Blame SOURCES/scap-security-guide-0.1.51-add-zipl-and-grub2-cpes_PR_5905.patch

973b04
From 3aae2f86f3d75b8bd931922152b9a6175ed18a6b Mon Sep 17 00:00:00 2001
973b04
From: Watson Sato <wsato@redhat.com>
973b04
Date: Tue, 23 Jun 2020 22:27:47 +0200
973b04
Subject: [PATCH 1/5] Add check for zipl installed
973b04
973b04
Based and valid in RHEL, where zipl is part of s390utils-base.
973b04
---
973b04
 rhel8/cpe/rhel8-cpe-dictionary.xml            |  4 ++
973b04
 .../oval/installed_env_has_zipl_package.xml   | 37 +++++++++++++++++++
973b04
 ssg/constants.py                              |  1 +
973b04
 3 files changed, 42 insertions(+)
973b04
 create mode 100644 shared/checks/oval/installed_env_has_zipl_package.xml
973b04
973b04
diff --git a/rhel8/cpe/rhel8-cpe-dictionary.xml b/rhel8/cpe/rhel8-cpe-dictionary.xml
973b04
index 694cbb5a4e..cccb3c5791 100644
973b04
--- a/rhel8/cpe/rhel8-cpe-dictionary.xml
973b04
+++ b/rhel8/cpe/rhel8-cpe-dictionary.xml
973b04
@@ -67,4 +67,8 @@
973b04
             
973b04
             <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_yum_package</check>
973b04
       </cpe-item>
973b04
+      <cpe-item name="cpe:/a:zipl">
973b04
+            <title xml:lang="en-us">System uses zipl</title>
973b04
+            <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_zipl_package</check>
973b04
+      </cpe-item>
973b04
 </cpe-list>
973b04
diff --git a/shared/checks/oval/installed_env_has_zipl_package.xml b/shared/checks/oval/installed_env_has_zipl_package.xml
973b04
new file mode 100644
973b04
index 0000000000..ab6545669d
973b04
--- /dev/null
973b04
+++ b/shared/checks/oval/installed_env_has_zipl_package.xml
973b04
@@ -0,0 +1,37 @@
973b04
+<def-group>
973b04
+  
973b04
+  id="installed_env_has_zipl_package" version="1">
973b04
+    <metadata>
973b04
+      <title>System uses zIPL</title>
973b04
+      <affected family="unix">
973b04
+        <platform>multi_platform_all</platform>
973b04
+      </affected>
973b04
+      <description>Checks if system uses zIPL bootloader.</description>
973b04
+      <reference ref_id="cpe:/a:zipl" source="CPE" />
973b04
+    </metadata>
973b04
+    <criteria>
973b04
+      <criterion comment="Package s390utils-base is installed" test_ref="test_env_has_zipl_installed" />
973b04
+    </criteria>
973b04
+  </definition>
973b04
+
973b04
+{{% if pkg_system == "rpm" %}}
973b04
+  
973b04
+  id="test_env_has_zipl_installed" version="1"
973b04
+  comment="system has package zipl installed">
973b04
+    <linux:object object_ref="obj_env_has_zipl_installed" />
973b04
+  </linux:rpminfo_test>
973b04
+  <linux:rpminfo_object id="obj_env_has_zipl_installed" version="1">
973b04
+    <linux:name>s390utils-base</linux:name>
973b04
+  </linux:rpminfo_object>
973b04
+{{% elif pkg_system == "dpkg" %}}
973b04
+  
973b04
+  id="test_env_has_zipl_installed" version="1"
973b04
+  comment="system has package zipl installed">
973b04
+    <linux:object object_ref="obj_env_has_zipl_installed" />
973b04
+  </linux:dpkginfo_test>
973b04
+  <linux:dpkginfo_object id="obj_env_has_zipl_installed" version="1">
973b04
+    <linux:name>s390utils-base</linux:name>
973b04
+  </linux:dpkginfo_object>
973b04
+{{% endif %}}
973b04
+
973b04
+</def-group>
973b04
diff --git a/ssg/constants.py b/ssg/constants.py
973b04
index fb20fe8107..f03aa87f09 100644
973b04
--- a/ssg/constants.py
973b04
+++ b/ssg/constants.py
973b04
@@ -506,6 +506,7 @@
973b04
     "sssd": "cpe:/a:sssd",
973b04
     "systemd": "cpe:/a:systemd",
973b04
     "yum": "cpe:/a:yum",
973b04
+    "zipl": "cpe:/a:zipl",
973b04
 }
973b04
 
973b04
 # _version_name_map = {
973b04
973b04
From c70bdc89bf193f2fdf59cb8c3f06672fc43a0505 Mon Sep 17 00:00:00 2001
973b04
From: Watson Sato <wsato@redhat.com>
973b04
Date: Tue, 23 Jun 2020 22:33:07 +0200
973b04
Subject: [PATCH 2/5] Set zipl and machine platforms for zipl content
973b04
973b04
Add zipl platform to bootloader-zipl and machine platform to all zipl
973b04
rules.
973b04
Final applicability of zipl rules is equivalent to "machine and zipl"
973b04
CPE platform.
973b04
---
973b04
 linux_os/guide/system/bootloader-zipl/group.yml                 | 2 +-
973b04
 .../guide/system/bootloader-zipl/zipl_audit_argument/rule.yml   | 2 ++
973b04
 .../bootloader-zipl/zipl_audit_backlog_limit_argument/rule.yml  | 2 ++
973b04
 .../guide/system/bootloader-zipl/zipl_enable_selinux/rule.yml   | 2 ++
973b04
 .../system/bootloader-zipl/zipl_page_poison_argument/rule.yml   | 2 ++
973b04
 .../guide/system/bootloader-zipl/zipl_pti_argument/rule.yml     | 2 ++
973b04
 .../system/bootloader-zipl/zipl_slub_debug_argument/rule.yml    | 2 ++
973b04
 .../system/bootloader-zipl/zipl_vsyscall_argument/rule.yml      | 2 ++
973b04
 8 files changed, 15 insertions(+), 1 deletion(-)
973b04
973b04
diff --git a/linux_os/guide/system/bootloader-zipl/group.yml b/linux_os/guide/system/bootloader-zipl/group.yml
973b04
index 36da84530c..64c6c8dffb 100644
973b04
--- a/linux_os/guide/system/bootloader-zipl/group.yml
973b04
+++ b/linux_os/guide/system/bootloader-zipl/group.yml
973b04
@@ -8,4 +8,4 @@ description: |-
973b04
     options to it.
973b04
     The default {{{ full_name }}} boot loader for s390x systems is called zIPL.
973b04
 
