### System-wide Installation with Ninja Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/02_building_complianceascode.md Install the product using Ninja as the build system. Configure with CMake using the `-G Ninja` flag, then build and install using `ninja-build`. ```bash cd content/ cd build/ cmake -G Ninja ../ ninja-build ninja-build install ``` -------------------------------- ### System-wide Installation Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/02_building_complianceascode.md Perform a system-wide installation of the built product. This involves navigating to the build directory, configuring with CMake, making the product, and installing. ```bash cd content/ cd build/ cmake ../ make -j4 sudo make install ``` -------------------------------- ### List HTML Guide Files Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/02_building_complianceascode.md This command lists the human-readable HTML guide index files, named 'ssg-${PRODUCT}-guide-index.html'. These files allow users to browse available profiles for a product and are located in the 'guides' folder. ```bash $ ls -1 guides/ssg-rhel9-*.html ``` -------------------------------- ### Install ComplianceAsCode on Debian/Ubuntu Source: https://github.com/complianceascode/content/blob/master/README.md Use apt to install specific SSG guide packages for Debian and Debian-based distributions like Ubuntu. ```bash apt install ssg-debian # for Debian guides ``` ```bash apt install ssg-debderived # for Debian-based distributions (e.g. Ubuntu) guides ``` ```bash apt install ssg-nondebian # for other distributions guides (RHEL, Fedora, etc.) ``` ```bash apt install ssg-applications # for application-oriented guides (Firefox, JBoss, etc.) ``` -------------------------------- ### Install Documentation Dependencies Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/02_building_complianceascode.md Install Sphinx and project requirements for documentation generation. ```bash apt-get install python3-sphinx ``` ```bash pip install -r docs/requirements.txt ``` ```bash make -C docs html ``` -------------------------------- ### Ansible Template Example Source: https://github.com/complianceascode/content/blob/master/docs/templates/template_reference.md Example of an Ansible template file (`ansible.template`) for ensuring a package is installed. It uses Jinja syntax for parameter substitution. ```jinja # platform = multi_platform_all # reboot = false # strategy = enable # complexity = low # disruption = low - name: Ensure {{{ PKGNAME }}} is installed package: name: "{{{ PKGNAME }}}" state: present ``` -------------------------------- ### Product Directory Tree Example Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/03_creating_content.md Example output of the 'tree -d' command showing the directory structure for a product. ```bash $ tree -d products/rhel9 products/rhel9 ├── kickstart ├── overlays └── profiles 3 directories ``` -------------------------------- ### Install and Run diff2html Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/05_tools_and_utilities.md Install the diff2html utility and generate HTML diffs from the output of compare_ds.py. ```bash $ sudo dnf install npm $ sudo npm install -g diff2html-cli ``` ```bash $ rm -r html/ $ mkdir -p html $ for f in compare_ds-diffs/*; do name="${f##*/}"; diff2html -i file -t "$name" -F "html/$name.html" -- "$f" & done; wait ``` -------------------------------- ### Install Man Page Source: https://github.com/complianceascode/content/blob/master/CMakeLists.txt Installs the generated scap-security-guide.8 man page to the system's man page directory. ```cmake install(FILES "${CMAKE_BINARY_DIR}/scap-security-guide.8" DESTINATION "${CMAKE_INSTALL_MANDIR}/man8") ``` -------------------------------- ### Install Documentation Files Source: https://github.com/complianceascode/content/blob/master/CMakeLists.txt Installs the LICENSE, README.md, and Contributors.md files to the documentation directory specified by CMAKE_INSTALL_DOCDIR. ```cmake install(FILES "${CMAKE_SOURCE_DIR}/LICENSE" DESTINATION ${CMAKE_INSTALL_DOCDIR}) install(FILES "${CMAKE_SOURCE_DIR}/README.md" DESTINATION ${CMAKE_INSTALL_DOCDIR}) install(FILES "${CMAKE_SOURCE_DIR}/Contributors.md" DESTINATION ${CMAKE_INSTALL_DOCDIR}) ``` -------------------------------- ### Example Release Announcement Message Source: https://github.com/complianceascode/content/blob/master/docs/release_process.md An example message to announce the start of a stabilization period for a new content version. It includes key dates and instructions for contributors. ```plaintext Subject: stabilization of v0.1.65 Hello all, The release of Content version 0.1.65 is scheduled for December 2nd. As part of the release process, a stabilization branch was created. Issues and PRs that were not solved were moved to the 0.1.66 milestone. Any bug fixes you would like to include in release 0.1.65 should be proposed for the *stabilization* and *master* branches as a measure to avoid potential conflicts between these branches. The next version, 0.1.66, is scheduled to be released on February 3rd, with the stabilization phase starting on January 23th, 2022. Regards, ``` -------------------------------- ### Install Documentation Build Dependencies Source: https://github.com/complianceascode/content/blob/master/docs/README.md Use this command to install the necessary Python modules for building the documentation locally. ```bash pip install -r docs/requirements.txt ``` -------------------------------- ### Install on Debian Source: https://github.com/complianceascode/content/blob/master/docs/manual/user/10_install.md Use APT to install specific ssg packages for Debian and Debian-derived distributions, as well as application-oriented guides. ```bash $ sudo apt install ssg-debian # for Debian guides ``` ```bash $ sudo apt install ssg-debderived # for Debian-based distributions (e.g. Ubuntu) guides ``` ```bash $ sudo apt install ssg-nondebian # for other distributions guides (RHEL, Fedora, etc.) ``` ```bash $ sudo apt install ssg-applications # for application-oriented guides (Firefox, JBoss, etc.) ``` -------------------------------- ### Install on Fedora/RHEL 8+ Source: https://github.com/complianceascode/content/blob/master/docs/manual/user/10_install.md Use DNF to install the scap-security-guide package on Fedora and RHEL-based systems. ```bash $ sudo dnf -y install scap-security-guide ``` -------------------------------- ### Custom Install Location Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/02_building_complianceascode.md Install the product to a custom location by specifying the `DESTDIR` variable during the `make install` step. ```bash cd content/ cd build/ cmake ../ make -j4 sudo make DESTDIR=/opt/absolute/path/to/ssg/ install ``` -------------------------------- ### Setup for JQ Filter Rule Test Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/06_contributing_with_content.md Installs jq and sets up the directory path for testing rules that use jq filters. The path is dynamically generated based on the API path and jq filter. ```bash #!/bin/bash # remediation = none yum install -y jq kube_apipath="/kubernetes-api-resources" mkdir -p "$kube_apipath/apis/route.openshift.io/v1" ``` -------------------------------- ### OVAL Template Example Source: https://github.com/complianceascode/content/blob/master/docs/templates/template_reference.md Example of an OVAL template file (`oval.template`) for checking if a package is installed. It uses Jinja syntax for parameter substitution. ```jinja Package {{{ PKGNAME }}} Installed multi_platform_all The {{{ pkg_system|upper }}} package {{{ PKGNAME }}} should be installed. {{{ oval_test_package_installed(package=PKGNAME, evr=EVR, test_id="test_package_"+PKGNAME+"_installed") }}} ``` -------------------------------- ### Define and Build Product Source: https://github.com/complianceascode/content/blob/master/products/ol10/CMakeLists.txt This example shows how to define a product name and then initiate its build process using a custom CMake function. ```cmake set(PRODUCT "ol10") ssg_build_product(${PRODUCT}) ``` -------------------------------- ### Install Git on Ubuntu/Debian Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/02_building_complianceascode.md Installs the Git version control system on Ubuntu and Debian. ```bash apt-get install git ``` -------------------------------- ### Run Specific Profile and Product Tests Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/06_contributing_with_content.md Example of running the e2e tests for the 'cis' benchmark on 'ocp4'. ```bash make e2e PROFILE=cis PRODUCT=ocp4 ``` -------------------------------- ### VM Installation and Automatus Sanity Tests Source: https://github.com/complianceascode/content/blob/master/tests/CMakeLists.txt Registers quick-label tests for VM installation and automatus sanity checks. ```cmake if(Python_VERSION_MAJOR GREATER 2) add_test( NAME "install-vm" COMMAND env "PYTHONPATH=$ENV{PYTHONPATH}" "${Python_EXECUTABLE}" "${CMAKE_SOURCE_DIR}/tests/install_vm.py" "--help" ) set_tests_properties("install-vm" PROPERTIES