### System-wide Installation with Ninja
Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/02_building_complianceascode.md
Install the product using Ninja as the build system. Configure with CMake using the `-G Ninja` flag, then build and install using `ninja-build`.
```bash
cd content/
cd build/
cmake -G Ninja ../
ninja-build
ninja-build install
```
--------------------------------
### System-wide Installation
Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/02_building_complianceascode.md
Perform a system-wide installation of the built product. This involves navigating to the build directory, configuring with CMake, making the product, and installing.
```bash
cd content/
cd build/
cmake ../
make -j4
sudo make install
```
--------------------------------
### List HTML Guide Files
Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/02_building_complianceascode.md
This command lists the human-readable HTML guide index files, named 'ssg-${PRODUCT}-guide-index.html'. These files allow users to browse available profiles for a product and are located in the 'guides' folder.
```bash
$ ls -1 guides/ssg-rhel9-*.html
```
--------------------------------
### Install ComplianceAsCode on Debian/Ubuntu
Source: https://github.com/complianceascode/content/blob/master/README.md
Use apt to install specific SSG guide packages for Debian and Debian-based distributions like Ubuntu.
```bash
apt install ssg-debian # for Debian guides
```
```bash
apt install ssg-debderived # for Debian-based distributions (e.g. Ubuntu) guides
```
```bash
apt install ssg-nondebian # for other distributions guides (RHEL, Fedora, etc.)
```
```bash
apt install ssg-applications # for application-oriented guides (Firefox, JBoss, etc.)
```
--------------------------------
### Install Documentation Dependencies
Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/02_building_complianceascode.md
Install Sphinx and project requirements for documentation generation.
```bash
apt-get install python3-sphinx
```
```bash
pip install -r docs/requirements.txt
```
```bash
make -C docs html
```
--------------------------------
### Ansible Template Example
Source: https://github.com/complianceascode/content/blob/master/docs/templates/template_reference.md
Example of an Ansible template file (`ansible.template`) for ensuring a package is installed. It uses Jinja syntax for parameter substitution.
```jinja
# platform = multi_platform_all
# reboot = false
# strategy = enable
# complexity = low
# disruption = low
- name: Ensure {{{ PKGNAME }}} is installed
package:
name: "{{{ PKGNAME }}}"
state: present
```
--------------------------------
### Product Directory Tree Example
Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/03_creating_content.md
Example output of the 'tree -d' command showing the directory structure for a product.
```bash
$ tree -d products/rhel9
products/rhel9
├── kickstart
├── overlays
└── profiles
3 directories
```
--------------------------------
### Install and Run diff2html
Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/05_tools_and_utilities.md
Install the diff2html utility and generate HTML diffs from the output of compare_ds.py.
```bash
$ sudo dnf install npm
$ sudo npm install -g diff2html-cli
```
```bash
$ rm -r html/
$ mkdir -p html
$ for f in compare_ds-diffs/*; do name="${f##*/}"; diff2html -i file -t "$name" -F "html/$name.html" -- "$f" & done; wait
```
--------------------------------
### Install Man Page
Source: https://github.com/complianceascode/content/blob/master/CMakeLists.txt
Installs the generated scap-security-guide.8 man page to the system's man page directory.
```cmake
install(FILES "${CMAKE_BINARY_DIR}/scap-security-guide.8"
DESTINATION "${CMAKE_INSTALL_MANDIR}/man8")
```
--------------------------------
### Install Documentation Files
Source: https://github.com/complianceascode/content/blob/master/CMakeLists.txt
Installs the LICENSE, README.md, and Contributors.md files to the documentation directory specified by CMAKE_INSTALL_DOCDIR.
```cmake
install(FILES "${CMAKE_SOURCE_DIR}/LICENSE"
DESTINATION ${CMAKE_INSTALL_DOCDIR})
install(FILES "${CMAKE_SOURCE_DIR}/README.md"
DESTINATION ${CMAKE_INSTALL_DOCDIR})
install(FILES "${CMAKE_SOURCE_DIR}/Contributors.md"
DESTINATION ${CMAKE_INSTALL_DOCDIR})
```
--------------------------------
### Example Release Announcement Message
Source: https://github.com/complianceascode/content/blob/master/docs/release_process.md
An example message to announce the start of a stabilization period for a new content version. It includes key dates and instructions for contributors.
```plaintext
Subject: stabilization of v0.1.65
Hello all,
The release of Content version 0.1.65 is scheduled for December 2nd.
As part of the release process, a stabilization branch was created.
Issues and PRs that were not solved were moved to the 0.1.66 milestone.
Any bug fixes you would like to include in release 0.1.65 should be proposed
for the *stabilization* and *master* branches as a measure to avoid
potential conflicts between these branches.
The next version, 0.1.66, is scheduled to be released on February 3rd,
with the stabilization phase starting on January 23th, 2022.
Regards,
```
--------------------------------
### Install Documentation Build Dependencies
Source: https://github.com/complianceascode/content/blob/master/docs/README.md
Use this command to install the necessary Python modules for building the documentation locally.
```bash
pip install -r docs/requirements.txt
```
--------------------------------
### Install on Debian
Source: https://github.com/complianceascode/content/blob/master/docs/manual/user/10_install.md
Use APT to install specific ssg packages for Debian and Debian-derived distributions, as well as application-oriented guides.
```bash
$ sudo apt install ssg-debian # for Debian guides
```
```bash
$ sudo apt install ssg-debderived # for Debian-based distributions (e.g. Ubuntu) guides
```
```bash
$ sudo apt install ssg-nondebian # for other distributions guides (RHEL, Fedora, etc.)
```
```bash
$ sudo apt install ssg-applications # for application-oriented guides (Firefox, JBoss, etc.)
```
--------------------------------
### Install on Fedora/RHEL 8+
Source: https://github.com/complianceascode/content/blob/master/docs/manual/user/10_install.md
Use DNF to install the scap-security-guide package on Fedora and RHEL-based systems.
```bash
$ sudo dnf -y install scap-security-guide
```
--------------------------------
### Custom Install Location
Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/02_building_complianceascode.md
Install the product to a custom location by specifying the `DESTDIR` variable during the `make install` step.
```bash
cd content/
cd build/
cmake ../
make -j4
sudo make DESTDIR=/opt/absolute/path/to/ssg/ install
```
--------------------------------
### Setup for JQ Filter Rule Test
Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/06_contributing_with_content.md
Installs jq and sets up the directory path for testing rules that use jq filters. The path is dynamically generated based on the API path and jq filter.
```bash
#!/bin/bash
# remediation = none
yum install -y jq
kube_apipath="/kubernetes-api-resources"
mkdir -p "$kube_apipath/apis/route.openshift.io/v1"
```
--------------------------------
### OVAL Template Example
Source: https://github.com/complianceascode/content/blob/master/docs/templates/template_reference.md
Example of an OVAL template file (`oval.template`) for checking if a package is installed. It uses Jinja syntax for parameter substitution.
```jinja
Package {{{ PKGNAME }}} Installed
multi_platform_all
The {{{ pkg_system|upper }}} package {{{ PKGNAME }}} should be installed.
{{{ oval_test_package_installed(package=PKGNAME, evr=EVR, test_id="test_package_"+PKGNAME+"_installed") }}}
```
--------------------------------
### Define and Build Product
Source: https://github.com/complianceascode/content/blob/master/products/ol10/CMakeLists.txt
This example shows how to define a product name and then initiate its build process using a custom CMake function.
```cmake
set(PRODUCT "ol10")
ssg_build_product(${PRODUCT})
```
--------------------------------
### Install Git on Ubuntu/Debian
Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/02_building_complianceascode.md
Installs the Git version control system on Ubuntu and Debian.
```bash
apt-get install git
```
--------------------------------
### Run Specific Profile and Product Tests
Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/06_contributing_with_content.md
Example of running the e2e tests for the 'cis' benchmark on 'ocp4'.
