skyler / rpms / scap-security-guide

Forked from rpms/scap-security-guide 3 years ago
Clone
Source Code
GIT

Blame SOURCES/scap-security-guide-0.1.49-update-crypto-policy-test-scenarios.patch

c7 c7-alt c7-beta c8 c8-beta c8s
  1.   05062e84287fb9be1b7477d2e3eb55ddec81dd5d
  2.   SOURCES
  3.   scap-security-guide-0.1.49-update-crypto-policy-test-scenarios.patch
Blob History Raw
05062e 
From 95ae3d5ca08f511ef40503f758dfb02feca29252 Mon Sep 17 00:00:00 2001
05062e 
From: Watson Sato <wsato@redhat.com>
05062e 
Date: Tue, 21 Jan 2020 13:42:35 +0100
05062e 
Subject: [PATCH 1/2] Update configure_crypto_policy test scenarios
05062e
05062e 
Update test scenarios for OSPP profile, it selects 'FIPS:OSPP' crypto policy,
05062e 
not 'FIPS'.
05062e 
---
05062e 
 .../tests/dropin_file_and_symlink_exist.fail.sh               | 4 ++--
05062e 
 .../tests/file_exists_but_no_file_in_local_d.fail.sh          | 2 +-
05062e 
 .../configure_crypto_policy/tests/missing_nss_config.fail.sh  | 2 +-
05062e 
 3 files changed, 4 insertions(+), 4 deletions(-)
05062e
05062e 
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/dropin_file_and_symlink_exist.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/dropin_file_and_symlink_exist.fail.sh
05062e 
index 693cdb03a9..2de1cf4a3b 100644
05062e 
--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/dropin_file_and_symlink_exist.fail.sh
05062e 
+++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/dropin_file_and_symlink_exist.fail.sh
05062e 
@@ -1,11 +1,11 @@
05062e 
 #!/bin/bash
05062e 
 # platform = multi_platform_fedora,Red Hat Enterprise Linux 8
05062e 
-# profiles = xccdf_org.ssgproject.content_profile_ospp, xccdf_org.ssgproject.content_profile_standard
05062e 
+# profiles = xccdf_org.ssgproject.content_profile_ospp
05062e
05062e 
 # using example of opensshserver
05062e 
 DROPIN_FILE="/etc/crypto-policies/local.d/opensshserver-test.config"
05062e
05062e 
-update-crypto-policies --set FIPS
05062e 
+update-crypto-policies --set "FIPS:OSPP"
05062e
05062e 
 echo "" > "$DROPIN_FILE"
05062e 
 echo "CRYPTO_POLICY=" >> "$DROPIN_FILE"
05062e 
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/file_exists_but_no_file_in_local_d.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/file_exists_but_no_file_in_local_d.fail.sh
05062e 
index 5935a38eac..428b76879a 100644
05062e 
--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/file_exists_but_no_file_in_local_d.fail.sh
05062e 
+++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/file_exists_but_no_file_in_local_d.fail.sh
05062e 
@@ -5,7 +5,7 @@
05062e 
 #using example of openssh server
05062e 
 CRYPTO_POLICY_FILE="/etc/crypto-policies/back-ends/opensshserver.config"
05062e
05062e 
-update-crypto-policies --set "FIPS"
05062e 
+update-crypto-policies --set "FIPS:OSPP"
05062e
05062e 
 rm -f /etc/crypto-policies/local.d/opensshserver-*.config
05062e 
 rm -f "$CRYPTO_POLICY_FILE"
05062e 
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_nss_config.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_nss_config.fail.sh
05062e 
index b165006a8d..97bc4b499c 100644
05062e 
--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_nss_config.fail.sh
05062e 
+++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_nss_config.fail.sh
05062e 
@@ -2,6 +2,6 @@
05062e 
 # platform = multi_platform_fedora,Red Hat Enterprise Linux 8
05062e 
 # profiles = xccdf_org.ssgproject.content_profile_ospp
05062e
05062e 
-update-crypto-policies --set "FIPS"
05062e 
+update-crypto-policies --set "FIPS:OSPP"
05062e
05062e 
 rm -f "/etc/crypto-policies/back-ends/nss.config"
05062e
05062e 
From dbbd7ecc294ba86544fb96d5a1b06feba9458a28 Mon Sep 17 00:00:00 2001
05062e 
From: Watson Sato <wsato@redhat.com>
05062e 
Date: Tue, 21 Jan 2020 14:07:50 +0100
05062e 
Subject: [PATCH 2/2] Remove configure_crypto_policy test scenarios
05062e
05062e 
---
05062e 
 .../tests/dropin_file_and_symlink_exist.fail.sh     | 11 -----------
05062e 
 .../file_exists_but_no_file_in_local_d.fail.sh      | 13 -------------
05062e 
 .../tests/override_policy.pass.sh                   | 11 -----------
05062e 
 3 files changed, 35 deletions(-)
05062e 
 delete mode 100644 linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/dropin_file_and_symlink_exist.fail.sh
05062e 
 delete mode 100644 linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/file_exists_but_no_file_in_local_d.fail.sh
05062e 
 delete mode 100644 linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/override_policy.pass.sh
05062e
05062e 
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/dropin_file_and_symlink_exist.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/dropin_file_and_symlink_exist.fail.sh
05062e 
deleted file mode 100644
05062e 
index 2de1cf4a3b..0000000000
05062e 
--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/dropin_file_and_symlink_exist.fail.sh
05062e 
+++ /dev/null
05062e 
@@ -1,11 +0,0 @@
05062e 
-#!/bin/bash
05062e 
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
05062e 
-# profiles = xccdf_org.ssgproject.content_profile_ospp
05062e 
-
05062e 
-# using example of opensshserver
05062e 
-DROPIN_FILE="/etc/crypto-policies/local.d/opensshserver-test.config"
05062e 
-
05062e 
-update-crypto-policies --set "FIPS:OSPP"
05062e 
-
05062e 
-echo "" > "$DROPIN_FILE"
05062e 
-echo "CRYPTO_POLICY=" >> "$DROPIN_FILE"
05062e 
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/file_exists_but_no_file_in_local_d.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/file_exists_but_no_file_in_local_d.fail.sh
05062e 
deleted file mode 100644
05062e 
index 428b76879a..0000000000
05062e 
--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/file_exists_but_no_file_in_local_d.fail.sh
05062e 
+++ /dev/null
05062e 
@@ -1,13 +0,0 @@
05062e 
-#!/bin/bash
05062e 
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
05062e 
-# profiles = xccdf_org.ssgproject.content_profile_ospp
05062e 
-
05062e 
-#using example of openssh server
05062e 
-CRYPTO_POLICY_FILE="/etc/crypto-policies/back-ends/opensshserver.config"
05062e 
-
05062e 
-update-crypto-policies --set "FIPS:OSPP"
05062e 
-
05062e 
-rm -f /etc/crypto-policies/local.d/opensshserver-*.config
05062e 
-rm -f "$CRYPTO_POLICY_FILE"
05062e 
-
05062e 
-echo "pretend that we overide the crrypto policy but no related file is in /etc/crypto-policies/local.d, smart, right?" > "$CRYPTO_POLICY_FILE"
05062e 
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/override_policy.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/override_policy.pass.sh
05062e 
deleted file mode 100644
05062e 
index ce37abd7ff..0000000000
05062e 
--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/override_policy.pass.sh
05062e 
+++ /dev/null
05062e 
@@ -1,11 +0,0 @@
05062e 
-#!/bin/bash
05062e 
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
05062e 
-# profiles = xccdf_org.ssgproject.content_profile_ospp
05062e 
-
05062e 
-#using openssh server as example
05062e 
-CRYPTO_POLICY_OVERRIDE_FILE="/etc/crypto-policies/local.d/opensshserver-test.config"
05062e 
-
05062e 
-echo "" > "$CRYPTO_POLICY_OVERRIDE_FILE"
05062e 
-echo "CRYPTO_POLICY=" >> "$CRYPTO_POLICY_OVERRIDE_FILE"
05062e 
-
05062e 
-update-crypto-policies --set FIPS:OSPP

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation