Merge pull request ComplianceAsCode#11672 from dodys/apparmor

all_apparmor_profiles_in_enforce_complain_mode: Fix OVAL logic

linux_os/guide/system/apparmor/all_apparmor_profiles_in_enforce_complain_mode/oval/shared.xml

@@ -8,23 +8,17 @@
   </definition>
   <ind:textfilecontent54_object id="{{{ rule_id }}}_obj_apparmor_profiles" version="1">
     <ind:filepath datatype="string">/sys/kernel/security/apparmor/profiles</ind:filepath>
-    <ind:pattern operation="pattern match">^.*$</ind:pattern>
+    <ind:pattern operation="pattern match">^(.*)$</ind:pattern>
     <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
   </ind:textfilecontent54_object>
   <ind:textfilecontent54_object id="{{{ rule_id }}}_obj_apparmor_enforced_profiles" version="1">
     <ind:filepath datatype="string">/sys/kernel/security/apparmor/profiles</ind:filepath>
-    <ind:pattern operation="pattern match" datatype="string">^.*\(enforce\)$</ind:pattern>
+    <ind:pattern operation="pattern match" datatype="string">^.*(\(enforce\))$</ind:pattern>
     <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
   </ind:textfilecontent54_object>
   <ind:textfilecontent54_object id="{{{ rule_id }}}_obj_apparmor_complaining_profiles" version="1">
     <ind:filepath datatype="string">/sys/kernel/security/apparmor/profiles</ind:filepath>
-    <ind:pattern operation="pattern match" datatype="string">^.*\(complain\)$</ind:pattern>
-    <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
-  </ind:textfilecontent54_object>
-  <ind:textfilecontent54_object id="{{{ rule_id }}}_obj_apparmor_unconfined_profiles" version="1">
-    <ind:filepath datatype="string">/sys/kernel/security/apparmor/profiles</ind:filepath>
-    <ind:pattern operation="pattern match"
-      datatype="string">^\.*processes are unconfined.*$</ind:pattern>
+    <ind:pattern operation="pattern match" datatype="string">^.*(\(complain\))$</ind:pattern>
     <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
   </ind:textfilecontent54_object>
   <local_variable datatype="int" id="{{{ rule_id }}}_var_num_apparmor_profiles" version="1"
@@ -47,11 +41,6 @@
       </count>
     </arithmetic>
   </local_variable>
-  <local_variable datatype="int" id="{{{ rule_id }}}_var_num_apparmor_unconfined_profiles"
-    version="1" comment="apparmor profiles with unconfined processes">
-    <object_component item_field="subexpression"
-     object_ref="{{{ rule_id }}}_obj_apparmor_unconfined_profiles" />
-  </local_variable>
 
   <ind:variable_object id="{{{ rule_id }}}_obj_all_apparmor_profiles" version="1">
     <ind:var_ref>{{{ rule_id }}}_var_num_apparmor_profiles</ind:var_ref>

linux_os/guide/system/apparmor/all_apparmor_profiles_in_enforce_complain_mode/tests/correct_all_apparmor_profiles_in_complain.pass.sh

@@ -1,5 +1,5 @@
 #!/bin/bash
-# packages = apparmor
+# packages = apparmor-utils
 
 #Replace apparmor definitions
 apparmor_parser -q -r /etc/apparmor.d/

linux_os/guide/system/apparmor/all_apparmor_profiles_in_enforce_complain_mode/tests/correct_all_apparmor_profiles_in_enforce.pass.sh

@@ -1,5 +1,5 @@
 #!/bin/bash
-# packages = apparmor
+# packages = apparmor-utils
 
 #Replace apparmor definitions
 apparmor_parser -q -r /etc/apparmor.d/

linux_os/guide/system/apparmor/all_apparmor_profiles_in_enforce_complain_mode/tests/incorrect_all_apparmor_profiles.fail.sh

@@ -1,5 +1,5 @@
 #!/bin/bash
-# packages = apparmor
+# packages = apparmor-utils
 
 #Configure the OS to unload all AppArmor profiles
 aa-teardown