product stability Run test_product_stability.py --update-reference-data and update product stability data. --- tests/data/product_stability/alinux2.yml | 66 ++++++++++++------- tests/data/product_stability/alinux3.yml | 66 ++++++++++++------- tests/data/product_stability/anolis23.yml | 1 + tests/data/product_stability/anolis8.yml | 1 + tests/data/product_stability/chromium.yml | 1 + tests/data/product_stability/debian10.yml | 1 + tests/data/product_stability/debian11.yml | 1 + tests/data/product_stability/debian12.yml | 1 + tests/data/product_stability/eks.yml | 1 + tests/data/product_stability/example.yml | 1 + tests/data/product_stability/fedora.yml | 1 + tests/data/product_stability/firefox.yml | 1 + tests/data/product_stability/macos1015.yml | 1 + tests/data/product_stability/ocp4.yml | 1 + tests/data/product_stability/ol7.yml | 1 + tests/data/product_stability/ol8.yml | 1 + tests/data/product_stability/ol9.yml | 1 + tests/data/product_stability/openembedded.yml | 1 + tests/data/product_stability/opensuse.yml | 1 + tests/data/product_stability/rhcos4.yml | 1 + tests/data/product_stability/rhel7.yml | 1 + tests/data/product_stability/rhel8.yml | 1 + tests/data/product_stability/rhel9.yml | 1 + tests/data/product_stability/rhv4.yml | 1 + tests/data/product_stability/sle12.yml | 1 + tests/data/product_stability/sle15.yml | 1 + tests/data/product_stability/ubuntu1604.yml | 1 + tests/data/product_stability/ubuntu1804.yml | 1 + tests/data/product_stability/ubuntu2004.yml | 1 + tests/data/product_stability/ubuntu2204.yml | 1 + tests/data/product_stability/uos20.yml | 1 + 31 files changed, 117 insertions(+), 44 deletions(-) diff --git a/tests/data/product_stability/alinux2.yml b/tests/data/product_stability/alinux2.yml index 5679b4a9433..063edf98781 100644 --- a/tests/data/product_stability/alinux2.yml +++ b/tests/data/product_stability/alinux2.yml @@ -9,8 +9,10 @@ benchmark_id: ALINUX-2 benchmark_root: ../../linux_os/guide chrony_conf_path: /etc/chrony.conf cpes: -- alinux2: {check_id: installed_OS_is_alinux2, name: 'cpe:/o:alinux:alibaba_cloud_linux:2', - title: Alibaba Cloud Linux 2} +- alinux2: + check_id: installed_OS_is_alinux2 + name: cpe:/o:alinux:alibaba_cloud_linux:2 + title: Alibaba Cloud Linux 2 cpes_root: ../../shared/applicability dconf_gdm_dir: gdm.d faillock_path: /var/run/faillock @@ -26,28 +28,48 @@ nobody_uid: 65534 pkg_manager: yum pkg_manager_config_file: /etc/yum.conf pkg_system: rpm -platform_package_overrides: {aarch64_arch: null, grub2: grub2-common, login_defs: shadow-utils, - no_ovirt: null, non-uefi: null, not_aarch64_arch: null, not_s390x_arch: null, ovirt: null, - s390x_arch: null, sssd: sssd-common, sssd-ldap: null, uefi: null, zipl: s390utils-base} +platform_package_overrides: + aarch64_arch: null + grub2: grub2-common + login_defs: shadow-utils + no_ovirt: null + non-uefi: null + not_aarch64_arch: null + not_s390x_arch: null + ovirt: null + s390x_arch: null + sssd: sssd-common + sssd-ldap: null + uefi: null + zipl: s390utils-base product: alinux2 profiles_root: ./profiles -reference_uris: {anssi: 'https://cyber.gouv.fr/sites/default/files/document/linux_configuration-en-v2.pdf', - app-srg: 'https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers', - bsi: 'https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf', - cis-csc: 'https://www.cisecurity.org/controls/', cjis: 'https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf', - cnss: 'http://www.cnss.gov/Assets/pdf/CNSSI-1253.pdf', cobit5: 'https://www.isaca.org/resources/cobit', - cui: 'http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf', - dcid: not_officially_available, disa: 'https://public.cyber.mil/stigs/cci/', hipaa: 'https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf', - isa-62443-2009: 'https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat', - isa-62443-2013: 'https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu', - ism: 'https://www.cyber.gov.au/acsc/view-all-content/ism', iso27001-2013: 'https://www.iso.org/contents/data/standard/05/45/54534.html', - nerc-cip: 'https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx', - nist: 'http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf', - nist-csf: 'https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf', os-srg: 'https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os', - ospp: 'https://www.niap-ccevs.org/Profile/PP.cfm', pcidss: 'https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf', - pcidss4: 'https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf', - stigid: 'https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux', - stigref: 'https://public.cyber.mil/stigs/srg-stig-tools/'} +reference_uris: + anssi: https://cyber.gouv.fr/sites/default/files/document/linux_configuration-en-v2.pdf + app-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers + app-srg-ctr: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=container-platform + bsi: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf + cis-csc: https://www.cisecurity.org/controls/ + cjis: https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf + cnss: http://www.cnss.gov/Assets/pdf/CNSSI-1253.pdf + cobit5: https://www.isaca.org/resources/cobit + cui: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf + dcid: not_officially_available + disa: https://public.cyber.mil/stigs/cci/ + hipaa: https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf + isa-62443-2009: https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat + isa-62443-2013: https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu + ism: https://www.cyber.gov.au/acsc/view-all-content/ism + iso27001-2013: https://www.iso.org/contents/data/standard/05/45/54534.html + nerc-cip: https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx + nist: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf + nist-csf: https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf + os-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os + ospp: https://www.niap-ccevs.org/Profile/PP.cfm + pcidss: https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf + pcidss4: https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf + stigid: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux + stigref: https://public.cyber.mil/stigs/srg-stig-tools/ sshd_distributed_config: 'false' sysctl_remediate_drop_in_file: 'false' type: platform diff --git a/tests/data/product_stability/alinux3.yml b/tests/data/product_stability/alinux3.yml index 1dbbc23237e..5973aeec21b 100644 --- a/tests/data/product_stability/alinux3.yml +++ b/tests/data/product_stability/alinux3.yml @@ -9,8 +9,10 @@ benchmark_id: ALINUX-3 benchmark_root: ../../linux_os/guide chrony_conf_path: /etc/chrony.conf cpes: -- alinux3: {check_id: installed_OS_is_alinux3, name: 'cpe:/o:alinux:alibaba_cloud_linux:3', - title: Alibaba Cloud Linux 3} +- alinux3: + check_id: installed_OS_is_alinux3 + name: cpe:/o:alinux:alibaba_cloud_linux:3 + title: Alibaba Cloud Linux 3 cpes_root: ../../shared/applicability dconf_gdm_dir: gdm.d faillock_path: /var/run/faillock @@ -26,28 +28,48 @@ nobody_uid: 65534 pkg_manager: yum pkg_manager_config_file: /etc/yum.conf pkg_system: rpm -platform_package_overrides: {aarch64_arch: null, grub2: grub2-common, login_defs: shadow-utils, - no_ovirt: null, non-uefi: null, not_aarch64_arch: null, not_s390x_arch: null, ovirt: null, - s390x_arch: null, sssd: sssd-common, sssd-ldap: null, uefi: null, zipl: s390utils-base} +platform_package_overrides: + aarch64_arch: null + grub2: grub2-common + login_defs: shadow-utils + no_ovirt: null + non-uefi: null + not_aarch64_arch: null + not_s390x_arch: null + ovirt: null + s390x_arch: null + sssd: sssd-common + sssd-ldap: null + uefi: null + zipl: s390utils-base product: alinux3 profiles_root: ./profiles -reference_uris: {anssi: 'https://cyber.gouv.fr/sites/default/files/document/linux_configuration-en-v2.pdf', - app-srg: 'https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers', - bsi: 'https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf', - cis-csc: 'https://www.cisecurity.org/controls/', cjis: 'https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf', - cnss: 'http://www.cnss.gov/Assets/pdf/CNSSI-1253.pdf', cobit5: 'https://www.isaca.org/resources/cobit', - cui: 'http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf', - dcid: not_officially_available, disa: 'https://public.cyber.mil/stigs/cci/', hipaa: 'https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf', - isa-62443-2009: 'https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat', - isa-62443-2013: 'https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu', - ism: 'https://www.cyber.gov.au/acsc/view-all-content/ism', iso27001-2013: 'https://www.iso.org/contents/data/standard/05/45/54534.html', - nerc-cip: 'https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx', - nist: 