```bash
make e2e PROFILE=cis PRODUCT=ocp4
```
--------------------------------
### VM Installation and Automatus Sanity Tests
Source: https://github.com/complianceascode/content/blob/master/tests/CMakeLists.txt
Registers quick-label tests for VM installation and automatus sanity checks.
```cmake
if(Python_VERSION_MAJOR GREATER 2)
add_test(
NAME "install-vm"
COMMAND env "PYTHONPATH=$ENV{PYTHONPATH}" "${Python_EXECUTABLE}" "${CMAKE_SOURCE_DIR}/tests/install_vm.py" "--help"
)
set_tests_properties("install-vm" PROPERTIES LABELS quick)
endif()
add_test(
NAME "automatus-sanity"
COMMAND env "PYTHONPATH=$ENV{PYTHONPATH}" "${Python_EXECUTABLE}" "${CMAKE_SOURCE_DIR}/tests/automatus.py" "--help"
)
set_tests_properties("automatus-sanity" PROPERTIES LABELS quick)
```
--------------------------------
### Set Up Python Environment
Source: https://github.com/complianceascode/content/blob/master/docs/release_process.md
Configures the Python environment and installs necessary dependencies for the update scripts.
```bash
source .pyenv.sh
pip install "PyGithub>=1.58.2,<2.0"
```
--------------------------------
### Install VM for Testing
Source: https://github.com/complianceascode/content/blob/master/tests/README.md
Use the install_vm.py script to provision a VM with the necessary requirements for Automatus testing.
```bash
$ python install_vm.py --domain test-suite-fedora --distro fedora
```
```bash
$ python install_vm.py --domain test-suite-rhel8 --distro rhel8 --url http://baseos_repo_addr --extra-repo http://appstream_repo_addr
```
--------------------------------
### Full Controls File Example
Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/03_creating_content.md
An example of a complete controls file demonstrating policy and control definitions, including nested controls and status indicators.
```yaml
id: abcd
title: ABCD Benchmark for securing Linux systems
source: https://www.abcd.com/linux.pdf
reference_type: abcd
levels:
- id: low
- id: high
inherits_from:
- low
controls:
- id: R1
levels:
- low
title: User session timeout
description: >-
Remote user sessions must be closed after a certain
period of inactivity.
status: automated
rules:
- sshd_set_idle_timeout
- accounts_tmout
- var_accounts_tmout=10_min
- configure_crypto_policy
notes: >-
Certain period of inactivity is vague.
- id: R2
title: Minimization of configuration
description: >-
The features configured at the level of launched services
should be limited to the strict minimum.
rationale: >-
Minimization of configuration helps to reduce attack surface.
status: supported
notes: >-
This is individual depending on the system workload
therefore needs to be audited manually.
related_rules:
- systemd_target_multi_user
- id: R3
title: Enabling SELinux targeted Policy
description: >-
It is recommended to enable SELinux in enforcing mode
and to use the targeted policy.
status: automated
rules:
- selinux_state
- id: R4
title: Configure authentication
description: >-
Ensure authentication methods are functional to prevent
unauthorized access to the system.
controls:
- id: R4.a
title: Disable administrator accounts
status: automated
levels:
- low
rules:
- accounts_passwords_pam_faillock_deny_root
- id: R4.b
title: Enforce password quality standards
status: automated
levels:
- high
rules:
- accounts_password_pam_minlen
- accounts_password_pam_ocredit
- var_password_pam_ocredit=1
- other-policy:other-control
```
--------------------------------
### Simulate Kubernetes API Resources
Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/06_contributing_with_content.md
Sets up paths and persists Kubernetes resource objects for testing. This example simulates the 'machinesets' resource.
```bash
kube_apipath="/kubernetes-api-resources"
machinev1beta1="/apis/machine.openshift.io/v1beta1"
machineset_apipath="$machinev1beta1/machinesets?limit=500"
# Create kubernetes resource directory path
mkdir -p "$kube_apipath/$machinev1beta1"
# Persist kubernetes resource
cat < "$kube_apipath/$machineset_apipath"
{
"apiVersion": "v1",
...
EOF
```
--------------------------------
### Install Ninja Build System on Ubuntu/Debian
Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/02_building_complianceascode.md
Installs the Ninja build system for faster builds on Ubuntu and Debian.
```bash
apt-get install ninja-build
```
--------------------------------
### Install Git on Fedora/RHEL
Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/02_building_complianceascode.md
Installs the Git version control system on Fedora and Red Hat Enterprise Linux.
```bash
yum install git
```
--------------------------------
### Template Metadata Example
Source: https://github.com/complianceascode/content/blob/master/docs/templates/template_reference.md
Example of a `template.yml` file, which stores metadata for a template, including a list of supported languages.
```yaml
supported_languages:
- ansible
- bash
- ignition
- kubernetes
- oval
- puppet
```
--------------------------------
### Install Ninja Build System on Fedora/RHEL
Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/02_building_complianceascode.md
Installs the Ninja build system for faster builds on Fedora and Red Hat Enterprise Linux.
```bash
yum install ninja-build
```
--------------------------------
### Sourcing Shared Setup Script in Bash
Source: https://github.com/complianceascode/content/blob/master/tests/README.md
Source a setup script from the shared directory in Bash. The `$SHARED` variable provides the path to the shared directory.
```bash
. $SHARED/setup_config_files.sh
```
--------------------------------
### OpenSCAP Scan Output Example
Source: https://github.com/complianceascode/content/blob/master/docs/manual/user/20_scanning.md
Example of the output seen while an OpenSCAP scan is in progress, showing rule identifiers and results.
```text
Title Install AIDE
Rule package_aide_installed
Ident CCE-83457-2
Result fail
Title Configure Periodic Execution of AIDE
Rule aide_periodic_cron_checking
Ident CCE-83437-4
Result notchecked
Title Verify File Permissions with RPM
Rule rpm_verify_permissions
Ident CCE-90840-0
Result fail
Title Verify File Hashes with RPM
Rule rpm_verify_hashes
Ident CCE-90841-8
Result pass
```
--------------------------------
### View STARTGUIDE
Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/02_building_complianceascode.md
Opens the STARTGUIDE.md file using 'less' for guidance through the newly prepared development environment.
```bash
less ~/OpenSCAP/STARTGUIDE.md
```
--------------------------------
### Example Commit Message Structure
Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/04_style_guide.md
An example demonstrating the recommended structure for a commit message, including a concise subject line, a blank line separator, and a detailed body explaining the 'what' and 'why' of the changes.
```text
Summarize changes in around 50 characters or less
More detailed explanatory text, if necessary. Wrap it to about 72
characters or so. In some contexts, the first line is treated as the
subject of the commit and the rest of the text as the body. The
blank line separating the summary from the body is critical (unless
you omit the body entirely); various tools like `log`, `shortlog`
and `rebase` can get confused if you run the two together.
Explain the problem that this commit is solving. Focus on why you
are making this change as opposed to how (the code explains that).
Are there side effects or other unintuitive consequences of this
change? Here's the place to explain them.
Further paragraphs come after blank lines.
- Bullet points are okay, too
- Typically a hyphen or asterisk is used for the bullet, preceded
by a single space
Put references to issues at the bottom, like this:
Resolves: #123
See also: #456, #789
```
--------------------------------
### Example SCE script structure
Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/06_contributing_with_content.md
A sample Bash script demonstrating the header format for an SCE check.
```bash
$ cat ./linux_os/guide/system/accounts/accounts-session/accounts_users_own_home_directories/sce/ubuntu.sh
#!/bin/bash
#
# Contributed by Canonical.
#
# Disable job control and run the last command of a pipeline in the current shell environment
# Require Bash 4.2 and later
#
# platform = multi_platform_ubuntu
```
--------------------------------
### Create Product Directory Structure
Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/03_creating_content.md
Use these shell commands to set up the necessary directories for a new product. Ensure environment variables like SHORTNAME, NAME, and VERSION are correctly set.
