From 3aae2f86f3d75b8bd931922152b9a6175ed18a6b Mon Sep 17 00:00:00 2001
From: Watson Sato <wsato@redhat.com>
Date: Tue, 23 Jun 2020 22:27:47 +0200
Subject: [PATCH 1/5] Add check for zipl installed
Based and valid in RHEL, where zipl is part of s390utils-base.
---
rhel8/cpe/rhel8-cpe-dictionary.xml | 4 ++
.../oval/installed_env_has_zipl_package.xml | 37 +++++++++++++++++++
ssg/constants.py | 1 +
3 files changed, 42 insertions(+)
create mode 100644 shared/checks/oval/installed_env_has_zipl_package.xml
diff --git a/rhel8/cpe/rhel8-cpe-dictionary.xml b/rhel8/cpe/rhel8-cpe-dictionary.xml
index 694cbb5a4e..cccb3c5791 100644
--- a/rhel8/cpe/rhel8-cpe-dictionary.xml
+++ b/rhel8/cpe/rhel8-cpe-dictionary.xml
@@ -67,4 +67,8 @@
<!-- the check references an OVAL file that contains an inventory definition -->
<check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_yum_package</check>
</cpe-item>
+ <cpe-item name="cpe:/a:zipl">
+ <title xml:lang="en-us">System uses zipl</title>
+ <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_zipl_package</check>
+ </cpe-item>
</cpe-list>
diff --git a/shared/checks/oval/installed_env_has_zipl_package.xml b/shared/checks/oval/installed_env_has_zipl_package.xml
new file mode 100644
index 0000000000..ab6545669d
--- /dev/null
+++ b/shared/checks/oval/installed_env_has_zipl_package.xml
@@ -0,0 +1,37 @@
+<def-group>
+ <definition class="inventory"
+ id="installed_env_has_zipl_package" version="1">
+ <metadata>
+ <title>System uses zIPL</title>
+ <affected family="unix">
+ <platform>multi_platform_all</platform>
+ </affected>
+ <description>Checks if system uses zIPL bootloader.</description>
+ <reference ref_id="cpe:/a:zipl" source="CPE" />
+ </metadata>
+ <criteria>
+ <criterion comment="Package s390utils-base is installed" test_ref="test_env_has_zipl_installed" />
+ </criteria>
+ </definition>
+
+{{% if pkg_system == "rpm" %}}
+ <linux:rpminfo_test check="all" check_existence="at_least_one_exists"
+ id="test_env_has_zipl_installed" version="1"
+ comment="system has package zipl installed">
+ <linux:object object_ref="obj_env_has_zipl_installed" />
+ </linux:rpminfo_test>
+ <linux:rpminfo_object id="obj_env_has_zipl_installed" version="1">
+ <linux:name>s390utils-base</linux:name>
+ </linux:rpminfo_object>
+{{% elif pkg_system == "dpkg" %}}
+ <linux:dpkginfo_test check="all" check_existence="all_exist"
+ id="test_env_has_zipl_installed" version="1"
+ comment="system has package zipl installed">
+ <linux:object object_ref="obj_env_has_zipl_installed" />
+ </linux:dpkginfo_test>
+ <linux:dpkginfo_object id="obj_env_has_zipl_installed" version="1">
+ <linux:name>s390utils-base</linux:name>
+ </linux:dpkginfo_object>
+{{% endif %}}
+
+</def-group>
diff --git a/ssg/constants.py b/ssg/constants.py
index fb20fe8107..f03aa87f09 100644
--- a/ssg/constants.py
+++ b/ssg/constants.py
@@ -506,6 +506,7 @@
"sssd": "cpe:/a:sssd",
"systemd": "cpe:/a:systemd",
"yum": "cpe:/a:yum",
+ "zipl": "cpe:/a:zipl",
}
# _version_name_map = {
From c70bdc89bf193f2fdf59cb8c3f06672fc43a0505 Mon Sep 17 00:00:00 2001
From: Watson Sato <wsato@redhat.com>
Date: Tue, 23 Jun 2020 22:33:07 +0200
Subject: [PATCH 2/5] Set zipl and machine platforms for zipl content
Add zipl platform to bootloader-zipl and machine platform to all zipl
rules.
Final applicability of zipl rules is equivalent to "machine and zipl"
CPE platform.
---
linux_os/guide/system/bootloader-zipl/group.yml | 2 +-
.../guide/system/bootloader-zipl/zipl_audit_argument/rule.yml | 2 ++
.../bootloader-zipl/zipl_audit_backlog_limit_argument/rule.yml | 2 ++
.../guide/system/bootloader-zipl/zipl_enable_selinux/rule.yml | 2 ++
.../system/bootloader-zipl/zipl_page_poison_argument/rule.yml | 2 ++
.../guide/system/bootloader-zipl/zipl_pti_argument/rule.yml | 2 ++
.../system/bootloader-zipl/zipl_slub_debug_argument/rule.yml | 2 ++
.../system/bootloader-zipl/zipl_vsyscall_argument/rule.yml | 2 ++
8 files changed, 15 insertions(+), 1 deletion(-)
diff --git a/linux_os/guide/system/bootloader-zipl/group.yml b/linux_os/guide/system/bootloader-zipl/group.yml
index 36da84530c..64c6c8dffb 100644
--- a/linux_os/guide/system/bootloader-zipl/group.yml
+++ b/linux_os/guide/system/bootloader-zipl/group.yml
@@ -8,4 +8,4 @@ description: |-
options to it.
The default {{{ full_name }}} boot loader for s390x systems is called zIPL.
-platform: machine
+platform: zipl
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/rule.yml
index 16c0b3f89a..2d31ef8ee7 100644
--- a/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/rule.yml
+++ b/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/rule.yml
@@ -38,3 +38,5 @@ ocil: |-
and <tt>/etc/zipl.conf</tt>:
<pre>find /boot/loader/entries/*.conf /etc/zipl.conf -newer /boot/bootmap</pre>
No line should be returned, if a line is returned <tt>/boot/bootmap</tt> needs to be regenerated.
+
+platform: machine
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_audit_backlog_limit_argument/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_audit_backlog_limit_argument/rule.yml
index 47a532d50f..40db232257 100644
--- a/linux_os/guide/system/bootloader-zipl/zipl_audit_backlog_limit_argument/rule.yml
+++ b/linux_os/guide/system/bootloader-zipl/zipl_audit_backlog_limit_argument/rule.yml
@@ -39,3 +39,5 @@ ocil: |-
and <tt>/etc/zipl.conf</tt>:
<pre>find /boot/loader/entries/*.conf /etc/zipl.conf -newer /boot/bootmap</pre>
No line should be returned, if a line is returned <tt>/boot/bootmap</tt> needs to be regenerated.
+
+platform: machine
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_enable_selinux/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_enable_selinux/rule.yml
index 5aa91c16aa..8d28d5495f 100644
--- a/linux_os/guide/system/bootloader-zipl/zipl_enable_selinux/rule.yml
+++ b/linux_os/guide/system/bootloader-zipl/zipl_enable_selinux/rule.yml
@@ -35,3 +35,5 @@ ocil: |-
and <tt>/etc/zipl.conf</tt>:
<pre>find /boot/loader/entries/*.conf /etc/zipl.conf -newer /boot/bootmap</pre>
No line should be returned, if a line is returned <tt>/boot/bootmap</tt> needs to be regenerated.
+
+platform: machine
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_page_poison_argument/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_page_poison_argument/rule.yml
index 8546325752..0a8e9a41e2 100644
--- a/linux_os/guide/system/bootloader-zipl/zipl_page_poison_argument/rule.yml
+++ b/linux_os/guide/system/bootloader-zipl/zipl_page_poison_argument/rule.yml
@@ -39,3 +39,5 @@ ocil: |-
and <tt>/etc/zipl.conf</tt>:
<pre>find /boot/loader/entries/*.conf /etc/zipl.conf -newer /boot/bootmap</pre>
No line should be returned, if a line is returned <tt>/boot/bootmap</tt> needs to be regenerated.
+
+platform: machine
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_pti_argument/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_pti_argument/rule.yml
index eaef25ce40..20c1448cc8 100644
--- a/linux_os/guide/system/bootloader-zipl/zipl_pti_argument/rule.yml
+++ b/linux_os/guide/system/bootloader-zipl/zipl_pti_argument/rule.yml
@@ -38,3 +38,5 @@ ocil: |-
and <tt>/etc/zipl.conf</tt>:
<pre>find /boot/loader/entries/*.conf /etc/zipl.conf -newer /boot/bootmap</pre>
No line should be returned, if a line is returned <tt>/boot/bootmap</tt> needs to be regenerated.
+
+platform: machine
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_slub_debug_argument/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_slub_debug_argument/rule.yml
index 68e91a92d6..54ac688ea0 100644
--- a/linux_os/guide/system/bootloader-zipl/zipl_slub_debug_argument/rule.yml
+++ b/linux_os/guide/system/bootloader-zipl/zipl_slub_debug_argument/rule.yml
@@ -39,3 +39,5 @@ ocil: |-
and <tt>/etc/zipl.conf</tt>:
<pre>find /boot/loader/entries/*.conf /etc/zipl.conf -newer /boot/bootmap</pre>
No line should be returned, if a line is returned <tt>/boot/bootmap</tt> needs to be regenerated.
+
+platform: machine
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_vsyscall_argument/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_vsyscall_argument/rule.yml
index 9624b43349..c5979a2016 100644
--- a/linux_os/guide/system/bootloader-zipl/zipl_vsyscall_argument/rule.yml
+++ b/linux_os/guide/system/bootloader-zipl/zipl_vsyscall_argument/rule.yml
@@ -36,3 +36,5 @@ ocil: |-
and <tt>/etc/zipl.conf</tt>:
<pre>find /boot/loader/entries/*.conf /etc/zipl.conf -newer /boot/bootmap</pre>
No line should be returned, if a line is returned <tt>/boot/bootmap</tt> needs to be regenerated.
+
+platform: machine
From 02f961ecbe8bcafab72f544c2bc0f9141b9fa8fa Mon Sep 17 00:00:00 2001
From: Watson Sato <wsato@redhat.com>
Date: Tue, 23 Jun 2020 23:02:44 +0200
Subject: [PATCH 3/5] Add check for grub2 installed
Apply new CPE grub2 to bootloader-grub2 group.
---
.../file_groupowner_efi_grub2_cfg/rule.yml | 2 +
.../file_groupowner_grub2_cfg/rule.yml | 2 +
.../file_owner_efi_grub2_cfg/rule.yml | 2 +
.../file_owner_grub2_cfg/rule.yml | 2 +
.../guide/system/bootloader-grub2/group.yml | 2 +-
.../grub2_admin_username/rule.yml | 2 +
.../grub2_enable_iommu_force/rule.yml | 2 +
.../grub2_no_removeable_media/rule.yml | 2 +
.../bootloader-grub2/grub2_password/rule.yml | 2 +
.../grub2_uefi_admin_username/rule.yml | 2 +
.../grub2_uefi_password/rule.yml | 2 +
.../uefi_no_removeable_media/rule.yml | 2 +
.../oval/installed_env_has_grub2_package.xml | 37 +++++++++++++++++++
ssg/constants.py | 1 +
14 files changed, 61 insertions(+), 1 deletion(-)
create mode 100644 shared/checks/oval/installed_env_has_grub2_package.xml
diff --git a/linux_os/guide/system/bootloader-grub2/file_groupowner_efi_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/file_groupowner_efi_grub2_cfg/rule.yml
index b5b583bd28..a6ac6f7b6b 100644
--- a/linux_os/guide/system/bootloader-grub2/file_groupowner_efi_grub2_cfg/rule.yml
+++ b/linux_os/guide/system/bootloader-grub2/file_groupowner_efi_grub2_cfg/rule.yml
@@ -51,6 +51,8 @@ ocil: |-
{{{ ocil_file_group_owner(file="/boot/efi/EFI/redhat/grub.cfg", group="root") }}}
{{%- endif %}}
+platform: machine
+
template:
name: file_groupowner
vars:
diff --git a/linux_os/guide/system/bootloader-grub2/file_groupowner_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/file_groupowner_grub2_cfg/rule.yml
index 9d89ff5755..93dbf5222d 100644
--- a/linux_os/guide/system/bootloader-grub2/file_groupowner_grub2_cfg/rule.yml
+++ b/linux_os/guide/system/bootloader-grub2/file_groupowner_grub2_cfg/rule.yml
@@ -39,6 +39,8 @@ ocil_clause: '{{{ ocil_clause_file_group_owner(file="/boot/grub2/grub.cfg", grou
ocil: '{{{ ocil_file_group_owner(file="/boot/grub2/grub.cfg", group="root") }}}'
+platform: machine
+
template:
name: file_groupowner
vars:
diff --git a/linux_os/guide/system/bootloader-grub2/file_owner_efi_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/file_owner_efi_grub2_cfg/rule.yml
index ed17987478..e2c118cf0a 100644
--- a/linux_os/guide/system/bootloader-grub2/file_owner_efi_grub2_cfg/rule.yml
+++ b/linux_os/guide/system/bootloader-grub2/file_owner_efi_grub2_cfg/rule.yml
@@ -49,6 +49,8 @@ ocil: |-
{{{ ocil_file_owner(file="/boot/efi/EFI/redhat/grub.cfg", owner="root") }}}
{{%- endif %}}
+platform: machine
+
template:
name: file_owner
vars:
diff --git a/linux_os/guide/system/bootloader-grub2/file_owner_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/file_owner_grub2_cfg/rule.yml
index 9ce4c3d60b..5086553921 100644
--- a/linux_os/guide/system/bootloader-grub2/file_owner_grub2_cfg/rule.yml
+++ b/linux_os/guide/system/bootloader-grub2/file_owner_grub2_cfg/rule.yml
@@ -37,6 +37,8 @@ ocil_clause: '{{{ ocil_clause_file_owner(file="/boot/grub2/grub.cfg", owner="roo
ocil: '{{{ ocil_file_owner(file="/boot/grub2/grub.cfg", owner="root") }}}'
+platform: machine
+
template:
name: file_owner
vars:
diff --git a/linux_os/guide/system/bootloader-grub2/group.yml b/linux_os/guide/system/bootloader-grub2/group.yml
index 69489bc0c2..4ffb40c0e8 100644
--- a/linux_os/guide/system/bootloader-grub2/group.yml
+++ b/linux_os/guide/system/bootloader-grub2/group.yml
@@ -15,4 +15,4 @@ description: |-
with a password and ensure its configuration file's permissions
are set properly.
-platform: machine
+platform: grub2
diff --git a/linux_os/guide/system/bootloader-grub2/grub2_admin_username/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_admin_username/rule.yml
index 63a6a7a83c..15db01a75f 100644
--- a/linux_os/guide/system/bootloader-grub2/grub2_admin_username/rule.yml
+++ b/linux_os/guide/system/bootloader-grub2/grub2_admin_username/rule.yml
@@ -68,3 +68,5 @@ warnings:
Also, do NOT manually add the superuser account and password to the
<tt>grub.cfg</tt> file as the grub2-mkconfig command overwrites this file.
+
+platform: machine
diff --git a/linux_os/guide/system/bootloader-grub2/grub2_enable_iommu_force/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_enable_iommu_force/rule.yml
index baade9c13e..d4f455e66a 100644
--- a/linux_os/guide/system/bootloader-grub2/grub2_enable_iommu_force/rule.yml
+++ b/linux_os/guide/system/bootloader-grub2/grub2_enable_iommu_force/rule.yml
@@ -17,3 +17,5 @@ identifiers:
references:
anssi: NT28(R11)
+
+platform: machine
diff --git a/linux_os/guide/system/bootloader-grub2/grub2_no_removeable_media/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_no_removeable_media/rule.yml
index 113726d34f..c8956c2f34 100644
--- a/linux_os/guide/system/bootloader-grub2/grub2_no_removeable_media/rule.yml
+++ b/linux_os/guide/system/bootloader-grub2/grub2_no_removeable_media/rule.yml
@@ -37,3 +37,5 @@ ocil: |-
<tt>usb0</tt>, <tt>cd</tt>, <tt>fd0</tt>, etc. are some examples of removeable
media which should not exist in the line:
<pre>set root='hd0,msdos1'</pre>
+
+platform: machine
diff --git a/linux_os/guide/system/bootloader-grub2/grub2_password/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_password/rule.yml
index 985b8727d7..b6e9774608 100644
--- a/linux_os/guide/system/bootloader-grub2/grub2_password/rule.yml
+++ b/linux_os/guide/system/bootloader-grub2/grub2_password/rule.yml
@@ -72,3 +72,5 @@ warnings:
Also, do NOT manually add the superuser account and password to the
<tt>grub.cfg</tt> file as the grub2-mkconfig command overwrites this file.
+
+platform: machine
diff --git a/linux_os/guide/system/bootloader-grub2/grub2_uefi_admin_username/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_uefi_admin_username/rule.yml
index 1926837db7..5abd86b9d9 100644
--- a/linux_os/guide/system/bootloader-grub2/grub2_uefi_admin_username/rule.yml
+++ b/linux_os/guide/system/bootloader-grub2/grub2_uefi_admin_username/rule.yml
@@ -75,3 +75,5 @@ warnings:
Also, do NOT manually add the superuser account and password to the
<tt>grub.cfg</tt> file as the grub2-mkconfig command overwrites this file.
+
+platform: machine
diff --git a/linux_os/guide/system/bootloader-grub2/grub2_uefi_password/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_uefi_password/rule.yml
index 3ce5a2df13..3114d2d27c 100644
--- a/linux_os/guide/system/bootloader-grub2/grub2_uefi_password/rule.yml
+++ b/linux_os/guide/system/bootloader-grub2/grub2_uefi_password/rule.yml
@@ -73,3 +73,5 @@ warnings:
Also, do NOT manually add the superuser account and password to the
<tt>grub.cfg</tt> file as the grub2-mkconfig command overwrites this file.
+
+platform: machine
diff --git a/linux_os/guide/system/bootloader-grub2/uefi_no_removeable_media/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi_no_removeable_media/rule.yml
index c94185f3f4..5de05c057a 100644
--- a/linux_os/guide/system/bootloader-grub2/uefi_no_removeable_media/rule.yml
+++ b/linux_os/guide/system/bootloader-grub2/uefi_no_removeable_media/rule.yml
@@ -35,3 +35,5 @@ ocil: |-
<tt>usb0</tt>, <tt>cd</tt>, <tt>fd0</tt>, etc. are some examples of removeable
media which should not exist in the line:
<pre>set root='hd0,msdos1'</pre>
+
+platform: machine
diff --git a/shared/checks/oval/installed_env_has_grub2_package.xml b/shared/checks/oval/installed_env_has_grub2_package.xml
new file mode 100644
index 0000000000..e83f45bc3b
--- /dev/null
+++ b/shared/checks/oval/installed_env_has_grub2_package.xml
@@ -0,0 +1,37 @@
+<def-group>
+ <definition class="inventory"
+ id="installed_env_has_grub2_package" version="1">
+ <metadata>
+ <title>Package grub2 is installed</title>
+ <affected family="unix">
+ <platform>multi_platform_all</platform>
+ </affected>
+ <description>Checks if package grub2-pc is installed.</description>
+ <reference ref_id="cpe:/a:grub2" source="CPE" />
+ </metadata>
+ <criteria>
+ <criterion comment="Package grub2-pc is installed" test_ref="test_env_has_grub2_installed" />
+ </criteria>
+ </definition>
+
+{{% if pkg_system == "rpm" %}}
+ <linux:rpminfo_test check="all" check_existence="at_least_one_exists"
+ id="test_env_has_grub2_installed" version="1"
+ comment="system has package grub2-pc installed">
+ <linux:object object_ref="obj_env_has_grub2_installed" />
+ </linux:rpminfo_test>
+ <linux:rpminfo_object id="obj_env_has_grub2_installed" version="1">
+ <linux:name>grub2-pc</linux:name>
+ </linux:rpminfo_object>
+{{% elif pkg_system == "dpkg" %}}
+ <linux:dpkginfo_test check="all" check_existence="all_exist"
+ id="test_env_has_grub2_installed" version="1"
+ comment="system has package grub2-pc installed">
+ <linux:object object_ref="obj_env_has_grub2_installed" />
+ </linux:dpkginfo_test>
+ <linux:dpkginfo_object id="obj_env_has_grub2_installed" version="1">
+ <linux:name>grub2-pc</linux:name>
+ </linux:dpkginfo_object>
+{{% endif %}}
+
+</def-group>
diff --git a/ssg/constants.py b/ssg/constants.py
index f03aa87f09..318763b219 100644
--- a/ssg/constants.py
+++ b/ssg/constants.py
@@ -498,6 +498,7 @@
"container": "cpe:/a:container",
"chrony": "cpe:/a:chrony",
"gdm": "cpe:/a:gdm",
+ "grub2": "cpe:/a:grub2",
"libuser": "cpe:/a:libuser",
"nss-pam-ldapd": "cpe:/a:nss-pam-ldapd",
"ntp": "cpe:/a:ntp",
From 8bb44ebe9c32b7916a7291b1fa5735b381494cfb Mon Sep 17 00:00:00 2001
From: Watson Sato <wsato@redhat.com>
Date: Thu, 2 Jul 2020 16:58:14 +0200
Subject: [PATCH 4/5] Move grub2_disable_interactive_boot to grub2 platform
It should have both platforms machine and grub2.
But as the parent group is very broad, I cannot put parent group as
machine.
As a side effect this change makes this rules applicable in containers.
---
.../accounts-physical/grub2_disable_interactive_boot/rule.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/rule.yml b/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/rule.yml
index 3080470aa8..44ea1aa49a 100644
--- a/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/rule.yml
@@ -48,4 +48,4 @@ ocil: |-
Presence of a <tt>systemd.confirm_spawn=(1|yes|true|on)</tt> indicates
that interactive boot is enabled at boot time.
-platform: machine
+platform: grub2
From 17ba5bc9ecc955911b7a3ab30bcd221283472b3f Mon Sep 17 00:00:00 2001
From: Watson Sato <wsato@redhat.com>
Date: Tue, 23 Jun 2020 23:20:18 +0200
Subject: [PATCH 5/5] Update CPE Dictionaries
Again, whenever a package CPE is added, all CPE dictionaries need to be
updated.
Because the project doesn't share CPEs among the products.
---
debian10/cpe/debian10-cpe-dictionary.xml | 5 +++++
debian8/cpe/debian8-cpe-dictionary.xml | 5 +++++
debian9/cpe/debian9-cpe-dictionary.xml | 5 +++++
fedora/cpe/fedora-cpe-dictionary.xml | 5 +++++
ol7/cpe/ol7-cpe-dictionary.xml | 5 +++++
ol8/cpe/ol8-cpe-dictionary.xml | 5 +++++
opensuse/cpe/opensuse-cpe-dictionary.xml | 5 +++++
rhel7/cpe/rhel7-cpe-dictionary.xml | 5 +++++
rhel8/cpe/rhel8-cpe-dictionary.xml | 5 +++++
rhv4/cpe/rhv4-cpe-dictionary.xml | 5 +++++
sle11/cpe/sle11-cpe-dictionary.xml | 5 +++++
sle12/cpe/sle12-cpe-dictionary.xml | 5 +++++
sle15/cpe/sle15-cpe-dictionary.xml | 5 +++++
ubuntu1404/cpe/ubuntu1404-cpe-dictionary.xml | 5 +++++
ubuntu1604/cpe/ubuntu1604-cpe-dictionary.xml | 5 +++++
ubuntu1804/cpe/ubuntu1804-cpe-dictionary.xml | 5 +++++
wrlinux1019/cpe/wrlinux1019-cpe-dictionary.xml | 5 +++++
wrlinux8/cpe/wrlinux8-cpe-dictionary.xml | 5 +++++
18 files changed, 90 insertions(+)
diff --git a/debian10/cpe/debian10-cpe-dictionary.xml b/debian10/cpe/debian10-cpe-dictionary.xml
index 5cc27ceb79..f2dbd09cfc 100644
--- a/debian10/cpe/debian10-cpe-dictionary.xml
+++ b/debian10/cpe/debian10-cpe-dictionary.xml
@@ -27,6 +27,11 @@
<!-- the check references an OVAL file that contains an inventory definition -->
<check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_gdm_package</check>
</cpe-item>
+ <cpe-item name="cpe:/a:grub2">
+ <title xml:lang="en-us">Package grub2 is installed</title>
+ <!-- the check references an OVAL file that contains an inventory definition -->
+ <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_grub2_package</check>
+ </cpe-item>
<cpe-item name="cpe:/a:libuser">
<title xml:lang="en-us">Package libuser is installed</title>
<!-- the check references an OVAL file that contains an inventory definition -->
diff --git a/debian8/cpe/debian8-cpe-dictionary.xml b/debian8/cpe/debian8-cpe-dictionary.xml
index 38d490138a..f385709052 100644
--- a/debian8/cpe/debian8-cpe-dictionary.xml
+++ b/debian8/cpe/debian8-cpe-dictionary.xml
@@ -27,6 +27,11 @@
<!-- the check references an OVAL file that contains an inventory definition -->
<check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_gdm_package</check>
</cpe-item>
+ <cpe-item name="cpe:/a:grub2">
+ <title xml:lang="en-us">Package grub2 is installed</title>
+ <!-- the check references an OVAL file that contains an inventory definition -->
+ <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_grub2_package</check>
+ </cpe-item>
<cpe-item name="cpe:/a:libuser">
<title xml:lang="en-us">Package libuser is installed</title>
<!-- the check references an OVAL file that contains an inventory definition -->
diff --git a/debian9/cpe/debian9-cpe-dictionary.xml b/debian9/cpe/debian9-cpe-dictionary.xml
index f01770b044..bc90a12bae 100644
--- a/debian9/cpe/debian9-cpe-dictionary.xml
+++ b/debian9/cpe/debian9-cpe-dictionary.xml
@@ -27,6 +27,11 @@
<!-- the check references an OVAL file that contains an inventory definition -->
<check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_gdm_package</check>
</cpe-item>
+ <cpe-item name="cpe:/a:grub2">
+ <title xml:lang="en-us">Package grub2 is installed</title>
+ <!-- the check references an OVAL file that contains an inventory definition -->
+ <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_grub2_package</check>
+ </cpe-item>
<cpe-item name="cpe:/a:libuser">
<title xml:lang="en-us">Package libuser is installed</title>
<!-- the check references an OVAL file that contains an inventory definition -->
diff --git a/fedora/cpe/fedora-cpe-dictionary.xml b/fedora/cpe/fedora-cpe-dictionary.xml
index 2964e320c2..ff7cebc322 100644
--- a/fedora/cpe/fedora-cpe-dictionary.xml
+++ b/fedora/cpe/fedora-cpe-dictionary.xml
@@ -62,6 +62,11 @@
<!-- the check references an OVAL file that contains an inventory definition -->
<check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_gdm_package</check>
</cpe-item>
+ <cpe-item name="cpe:/a:grub2">
+ <title xml:lang="en-us">Package grub2 is installed</title>
+ <!-- the check references an OVAL file that contains an inventory definition -->
+ <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_grub2_package</check>
+ </cpe-item>
<cpe-item name="cpe:/a:libuser">
<title xml:lang="en-us">Package libuser is installed</title>
<!-- the check references an OVAL file that contains an inventory definition -->
diff --git a/ol7/cpe/ol7-cpe-dictionary.xml b/ol7/cpe/ol7-cpe-dictionary.xml
index c153272121..613f853a6d 100644
--- a/ol7/cpe/ol7-cpe-dictionary.xml
+++ b/ol7/cpe/ol7-cpe-dictionary.xml
@@ -27,6 +27,11 @@
<!-- the check references an OVAL file that contains an inventory definition -->
<check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_gdm_package</check>
</cpe-item>
+ <cpe-item name="cpe:/a:grub2">
+ <title xml:lang="en-us">Package grub2 is installed</title>
+ <!-- the check references an OVAL file that contains an inventory definition -->
+ <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_grub2_package</check>
+ </cpe-item>
<cpe-item name="cpe:/a:libuser">
<title xml:lang="en-us">Package libuser is installed</title>
<!-- the check references an OVAL file that contains an inventory definition -->
diff --git a/ol8/cpe/ol8-cpe-dictionary.xml b/ol8/cpe/ol8-cpe-dictionary.xml
index 3fd74e53ca..912fe01346 100644
--- a/ol8/cpe/ol8-cpe-dictionary.xml
+++ b/ol8/cpe/ol8-cpe-dictionary.xml
@@ -27,6 +27,11 @@
<!-- the check references an OVAL file that contains an inventory definition -->
<check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_gdm_package</check>
</cpe-item>
+ <cpe-item name="cpe:/a:grub2">
+ <title xml:lang="en-us">Package grub2 is installed</title>
+ <!-- the check references an OVAL file that contains an inventory definition -->
+ <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_grub2_package</check>
+ </cpe-item>
<cpe-item name="cpe:/a:libuser">
<title xml:lang="en-us">Package libuser is installed</title>
<!-- the check references an OVAL file that contains an inventory definition -->
diff --git a/opensuse/cpe/opensuse-cpe-dictionary.xml b/opensuse/cpe/opensuse-cpe-dictionary.xml
index 1ab4e85ea8..7f485b800e 100644
--- a/opensuse/cpe/opensuse-cpe-dictionary.xml
+++ b/opensuse/cpe/opensuse-cpe-dictionary.xml
@@ -42,6 +42,11 @@
<!-- the check references an OVAL file that contains an inventory definition -->
<check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_gdm_package</check>
</cpe-item>
+ <cpe-item name="cpe:/a:grub2">
+ <title xml:lang="en-us">Package grub2 is installed</title>
+ <!-- the check references an OVAL file that contains an inventory definition -->
+ <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_grub2_package</check>
+ </cpe-item>
<cpe-item name="cpe:/a:libuser">
<title xml:lang="en-us">Package libuser is installed</title>
<!-- the check references an OVAL file that contains an inventory definition -->
diff --git a/rhel7/cpe/rhel7-cpe-dictionary.xml b/rhel7/cpe/rhel7-cpe-dictionary.xml
index a5214e36f0..f232b7ed29 100644
--- a/rhel7/cpe/rhel7-cpe-dictionary.xml
+++ b/rhel7/cpe/rhel7-cpe-dictionary.xml
@@ -57,6 +57,11 @@
<!-- the check references an OVAL file that contains an inventory definition -->
<check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_gdm_package</check>
</cpe-item>
+ <cpe-item name="cpe:/a:grub2">
+ <title xml:lang="en-us">Package grub2 is installed</title>
+ <!-- the check references an OVAL file that contains an inventory definition -->
+ <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_grub2_package</check>
+ </cpe-item>
<cpe-item name="cpe:/a:libuser">
<title xml:lang="en-us">Package libuser is installed</title>
<!-- the check references an OVAL file that contains an inventory definition -->
diff --git a/rhel8/cpe/rhel8-cpe-dictionary.xml b/rhel8/cpe/rhel8-cpe-dictionary.xml
index cccb3c5791..eab827291f 100644
--- a/rhel8/cpe/rhel8-cpe-dictionary.xml
+++ b/rhel8/cpe/rhel8-cpe-dictionary.xml
@@ -32,6 +32,11 @@
<!-- the check references an OVAL file that contains an inventory definition -->
<check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_gdm_package</check>
</cpe-item>
+ <cpe-item name="cpe:/a:grub2">
+ <title xml:lang="en-us">Package grub2 is installed</title>
+ <!-- the check references an OVAL file that contains an inventory definition -->
+ <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_grub2_package</check>
+ </cpe-item>
<cpe-item name="cpe:/a:libuser">
<title xml:lang="en-us">Package libuser is installed</title>
<!-- the check references an OVAL file that contains an inventory definition -->
diff --git a/rhv4/cpe/rhv4-cpe-dictionary.xml b/rhv4/cpe/rhv4-cpe-dictionary.xml
index ce9b06dcae..db1b4b239b 100644
--- a/rhv4/cpe/rhv4-cpe-dictionary.xml
+++ b/rhv4/cpe/rhv4-cpe-dictionary.xml
@@ -32,6 +32,11 @@
<!-- the check references an OVAL file that contains an inventory definition -->
<check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_gdm_package</check>
</cpe-item>
+ <cpe-item name="cpe:/a:grub2">
+ <title xml:lang="en-us">Package grub2 is installed</title>
+ <!-- the check references an OVAL file that contains an inventory definition -->
+ <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_grub2_package</check>
+ </cpe-item>
<cpe-item name="cpe:/a:libuser">
<title xml:lang="en-us">Package libuser is installed</title>
<!-- the check references an OVAL file that contains an inventory definition -->
diff --git a/sle11/cpe/sle11-cpe-dictionary.xml b/sle11/cpe/sle11-cpe-dictionary.xml
index c732ecb48a..1b6b3e2518 100644
--- a/sle11/cpe/sle11-cpe-dictionary.xml
+++ b/sle11/cpe/sle11-cpe-dictionary.xml
@@ -32,6 +32,11 @@
<!-- the check references an OVAL file that contains an inventory definition -->
<check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_gdm_package</check>
</cpe-item>
+ <cpe-item name="cpe:/a:grub2">
+ <title xml:lang="en-us">Package grub2 is installed</title>
+ <!-- the check references an OVAL file that contains an inventory definition -->
+ <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_grub2_package</check>
+ </cpe-item>
<cpe-item name="cpe:/a:libuser">
<title xml:lang="en-us">Package libuser is installed</title>
<!-- the check references an OVAL file that contains an inventory definition -->
diff --git a/sle12/cpe/sle12-cpe-dictionary.xml b/sle12/cpe/sle12-cpe-dictionary.xml
index 79daa31412..b1b66e1294 100644
--- a/sle12/cpe/sle12-cpe-dictionary.xml
+++ b/sle12/cpe/sle12-cpe-dictionary.xml
@@ -32,6 +32,11 @@
<!-- the check references an OVAL file that contains an inventory definition -->
<check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_gdm_package</check>
</cpe-item>
+ <cpe-item name="cpe:/a:grub2">
+ <title xml:lang="en-us">Package grub2 is installed</title>
+ <!-- the check references an OVAL file that contains an inventory definition -->
+ <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_grub2_package</check>
+ </cpe-item>
<cpe-item name="cpe:/a:libuser">
<title xml:lang="en-us">Package libuser is installed</title>
<!-- the check references an OVAL file that contains an inventory definition -->
diff --git a/sle15/cpe/sle15-cpe-dictionary.xml b/sle15/cpe/sle15-cpe-dictionary.xml
index 91d3d78b19..0ee5a1b817 100644
--- a/sle15/cpe/sle15-cpe-dictionary.xml
+++ b/sle15/cpe/sle15-cpe-dictionary.xml
@@ -32,6 +32,11 @@
<!-- the check references an OVAL file that contains an inventory definition -->
<check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_gdm_package</check>
</cpe-item>
+ <cpe-item name="cpe:/a:grub2">
+ <title xml:lang="en-us">Package grub2 is installed</title>
+ <!-- the check references an OVAL file that contains an inventory definition -->
+ <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_grub2_package</check>
+ </cpe-item>
<cpe-item name="cpe:/a:libuser">
<title xml:lang="en-us">Package libuser is installed</title>
<!-- the check references an OVAL file that contains an inventory definition -->
diff --git a/ubuntu1404/cpe/ubuntu1404-cpe-dictionary.xml b/ubuntu1404/cpe/ubuntu1404-cpe-dictionary.xml
index df5abff723..7f3ce4271b 100644
--- a/ubuntu1404/cpe/ubuntu1404-cpe-dictionary.xml
+++ b/ubuntu1404/cpe/ubuntu1404-cpe-dictionary.xml
@@ -27,6 +27,11 @@
<!-- the check references an OVAL file that contains an inventory definition -->
<check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_gdm_package</check>
</cpe-item>
+ <cpe-item name="cpe:/a:grub2">
+ <title xml:lang="en-us">Package grub2 is installed</title>
+ <!-- the check references an OVAL file that contains an inventory definition -->
+ <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_grub2_package</check>
+ </cpe-item>
<cpe-item name="cpe:/a:libuser">
<title xml:lang="en-us">Package libuser is installed</title>
<!-- the check references an OVAL file that contains an inventory definition -->
diff --git a/ubuntu1604/cpe/ubuntu1604-cpe-dictionary.xml b/ubuntu1604/cpe/ubuntu1604-cpe-dictionary.xml
index 6269344376..83f0c8c516 100644
--- a/ubuntu1604/cpe/ubuntu1604-cpe-dictionary.xml
+++ b/ubuntu1604/cpe/ubuntu1604-cpe-dictionary.xml
@@ -27,6 +27,11 @@
<!-- the check references an OVAL file that contains an inventory definition -->
<check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_gdm_package</check>
</cpe-item>
+ <cpe-item name="cpe:/a:grub2">
+ <title xml:lang="en-us">Package grub2 is installed</title>
+ <!-- the check references an OVAL file that contains an inventory definition -->
+ <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_grub2_package</check>
+ </cpe-item>
<cpe-item name="cpe:/a:libuser">
<title xml:lang="en-us">Package libuser is installed</title>
<!-- the check references an OVAL file that contains an inventory definition -->
diff --git a/ubuntu1804/cpe/ubuntu1804-cpe-dictionary.xml b/ubuntu1804/cpe/ubuntu1804-cpe-dictionary.xml
index ccb285768e..77b78d74ec 100644
--- a/ubuntu1804/cpe/ubuntu1804-cpe-dictionary.xml
+++ b/ubuntu1804/cpe/ubuntu1804-cpe-dictionary.xml
@@ -27,6 +27,11 @@
<!-- the check references an OVAL file that contains an inventory definition -->
<check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_gdm_package</check>
</cpe-item>
+ <cpe-item name="cpe:/a:grub2">
+ <title xml:lang="en-us">Package grub2 is installed</title>
+ <!-- the check references an OVAL file that contains an inventory definition -->
+ <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_grub2_package</check>
+ </cpe-item>
<cpe-item name="cpe:/a:libuser">
<title xml:lang="en-us">Package libuser is installed</title>
<!-- the check references an OVAL file that contains an inventory definition -->
diff --git a/wrlinux1019/cpe/wrlinux1019-cpe-dictionary.xml b/wrlinux1019/cpe/wrlinux1019-cpe-dictionary.xml
index 73e419c9ab..cc4e806a4d 100644
--- a/wrlinux1019/cpe/wrlinux1019-cpe-dictionary.xml
+++ b/wrlinux1019/cpe/wrlinux1019-cpe-dictionary.xml
@@ -26,6 +26,11 @@
<!-- the check references an OVAL file that contains an inventory definition -->
<check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_gdm_package</check>
</cpe-item>
+ <cpe-item name="cpe:/a:grub2">
+ <title xml:lang="en-us">Package grub2 is installed</title>
+ <!-- the check references an OVAL file that contains an inventory definition -->
+ <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_grub2_package</check>
+ </cpe-item>
<cpe-item name="cpe:/a:libuser">
<title xml:lang="en-us">Package libuser is installed</title>
<!-- the check references an OVAL file that contains an inventory definition -->
diff --git a/wrlinux8/cpe/wrlinux8-cpe-dictionary.xml b/wrlinux8/cpe/wrlinux8-cpe-dictionary.xml
index 8449ea1416..824c575a6a 100644
--- a/wrlinux8/cpe/wrlinux8-cpe-dictionary.xml
+++ b/wrlinux8/cpe/wrlinux8-cpe-dictionary.xml
@@ -26,6 +26,11 @@
<!-- the check references an OVAL file that contains an inventory definition -->
<check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_gdm_package</check>
</cpe-item>
+ <cpe-item name="cpe:/a:grub2">
+ <title xml:lang="en-us">Package grub2 is installed</title>
+ <!-- the check references an OVAL file that contains an inventory definition -->
+ <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_grub2_package</check>
+ </cpe-item>
<cpe-item name="cpe:/a:libuser">
<title xml:lang="en-us">Package libuser is installed</title>
<!-- the check references an OVAL file that contains an inventory definition -->