973b04
-platform: machine
973b04
+platform: zipl
973b04
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/rule.yml
973b04
index 16c0b3f89a..2d31ef8ee7 100644
973b04
--- a/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/rule.yml
973b04
+++ b/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/rule.yml
973b04
@@ -38,3 +38,5 @@ ocil: |-
973b04
   and <tt>/etc/zipl.conf</tt>:
973b04
   
find /boot/loader/entries/*.conf /etc/zipl.conf -newer /boot/bootmap
973b04
   No line should be returned, if a line is returned <tt>/boot/bootmap</tt> needs to be regenerated.
973b04
+
973b04
+platform: machine
973b04
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_audit_backlog_limit_argument/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_audit_backlog_limit_argument/rule.yml
973b04
index 47a532d50f..40db232257 100644
973b04
--- a/linux_os/guide/system/bootloader-zipl/zipl_audit_backlog_limit_argument/rule.yml
973b04
+++ b/linux_os/guide/system/bootloader-zipl/zipl_audit_backlog_limit_argument/rule.yml
973b04
@@ -39,3 +39,5 @@ ocil: |-
973b04
   and <tt>/etc/zipl.conf</tt>:
973b04
   
find /boot/loader/entries/*.conf /etc/zipl.conf -newer /boot/bootmap
973b04
   No line should be returned, if a line is returned <tt>/boot/bootmap</tt> needs to be regenerated.
973b04
+
973b04
+platform: machine
973b04
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_enable_selinux/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_enable_selinux/rule.yml
973b04
index 5aa91c16aa..8d28d5495f 100644
973b04
--- a/linux_os/guide/system/bootloader-zipl/zipl_enable_selinux/rule.yml
973b04
+++ b/linux_os/guide/system/bootloader-zipl/zipl_enable_selinux/rule.yml
973b04
@@ -35,3 +35,5 @@ ocil: |-
973b04
     and <tt>/etc/zipl.conf</tt>:
973b04
     
find /boot/loader/entries/*.conf /etc/zipl.conf -newer /boot/bootmap
973b04
     No line should be returned, if a line is returned <tt>/boot/bootmap</tt> needs to be regenerated.
973b04
+
973b04
+platform: machine
973b04
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_page_poison_argument/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_page_poison_argument/rule.yml
973b04
index 8546325752..0a8e9a41e2 100644
973b04
--- a/linux_os/guide/system/bootloader-zipl/zipl_page_poison_argument/rule.yml
973b04
+++ b/linux_os/guide/system/bootloader-zipl/zipl_page_poison_argument/rule.yml
973b04
@@ -39,3 +39,5 @@ ocil: |-
973b04
   and <tt>/etc/zipl.conf</tt>:
973b04
   
find /boot/loader/entries/*.conf /etc/zipl.conf -newer /boot/bootmap
973b04
   No line should be returned, if a line is returned <tt>/boot/bootmap</tt> needs to be regenerated.
973b04
+
973b04
+platform: machine
973b04
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_pti_argument/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_pti_argument/rule.yml
973b04
index eaef25ce40..20c1448cc8 100644
973b04
--- a/linux_os/guide/system/bootloader-zipl/zipl_pti_argument/rule.yml
973b04
+++ b/linux_os/guide/system/bootloader-zipl/zipl_pti_argument/rule.yml
973b04
@@ -38,3 +38,5 @@ ocil: |-
973b04
   and <tt>/etc/zipl.conf</tt>:
973b04
   
find /boot/loader/entries/*.conf /etc/zipl.conf -newer /boot/bootmap
973b04
   No line should be returned, if a line is returned <tt>/boot/bootmap</tt> needs to be regenerated.
973b04
+
973b04
+platform: machine
973b04
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_slub_debug_argument/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_slub_debug_argument/rule.yml
973b04
index 68e91a92d6..54ac688ea0 100644
973b04
--- a/linux_os/guide/system/bootloader-zipl/zipl_slub_debug_argument/rule.yml
973b04
+++ b/linux_os/guide/system/bootloader-zipl/zipl_slub_debug_argument/rule.yml
973b04
@@ -39,3 +39,5 @@ ocil: |-
973b04
   and <tt>/etc/zipl.conf</tt>:
973b04
   
find /boot/loader/entries/*.conf /etc/zipl.conf -newer /boot/bootmap
973b04
   No line should be returned, if a line is returned <tt>/boot/bootmap</tt> needs to be regenerated.
973b04
+
973b04
+platform: machine
973b04
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_vsyscall_argument/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_vsyscall_argument/rule.yml
973b04
index 9624b43349..c5979a2016 100644
973b04
--- a/linux_os/guide/system/bootloader-zipl/zipl_vsyscall_argument/rule.yml
973b04
+++ b/linux_os/guide/system/bootloader-zipl/zipl_vsyscall_argument/rule.yml
973b04
@@ -36,3 +36,5 @@ ocil: |-
973b04
   and <tt>/etc/zipl.conf</tt>:
973b04
   