'http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf', - nist-csf: 'https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf', os-srg: 'https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os', - ospp: 'https://www.niap-ccevs.org/Profile/PP.cfm', pcidss: 'https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf', - pcidss4: 'https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf', - stigid: 'https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux', - stigref: 'https://public.cyber.mil/stigs/srg-stig-tools/'} +reference_uris: + anssi: https://cyber.gouv.fr/sites/default/files/document/linux_configuration-en-v2.pdf + app-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers + app-srg-ctr: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=container-platform + bsi: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf + cis-csc: https://www.cisecurity.org/controls/ + cjis: https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf + cnss: http://www.cnss.gov/Assets/pdf/CNSSI-1253.pdf + cobit5: https://www.isaca.org/resources/cobit + cui: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf + dcid: not_officially_available + disa: https://public.cyber.mil/stigs/cci/ + hipaa: https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf + isa-62443-2009: https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat + isa-62443-2013: https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu + ism: https://www.cyber.gov.au/acsc/view-all-content/ism + iso27001-2013: https://www.iso.org/contents/data/standard/05/45/54534.html + nerc-cip: https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx + nist: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf + nist-csf: https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf + os-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os + ospp: https://www.niap-ccevs.org/Profile/PP.cfm + pcidss: https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf + pcidss4: https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf + stigid: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux + stigref: https://public.cyber.mil/stigs/srg-stig-tools/ sshd_distributed_config: 'false' sysctl_remediate_drop_in_file: 'false' type: platform diff --git a/tests/data/product_stability/anolis23.yml b/tests/data/product_stability/anolis23.yml index 3629a5753fc..1ee483ba2b8 100644 --- a/tests/data/product_stability/anolis23.yml +++ b/tests/data/product_stability/anolis23.yml @@ -47,6 +47,7 @@ profiles_root: ./profiles reference_uris: anssi: https://cyber.gouv.fr/sites/default/files/document/linux_configuration-en-v2.pdf app-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers + app-srg-ctr: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=container-platform bsi: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf cis-csc: https://www.cisecurity.org/controls/ cjis: https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf diff --git a/tests/data/product_stability/anolis8.yml b/tests/data/product_stability/anolis8.yml index 716498f8f35..a318e3cbb5e 100644 --- a/tests/data/product_stability/anolis8.yml +++ b/tests/data/product_stability/anolis8.yml @@ -47,6 +47,7 @@ profiles_root: ./profiles reference_uris: anssi: https://cyber.gouv.fr/sites/default/files/document/linux_configuration-en-v2.pdf app-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers + app-srg-ctr: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=container-platform bsi: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf cis-csc: https://www.cisecurity.org/controls/ cjis: https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf diff --git a/tests/data/product_stability/chromium.yml b/tests/data/product_stability/chromium.yml index 7e8e4d94d3f..b08a3192055 100644 --- a/tests/data/product_stability/chromium.yml +++ b/tests/data/product_stability/chromium.yml @@ -43,6 +43,7 @@ profiles_root: ./profiles reference_uris: anssi: https://cyber.gouv.fr/sites/default/files/document/linux_configuration-en-v2.pdf app-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers + app-srg-ctr: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=container-platform bsi: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf cis-csc: https://www.cisecurity.org/controls/ cjis: https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf diff --git a/tests/data/product_stability/debian10.yml b/tests/data/product_stability/debian10.yml index 182c208829f..1309554afdb 100644 --- a/tests/data/product_stability/debian10.yml +++ b/tests/data/product_stability/debian10.yml @@ -55,6 +55,7 @@ profiles_root: ./profiles reference_uris: anssi: https://cyber.gouv.fr/sites/default/files/document/linux_configuration-en-v2.pdf app-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers + app-srg-ctr: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=container-platform bsi: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf cis: https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf cis-csc: https://www.cisecurity.org/controls/ diff --git a/tests/data/product_stability/debian11.yml b/tests/data/product_stability/debian11.yml index 55ee6261dbb..f6493ab7caa 100644 --- a/tests/data/product_stability/debian11.yml +++ b/tests/data/product_stability/debian11.yml @@ -55,6 +55,7 @@ profiles_root: ./profiles reference_uris: anssi: https://cyber.gouv.fr/sites/default/files/document/linux_configuration-en-v2.pdf app-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers + app-srg-ctr: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=container-platform bsi: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf cis: https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf cis-csc: https://www.cisecurity.org/controls/ diff --git a/tests/data/product_stability/debian12.yml b/tests/data/product_stability/debian12.yml index 6af8b23c466..e7ef166a49e 100644 --- a/tests/data/product_stability/debian12.yml +++ b/tests/data/product_stability/debian12.yml @@ -55,6 +55,7 @@ profiles_root: ./profiles reference_uris: anssi: https://cyber.gouv.fr/sites/default/files/document/linux_configuration-en-v2.pdf app-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers + app-srg-ctr: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=container-platform bsi: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf cis-csc: https://www.cisecurity.org/controls/ cjis: https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf diff --git a/tests/data/product_stability/eks.yml b/tests/data/product_stability/eks.yml index 8e976f443d3..6398faa9865 100644 --- a/tests/data/product_stability/eks.yml +++ b/tests/data/product_stability/eks.yml @@ -53,6 +53,7 @@ profiles_root: ./profiles reference_uris: anssi: https://cyber.gouv.fr/sites/default/files/document/linux_configuration-en-v2.pdf app-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers + app-srg-ctr: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=container-platform bsi: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf cis: https://www.cisecurity.org/benchmark/kubernetes/ cis-csc: https://www.cisecurity.org/controls/ diff --git a/tests/data/product_stability/example.yml b/tests/data/product_stability/example.yml index ff010bfcb29..1954a46e75a 100644 --- a/tests/data/product_stability/example.yml +++ b/tests/data/product_stability/example.yml @@ -48,6 +48,7 @@ profiles_root: ./profiles reference_uris: anssi: https://cyber.gouv.fr/sites/default/files/document/linux_configuration-en-v2.pdf app-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers + app-srg-ctr: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=container-platform bsi: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf cis-csc: https://www.cisecurity.org/controls/ cjis: https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf diff --git a/tests/data/product_stability/fedora.yml b/tests/data/product_stability/fedora.yml index 1ae850b9052..a2cf0d20f6b 100644 --- a/tests/data/product_stability/fedora.yml +++ b/tests/data/product_stability/fedora.yml @@ -83,6 +83,7 @@ rawhide_version: 40 reference_uris: anssi: https://cyber.gouv.fr/sites/default/files/document/linux_configuration-en-v2.pdf app-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers + app-srg-ctr: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=container-platform bsi: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf cis-csc: https://www.cisecurity.org/controls/ cjis: https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf diff --git a/tests/data/product_stability/firefox.yml b/tests/data/product_stability/firefox.yml index 093aa96bcf4..8367bc2678a 100644 --- a/tests/data/product_stability/firefox.yml +++ b/tests/data/product_stability/firefox.yml @@ -43,6 +43,7 @@ profiles_root: ./profiles reference_uris: anssi: https://cyber.gouv.fr/sites/default/files/document/linux_configuration-en-v2.pdf app-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers + app-srg-ctr: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=container-platform bsi: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf cis-csc: https://www.cisecurity.org/controls/ cjis: https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf diff --git a/tests/data/product_stability/macos1015.yml b/tests/data/product_stability/macos1015.yml index 8443923ec2f..451911b386b 100644 --- a/tests/data/product_stability/macos1015.yml +++ b/tests/data/product_stability/macos1015.yml @@ -43,6 +43,7 @@ profiles_root: ./profiles reference_uris: anssi: https://cyber.gouv.fr/sites/default/files/document/linux_configuration-en-v2.pdf app-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers + app-srg-ctr: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=container-platform bsi: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf cis-csc: https://www.cisecurity.org/controls/ cjis: https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf diff --git a/tests/data/product_stability/ocp4.yml b/tests/data/product_stability/ocp4.yml index cacf0af56bc..42cf275684c 100644 --- a/tests/data/product_stability/ocp4.yml +++ b/tests/data/product_stability/ocp4.yml @@ -129,6 +129,7 @@ profiles_root: ./profiles reference_uris: anssi: https://cyber.gouv.fr/sites/default/files/document/linux_configuration-en-v2.pdf app-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers + app-srg-ctr: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=container-platform bsi: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf cis: https://www.cisecurity.org/benchmark/kubernetes/ cis-csc: https://www.cisecurity.org/controls/ diff --git a/tests/data/product_stability/ol7.yml b/tests/data/product_stability/ol7.yml index 079951c8d2d..d3c2678aab1 100644 --- a/tests/data/product_stability/ol7.yml +++ b/tests/data/product_stability/ol7.yml @@ -57,6 +57,7 @@ profiles_root: ./profiles reference_uris: anssi: https://cyber.gouv.fr/sites/default/files/document/linux_configuration-en-v2.pdf app-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers + app-srg-ctr: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=container-platform bsi: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf cis: https://www.cisecurity.org/benchmark/oracle_linux/ cis-csc: https://www.cisecurity.org/controls/ diff --git a/tests/data/product_stability/ol8.yml b/tests/data/product_stability/ol8.yml index 94751768b33..e3d25468ae1 100644 --- a/tests/data/product_stability/ol8.yml +++ b/tests/data/product_stability/ol8.yml @@ -56,6 +56,7 @@ profiles_root: ./profiles reference_uris: anssi: https://cyber.gouv.fr/sites/default/files/document/linux_configuration-en-v2.pdf app-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers + app-srg-ctr: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=container-platform bsi: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf cis: https://www.cisecurity.org/benchmark/oracle_linux/ cis-csc: https://www.cisecurity.org/controls/ diff --git a/tests/data/product_stability/ol9.yml b/tests/data/product_stability/ol9.yml index bd46e131b45..2582e9b130c 100644 --- a/tests/data/product_stability/ol9.yml +++ b/tests/data/product_stability/ol9.yml @@ -59,6 +59,7 @@ profiles_root: ./profiles reference_uris: anssi: https://cyber.gouv.fr/sites/default/files/document/linux_configuration-en-v2.pdf app-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers + app-srg-ctr: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=container-platform bsi: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf cis: '' cis-csc: https://www.cisecurity.org/controls/ diff --git a/tests/data/product_stability/openembedded.yml b/tests/data/product_stability/openembedded.yml index 8625950893a..8ad48411292 100644 --- a/tests/data/product_stability/openembedded.yml +++ b/tests/data/product_stability/openembedded.yml @@ -51,6 +51,7 @@ profiles_root: ./profiles reference_uris: anssi: https://cyber.gouv.fr/sites/default/files/document/linux_configuration-en-v2.pdf app-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers + app-srg-ctr: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=container-platform bsi: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf cis-csc: https://www.cisecurity.org/controls/ cjis: https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf diff --git a/tests/data/product_stability/opensuse.yml b/tests/data/product_stability/opensuse.yml index 339adc46f37..33359958e2e 100644 --- a/tests/data/product_stability/opensuse.yml +++ b/tests/data/product_stability/opensuse.yml @@ -59,6 +59,7 @@ profiles_root: ./profiles reference_uris: anssi: https://cyber.gouv.fr/sites/default/files/document/linux_configuration-en-v2.pdf app-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers + app-srg-ctr: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=container-platform bsi: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf cis-csc: https://www.cisecurity.org/controls/ cjis: https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf diff --git a/tests/data/product_stability/rhcos4.yml b/tests/data/product_stability/rhcos4.yml index 2566ae6de9b..7b7aad399b3 100644 --- a/tests/data/product_stability/rhcos4.yml +++ b/tests/data/product_stability/rhcos4.yml @@ -51,6 +51,7 @@ profiles_root: ./profiles reference_uris: anssi: https://cyber.gouv.fr/sites/default/files/document/linux_configuration-en-v2.pdf app-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers + app-srg-ctr: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=container-platform bsi: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf cis-csc: https://www.cisecurity.org/controls/ cjis: https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf diff --git a/tests/data/product_stability/rhel7.yml b/tests/data/product_stability/rhel7.yml index 8e6d2cb7122..4a2cf4d534e 100644 --- a/tests/data/product_stability/rhel7.yml +++ b/tests/data/product_stability/rhel7.yml @@ -79,6 +79,7 @@ profiles_root: ./profiles reference_uris: anssi: https://cyber.gouv.fr/sites/default/files/document/linux_configuration-en-v2.pdf app-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers + app-srg-ctr: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=container-platform bsi: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf cis: https://www.cisecurity.org/benchmark/red_hat_linux/ cis-csc: https://www.cisecurity.org/controls/ diff --git a/tests/data/product_stability/rhel8.yml b/tests/data/product_stability/rhel8.yml index 6779448b907..4148b88fe98 100644 --- a/tests/data/product_stability/rhel8.yml +++ b/tests/data/product_stability/rhel8.yml @@ -107,6 +107,7 @@ profiles_root: ./profiles reference_uris: anssi: https://cyber.gouv.fr/sites/default/files/document/linux_configuration-en-v2.pdf app-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers + app-srg-ctr: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=container-platform bsi: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf cis: https://www.cisecurity.org/benchmark/red_hat_linux/ cis-csc: https://www.cisecurity.org/controls/ diff --git a/tests/data/product_stability/rhel9.yml b/tests/data/product_stability/rhel9.yml index 6cdd80a918f..d9011df8c6f 100644 --- a/tests/data/product_stability/rhel9.yml +++ b/tests/data/product_stability/rhel9.yml @@ -63,6 +63,7 @@ profiles_root: ./profiles reference_uris: anssi: https://cyber.gouv.fr/sites/default/files/document/linux_configuration-en-v2.pdf app-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers + app-srg-ctr: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=container-platform bsi: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf ccn: https://www.ccn-cert.cni.es/pdf/guias/series-ccn-stic/guias-de-acceso-publico-ccn-stic/6768-ccn-stic-610a22-perfilado-de-seguridad-red-hat-enterprise-linux-9-0/file.html cis: https://www.cisecurity.org/benchmark/red_hat_linux/ diff --git a/tests/data/product_stability/rhv4.yml b/tests/data/product_stability/rhv4.yml index 7e4e32697db..8b9373c7629 100644 --- a/tests/data/product_stability/rhv4.yml +++ b/tests/data/product_stability/rhv4.yml @@ -56,6 +56,7 @@ profiles_root: ./profiles reference_uris: anssi: https://cyber.gouv.fr/sites/default/files/document/linux_configuration-en-v2.pdf app-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers + app-srg-ctr: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=container-platform bsi: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf cis-csc: https://www.cisecurity.org/controls/ cjis: https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf diff --git a/tests/data/product_stability/sle12.yml b/tests/data/product_stability/sle12.yml index 064f60d778d..9ffcb5c9eb7 100644 --- a/tests/data/product_stability/sle12.yml +++ b/tests/data/product_stability/sle12.yml @@ -55,6 +55,7 @@ profiles_root: ./profiles reference_uris: anssi: https://cyber.gouv.fr/sites/default/files/document/linux_configuration-en-v2.pdf