From 95ae3d5ca08f511ef40503f758dfb02feca29252 Mon Sep 17 00:00:00 2001 From: Watson Sato Date: Tue, 21 Jan 2020 13:42:35 +0100 Subject: [PATCH 1/2] Update configure_crypto_policy test scenarios Update test scenarios for OSPP profile, it selects 'FIPS:OSPP' crypto policy, not 'FIPS'. --- .../tests/dropin_file_and_symlink_exist.fail.sh | 4 ++-- .../tests/file_exists_but_no_file_in_local_d.fail.sh | 2 +- .../configure_crypto_policy/tests/missing_nss_config.fail.sh | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/dropin_file_and_symlink_exist.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/dropin_file_and_symlink_exist.fail.sh index 693cdb03a9..2de1cf4a3b 100644 --- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/dropin_file_and_symlink_exist.fail.sh +++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/dropin_file_and_symlink_exist.fail.sh @@ -1,11 +1,11 @@ #!/bin/bash # platform = multi_platform_fedora,Red Hat Enterprise Linux 8 -# profiles = xccdf_org.ssgproject.content_profile_ospp, xccdf_org.ssgproject.content_profile_standard +# profiles = xccdf_org.ssgproject.content_profile_ospp # using example of opensshserver DROPIN_FILE="/etc/crypto-policies/local.d/opensshserver-test.config" -update-crypto-policies --set FIPS +update-crypto-policies --set "FIPS:OSPP" echo "" > "$DROPIN_FILE" echo "CRYPTO_POLICY=" >> "$DROPIN_FILE" diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/file_exists_but_no_file_in_local_d.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/file_exists_but_no_file_in_local_d.fail.sh index 5935a38eac..428b76879a 100644 --- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/file_exists_but_no_file_in_local_d.fail.sh +++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/file_exists_but_no_file_in_local_d.fail.sh @@ -5,7 +5,7 @@ #using example of openssh server CRYPTO_POLICY_FILE="/etc/crypto-policies/back-ends/opensshserver.config" -update-crypto-policies --set "FIPS" +update-crypto-policies --set "FIPS:OSPP" rm -f /etc/crypto-policies/local.d/opensshserver-*.config rm -f "$CRYPTO_POLICY_FILE" diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_nss_config.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_nss_config.fail.sh index b165006a8d..97bc4b499c 100644 --- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_nss_config.fail.sh +++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_nss_config.fail.sh @@ -2,6 +2,6 @@ # platform = multi_platform_fedora,Red Hat Enterprise Linux 8 # profiles = xccdf_org.ssgproject.content_profile_ospp -update-crypto-policies --set "FIPS" +update-crypto-policies --set "FIPS:OSPP" rm -f "/etc/crypto-policies/back-ends/nss.config" From dbbd7ecc294ba86544fb96d5a1b06feba9458a28 Mon Sep 17 00:00:00 2001 From: Watson Sato Date: Tue, 21 Jan 2020 14:07:50 +0100 Subject: [PATCH 2/2] Remove configure_crypto_policy test scenarios --- .../tests/dropin_file_and_symlink_exist.fail.sh | 11 ----------- .../file_exists_but_no_file_in_local_d.fail.sh | 13 ------------- .../tests/override_policy.pass.sh | 11 ----------- 3 files changed, 35 deletions(-) delete mode 100644 linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/dropin_file_and_symlink_exist.fail.sh delete mode 100644 linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/file_exists_but_no_file_in_local_d.fail.sh delete mode 100644 linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/override_policy.pass.sh diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/dropin_file_and_symlink_exist.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/dropin_file_and_symlink_exist.fail.sh deleted file mode 100644 index 2de1cf4a3b..0000000000 --- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/dropin_file_and_symlink_exist.fail.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash -# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 -# profiles = xccdf_org.ssgproject.content_profile_ospp - -# using example of opensshserver -DROPIN_FILE="/etc/crypto-policies/local.d/opensshserver-test.config" - -update-crypto-policies --set "FIPS:OSPP" - -echo "" > "$DROPIN_FILE" -echo "CRYPTO_POLICY=" >> "$DROPIN_FILE" diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/file_exists_but_no_file_in_local_d.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/file_exists_but_no_file_in_local_d.fail.sh deleted file mode 100644 index 428b76879a..0000000000 --- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/file_exists_but_no_file_in_local_d.fail.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash -# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 -# profiles = xccdf_org.ssgproject.content_profile_ospp - -#using example of openssh server -CRYPTO_POLICY_FILE="/etc/crypto-policies/back-ends/opensshserver.config" - -update-crypto-policies --set "FIPS:OSPP" - -rm -f /etc/crypto-policies/local.d/opensshserver-*.config -rm -f "$CRYPTO_POLICY_FILE" - -echo "pretend that we overide the crrypto policy but no related file is in /etc/crypto-policies/local.d, smart, right?" > "$CRYPTO_POLICY_FILE" diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/override_policy.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/override_policy.pass.sh deleted file mode 100644 index ce37abd7ff..0000000000 --- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/override_policy.pass.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash -# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 -# profiles = xccdf_org.ssgproject.content_profile_ospp - -#using openssh server as example -CRYPTO_POLICY_OVERRIDE_FILE="/etc/crypto-policies/local.d/opensshserver-test.config" - -echo "" > "$CRYPTO_POLICY_OVERRIDE_FILE" -echo "CRYPTO_POLICY=" >> "$CRYPTO_POLICY_OVERRIDE_FILE" - -update-crypto-policies --set FIPS:OSPP