LABELS quick) endif() add_test( NAME "automatus-sanity" COMMAND env "PYTHONPATH=$ENV{PYTHONPATH}" "${Python_EXECUTABLE}" "${CMAKE_SOURCE_DIR}/tests/automatus.py" "--help" ) set_tests_properties("automatus-sanity" PROPERTIES LABELS quick) ``` -------------------------------- ### Set Up Python Environment Source: https://github.com/complianceascode/content/blob/master/docs/release_process.md Configures the Python environment and installs necessary dependencies for the update scripts. ```bash source .pyenv.sh pip install "PyGithub>=1.58.2,<2.0" ``` -------------------------------- ### Install VM for Testing Source: https://github.com/complianceascode/content/blob/master/tests/README.md Use the install_vm.py script to provision a VM with the necessary requirements for Automatus testing. ```bash $ python install_vm.py --domain test-suite-fedora --distro fedora ``` ```bash $ python install_vm.py --domain test-suite-rhel8 --distro rhel8 --url http://baseos_repo_addr --extra-repo http://appstream_repo_addr ``` -------------------------------- ### Full Controls File Example Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/03_creating_content.md An example of a complete controls file demonstrating policy and control definitions, including nested controls and status indicators. ```yaml id: abcd title: ABCD Benchmark for securing Linux systems source: https://www.abcd.com/linux.pdf reference_type: abcd levels: - id: low - id: high inherits_from: - low controls: - id: R1 levels: - low title: User session timeout description: >- Remote user sessions must be closed after a certain period of inactivity. status: automated rules: - sshd_set_idle_timeout - accounts_tmout - var_accounts_tmout=10_min - configure_crypto_policy notes: >- Certain period of inactivity is vague. - id: R2 title: Minimization of configuration description: >- The features configured at the level of launched services should be limited to the strict minimum. rationale: >- Minimization of configuration helps to reduce attack surface. status: supported notes: >- This is individual depending on the system workload therefore needs to be audited manually. related_rules: - systemd_target_multi_user - id: R3 title: Enabling SELinux targeted Policy description: >- It is recommended to enable SELinux in enforcing mode and to use the targeted policy. status: automated rules: - selinux_state - id: R4 title: Configure authentication description: >- Ensure authentication methods are functional to prevent unauthorized access to the system. controls: - id: R4.a title: Disable administrator accounts status: automated levels: - low rules: - accounts_passwords_pam_faillock_deny_root - id: R4.b title: Enforce password quality standards status: automated levels: - high rules: - accounts_password_pam_minlen - accounts_password_pam_ocredit - var_password_pam_ocredit=1 - other-policy:other-control ``` -------------------------------- ### Simulate Kubernetes API Resources Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/06_contributing_with_content.md Sets up paths and persists Kubernetes resource objects for testing. This example simulates the 'machinesets' resource. ```bash kube_apipath="/kubernetes-api-resources" machinev1beta1="/apis/machine.openshift.io/v1beta1" machineset_apipath="$machinev1beta1/machinesets?limit=500" # Create kubernetes resource directory path mkdir -p "$kube_apipath/$machinev1beta1" # Persist kubernetes resource cat < "$kube_apipath/$machineset_apipath" { "apiVersion": "v1", ... EOF ``` -------------------------------- ### Install Ninja Build System on Ubuntu/Debian Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/02_building_complianceascode.md Installs the Ninja build system for faster builds on Ubuntu and Debian. ```bash apt-get install ninja-build ``` -------------------------------- ### Install Git on Fedora/RHEL Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/02_building_complianceascode.md Installs the Git version control system on Fedora and Red Hat Enterprise Linux. ```bash yum install git ``` -------------------------------- ### Template Metadata Example Source: https://github.com/complianceascode/content/blob/master/docs/templates/template_reference.md Example of a `template.yml` file, which stores metadata for a template, including a list of supported languages. ```yaml supported_languages: - ansible - bash - ignition - kubernetes - oval - puppet ``` -------------------------------- ### Install Ninja Build System on Fedora/RHEL Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/02_building_complianceascode.md Installs the Ninja build system for faster builds on Fedora and Red Hat Enterprise Linux. ```bash yum install ninja-build ``` -------------------------------- ### Sourcing Shared Setup Script in Bash Source: https://github.com/complianceascode/content/blob/master/tests/README.md Source a setup script from the shared directory in Bash. The `$SHARED` variable provides the path to the shared directory. ```bash . $SHARED/setup_config_files.sh ``` -------------------------------- ### OpenSCAP Scan Output Example Source: https://github.com/complianceascode/content/blob/master/docs/manual/user/20_scanning.md Example of the output seen while an OpenSCAP scan is in progress, showing rule identifiers and results. ```text Title Install AIDE Rule package_aide_installed Ident CCE-83457-2 Result fail Title Configure Periodic Execution of AIDE Rule aide_periodic_cron_checking Ident CCE-83437-4 Result notchecked Title Verify File Permissions with RPM Rule rpm_verify_permissions Ident CCE-90840-0 Result fail Title Verify File Hashes with RPM Rule rpm_verify_hashes Ident CCE-90841-8 Result pass ``` -------------------------------- ### View STARTGUIDE Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/02_building_complianceascode.md Opens the STARTGUIDE.md file using 'less' for guidance through the newly prepared development environment. ```bash less ~/OpenSCAP/STARTGUIDE.md ``` -------------------------------- ### Example Commit Message Structure Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/04_style_guide.md An example demonstrating the recommended structure for a commit message, including a concise subject line, a blank line separator, and a detailed body explaining the 'what' and 'why' of the changes. ```text Summarize changes in around 50 characters or less More detailed explanatory text, if necessary. Wrap it to about 72 characters or so. In some contexts, the first line is treated as the subject of the commit and the rest of the text as the body. The blank line separating the summary from the body is critical (unless you omit the body entirely); various tools like `log`, `shortlog` and `rebase` can get confused if you run the two together. Explain the problem that this commit is solving. Focus on why you are making this change as opposed to how (the code explains that). Are there side effects or other unintuitive consequences of this change? Here's the place to explain them. Further paragraphs come after blank lines. - Bullet points are okay, too - Typically a hyphen or asterisk is used for the bullet, preceded by a single space Put references to issues at the bottom, like this: Resolves: #123 See also: #456, #789 ``` -------------------------------- ### Example SCE script structure Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/06_contributing_with_content.md A sample Bash script demonstrating the header format for an SCE check. ```bash $ cat ./linux_os/guide/system/accounts/accounts-session/accounts_users_own_home_directories/sce/ubuntu.sh #!/bin/bash # # Contributed by Canonical. # # Disable job control and run the last command of a pipeline in the current shell environment # Require Bash 4.2 and later # # platform = multi_platform_ubuntu ``` -------------------------------- ### Create Product Directory Structure Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/03_creating_content.md Use these shell commands to set up the necessary directories for a new product. Ensure environment variables like SHORTNAME, NAME, and VERSION are correctly set. ```shell cd content/products export SHORTNAME="C" export NAME="custom" export CAMEL_CASE_NAME="Custom" export VERSION="6" export FULL_NAME="$CAMEL_CASE_NAME $VERSION" export FULL_SHORT_NAME="$SHORTNAME$VERSION" export NEW_PRODUCT=$NAME$VERSION export CAPITAL_NAME="CUSTOM" mkdir $NEW_PRODUCT \ $NEW_PRODUCT/overlays \ $NEW_PRODUCT/profiles ``` -------------------------------- ### Example Release Announcement Message Source: https://github.com/complianceascode/content/blob/master/docs/release_process.md An example message that can be used as a reference for announcing a new release on communication channels. It includes release highlights, new contributors, and links to release notes and download archives. ```text Subject: ComplianceAsCode/content v0.1.65 Hello all, ComplianceAsCode/Content v0.1.65 is out. Some of the highlights of this release are: * Introduce ol9 stig profile (#9207) * Introduce Ol9 anssi profiles (#9243) * Update RHEL8 STIG to V1R7 (#9276) * Introduce e8 profile for OL9 (#9284) * Update RHEL7 STIG to V3R8 (#9317) Welcome to the new contributor: * contributor1 * contributor2 For full release notes, please have a look at: https://github.com/ComplianceAsCode/content/releases/tag/v0.1.65 Zip archive with pre-built content: https://github.com/ComplianceAsCode/content/releases/download/v0.1.65/scap-security-guide-0.1.65.zip SHA-512 hash: e6f8f9440562799120ae7425d68c9bd9975557b05c64e7c6851fdf60946876c3fe26e7353f48f096ca4a5c14164e857cd36fdaeb7c2f44b371fafddff33d7dfd Source tarball: https://github.com/ComplianceAsCode/content/releases/download/v0.1.65/scap-security-guide-0.1.65.tar.bz2 SHA-512 hash: fc295bafdac8a3fafbcd1bff50b7043a11de23e1a363883a7fac11d3734e9d381dad2e180cc14c259e34fa4eea8b0c27720a8df455d509be3c97913f51294850 Thank you to everyone who contributed! Regards, ``` -------------------------------- ### Install Mypy for Static Typing Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/02_building_complianceascode.md Install the mypy static type checker. ```bash # Fedora/RHEL yum install python3-mypy # Ubuntu/Debian apt-get install python3-mypy ``` -------------------------------- ### Create Product CMakeLists.txt Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/03_creating_content.md Create a new CMakeLists.txt file within the product's directory to define its specific build targets and dependencies. ```shell cat << EOF > $NEW_PRODUCT/CMakeLists.txt ``` -------------------------------- ### Install ssg module from a specific release Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/05_tools_and_utilities.md Install a specific version of the ssg module to ensure stability. Replace 'v0.1.76' with the desired release tag. This is recommended over installing from master for production environments. ```bash pip install git+https://github.com/ComplianceasCode/content@v0.1.76 ``` -------------------------------- ### Install OpenpyXL for SRG Export Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/02_building_complianceascode.md Install the openpyxl library for generating XLSX files. ```bash # Fedora/RHEL yum install python3-openpyxl # Ubuntu/Debian apt-get install python3-openpyxl ``` -------------------------------- ### Initialize Product Build Source: https://github.com/complianceascode/content/blob/master/products/debian12/CMakeLists.txt Registers a specific product for the build process. ```cmake ssg_build_product("debian12") ``` -------------------------------- ### Download and Upload Sources Source: https://github.com/complianceascode/content/blob/master/docs/release_process.md Ensure sources are downloaded locally using 'fedpkg sources' and uploaded to the lookaside cache with 'fedpkg new-sources'. ```bash fedpkg sources ``` ```bash fedpkg new-sources ``` -------------------------------- ### Profile Build System Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/05_tools_and_utilities.md Measure and compare build times for products using the profiling switch. ```bash $ ./build_product -p|--profiling ``` -------------------------------- ### Install ComplianceAsCode Ansible Role Source: https://github.com/complianceascode/content/blob/master/utils/ansible_galaxy_readme_template.md Use this command to download and install the Ansible role from Ansible Galaxy. ```bash ansible-galaxy install RedHatOfficial.@ROLE_NAME@ ``` -------------------------------- ### Build Documentation Locally Source: https://github.com/complianceascode/content/blob/master/docs/README.md Execute these commands to generate the documentation locally, depending on the configured build system. ```bash make docs ``` ```bash ninja docs ``` -------------------------------- ### Install PyGithub for Ansible Roles Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/02_building_complianceascode.md Install the pygithub library to support Ansible playbook to role conversion. ```bash # Fedora/RHEL yum install python3-pygithub # Ubuntu/Debian apt-get install python3-pygithub ``` -------------------------------- ### Install Pandas for SRG Export Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/02_building_complianceascode.md Install the pandas library required for running the SRG export utility. ```bash # Fedora/RHEL yum install python3-pandas # Ubuntu/Debian apt-get install python3-pandas ``` -------------------------------- ### Install lxml on Ubuntu/Debian Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/02_building_complianceascode.md Installs the python-lxml package required for Python unit tests on Ubuntu and Debian. ```bash apt-get install python-lxml ``` -------------------------------- ### Install Bats on Ubuntu/Debian Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/02_building_complianceascode.md Installs the Bats package for running Bash unit tests on Ubuntu and Debian. ```bash apt-get install bats ``` -------------------------------- ### Install ShellCheck on Ubuntu/Debian Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/02_building_complianceascode.md Installs the ShellCheck package for static analysis of shell scripts on Ubuntu and Debian. ```bash apt-get install shellcheck ``` -------------------------------- ### Prepare for Release using release_helper.py Source: https://github.com/complianceascode/content/blob/master/docs/release_process.md Use this command to prepare for a release by updating open issues and pull requests with milestones. Ensure you have the correct secret file path. ```bash ./release_helper.py -c ~/secret.ini -r ComplianceAsCode/content release_prep --issues ``` -------------------------------- ### Install Python Test Dependencies Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/02_building_complianceascode.md Installs Python test dependencies from the 'test-requirements.txt' file using pip3. ```bash $ pip3 install -r test-requirements.txt ``` -------------------------------- ### Install Python Development Dependencies Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/02_building_complianceascode.md Installs Python development dependencies from the 'requirements.txt' file using pip3. ```bash $ pip3 install -r requirements.txt ``` -------------------------------- ### Build All Available Products Source: https://context7.com/complianceascode/content/llms.txt Use the 'ALL' argument with the build_product script to compile security content for all supported products. This command ensures comprehensive content generation. ```bash ./build_product ALL ``` -------------------------------- ### Configure Product Build Parameters Source: https://github.com/complianceascode/content/blob/master/products/rhcos4/CMakeLists.txt Sets the product name and remediation languages, then triggers the build and documentation generation functions. ```cmake set(PRODUCT "rhcos4") set(PRODUCT_REMEDIATION_LANGUAGES "ignition;kubernetes") ssg_build_product(${PRODUCT}) ssg_build_html_ref_tables("${PRODUCT}" "table-${PRODUCT}-{ref_id}refs" "nist") ssg_build_html_cce_table(${PRODUCT}) ``` -------------------------------- ### Install Linting Tools Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/04_style_guide.md Install the necessary Python packages for checking and fixing YAML linting issues. ```bash pip install yamllint yamlfix ``` -------------------------------- ### Verify OpenSCAP Installation Source: https://github.com/complianceascode/content/blob/master/docs/workshop/lab2_openscap.adoc Check the installed version of the oscap command line tool and its supported standards. ```bash [... ]$ oscap --version OpenSCAP command line tool (oscap) 1.3.6 Copyright 2009--2021 Red Hat Inc., Durham, North Carolina. ==== Supported specifications ==== SCAP Version: 1.3 XCCDF Version: 1.2 OVAL Version: 5.11.1 CPE Version: 2.3 CVSS Version: 2.0 CVE Version: 2.0 Asset Identification Version: 1.1 Asset Reporting Format Version: 1.1 CVRF Version: 1.1 ... ``` -------------------------------- ### Prepare Source Package Source: https://github.com/complianceascode/content/wiki/Release-Guide---Obsolete Commands to generate the source package from the project root. ```bash $ cd build/ $ cmake ../ $ make package_source ``` -------------------------------- ### Set and Build Product for ComplianceAsCode Source: https://github.com/complianceascode/content/blob/master/products/sle16/CMakeLists.txt This snippet demonstrates how to set the product name and then initiate the build process for that product using the ssg_build_product macro. ```cmake set(PRODUCT "sle16") ssg_build_product("${PRODUCT}") ``` -------------------------------- ### Render Policy Documentation Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/03_creating_content.md Generates an HTML file resolving controls for a specific product. ```bash $ utils/render-policy.py --output doc.html rhel8 controls/abcd.yml ``` -------------------------------- ### Define and Build Product Source: https://github.com/complianceascode/content/blob/master/products/slmicro5/CMakeLists.txt Sets the product variable and triggers the build process for the specified product. ```cmake set(PRODUCT "slmicro5") ssg_build_product("slmicro5") ``` -------------------------------- ### Initialize