app-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers + app-srg-ctr: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=container-platform bsi: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf cis: https://www.cisecurity.org/benchmark/suse_linux/ cis-csc: https://www.cisecurity.org/controls/ diff --git a/tests/data/product_stability/sle15.yml b/tests/data/product_stability/sle15.yml index 2f9e39b4fe9..4a45edfd712 100644 --- a/tests/data/product_stability/sle15.yml +++ b/tests/data/product_stability/sle15.yml @@ -59,6 +59,7 @@ profiles_root: ./profiles reference_uris: anssi: https://cyber.gouv.fr/sites/default/files/document/linux_configuration-en-v2.pdf app-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers + app-srg-ctr: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=container-platform bsi: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf cis: https://www.cisecurity.org/benchmark/suse_linux/ cis-csc: https://www.cisecurity.org/controls/ diff --git a/tests/data/product_stability/ubuntu1604.yml b/tests/data/product_stability/ubuntu1604.yml index 14e3ab70214..cc276c25f37 100644 --- a/tests/data/product_stability/ubuntu1604.yml +++ b/tests/data/product_stability/ubuntu1604.yml @@ -59,6 +59,7 @@ profiles_root: ./profiles reference_uris: anssi: https://cyber.gouv.fr/sites/default/files/document/linux_configuration-en-v2.pdf app-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers + app-srg-ctr: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=container-platform bsi: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf cis: https://www.cisecurity.org/benchmark/ubuntu_linux/ cis-csc: https://www.cisecurity.org/controls/ diff --git a/tests/data/product_stability/ubuntu1804.yml b/tests/data/product_stability/ubuntu1804.yml index 85a9e65eaf0..d1fca9cebb0 100644 --- a/tests/data/product_stability/ubuntu1804.yml +++ b/tests/data/product_stability/ubuntu1804.yml @@ -58,6 +58,7 @@ profiles_root: ./profiles reference_uris: anssi: https://cyber.gouv.fr/sites/default/files/document/linux_configuration-en-v2.pdf app-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers + app-srg-ctr: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=container-platform bsi: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf cis: https://www.cisecurity.org/benchmark/ubuntu_linux/ cis-csc: https://www.cisecurity.org/controls/ diff --git a/tests/data/product_stability/ubuntu2004.yml b/tests/data/product_stability/ubuntu2004.yml index a02f9a3f38a..4b17132da32 100644 --- a/tests/data/product_stability/ubuntu2004.yml +++ b/tests/data/product_stability/ubuntu2004.yml @@ -60,6 +60,7 @@ profiles_root: ./profiles reference_uris: anssi: https://cyber.gouv.fr/sites/default/files/document/linux_configuration-en-v2.pdf app-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers + app-srg-ctr: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=container-platform bsi: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf cis: https://www.cisecurity.org/benchmark/ubuntu_linux/ cis-csc: https://www.cisecurity.org/controls/ diff --git a/tests/data/product_stability/ubuntu2204.yml b/tests/data/product_stability/ubuntu2204.yml index da574e1b1d2..28211d2347a 100644 --- a/tests/data/product_stability/ubuntu2204.yml +++ b/tests/data/product_stability/ubuntu2204.yml @@ -61,6 +61,7 @@ profiles_root: ./profiles reference_uris: anssi: https://cyber.gouv.fr/sites/default/files/document/linux_configuration-en-v2.pdf app-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers + app-srg-ctr: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=container-platform bsi: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf cis: https://www.cisecurity.org/benchmark/ubuntu_linux/ cis-csc: https://www.cisecurity.org/controls/ diff --git a/tests/data/product_stability/uos20.yml b/tests/data/product_stability/uos20.yml index fe849f46a31..cf2bb448167 100644 --- a/tests/data/product_stability/uos20.yml +++ b/tests/data/product_stability/uos20.yml @@ -47,6 +47,7 @@ profiles_root: ./profiles reference_uris: anssi: https://cyber.gouv.fr/sites/default/files/document/linux_configuration-en-v2.pdf app-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers + app-srg-ctr: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=container-platform bsi: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf cis-csc: https://www.cisecurity.org/controls/ cjis: https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf