!27 添加openEuler2403LTS支持

From: @flysubmarine 
Reviewed-by: @zhujianwei001 
Signed-off-by: @zhujianwei001

add-openeuler-support.patch

@@ -1,6 +1,6 @@
-From 34393e749c834bc08cd1a25f8ac1fd9ff36c7872 Mon Sep 17 00:00:00 2001
+From a67afa8ba2bd385c1c645972fb7a2340d9d6f5bb Mon Sep 17 00:00:00 2001
 From: "steven.y.gui" <steven_ygui@163.com>
-Date: Thu, 17 Aug 2023 21:02:06 +0800
+Date: Mon, 19 Feb 2024 18:59:26 +0800
 Subject: [PATCH] add openeuler support
 
 ---
@@ -11,33 +11,33 @@ Subject: [PATCH] add openeuler support
  .../telnet/package_telnet_removed/rule.yml    |  2 +-
  .../tftp/package_tftp-server_removed/rule.yml |  2 +-
  .../tftp/package_tftp_removed/rule.yml        |  2 +-
- products/openeuler/CMakeLists.txt             |  6 ++++
- products/openeuler/product.yml                | 19 +++++++++++
- products/openeuler/profiles/standard.profile  | 14 ++++++++
- products/openeuler/transforms/constants.xslt  |  9 +++++
  products/openeuler2203/CMakeLists.txt         |  6 ++++
  products/openeuler2203/product.yml            | 29 ++++++++++++++++
  .../openeuler2203/profiles/standard.profile   | 14 ++++++++
  .../openeuler2203/transforms/constants.xslt   |  9 +++++
- .../checks/oval/installed_OS_is_openeuler.xml | 22 ++++++++++++
+ products/openeuler2403/CMakeLists.txt         |  6 ++++
+ products/openeuler2403/product.yml            | 19 +++++++++++
+ .../openeuler2403/profiles/standard.profile   | 14 ++++++++
+ .../openeuler2403/transforms/constants.xslt   |  9 +++++
  .../oval/installed_OS_is_openeuler2203.xml    | 26 ++++++++++++++
+ .../oval/installed_OS_is_openeuler2403.xml    | 26 ++++++++++++++
  .../oval/sysctl_kernel_ipv6_disable.xml       |  1 +
- ssg/constants.py                              |  7 ++++
+ ssg/constants.py                              |  6 ++++
- 19 files changed, 211 insertions(+), 5 deletions(-)
+ 19 files changed, 214 insertions(+), 5 deletions(-)
  create mode 100644 controls/std_openeuler.yml
- create mode 100644 products/openeuler/CMakeLists.txt
- create mode 100644 products/openeuler/product.yml
- create mode 100644 products/openeuler/profiles/standard.profile
- create mode 100644 products/openeuler/transforms/constants.xslt
  create mode 100644 products/openeuler2203/CMakeLists.txt
  create mode 100644 products/openeuler2203/product.yml
  create mode 100644 products/openeuler2203/profiles/standard.profile
  create mode 100644 products/openeuler2203/transforms/constants.xslt
- create mode 100644 shared/checks/oval/installed_OS_is_openeuler.xml
+ create mode 100644 products/openeuler2403/CMakeLists.txt
+ create mode 100644 products/openeuler2403/product.yml
+ create mode 100644 products/openeuler2403/profiles/standard.profile
+ create mode 100644 products/openeuler2403/transforms/constants.xslt
  create mode 100644 shared/checks/oval/installed_OS_is_openeuler2203.xml
+ create mode 100644 shared/checks/oval/installed_OS_is_openeuler2403.xml
 
 diff --git a/CMakeLists.txt b/CMakeLists.txt
-index 7d1cffd..b466580 100644
+index 7d1cffd..d911d05 100644
 --- a/CMakeLists.txt
 +++ b/CMakeLists.txt
 @@ -83,6 +83,8 @@ option(SSG_PRODUCT_RHCOS4 "If enabled, the RHCOS4 SCAP content will be built" ${
@@ -45,7 +45,7 @@ index 7d1cffd..b466580 100644
  option(SSG_PRODUCT_OL8 "If enabled, the Oracle Linux 8 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
  option(SSG_PRODUCT_OL9 "If enabled, the Oracle Linux 9 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
 +option(SSG_PRODUCT_OPENEULER2203 "If enabled, the openEuler 22.03 LTS content will be built" ${SSG_PRODUCT_DEFAULT})
-+option(SSG_PRODUCT_OPENEULER "If enabled, the openEuler basic version content will be built" ${SSG_PRODUCT_DEFAULT})
++option(SSG_PRODUCT_OPENEULER2403 "If enabled, the openEuler 24.03 LTS content will be built" ${SSG_PRODUCT_DEFAULT})
  option(SSG_PRODUCT_OPENSUSE "If enabled, the openSUSE SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
  option(SSG_PRODUCT_RHEL7 "If enabled, the RHEL7 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
  option(SSG_PRODUCT_RHEL8 "If enabled, the RHEL8 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
@@ -54,7 +54,7 @@ index 7d1cffd..b466580 100644
  message(STATUS "Oracle Linux 8: ${SSG_PRODUCT_OL8}")
  message(STATUS "Oracle Linux 9: ${SSG_PRODUCT_OL9}")
 +message(STATUS "openEuler 22.03 LTS: ${SSG_PRODUCT_OPENEULER2203}")
-+message(STATUS "openEuler: ${SSG_PRODUCT_OPENEULER}")
++message(STATUS "openEuler 24.03 LTS: ${SSG_PRODUCT_OPENEULER2403}")
  message(STATUS "openSUSE: ${SSG_PRODUCT_OPENSUSE}")
  message(STATUS "RHEL 7: ${SSG_PRODUCT_RHEL7}")
  message(STATUS "RHEL 8: ${SSG_PRODUCT_RHEL8}")
@@ -65,8 +65,8 @@ index 7d1cffd..b466580 100644
 +if (SSG_PRODUCT_OPENEULER2203)
 +    add_subdirectory("products/openeuler2203" "openeuler2203")
 +endif()
-+if (SSG_PRODUCT_OPENEULER)
++if (SSG_PRODUCT_OPENEULER2403)
-+    add_subdirectory("products/openeuler" "openeuler")
++    add_subdirectory("products/openeuler2403" "openeuler2403")
 +endif()
  if (SSG_PRODUCT_OPENSUSE)
      add_subdirectory("products/opensuse" "opensuse")
@@ -112,137 +112,65 @@ index 0000000..5599b04
 +      - package_telnet_removed
 +      - package_telnet-server_removed
 diff --git a/linux_os/guide/services/ftp/package_ftp_removed/rule.yml b/linux_os/guide/services/ftp/package_ftp_removed/rule.yml
-index 1129ce7..c5450ca 100644
+index 1129ce7..ea1c772 100644
 --- a/linux_os/guide/services/ftp/package_ftp_removed/rule.yml
 +++ b/linux_os/guide/services/ftp/package_ftp_removed/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
 -prodtype: rhel9
-+prodtype: openeuler,openeuler2203,rhel9
++prodtype: openeuler2203,openeuler2403,rhel9
  
  title: 'Remove ftp Package'
  
 diff --git a/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml b/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml
-index 6b59559..fc38a3c 100644
+index 6b59559..26848b4 100644
 --- a/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml
 +++ b/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
 -prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15
-+prodtype: fedora,ol7,ol8,ol9,openeuler,openeuler2203,rhel7,rhel8,rhel9,rhv4,sle12,sle15
++prodtype: fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4,sle12,sle15
  
  title: 'Uninstall telnet-server Package'
  
 diff --git a/linux_os/guide/services/obsolete/telnet/package_telnet_removed/rule.yml b/linux_os/guide/services/obsolete/telnet/package_telnet_removed/rule.yml
-index 2571d50..3638424 100644
+index 2571d50..8c77862 100644
 --- a/linux_os/guide/services/obsolete/telnet/package_telnet_removed/rule.yml
 +++ b/linux_os/guide/services/obsolete/telnet/package_telnet_removed/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
 -prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,openeuler,openeuler2203,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Remove telnet Clients'
  
 diff --git a/linux_os/guide/services/obsolete/tftp/package_tftp-server_removed/rule.yml b/linux_os/guide/services/obsolete/tftp/package_tftp-server_removed/rule.yml
-index 93fd712..46ebdb7 100644
+index 93fd712..60c05ed 100644
 --- a/linux_os/guide/services/obsolete/tftp/package_tftp-server_removed/rule.yml
 +++ b/linux_os/guide/services/obsolete/tftp/package_tftp-server_removed/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
 -prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15
-+prodtype: fedora,ol7,ol8,ol9,openeuler,openeuler2203,rhel7,rhel8,rhel9,rhv4,sle12,sle15
++prodtype: fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4,sle12,sle15
  
  title: 'Uninstall tftp-server Package'
  
 diff --git a/linux_os/guide/services/obsolete/tftp/package_tftp_removed/rule.yml b/linux_os/guide/services/obsolete/tftp/package_tftp_removed/rule.yml
-index 35e0a2f..f836879 100644
+index 35e0a2f..6c078d3 100644
 --- a/linux_os/guide/services/obsolete/tftp/package_tftp_removed/rule.yml
 +++ b/linux_os/guide/services/obsolete/tftp/package_tftp_removed/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
 -prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15
-+prodtype: fedora,ol7,ol8,ol9,openeuler,openeuler2203,rhel7,rhel8,rhel9,sle12,sle15
++prodtype: fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,sle12,sle15
  
  title: 'Remove tftp Daemon'
  
-diff --git a/products/openeuler/CMakeLists.txt b/products/openeuler/CMakeLists.txt
-new file mode 100644
-index 0000000..8733082
---- /dev/null
-+++ b/products/openeuler/CMakeLists.txt
-@@ -0,0 +1,6 @@
-+# Sometimes our users will try to do: "cd openeuler; cmake ." That needs to error in a nice way.
-+if ("${CMAKE_SOURCE_DIR}" STREQUAL "${CMAKE_CURRENT_SOURCE_DIR}")
-+    message(FATAL_ERROR "cmake has to be used on the root CMakeLists.txt, see the Building ComplianceAsCode section in the Developer Guide!")
-+endif()
-+
-+ssg_build_product("openeuler")
-diff --git a/products/openeuler/product.yml b/products/openeuler/product.yml
-new file mode 100644
-index 0000000..fd33efe
---- /dev/null
-+++ b/products/openeuler/product.yml
-@@ -0,0 +1,19 @@
-+product: openeuler
-+full_name: openEuler
-+type: platform
-+
-+benchmark_id: OPENEULER
-+benchmark_root: "../../linux_os/guide"
-+
-+profiles_root: "./profiles"
-+
-+pkg_manager: "dnf"
-+
-+init_system: "systemd"
-+
-+cpes_root: "../../shared/applicability"
-+cpes:
-+  - openeuler2309:
-+      name: "cpe:/o:openEuler:openEuler:23.09:ga:server"
-+      title: "openEuler 23.09"
-+      check_id: installed_OS_is_openeuler
-diff --git a/products/openeuler/profiles/standard.profile b/products/openeuler/profiles/standard.profile
-new file mode 100644
-index 0000000..e4e9450
---- /dev/null
-+++ b/products/openeuler/profiles/standard.profile
-@@ -0,0 +1,14 @@
-+documentation_complete: true
-+
-+metadata:
-+    version: 1.0
-+
-+title: 'Standard System Security Profile for openEuler'
-+
-+description: |-
-+    This profile contains rules to ensure standard security baseline
-+    of all openEuler systems. Regardless of your system's workload
-+    all of these checks should pass.
-+
-+selections:
-+    - std_openeuler:all:base
-diff --git a/products/openeuler/transforms/constants.xslt b/products/openeuler/transforms/constants.xslt
-new file mode 100644
-index 0000000..b0a07a0
---- /dev/null
-+++ b/products/openeuler/transforms/constants.xslt
-@@ -0,0 +1,9 @@
-+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
-+
-+<xsl:include href="../../../shared/transforms/shared_constants.xslt"/>
-+
-+<xsl:variable name="product_long_name">openEuler</xsl:variable>
-+<xsl:variable name="product_short_name">openEuler</xsl:variable>
-+<xsl:variable name="prod_type">openeuler</xsl:variable>
-+
-+</xsl:stylesheet>
 diff --git a/products/openeuler2203/CMakeLists.txt b/products/openeuler2203/CMakeLists.txt
 new file mode 100644
 index 0000000..258e195
@@ -325,34 +253,78 @@ index 0000000..666c119
 +<xsl:variable name="prod_type">openeuler2203</xsl:variable>
 +
 +</xsl:stylesheet>
-diff --git a/shared/checks/oval/installed_OS_is_openeuler.xml b/shared/checks/oval/installed_OS_is_openeuler.xml
+diff --git a/products/openeuler2403/CMakeLists.txt b/products/openeuler2403/CMakeLists.txt
 new file mode 100644
-index 0000000..4835266
+index 0000000..4f7da6b
 --- /dev/null
-+++ b/shared/checks/oval/installed_OS_is_openeuler.xml
++++ b/products/openeuler2403/CMakeLists.txt
-@@ -0,0 +1,22 @@
+@@ -0,0 +1,6 @@
-+<def-group>
++# Sometimes our users will try to do: "cd openeuler; cmake ." That needs to error in a nice way.
-+  <definition class="inventory" id="installed_OS_is_openeuler" version="1">
++if ("${CMAKE_SOURCE_DIR}" STREQUAL "${CMAKE_CURRENT_SOURCE_DIR}")
-+    <metadata>
++    message(FATAL_ERROR "cmake has to be used on the root CMakeLists.txt, see the Building ComplianceAsCode section in the Developer Guide!")
-+      <title>openEuler</title>
++endif()
-+      <affected family="unix">
-+        <platform>multi_platform_all</platform>
-+      </affected>
-+      <description>The operating system installed on the system is openEuler.</description>
-+    </metadata>
-+    <criteria operator="AND">
-+      <criterion comment="openEuler is installed" test_ref="test_openeuler_installed" />
-+    </criteria>
-+  </definition>
 +
-+  <linux:rpminfo_test check="all" check_existence="all_exist" comment="openEuler is installed" id="test_openeuler_installed" version="1">
++ssg_build_product("openeuler2403")
-+    <linux:object object_ref="obj_openeuler_installed" />
+diff --git a/products/openeuler2403/product.yml b/products/openeuler2403/product.yml
-+  </linux:rpminfo_test>
+new file mode 100644
-+  <linux:rpminfo_object id="obj_openeuler_installed" version="1">
+index 0000000..c27aaa8
-+    <linux:name>openEuler-release</linux:name>
+--- /dev/null
-+  </linux:rpminfo_object>
++++ b/products/openeuler2403/product.yml
+@@ -0,0 +1,19 @@
++product: openeuler2403
++full_name: openEuler2403
++type: platform
 +
-+</def-group>
++benchmark_id: OPENEULER2403
++benchmark_root: "../../linux_os/guide"
++
++profiles_root: "./profiles"
++
++pkg_manager: "dnf"
++
++init_system: "systemd"
++
++cpes_root: "../../shared/applicability"
++cpes:
++  - openeuler2403:
++      name: "cpe:/o:openEuler:openEuler:24.03LTS:ga:server"
++      title: "openEuler 24.03 LTS"
++      check_id: installed_OS_is_openeuler2403
+diff --git a/products/openeuler2403/profiles/standard.profile b/products/openeuler2403/profiles/standard.profile
+new file mode 100644
+index 0000000..e4e9450
+--- /dev/null
++++ b/products/openeuler2403/profiles/standard.profile
+@@ -0,0 +1,14 @@
++documentation_complete: true
++
++metadata:
++    version: 1.0
++
++title: 'Standard System Security Profile for openEuler'
++
++description: |-
++    This profile contains rules to ensure standard security baseline
++    of all openEuler systems. Regardless of your system's workload
++    all of these checks should pass.
++
++selections:
++    - std_openeuler:all:base
+diff --git a/products/openeuler2403/transforms/constants.xslt b/products/openeuler2403/transforms/constants.xslt
+new file mode 100644
+index 0000000..60286a9
+--- /dev/null
++++ b/products/openeuler2403/transforms/constants.xslt
+@@ -0,0 +1,9 @@
++<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
++
++<xsl:include href="../../../shared/transforms/shared_constants.xslt"/>
++
++<xsl:variable name="product_long_name">openEuler2403</xsl:variable>
++<xsl:variable name="product_short_name">openEuler2403</xsl:variable>
++<xsl:variable name="prod_type">openeuler2403</xsl:variable>
++
++</xsl:stylesheet>
 diff --git a/shared/checks/oval/installed_OS_is_openeuler2203.xml b/shared/checks/oval/installed_OS_is_openeuler2203.xml
 new file mode 100644
 index 0000000..6a1ce97
@@ -385,6 +357,38 @@ index 0000000..6a1ce97
 +  </linux:rpminfo_object>
 +
 +</def-group>
+diff --git a/shared/checks/oval/installed_OS_is_openeuler2403.xml b/shared/checks/oval/installed_OS_is_openeuler2403.xml
+new file mode 100644
+index 0000000..31c6084
+--- /dev/null
++++ b/shared/checks/oval/installed_OS_is_openeuler2403.xml
+@@ -0,0 +1,26 @@
++<def-group>
++  <definition class="inventory" id="installed_OS_is_openeuler2403" version="1">
++    <metadata>
++      <title>openEuler</title>
++      <affected family="unix">
++        <platform>multi_platform_all</platform>
++      </affected>
++      <description>The operating system installed on the system is openEuler 24.03 LTS</description>
++    </metadata>
++    <criteria operator="AND">
++      <criterion comment="openEuler 24.03 LTS is installed" test_ref="test_openeuler2403_installed" />
++    </criteria>
++  </definition>
++
++  <linux:rpminfo_test check="all" check_existence="all_exist" comment="openEuler 24.03 LTS is installed" id="test_openeuler2403_installed" version="1">
++    <linux:object object_ref="obj_openeuler2403_installed" />
++    <linux:state state_ref="state_openeuler2403_installed" />
++  </linux:rpminfo_test>
++  <linux:rpminfo_state id="state_openeuler2403_installed" version="1">
++    <linux:version operation="pattern match">^24\.03.*$</linux:version>
++  </linux:rpminfo_state>
++  <linux:rpminfo_object id="obj_openeuler2403_installed" version="1">
++    <linux:name>openEuler-release</linux:name>
++  </linux:rpminfo_object>
++
++</def-group>
 diff --git a/shared/checks/oval/sysctl_kernel_ipv6_disable.xml b/shared/checks/oval/sysctl_kernel_ipv6_disable.xml
 index affb977..593ecda 100644
 --- a/shared/checks/oval/sysctl_kernel_ipv6_disable.xml
@@ -398,14 +402,14 @@ index affb977..593ecda 100644
  	<platform>multi_platform_ol</platform>
  	<platform>multi_platform_rhcos</platform>
 diff --git a/ssg/constants.py b/ssg/constants.py
-index f66ba00..60697df 100644
+index f66ba00..ff5bb02 100644
 --- a/ssg/constants.py
 +++ b/ssg/constants.py
 @@ -50,6 +50,7 @@ product_directories = [
      'ocp4',
      'rhcos4',
      'ol7', 'ol8', 'ol9',
-+    'openeuler', 'openeuler2203',
++    'openeuler2203', 'openeuler2403',
      'opensuse',
      'rhel7', 'rhel8', 'rhel9',
      'rhv4',
@@ -413,8 +417,8 @@ index f66ba00..60697df 100644
      "Oracle Linux 7": "ol7",
      "Oracle Linux 8": "ol8",
      "Oracle Linux 9": "ol9",
-+    "openEuler": "openeuler",
 +    "openEuler 2203": "openeuler2203",
++    "openEuler 2403": "openeuler2403",
      "openSUSE": "opensuse",
      "Red Hat Enterprise Linux 7": "rhel7",
      "Red Hat Enterprise Linux 8": "rhel8",
@@ -430,16 +434,15 @@ index f66ba00..60697df 100644
      "multi_platform_example": ["example"],
      "multi_platform_eks": ["eks"],
      "multi_platform_fedora": ["fedora"],
-+    "multi_platform_openeuler": ["openeuler", "openeuler2203"],
++    "multi_platform_openeuler": ["openeuler2203", "openeuler2403"],
      "multi_platform_opensuse": ["opensuse"],
      "multi_platform_ol": ["ol7", "ol8", "ol9"],
      "multi_platform_ocp": ["ocp4"],
-@@ -447,6 +452,8 @@ MAKEFILE_ID_TO_PRODUCT_MAP = {
+@@ -447,6 +452,7 @@ MAKEFILE_ID_TO_PRODUCT_MAP = {
      'uos': 'UnionTech OS Server',
      'eap': 'JBoss Enterprise Application Platform',
      'fuse': 'JBoss Fuse',
 +    'openeuler': 'openEuler',
-+    'openeuler2203': 'openEuler 2203',
      'opensuse': 'openSUSE',
      'sle': 'SUSE Linux Enterprise',
      'example': 'Example',

scap-security-guide.spec

@@ -1,6 +1,6 @@
 Name:		scap-security-guide
 Version:	0.1.68
-Release:	2
+Release:	3
 Summary:	Security guidance and baselines in SCAP formats
 License:	BSD-3-Clause
 URL:		https://github.com/ComplianceAsCode/content/
@@ -63,6 +63,9 @@ cd build
 %doc %{_docdir}/%{name}/tables/*.html
 
 %changelog
+* Mon Feb 19 2024 steven <steven_ygui@163.com> - 0.1.68-3
+- add openEuler 2403 LTS supporting and remove openEuler general version supporting
+
 * Mon Oct 9 2023 steven <steven_ygui@163.com> - 0.1.68-2
 - add openeuler supporting and add 100+ control rules