Control File Source: https://github.com/complianceascode/content/blob/master/docs/workshop/lab3_profiles.adoc Commands to create and initialize the metadata for a new company policy file. ```bash [... ]$ open controls/my-company.yml ``` ```yaml title: 'Security Guidelines of My Company' id: my-company ``` -------------------------------- ### Build Specific Product Content Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/02_building_complianceascode.md Build individual components like SCAP XML, HTML guides, or remediation scripts for a specific product. ```bash cd build/ cmake ../ make -j4 rhel9-content # SCAP XML files for RHEL9 make -j4 rhel9-guides # HTML guides for RHEL9 make -j4 rhel9-tables # HTML tables for RHEL9 make -j4 rhel9-profile-bash-scripts # remediation Bash scripts for all RHEL9 profiles make -j4 rhel9-profile-playbooks # Ansible Playbooks for all RHEL9 profiles make -j4 rhel9 # everything above for RHEL9 ``` -------------------------------- ### Build Product Datastream Source: https://github.com/complianceascode/content/blob/master/docs/workshop/lab5_oval.adoc Builds the product datastream for RHEL8. ```bash [... ]$ ./build_product rhel8 --datastream-only ``` -------------------------------- ### Install Tox on Ubuntu/Debian Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/02_building_complianceascode.md Installs the 'tox' package on Ubuntu and Debian, used for managing virtual environments for building documentation. ```bash apt-get install tox ``` -------------------------------- ### Install Ansible and Python 3 on Fedora Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/02_building_complianceascode.md Installs the 'ansible' and 'python3' packages required for the openscap role on Fedora systems. ```bash dnf install -y ansible python3 ``` -------------------------------- ### Run Documentation Build with Tox Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/02_building_complianceascode.md Executes the documentation build process using tox, which handles dependency management within a virtual environment. ```bash tox -e docs ``` -------------------------------- ### Display Help for e2e Test Makefile Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/06_contributing_with_content.md View available options and commands for the e2e test makefile. ```bash make help ``` -------------------------------- ### Install ComplianceAsCode on RHEL/Fedora Source: https://github.com/complianceascode/content/blob/master/README.md Use yum to install the scap-security-guide package on Red Hat Enterprise Linux and Fedora systems. ```bash yum install scap-security-guide ``` -------------------------------- ### Define Guide and Table Tests Source: https://github.com/complianceascode/content/blob/master/CMakeLists.txt Defines tests related to the security guide and its associated tables using the ssg_define_guide_and_table_tests function. ```cmake ssg_define_guide_and_table_tests() ``` -------------------------------- ### Initialize Ansible Directory Source: https://github.com/complianceascode/content/blob/master/docs/workshop/lab4_ansible.adoc Commands to create and enter the ansible directory within a rule path. ```bash [... accounts_tmout]$ mkdir ansible [... ansible]$ cd ansible ``` -------------------------------- ### Load Product Configurations Source: https://context7.com/complianceascode/content/llms.txt Programmatically load and access product metadata and properties from YAML files. ```python from ssg.products import Product, load_product_yaml, product_yaml_path, get_all # Load a specific product ssg_root = "/path/to/content" product_path = product_yaml_path(ssg_root, "rhel9") product = load_product_yaml(product_path) # Access product properties print(f"Product: {product['product']}") print(f"Full Name: {product['full_name']}") print(f"Benchmark ID: {product['benchmark_id']}") print(f"Package Manager: {product['pkg_manager']}") print(f"Init System: {product['init_system']}") # Get all products categorized by type products = get_all(ssg_root) print(f"Linux products: {products.linux}") print(f"Other products: {products.other}") # Read additional properties from directory product.read_properties_from_directory("/path/to/product_properties") ``` -------------------------------- ### Install Pytest on Ubuntu/Debian Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/02_building_complianceascode.md Installs the python-pytest package for running tests that analyze Ansible Playbooks' YAML nodes on Ubuntu and Debian. ```bash apt-get install python-pytest ``` -------------------------------- ### Install lxml on Fedora/RHEL Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/02_building_complianceascode.md Installs the python3-lxml package required for Python unit tests on Fedora and Red Hat Enterprise Linux. ```bash yum install python3-lxml ``` -------------------------------- ### Build Product with CMake Source: https://github.com/complianceascode/content/blob/master/products/debian13/CMakeLists.txt This command initiates the build process for a specific product, 'debian13', within the ComplianceAsCode CMake build system. ```cmake ssg_build_product("debian13") ``` -------------------------------- ### Install Bats on Fedora/RHEL Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/02_building_complianceascode.md Installs the Bats package for running Bash unit tests on Fedora and Red Hat Enterprise Linux. ```bash yum install bats ``` -------------------------------- ### Bash Scenario with Platform and Variables Metadata Source: https://github.com/complianceascode/content/blob/master/tests/README.md This example demonstrates a Bash scenario script with metadata specifying the target platforms and XCCDF variables. Use this format to define test environments and parameterize tests. ```bash #!/bin/bash # platform = Red Hat Enterprise Linux 9,multi_platform_fedora # variables = auth_enabled=yes,var_example_1=value_example echo "KerberosAuthentication $auth_enabled" >> /etc/ssh/sshd_config ``` -------------------------------- ### Install ShellCheck on Fedora/RHEL Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/02_building_complianceascode.md Installs the ShellCheck package for static analysis of shell scripts on Fedora and Red Hat Enterprise Linux. ```bash yum install ShellCheck ``` -------------------------------- ### Clone and Fork Repository Source: https://github.com/complianceascode/content/blob/master/docs/release_process.md Use fedpkg to clone the repository and create a fork. This is necessary for making changes. ```bash fedpkg clone scap-security-guide cd scap-security-guide fedpkg fork ``` ```bash fedpkg clone --anonymous forks//rpms/scap-security-guide cd scap-security-guide ``` -------------------------------- ### Install Sphinx on Fedora/RHEL Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/02_building_complianceascode.md Installs the python3-sphinx package on Fedora and Red Hat Enterprise Linux, required for generating HTML documentation from source. ```bash yum install python3-sphinx ``` -------------------------------- ### Build ZIP File Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/02_building_complianceascode.md Generate a zip file containing all generated source data streams and kickstarts. Execute this command from the build directory. ```bash cd build/ make zipfile ``` -------------------------------- ### Install Ansible Linting Tools on Fedora/RHEL Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/02_building_complianceascode.md Installs 'yamllint' and 'ansible-lint' for checking Ansible playbooks on Fedora and Red Hat Enterprise Linux. ```bash yum install yamllint ansible-lint ``` -------------------------------- ### Install Tox on Fedora/RHEL Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/02_building_complianceascode.md Installs the 'tox' package on Fedora and Red Hat Enterprise Linux, used for managing virtual environments for building documentation. ```bash yum install tox ``` -------------------------------- ### Python API - Loading Products Source: https://context7.com/complianceascode/content/llms.txt Load and work with product configurations programmatically using the ssg.products module. ```APIDOC ## Python API - Loading Products Load and work with product configurations programmatically. ```python from ssg.products import Product, load_product_yaml, product_yaml_path, get_all # Load a specific product ssg_root = "/path/to/content" product_path = product_yaml_path(ssg_root, "rhel9") product = load_product_yaml(product_path) # Access product properties print(f"Product: {product['product']}") print(f"Full Name: {product['full_name']}") print(f"Benchmark ID: {product['benchmark_id']}") print(f"Package Manager: {product['pkg_manager']}") print(f"Init System: {product['init_system']}") # Get all products categorized by type products = get_all(ssg_root) print(f"Linux products: {products.linux}") print(f"Other products: {products.other}") # Read additional properties from directory product.read_properties_from_directory("/path/to/product_properties") ``` ```