diff --git a/.github/workflows/automatus-cs8.yaml b/.github/workflows/automatus-cs8.yaml index 6dab0206a82..896dc2a96bc 100644 --- a/.github/workflows/automatus-cs8.yaml +++ b/.github/workflows/automatus-cs8.yaml @@ -135,7 +135,7 @@ jobs: name: ${{ env.DATASTREAM }} - name: Run tests in a container - Bash if: ${{steps.bash.outputs.prop == 'True' && steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }} - run: tests/test_rule_in_container.sh --dontclean --logdir logs_bash --remediate-using bash --name ssg_test_suite --datastream $DATASTREAM ${{join(steps.rules.outputs.prop)}} + run: tests/test_rule_in_container.sh --no-remove-machine-only --dontclean --logdir logs_bash --remediate-using bash --name ssg_test_suite --datastream $DATASTREAM ${{join(steps.rules.outputs.prop)}} env: ADDITIONAL_TEST_OPTIONS: "--duplicate-templates --add-product-to-fips-certified centos8 --product rhel8" - name: Check for ERROR in logs @@ -156,7 +156,7 @@ jobs: path: logs_bash/ - name: Run tests in a container - Ansible if: ${{ steps.ansible.outputs.prop == 'True' && steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }} - run: tests/test_rule_in_container.sh --dontclean --logdir logs_ansible --remediate-using ansible --name ssg_test_suite --datastream $DATASTREAM ${{join(steps.rules.outputs.prop)}} + run: tests/test_rule_in_container.sh --no-remove-machine-only --dontclean --logdir logs_ansible --remediate-using ansible --name ssg_test_suite --datastream $DATASTREAM ${{join(steps.rules.outputs.prop)}} env: ADDITIONAL_TEST_OPTIONS: "--duplicate-templates --add-product-to-fips-certified centos8 --product rhel8" - name: Check for ERROR in logs diff --git a/.github/workflows/automatus-cs9.yaml b/.github/workflows/automatus-cs9.yaml index 97fee2eee8c..ed4b54fdcb1 100644 --- a/.github/workflows/automatus-cs9.yaml +++ b/.github/workflows/automatus-cs9.yaml @@ -135,7 +135,7 @@ jobs: name: ${{ env.DATASTREAM }} - name: Run tests in a container - Bash if: ${{steps.bash.outputs.prop == 'True' && steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }} - run: tests/test_rule_in_container.sh --dontclean --logdir logs_bash --remediate-using bash --name ssg_test_suite --datastream $DATASTREAM ${{join(steps.rules.outputs.prop)}} + run: tests/test_rule_in_container.sh --no-remove-machine-only --dontclean --logdir logs_bash --remediate-using bash --name ssg_test_suite --datastream $DATASTREAM ${{join(steps.rules.outputs.prop)}} env: ADDITIONAL_TEST_OPTIONS: "--duplicate-templates --add-product-to-fips-certified centos9 --product rhel9" - name: Check for ERROR in logs @@ -156,7 +156,7 @@ jobs: path: logs_bash/ - name: Run tests in a container - Ansible if: ${{ steps.ansible.outputs.prop == 'True' && steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }} - run: tests/test_rule_in_container.sh --dontclean --logdir logs_ansible --remediate-using ansible --name ssg_test_suite --datastream $DATASTREAM ${{join(steps.rules.outputs.prop)}} + run: tests/test_rule_in_container.sh --no-remove-machine-only --dontclean --logdir logs_ansible --remediate-using ansible --name ssg_test_suite --datastream $DATASTREAM ${{join(steps.rules.outputs.prop)}} env: ADDITIONAL_TEST_OPTIONS: "--duplicate-templates --add-product-to-fips-certified centos9 --product rhel9" - name: Check for ERROR in logs diff --git a/.github/workflows/automatus.yaml