find /boot/loader/entries/*.conf /etc/zipl.conf -newer /boot/bootmap
973b04
   No line should be returned, if a line is returned <tt>/boot/bootmap</tt> needs to be regenerated.
973b04
+
973b04
+platform: machine
973b04
973b04
From 02f961ecbe8bcafab72f544c2bc0f9141b9fa8fa Mon Sep 17 00:00:00 2001
973b04
From: Watson Sato <wsato@redhat.com>
973b04
Date: Tue, 23 Jun 2020 23:02:44 +0200
973b04
Subject: [PATCH 3/5] Add check for grub2 installed
973b04
973b04
Apply new CPE grub2 to bootloader-grub2 group.
973b04
---
973b04
 .../file_groupowner_efi_grub2_cfg/rule.yml    |  2 +
973b04
 .../file_groupowner_grub2_cfg/rule.yml        |  2 +
973b04
 .../file_owner_efi_grub2_cfg/rule.yml         |  2 +
973b04
 .../file_owner_grub2_cfg/rule.yml             |  2 +
973b04
 .../guide/system/bootloader-grub2/group.yml   |  2 +-
973b04
 .../grub2_admin_username/rule.yml             |  2 +
973b04
 .../grub2_enable_iommu_force/rule.yml         |  2 +
973b04
 .../grub2_no_removeable_media/rule.yml        |  2 +
973b04
 .../bootloader-grub2/grub2_password/rule.yml  |  2 +
973b04
 .../grub2_uefi_admin_username/rule.yml        |  2 +
973b04
 .../grub2_uefi_password/rule.yml              |  2 +
973b04
 .../uefi_no_removeable_media/rule.yml         |  2 +
973b04
 .../oval/installed_env_has_grub2_package.xml  | 37 +++++++++++++++++++
973b04
 ssg/constants.py                              |  1 +
973b04
 14 files changed, 61 insertions(+), 1 deletion(-)
973b04
 create mode 100644 shared/checks/oval/installed_env_has_grub2_package.xml
973b04
973b04
diff --git a/linux_os/guide/system/bootloader-grub2/file_groupowner_efi_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/file_groupowner_efi_grub2_cfg/rule.yml
973b04
index b5b583bd28..a6ac6f7b6b 100644
973b04
--- a/linux_os/guide/system/bootloader-grub2/file_groupowner_efi_grub2_cfg/rule.yml
973b04
+++ b/linux_os/guide/system/bootloader-grub2/file_groupowner_efi_grub2_cfg/rule.yml
973b04
@@ -51,6 +51,8 @@ ocil: |-
973b04
     {{{ ocil_file_group_owner(file="/boot/efi/EFI/redhat/grub.cfg", group="root") }}}
973b04
 {{%- endif %}}
973b04
 
973b04
+platform: machine
973b04
+
973b04
 template:
973b04
     name: file_groupowner
973b04
     vars:
973b04
diff --git a/linux_os/guide/system/bootloader-grub2/file_groupowner_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/file_groupowner_grub2_cfg/rule.yml
973b04
index 9d89ff5755..93dbf5222d 100644
973b04
--- a/linux_os/guide/system/bootloader-grub2/file_groupowner_grub2_cfg/rule.yml
973b04
+++ b/linux_os/guide/system/bootloader-grub2/file_groupowner_grub2_cfg/rule.yml
973b04
@@ -39,6 +39,8 @@ ocil_clause: '{{{ ocil_clause_file_group_owner(file="/boot/grub2/grub.cfg", grou
973b04
 
973b04
 ocil: '{{{ ocil_file_group_owner(file="/boot/grub2/grub.cfg", group="root") }}}'
973b04
 
973b04
+platform: machine
973b04
+
973b04
 template:
973b04
     name: file_groupowner
973b04
     vars:
973b04
diff --git a/linux_os/guide/system/bootloader-grub2/file_owner_efi_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/file_owner_efi_grub2_cfg/rule.yml
973b04
index ed17987478..e2c118cf0a 100644
973b04
--- a/linux_os/guide/system/bootloader-grub2/file_owner_efi_grub2_cfg/rule.yml
973b04
+++ b/linux_os/guide/system/bootloader-grub2/file_owner_efi_grub2_cfg/rule.yml
973b04
@@ -49,6 +49,8 @@ ocil: |-
973b04
     {{{ ocil_file_owner(file="/boot/efi/EFI/redhat/grub.cfg", owner="root") }}}
973b04
 {{%- endif %}}
973b04
 
973b04
+platform: machine
973b04
+
973b04
 template:
973b04
     name: file_owner
973b04
     vars:
973b04
diff --git a/linux_os/guide/system/bootloader-grub2/file_owner_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/file_owner_grub2_cfg/rule.yml
973b04
index 9ce4c3d60b..5086553921 100644
973b04
--- a/linux_os/guide/system/bootloader-grub2/file_owner_grub2_cfg/rule.yml
973b04
+++ b/linux_os/guide/system/bootloader-grub2/file_owner_grub2_cfg/rule.yml
973b04
@@ -37,6 +37,8 @@ ocil_clause: '{{{ ocil_clause_file_owner(file="/boot/grub2/grub.cfg", owner="roo
973b04
 
973b04
 ocil: '{{{ ocil_file_owner(file="/boot/grub2/grub.cfg", owner="root") }}}'
973b04
 
973b04
+platform: machine
973b04
+
973b04
 template:
973b04
     name: file_owner
973b04
     vars:
973b04
diff --git a/linux_os/guide/system/bootloader-grub2/group.yml b/linux_os/guide/system/bootloader-grub2/group.yml
973b04
index 69489bc0c2..4ffb40c0e8 100644
973b04
--- a/linux_os/guide/system/bootloader-grub2/group.yml
973b04
+++ b/linux_os/guide/system/bootloader-grub2/group.yml
973b04
@@ -15,4 +15,4 @@ description: |-
973b04
     with a password and ensure its configuration file's permissions
973b04
     are set properly.
973b04
 
973b04
-platform: machine
973b04
+platform: grub2
973b04
diff --git a/linux_os/guide/system/bootloader-grub2/grub2_admin_username/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_admin_username/rule.yml
973b04
index 63a6a7a83c..15db01a75f 100644
973b04
--- a/linux_os/guide/system/bootloader-grub2/grub2_admin_username/rule.yml
973b04
+++ b/linux_os/guide/system/bootloader-grub2/grub2_admin_username/rule.yml
973b04
@@ -68,3 +68,5 @@ warnings:
973b04
 
973b04
         Also, do NOT manually add the superuser account and password to the
973b04
         <tt>grub.cfg</tt> file as the grub2-mkconfig command overwrites this file.
973b04
+
973b04
+platform: machine
973b04
diff --git a/linux_os/guide/system/bootloader-grub2/grub2_enable_iommu_force/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_enable_iommu_force/rule.yml
973b04
index baade9c13e..d4f455e66a 100644
973b04
--- a/linux_os/guide/system/bootloader-grub2/grub2_enable_iommu_force/rule.yml
973b04
+++ b/linux_os/guide/system/bootloader-grub2/grub2_enable_iommu_force/rule.yml
973b04
@@ -17,3 +17,5 @@ identifiers:
973b04
 
973b04
 references:
973b04
     anssi: NT28(R11)
973b04
+
973b04
+platform: machine
973b04
diff --git a/linux_os/guide/system/bootloader-grub2/grub2_no_removeable_media/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_no_removeable_media/rule.yml
973b04
index 113726d34f..c8956c2f34 100644
973b04
--- a/linux_os/guide/system/bootloader-grub2/grub2_no_removeable_media/rule.yml
973b04
+++ b/linux_os/guide/system/bootloader-grub2/grub2_no_removeable_media/rule.yml
973b04
@@ -37,3 +37,5 @@ ocil: |-
973b04
     <tt>usb0</tt>, <tt>cd</tt>, <tt>fd0</tt>, etc. are some examples of removeable
973b04
     media which should not exist in the line:
973b04
     
set root='hd0,msdos1'
973b04
+
973b04
+platform: machine
973b04
diff --git a/linux_os/guide/system/bootloader-grub2/grub2_password/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_password/rule.yml
973b04
index 985b8727d7..b6e9774608 100644
973b04
--- a/linux_os/guide/system/bootloader-grub2/grub2_password/rule.yml
973b04
+++ b/linux_os/guide/system/bootloader-grub2/grub2_password/rule.yml
973b04
@@ -72,3 +72,5 @@ warnings:
973b04
 
973b04
         Also, do NOT manually add the superuser account and password to the
973b04
         <tt>grub.cfg</tt> file as the grub2-mkconfig command overwrites this file.
973b04
+
973b04
+platform: machine
973b04
diff --git a/linux_os/guide/system/bootloader-grub2/grub2_uefi_admin_username/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_uefi_admin_username/rule.yml
973b04
index 1926837db7..5abd86b9d9 100644
973b04
--- a/linux_os/guide/system/bootloader-grub2/grub2_uefi_admin_username/rule.yml
973b04
+++ b/linux_os/guide/system/bootloader-grub2/grub2_uefi_admin_username/rule.yml
973b04
@@ -75,3 +75,5 @@ warnings:
973b04
 
973b04
         Also, do NOT manually add the superuser account and password to the
973b04
         <tt>grub.cfg</tt> file as the grub2-mkconfig command overwrites this file.
973b04
+
973b04
+platform: machine
973b04
diff --git a/linux_os/guide/system/bootloader-grub2/grub2_uefi_password/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_uefi_password/rule.yml
973b04
index 3ce5a2df13..3114d2d27c 100644
973b04
--- a/linux_os/guide/system/bootloader-grub2/grub2_uefi_password/rule.yml
973b04
+++ b/linux_os/guide/system/bootloader-grub2/grub2_uefi_password/rule.yml
973b04
@@ -73,3 +73,5 @@ warnings:
973b04
 
973b04
         Also, do NOT manually add the superuser account and password to the
973b04
         <tt>grub.cfg</tt> file as the grub2-mkconfig command overwrites this file.
973b04
+
973b04
+platform: machine
973b04
diff --git a/linux_os/guide/system/bootloader-grub2/uefi_no_removeable_media/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi_no_removeable_media/rule.yml
973b04
index c94185f3f4..5de05c057a 100644
973b04
--- a/linux_os/guide/system/bootloader-grub2/uefi_no_removeable_media/rule.yml
973b04
+++ b/linux_os/guide/system/bootloader-grub2/uefi_no_removeable_media/rule.yml
973b04
@@ -35,3 +35,5 @@ ocil: |-
973b04
     <tt>usb0</tt>, <tt>cd</tt>, <tt>fd0</tt>, etc. are some examples of removeable
973b04
     media which should not exist in the line:
973b04
     
set root='hd0,msdos1'
973b04
+
973b04
+platform: machine
973b04
diff --git a/shared/checks/oval/installed_env_has_grub2_package.xml b/shared/checks/oval/installed_env_has_grub2_package.xml
973b04
new file mode 100644
973b04
index 0000000000..e83f45bc3b
973b04
--- /dev/null
973b04
+++ b/shared/checks/oval/installed_env_has_grub2_package.xml
973b04
@@ -0,0 +1,37 @@
973b04
+<def-group>
973b04
+  
973b04
+  id="installed_env_has_grub2_package" version="1">
973b04
+    <metadata>
973b04
+      <title>Package grub2 is installed</title>
973b04
+      <affected family="unix">
973b04
+        <platform>multi_platform_all</platform>
973b04
+      </affected>
973b04
+      <description>Checks if package grub2-pc is installed.</description>
973b04
+      <reference ref_id="cpe:/a:grub2" source="CPE" />
973b04
+    </metadata>
973b04
+    <criteria>
973b04
+      <criterion comment="Package grub2-pc is installed" test_ref="test_env_has_grub2_installed" />
973b04
+    </criteria>
973b04
+  </definition>
973b04
+
973b04
+{{% if pkg_system == "rpm" %}}
973b04
+  
973b04
+  id="test_env_has_grub2_installed" version="1"
973b04
+  comment="system has package grub2-pc installed">
973b04
+    <linux:object object_ref="obj_env_has_grub2_installed" />
973b04
+  </linux:rpminfo_test>
973b04
+  <linux:rpminfo_object id="obj_env_has_grub2_installed" version="1">
973b04
+    <linux:name>grub2-pc</linux:name>
973b04
+  </linux:rpminfo_object>
973b04
+{{% elif pkg_system == "dpkg" %}}
973b04
+  
973b04
+  id="test_env_has_grub2_installed" version="1"
973b04
+  comment="system has package grub2-pc installed">
973b04
+    <linux:object object_ref="obj_env_has_grub2_installed" />
973b04
+  </linux:dpkginfo_test>
973b04
+  <linux:dpkginfo_object id="obj_env_has_grub2_installed" version="1">
973b04
+    <linux:name>grub2-pc</linux:name>
973b04
+  </linux:dpkginfo_object>
973b04
+{{% endif %}}
973b04
+
973b04
+</def-group>
973b04
diff --git a/ssg/constants.py b/ssg/constants.py
973b04
index f03aa87f09..318763b219 100644
973b04
--- a/ssg/constants.py
973b04
+++ b/ssg/constants.py
973b04
@@ -498,6 +498,7 @@
973b04
     "container": "cpe:/a:container",
973b04
     "chrony": "cpe:/a:chrony",
973b04
     "gdm": "cpe:/a:gdm",
973b04
+    "grub2": "cpe:/a:grub2",
973b04
     "libuser": "cpe:/a:libuser",
973b04
     "nss-pam-ldapd": "cpe:/a:nss-pam-ldapd",
973b04
     "ntp": "cpe:/a:ntp",
973b04
973b04
From 8bb44ebe9c32b7916a7291b1fa5735b381494cfb Mon Sep 17 00:00:00 2001
973b04
From: Watson Sato <wsato@redhat.com>
973b04
Date: Thu, 2 Jul 2020 16:58:14 +0200
973b04
Subject: [PATCH 4/5] Move grub2_disable_interactive_boot to grub2 platform
973b04
973b04
It should have both platforms machine and grub2.
973b04
But as the parent group is very broad, I cannot put parent group as
973b04
machine.
973b04
973b04
As a side effect this change makes this rules applicable in containers.
973b04
---
973b04
 .../accounts-physical/grub2_disable_interactive_boot/rule.yml   | 2 +-
973b04
 1 file changed, 1 insertion(+), 1 deletion(-)
973b04
973b04
diff --git a/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/rule.yml b/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/rule.yml
973b04
index 3080470aa8..44ea1aa49a 100644
973b04
--- a/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/rule.yml
973b04
+++ b/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/rule.yml
973b04
@@ -48,4 +48,4 @@ ocil: |-
973b04
     Presence of a <tt>systemd.confirm_spawn=(1|yes|true|on)</tt> indicates
973b04
     that interactive boot is enabled at boot time.
973b04
 
973b04
-platform: machine
973b04
+platform: grub2
973b04
973b04
From 17ba5bc9ecc955911b7a3ab30bcd221283472b3f Mon Sep 17 00:00:00 2001
973b04
From: Watson Sato <wsato@redhat.com>
973b04
Date: Tue, 23 Jun 2020 23:20:18 +0200
973b04
Subject: [PATCH 5/5] Update CPE Dictionaries
973b04
973b04
Again, whenever a package CPE is added, all CPE dictionaries need to be
973b04
updated.
973b04
Because the project doesn't share CPEs among the products.
973b04
---
973b04
 debian10/cpe/debian10-cpe-dictionary.xml       | 5 +++++
973b04
 debian8/cpe/debian8-cpe-dictionary.xml         | 5 +++++
973b04
 debian9/cpe/debian9-cpe-dictionary.xml         | 5 +++++
973b04
 fedora/cpe/fedora-cpe-dictionary.xml           | 5 +++++
973b04
 ol7/cpe/ol7-cpe-dictionary.xml                 | 5 +++++
973b04
 ol8/cpe/ol8-cpe-dictionary.xml                 | 5 +++++
973b04
 opensuse/cpe/opensuse-cpe-dictionary.xml       | 5 +++++
973b04
 rhel7/cpe/rhel7-cpe-dictionary.xml             | 5 +++++
973b04
 rhel8/cpe/rhel8-cpe-dictionary.xml             | 5 +++++
973b04
 rhv4/cpe/rhv4-cpe-dictionary.xml               | 5 +++++
973b04
 sle11/cpe/sle11-cpe-dictionary.xml             | 5 +++++
973b04
 sle12/cpe/sle12-cpe-dictionary.xml             | 5 +++++
973b04
 sle15/cpe/sle15-cpe-dictionary.xml             | 5 +++++
973b04
 ubuntu1404/cpe/ubuntu1404-cpe-dictionary.xml   | 5 +++++
973b04
 ubuntu1604/cpe/ubuntu1604-cpe-dictionary.xml   | 5 +++++
973b04
 ubuntu1804/cpe/ubuntu1804-cpe-dictionary.xml   | 5 +++++
973b04
 wrlinux1019/cpe/wrlinux1019-cpe-dictionary.xml | 5 +++++
973b04
 wrlinux8/cpe/wrlinux8-cpe-dictionary.xml       | 5 +++++
973b04
 18 files changed, 90 insertions(+)
973b04
973b04
diff --git a/debian10/cpe/debian10-cpe-dictionary.xml b/debian10/cpe/debian10-cpe-dictionary.xml
973b04
index 5cc27ceb79..f2dbd09cfc 100644
973b04
--- a/debian10/cpe/debian10-cpe-dictionary.xml
973b04
+++ b/debian10/cpe/debian10-cpe-dictionary.xml
973b04
@@ -27,6 +27,11 @@
973b04
             
973b04
             <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_gdm_package</check>
973b04
       </cpe-item>
973b04
+      <cpe-item name="cpe:/a:grub2">
973b04
+            <title xml:lang="en-us">Package grub2 is installed</title>
973b04
+            
973b04
+            <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_grub2_package</check>
973b04
+      </cpe-item>
973b04
       <cpe-item name="cpe:/a:libuser">
973b04
             <title xml:lang="en-us">Package libuser is installed</title>
973b04
             
973b04
diff --git a/debian8/cpe/debian8-cpe-dictionary.xml b/debian8/cpe/debian8-cpe-dictionary.xml
973b04
index 38d490138a..f385709052 100644
973b04
--- a/debian8/cpe/debian8-cpe-dictionary.xml
973b04
+++ b/debian8/cpe/debian8-cpe-dictionary.xml
973b04
@@ -27,6 +27,11 @@
973b04
             
973b04
             <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_gdm_package</check>
973b04
       </cpe-item>
973b04
+      <cpe-item name="cpe:/a:grub2">
973b04
+            <title xml:lang="en-us">Package grub2 is installed</title>
973b04
+            
973b04
+            <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_grub2_package</check>
973b04
+      </cpe-item>
973b04
       <cpe-item name="cpe:/a:libuser">
973b04
             <title xml:lang="en-us">Package libuser is installed</title>
973b04
             
973b04
diff --git a/debian9/cpe/debian9-cpe-dictionary.xml b/debian9/cpe/debian9-cpe-dictionary.xml
973b04
index f01770b044..bc90a12bae 100644
973b04
--- a/debian9/cpe/debian9-cpe-dictionary.xml
973b04
+++ b/debian9/cpe/debian9-cpe-dictionary.xml
973b04
@@ -27,6 +27,11 @@
973b04
             
973b04
             <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_gdm_package</check>
973b04
       </cpe-item>
973b04
+      <cpe-item name="cpe:/a:grub2">
973b04
+            <title xml:lang="en-us">Package grub2 is installed</title>
973b04
+            
973b04
+            <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_grub2_package</check>
973b04
+      </cpe-item>
973b04
       <cpe-item name="cpe:/a:libuser">
973b04
             <title xml:lang="en-us">Package libuser is installed</title>
973b04
             
973b04
diff --git a/fedora/cpe/fedora-cpe-dictionary.xml b/fedora/cpe/fedora-cpe-dictionary.xml
973b04
index 2964e320c2..ff7cebc322 100644
973b04
--- a/fedora/cpe/fedora-cpe-dictionary.xml
973b04
+++ b/fedora/cpe/fedora-cpe-dictionary.xml
973b04
@@ -62,6 +62,11 @@
973b04
             
973b04
             <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_gdm_package</check>
973b04
       </cpe-item>
973b04
+      <cpe-item name="cpe:/a:grub2">
973b04
+            <title xml:lang="en-us">Package grub2 is installed</title>
973b04
+            
973b04
+            <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_grub2_package</check>
973b04
+      </cpe-item>
973b04
       <cpe-item name="cpe:/a:libuser">
973b04
             <title xml:lang="en-us">Package libuser is installed</title>
973b04
             
973b04
diff --git a/ol7/cpe/ol7-cpe-dictionary.xml b/ol7/cpe/ol7-cpe-dictionary.xml
973b04
index c153272121..613f853a6d 100644
973b04
--- a/ol7/cpe/ol7-cpe-dictionary.xml
973b04
+++ b/ol7/cpe/ol7-cpe-dictionary.xml
973b04
@@ -27,6 +27,11 @@
973b04
             
973b04
             <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_gdm_package</check>
973b04
       </cpe-item>
973b04
+      <cpe-item name="cpe:/a:grub2">
973b04
+            <title xml:lang="en-us">Package grub2 is installed</title>
973b04
+            
973b04
+            <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_grub2_package</check>
973b04
+      </cpe-item>
973b04
       <cpe-item name="cpe:/a:libuser">
973b04
             <title xml:lang="en-us">Package libuser is installed</title>
973b04
             
973b04
diff --git a/ol8/cpe/ol8-cpe-dictionary.xml b/ol8/cpe/ol8-cpe-dictionary.xml
973b04
index 3fd74e53ca..912fe01346 100644
973b04
--- a/ol8/cpe/ol8-cpe-dictionary.xml
973b04
+++ b/ol8/cpe/ol8-cpe-dictionary.xml
973b04
@@ -27,6 +27,11 @@
973b04
             
973b04
             <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_gdm_package</check>
973b04
       </cpe-item>
973b04
+      <cpe-item name="cpe:/a:grub2">
973b04
+            <title xml:lang="en-us">Package grub2 is installed</title>
973b04
+            
973b04
+            <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_grub2_package</check>
973b04
+      </cpe-item>
973b04
       <cpe-item name="cpe:/a:libuser">
973b04
             <title xml:lang="en-us">Package libuser is installed</title>
973b04
             
973b04
diff --git a/opensuse/cpe/opensuse-cpe-dictionary.xml b/opensuse/cpe/opensuse-cpe-dictionary.xml
973b04
index 1ab4e85ea8..7f485b800e 100644
973b04
--- a/opensuse/cpe/opensuse-cpe-dictionary.xml
973b04
+++ b/opensuse/cpe/opensuse-cpe-dictionary.xml
973b04
@@ -42,6 +42,11 @@
973b04
             
973b04
             <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_gdm_package</check>
973b04
       </cpe-item>
973b04
+      <cpe-item name="cpe:/a:grub2">
973b04
+            <title xml:lang="en-us">Package grub2 is installed</title>
973b04
+            
973b04
+            <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_grub2_package</check>
973b04
+      </cpe-item>
973b04
       <cpe-item name="cpe:/a:libuser">
973b04
             <title xml:lang="en-us">Package libuser is installed</title>
973b04
             
973b04
diff --git a/rhel7/cpe/rhel7-cpe-dictionary.xml b/rhel7/cpe/rhel7-cpe-dictionary.xml
973b04
index a5214e36f0..f232b7ed29 100644
973b04
--- a/rhel7/cpe/rhel7-cpe-dictionary.xml
973b04
+++ b/rhel7/cpe/rhel7-cpe-dictionary.xml
973b04
@@ -57,6 +57,11 @@
973b04
             
973b04
             <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_gdm_package</check>
973b04
       </cpe-item>
973b04
+      <cpe-item name="cpe:/a:grub2">
973b04
+            <title xml:lang="en-us">Package grub2 is installed</title>
973b04
+            
973b04
+            <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_grub2_package</check>
973b04
+      </cpe-item>
973b04
       <cpe-item name="cpe:/a:libuser">
973b04
             <title xml:lang="en-us">Package libuser is installed</title>
973b04
             
973b04
diff --git a/rhel8/cpe/rhel8-cpe-dictionary.xml b/rhel8/cpe/rhel8-cpe-dictionary.xml
973b04
index cccb3c5791..eab827291f 100644
973b04
--- a/rhel8/cpe/rhel8-cpe-dictionary.xml
973b04
+++ b/rhel8/cpe/rhel8-cpe-dictionary.xml
973b04
@@ -32,6 +32,11 @@
973b04
             
973b04
             <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_gdm_package</check>
973b04
       </cpe-item>
973b04
+      <cpe-item name="cpe:/a:grub2">
973b04
+            <title xml:lang="en-us">Package grub2 is installed</title>
973b04
+            
973b04
+            <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_grub2_package</check>
973b04
+      </cpe-item>
973b04
       <cpe-item name="cpe:/a:libuser">
973b04
             <title xml:lang="en-us">Package libuser is installed</title>
973b04
             
973b04
diff --git a/rhv4/cpe/rhv4-cpe-dictionary.xml b/rhv4/cpe/rhv4-cpe-dictionary.xml
973b04
index ce9b06dcae..db1b4b239b 100644
973b04
--- a/rhv4/cpe/rhv4-cpe-dictionary.xml
973b04
+++ b/rhv4/cpe/rhv4-cpe-dictionary.xml
973b04
@@ -32,6 +32,11 @@
973b04
             
973b04
             <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_gdm_package</check>
973b04
       </cpe-item>
973b04
+      <cpe-item name="cpe:/a:grub2">
973b04
+            <title xml:lang="en-us">Package grub2 is installed</title>
973b04
+            
973b04
+            <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_grub2_package</check>
973b04
+      </cpe-item>
973b04
       <cpe-item name="cpe:/a:libuser">
973b04
             <title xml:lang="en-us">Package libuser is installed</title>
973b04
             
973b04
diff --git a/sle11/cpe/sle11-cpe-dictionary.xml b/sle11/cpe/sle11-cpe-dictionary.xml
973b04
index c732ecb48a..1b6b3e2518 100644
973b04
--- a/sle11/cpe/sle11-cpe-dictionary.xml
973b04
+++ b/sle11/cpe/sle11-cpe-dictionary.xml
973b04
@@ -32,6 +32,11 @@
973b04
             
973b04
             <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_gdm_package</check>
973b04
       </cpe-item>
973b04
+      <cpe-item name="cpe:/a:grub2">
973b04
+            <title xml:lang="en-us">Package grub2 is installed</title>
973b04
+            
973b04
+            <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_grub2_package</check>
973b04
+      </cpe-item>
973b04
       <cpe-item name="cpe:/a:libuser">
973b04
             <title xml:lang="en-us">Package libuser is installed</title>
973b04
             
973b04
diff --git a/sle12/cpe/sle12-cpe-dictionary.xml b/sle12/cpe/sle12-cpe-dictionary.xml
973b04
index 79daa31412..b1b66e1294 100644
973b04
--- a/sle12/cpe/sle12-cpe-dictionary.xml
973b04
+++ b/sle12/cpe/sle12-cpe-dictionary.xml
973b04
@@ -32,6 +32,11 @@
973b04
             
973b04
             <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_gdm_package</check>
973b04
       </cpe-item>
973b04
+      <cpe-item name="cpe:/a:grub2">
973b04
+            <title xml:lang="en-us">Package grub2 is installed</title>
973b04
+            
973b04
+            <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_grub2_package</check>
973b04
+      </cpe-item>
973b04
       <cpe-item name="cpe:/a:libuser">
973b04
             <title xml:lang="en-us">Package libuser is installed</title>
973b04
             
973b04
diff --git a/sle15/cpe/sle15-cpe-dictionary.xml b/sle15/cpe/sle15-cpe-dictionary.xml
973b04
index 91d3d78b19..0ee5a1b817 100644
973b04
--- a/sle15/cpe/sle15-cpe-dictionary.xml
973b04
+++ b/sle15/cpe/sle15-cpe-dictionary.xml
973b04
@@ -32,6 +32,11 @@
973b04
             
973b04
             <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_gdm_package</check>
973b04
       </cpe-item>
973b04
+      <cpe-item name="cpe:/a:grub2">
973b04
+            <title xml:lang="en-us">Package grub2 is installed</title>
973b04
+            
973b04
+            <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_grub2_package</check>
973b04
+      </cpe-item>
973b04
       <cpe-item name="cpe:/a:libuser">
973b04
             <title xml:lang="en-us">Package libuser is installed</title>
973b04
             
973b04
diff --git a/ubuntu1404/cpe/ubuntu1404-cpe-dictionary.xml b/ubuntu1404/cpe/ubuntu1404-cpe-dictionary.xml
973b04
index df5abff723..7f3ce4271b 100644
973b04
--- a/ubuntu1404/cpe/ubuntu1404-cpe-dictionary.xml
973b04
+++ b/ubuntu1404/cpe/ubuntu1404-cpe-dictionary.xml
973b04
@@ -27,6 +27,11 @@
973b04
             
973b04
             <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_gdm_package</check>
973b04
       </cpe-item>
973b04
+      <cpe-item name="cpe:/a:grub2">
973b04
+            <title xml:lang="en-us">Package grub2 is installed</title>
973b04
+            
973b04
+            <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_grub2_package</check>
973b04
+      </cpe-item>
973b04
       <cpe-item name="cpe:/a:libuser">
973b04
             <title xml:lang="en-us">Package libuser is installed</title>
973b04
             
973b04
diff --git a/ubuntu1604/cpe/ubuntu1604-cpe-dictionary.xml b/ubuntu1604/cpe/ubuntu1604-cpe-dictionary.xml
973b04
index 6269344376..83f0c8c516 100644
973b04
--- a/ubuntu1604/cpe/ubuntu1604-cpe-dictionary.xml
973b04
+++ b/ubuntu1604/cpe/ubuntu1604-cpe-dictionary.xml
973b04
@@ -27,6 +27,11 @@
973b04
             
973b04
             <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_gdm_package</check>
973b04
       </cpe-item>
973b04
+      <cpe-item name="cpe:/a:grub2">
973b04
+            <title xml:lang="en-us">Package grub2 is installed</title>
973b04
+            
973b04
+            <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_grub2_package</check>
973b04
+      </cpe-item>
973b04
       <cpe-item name="cpe:/a:libuser">
973b04
             <title xml:lang="en-us">Package libuser is installed</title>
973b04
             
973b04
diff --git a/ubuntu1804/cpe/ubuntu1804-cpe-dictionary.xml b/ubuntu1804/cpe/ubuntu1804-cpe-dictionary.xml
973b04
index ccb285768e..77b78d74ec 100644
973b04
--- a/ubuntu1804/cpe/ubuntu1804-cpe-dictionary.xml
973b04
+++ b/ubuntu1804/cpe/ubuntu1804-cpe-dictionary.xml
973b04
@@ -27,6 +27,11 @@
973b04
             
973b04
             <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_gdm_package</check>
973b04
       </cpe-item>
973b04
+      <cpe-item name="cpe:/a:grub2">
973b04
+            <title xml:lang="en-us">Package grub2 is installed</title>
973b04
+            
973b04
+            <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_grub2_package</check>
973b04
+      </cpe-item>
973b04
       <cpe-item name="cpe:/a:libuser">
973b04
             <title xml:lang="en-us">Package libuser is installed</title>
973b04
             
973b04
diff --git a/wrlinux1019/cpe/wrlinux1019-cpe-dictionary.xml b/wrlinux1019/cpe/wrlinux1019-cpe-dictionary.xml
973b04
index 73e419c9ab..cc4e806a4d 100644
973b04
--- a/wrlinux1019/cpe/wrlinux1019-cpe-dictionary.xml
973b04
+++ b/wrlinux1019/cpe/wrlinux1019-cpe-dictionary.xml
973b04
@@ -26,6 +26,11 @@
973b04
             
973b04
             <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_gdm_package</check>
973b04
       </cpe-item>
973b04
+      <cpe-item name="cpe:/a:grub2">
973b04
+            <title xml:lang="en-us">Package grub2 is installed</title>
973b04
+            
973b04
+            <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_grub2_package</check>
973b04
+      </cpe-item>
973b04
       <cpe-item name="cpe:/a:libuser">
973b04
             <title xml:lang="en-us">Package libuser is installed</title>
973b04
             
973b04
diff --git a/wrlinux8/cpe/wrlinux8-cpe-dictionary.xml b/wrlinux8/cpe/wrlinux8-cpe-dictionary.xml
973b04
index 8449ea1416..824c575a6a 100644
973b04
--- a/wrlinux8/cpe/wrlinux8-cpe-dictionary.xml
973b04
+++ b/wrlinux8/cpe/wrlinux8-cpe-dictionary.xml
973b04
@@ -26,6 +26,11 @@
973b04
             
973b04
             <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_gdm_package</check>
973b04
       </cpe-item>
973b04
+      <cpe-item name="cpe:/a:grub2">
973b04
+            <title xml:lang="en-us">Package grub2 is installed</title>
973b04
+            
973b04
+            <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_grub2_package</check>
973b04
+      </cpe-item>
973b04
       <cpe-item name="cpe:/a:libuser">
973b04
             <title xml:lang="en-us">Package libuser is installed</title>
973b04