b/.github/workflows/automatus.yaml index bd8a926f6b3..78661a0a7c4 100644 --- a/.github/workflows/automatus.yaml +++ b/.github/workflows/automatus.yaml @@ -133,7 +133,7 @@ jobs: name: ssg-${{steps.product.outputs.prop}}-ds.xml - name: Run tests in a container - Bash if: ${{steps.bash.outputs.prop == 'True' && steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }} - run: tests/test_rule_in_container.sh --dontclean --logdir logs_bash --remediate-using bash --name ssg_test_suite --datastream ssg-${{steps.product.outputs.prop}}-ds.xml ${{join(steps.rules.outputs.prop)}} + run: tests/test_rule_in_container.sh --no-remove-machine-only --dontclean --logdir logs_bash --remediate-using bash --name ssg_test_suite --datastream ssg-${{steps.product.outputs.prop}}-ds.xml ${{join(steps.rules.outputs.prop)}} env: ADDITIONAL_TEST_OPTIONS: "--duplicate-templates --add-product-to-fips-certified fedora" - name: Check for ERROR in logs @@ -154,7 +154,7 @@ jobs: path: logs_bash/ - name: Run tests in a container - Ansible if: ${{ steps.ansible.outputs.prop == 'True' && steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }} - run: tests/test_rule_in_container.sh --dontclean --logdir logs_ansible --remediate-using ansible --name ssg_test_suite --datastream ssg-${{steps.product.outputs.prop}}-ds.xml ${{join(steps.rules.outputs.prop)}} + run: tests/test_rule_in_container.sh --no-remove-machine-only --dontclean --logdir logs_ansible --remediate-using ansible --name ssg_test_suite --datastream ssg-${{steps.product.outputs.prop}}-ds.xml ${{join(steps.rules.outputs.prop)}} env: ADDITIONAL_TEST_OPTIONS: "--duplicate-templates --add-product-to-fips-certified fedora" - name: Check for ERROR in logs diff --git a/linux_os/guide/system/logging/service_rsyslog_enabled/rule.yml b/linux_os/guide/system/logging/service_rsyslog_enabled/rule.yml index 5dcdc7fb51d..2929599f9cb 100644 --- a/linux_os/guide/system/logging/service_rsyslog_enabled/rule.yml +++ b/linux_os/guide/system/logging/service_rsyslog_enabled/rule.yml @@ -56,3 +56,4 @@ template: name: service_enabled vars: servicename: rsyslog + servicename@rhel8: rsyslog diff --git a/tests/test_rule_in_container.sh b/tests/test_rule_in_container.sh index 3e6dc68b420..31b14817047 100755 --- a/tests/test_rule_in_container.sh +++ b/tests/test_rule_in_container.sh @@ -6,7 +6,8 @@ # ARG_OPTIONAL_SINGLE([datastream],[d],[Path to the datastream to use in tests. Autodetected by default.]) # ARG_OPTIONAL_SINGLE([remediate-using],[r],[What to remediate with],[oscap]) # ARG_OPTIONAL_SINGLE([logdir],[l],[Directory where logs will be stored]) -# ARG_OPTIONAL_BOOLEAN([dontclean],[],[Dont remove HTML reports from the log directory.]) +# ARG_OPTIONAL_BOOLEAN([dontclean],[],[Don't remove HTML reports from the log directory.]) +# ARG_OPTIONAL_BOOLEAN([remove-machine-only],[],[Don't remove machine platforms.],[on]) # ARG_OPTIONAL_BOOLEAN([dry-run],[],[Just print the test suite command-line.]) # ARG_OPTIONAL_BOOLEAN([docker],[],[Use Docker instead of Podman as container backend.]) # ARG_USE_ENV([ADDITIONAL_SSGTS_OPTIONS],[],[Deprecated, use ADDITIONAL_TEST_OPTIONS]) @@ -64,6 +65,7 @@ _arg_datastream= _arg_remediate_using="oscap" _arg_logdir= _arg_dontclean="off" +_arg_remove_machine_only="on" _arg_dry_run="off" _arg_docker="off" @@ -71,14 +73,15 @@ _arg_docker="off" print_help() { printf '%s\n' "Test a rule using the container backend." - printf 'Usage: %s [-n|--name ] [-s|--scenarios ] [-d|--datastream ] [-r|--remediate-using ] [-l|--logdir ] [--(no-)dontclean] [--(no-)dry-run] [--(no-)docker] [-h|--help] [] ... [] ...\n' "$0" + printf 'Usage: %s [-n|--name ] [-s|--scenarios ] [-d|--datastream ] [-r|--remediate-using ] [-l|--logdir ] [--(no-)dontclean] [--(no-)remove-machine-only] [--(no-)dry-run] [--(no-)docker] [-h|--help] [] ... [] ...\n' "$0" printf '\t%s\n' ": The short rule ID. Wildcards are supported." printf '\t%s\n' "-n, --name: Name of the test image (default: 'ssg_test_suite')" printf '\t%s\n' "-s, --scenarios: Regex to reduce selection of tested scenarios (no default)" printf '\t%s\n' "-d, --datastream: Path to the datastream to use in tests. Autodetected by default. (no default)" printf '\t%s\n' "-r, --remediate-using: What to remediate with. Can be one of: 'oscap', 'bash' and 'ansible' (default: 'oscap')" printf '\t%s\n' "-l, --logdir: Directory where logs will be stored (no default)" - printf '\t%s\n' "--dontclean, --no-dontclean: Dont remove HTML reports from the log directory. (off by default)" + printf '\t%s\n' "--dontclean, --no-dontclean: Don't remove HTML reports from the log directory. (off by default)" + printf '\t%s\n' "--remove-machine-only, --no-remove-machine-only: Remove machine platforms. (on by default)" printf '\t%s\n' "--dry-run, --no-dry-run: Just print the test suite command-line. (off by default)" printf '\t%s\n' "--docker, --no-docker: Use Docker instead of Podman as container backend. (off by default)" printf '\t%s\n' "-h, --help: Prints help" @@ -155,6 +158,10 @@ parse_commandline() _arg_dontclean="on" test "${1:0:5}" = "--no-" && _arg_dontclean="off" ;; + --no-remove-machine-only|--remove-machine-only) + _arg_remove_machine_only="on" + test "${1:0:5}" = "--no-" && _arg_remove_machine_only="off" + ;; --no-dry-run|--dry-run) _arg_dry_run="on" test "${1:0:5}" = "--no-" && _arg_dry_run="off" @@ -230,6 +237,7 @@ $CONTAINER_BACKEND images | grep -q "$_arg_name" || die "Couldn't find the $CONT additional_args=() test "$_arg_dontclean" = on && additional_args+=(--dontclean) +test "$_arg_remove_machine_only" = on && additional_args+=(--remove-machine-only) # Don't act on the default value. test -n "$_arg_scenarios" && additional_args+=(--scenario "$_arg_scenarios") @@ -240,13 +248,14 @@ test -n "$_arg_remediate_using" && additional_args+=(--remediate-using "$_arg_re test -n "$_arg_logdir" && additional_args+=(--logdir "$_arg_logdir") + if test -n "$ADDITIONAL_SSGTS_OPTIONS"; then test -n "$ADDITIONAL_TEST_OPTIONS" && die "Specify additional options preferably using ADDITIONAL_TEST_OPTIONS env var, or by ADDITIONAL_SSGTS_OPTIONS, but not by both." echo "Detected usage of ADDITIONAL_SSGTS_OPTIONS, please prefer the ADDITIONAL_TEST_OPTIONS environment variable interface." >&2 ADDITIONAL_TEST_OPTIONS="$ADDITIONAL_SSGTS_OPTIONS" fi -command=(python3 "${script_dir}/automatus.py" rule ${ADDITIONAL_TEST_OPTIONS} --remove-platforms --remove-machine-only --remove-ocp4-only "${additional_args[@]}" "$CONTAINER_OPT" "$_arg_name" -- "${_arg_rule[@]}") +command=(python3 "${script_dir}/automatus.py" rule ${ADDITIONAL_TEST_OPTIONS} --remove-platforms --remove-ocp4-only "${additional_args[@]}" "$CONTAINER_OPT" "$_arg_name" -- "${_arg_rule[@]}") if test "$_arg_dry_run" = on; then printf '%s\n' "${command[*]}" else