```shell
cd content/products
export SHORTNAME="C"
export NAME="custom"
export CAMEL_CASE_NAME="Custom"
export VERSION="6"
export FULL_NAME="$CAMEL_CASE_NAME $VERSION"
export FULL_SHORT_NAME="$SHORTNAME$VERSION"
export NEW_PRODUCT=$NAME$VERSION
export CAPITAL_NAME="CUSTOM"
mkdir $NEW_PRODUCT \
$NEW_PRODUCT/overlays \
$NEW_PRODUCT/profiles
```
--------------------------------
### Example Release Announcement Message
Source: https://github.com/complianceascode/content/blob/master/docs/release_process.md
An example message that can be used as a reference for announcing a new release on communication channels. It includes release highlights, new contributors, and links to release notes and download archives.
```text
Subject: ComplianceAsCode/content v0.1.65
Hello all,
ComplianceAsCode/Content v0.1.65 is out.
Some of the highlights of this release are:
* Introduce ol9 stig profile (#9207)
* Introduce Ol9 anssi profiles (#9243)
* Update RHEL8 STIG to V1R7 (#9276)
* Introduce e8 profile for OL9 (#9284)
* Update RHEL7 STIG to V3R8 (#9317)
Welcome to the new contributor:
* contributor1
* contributor2
For full release notes, please have a look at:
https://github.com/ComplianceAsCode/content/releases/tag/v0.1.65
Zip archive with pre-built content:
https://github.com/ComplianceAsCode/content/releases/download/v0.1.65/scap-security-guide-0.1.65.zip
SHA-512 hash: e6f8f9440562799120ae7425d68c9bd9975557b05c64e7c6851fdf60946876c3fe26e7353f48f096ca4a5c14164e857cd36fdaeb7c2f44b371fafddff33d7dfd
Source tarball:
https://github.com/ComplianceAsCode/content/releases/download/v0.1.65/scap-security-guide-0.1.65.tar.bz2
SHA-512 hash: fc295bafdac8a3fafbcd1bff50b7043a11de23e1a363883a7fac11d3734e9d381dad2e180cc14c259e34fa4eea8b0c27720a8df455d509be3c97913f51294850
Thank you to everyone who contributed!
Regards,
```
--------------------------------
### Install Mypy for Static Typing
Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/02_building_complianceascode.md
Install the mypy static type checker.
```bash
# Fedora/RHEL
yum install python3-mypy
# Ubuntu/Debian
apt-get install python3-mypy
```
--------------------------------
### Create Product CMakeLists.txt
Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/03_creating_content.md
Create a new CMakeLists.txt file within the product's directory to define its specific build targets and dependencies.
```shell
cat << EOF > $NEW_PRODUCT/CMakeLists.txt
```
--------------------------------
### Install ssg module from a specific release
Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/05_tools_and_utilities.md
Install a specific version of the ssg module to ensure stability. Replace 'v0.1.76' with the desired release tag. This is recommended over installing from master for production environments.
```bash
pip install git+https://github.com/ComplianceasCode/content@v0.1.76
```
--------------------------------
### Install OpenpyXL for SRG Export
Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/02_building_complianceascode.md
Install the openpyxl library for generating XLSX files.
```bash
# Fedora/RHEL
yum install python3-openpyxl
# Ubuntu/Debian
apt-get install python3-openpyxl
```
--------------------------------
### Initialize Product Build
Source: https://github.com/complianceascode/content/blob/master/products/debian12/CMakeLists.txt
Registers a specific product for the build process.
```cmake
ssg_build_product("debian12")
```
--------------------------------
### Download and Upload Sources
Source: https://github.com/complianceascode/content/blob/master/docs/release_process.md
Ensure sources are downloaded locally using 'fedpkg sources' and uploaded to the lookaside cache with 'fedpkg new-sources'.
```bash
fedpkg sources
```
```bash
fedpkg new-sources
```
--------------------------------
### Profile Build System
Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/05_tools_and_utilities.md
Measure and compare build times for products using the profiling switch.
```bash
$ ./build_product -p|--profiling
```
--------------------------------
### Install ComplianceAsCode Ansible Role
Source: https://github.com/complianceascode/content/blob/master/utils/ansible_galaxy_readme_template.md
Use this command to download and install the Ansible role from Ansible Galaxy.
```bash
ansible-galaxy install RedHatOfficial.@ROLE_NAME@
```
--------------------------------
### Build Documentation Locally
Source: https://github.com/complianceascode/content/blob/master/docs/README.md
Execute these commands to generate the documentation locally, depending on the configured build system.
```bash
make docs
```
```bash
ninja docs
```
--------------------------------
### Install PyGithub for Ansible Roles
Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/02_building_complianceascode.md
Install the pygithub library to support Ansible playbook to role conversion.
```bash
# Fedora/RHEL
yum install python3-pygithub
# Ubuntu/Debian
apt-get install python3-pygithub
```
--------------------------------
### Install Pandas for SRG Export
Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/02_building_complianceascode.md
Install the pandas library required for running the SRG export utility.
```bash
# Fedora/RHEL
yum install python3-pandas
# Ubuntu/Debian
apt-get install python3-pandas
```
--------------------------------
### Install lxml on Ubuntu/Debian
Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/02_building_complianceascode.md
Installs the python-lxml package required for Python unit tests on Ubuntu and Debian.
```bash
apt-get install python-lxml
```
--------------------------------
### Install Bats on Ubuntu/Debian
Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/02_building_complianceascode.md
Installs the Bats package for running Bash unit tests on Ubuntu and Debian.
```bash
apt-get install bats
```
--------------------------------
### Install ShellCheck on Ubuntu/Debian
Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/02_building_complianceascode.md
Installs the ShellCheck package for static analysis of shell scripts on Ubuntu and Debian.
```bash
apt-get install shellcheck
```
--------------------------------
### Prepare for Release using release_helper.py
Source: https://github.com/complianceascode/content/blob/master/docs/release_process.md
Use this command to prepare for a release by updating open issues and pull requests with milestones. Ensure you have the correct secret file path.
```bash
./release_helper.py -c ~/secret.ini -r ComplianceAsCode/content release_prep --issues
```
--------------------------------
### Install Python Test Dependencies
Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/02_building_complianceascode.md
Installs Python test dependencies from the 'test-requirements.txt' file using pip3.
```bash
$ pip3 install -r test-requirements.txt
```
--------------------------------
### Install Python Development Dependencies
Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/02_building_complianceascode.md
Installs Python development dependencies from the 'requirements.txt' file using pip3.
```bash
$ pip3 install -r requirements.txt
```
--------------------------------
### Build All Available Products
Source: https://context7.com/complianceascode/content/llms.txt
Use the 'ALL' argument with the build_product script to compile security content for all supported products. This command ensures comprehensive content generation.
```bash
./build_product ALL
```
--------------------------------
### Configure Product Build Parameters
Source: https://github.com/complianceascode/content/blob/master/products/rhcos4/CMakeLists.txt
Sets the product name and remediation languages, then triggers the build and documentation generation functions.
```cmake
set(PRODUCT "rhcos4")
set(PRODUCT_REMEDIATION_LANGUAGES "ignition;kubernetes")
ssg_build_product(${PRODUCT})
ssg_build_html_ref_tables("${PRODUCT}" "table-${PRODUCT}-{ref_id}refs" "nist")
ssg_build_html_cce_table(${PRODUCT})
```
--------------------------------
### Install Linting Tools
Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/04_style_guide.md
Install the necessary Python packages for checking and fixing YAML linting issues.
```bash
pip install yamllint yamlfix
```
--------------------------------
### Verify OpenSCAP Installation
Source: https://github.com/complianceascode/content/blob/master/docs/workshop/lab2_openscap.adoc
Check the installed version of the oscap command line tool and its supported standards.
```bash
[... ]$ oscap --version
OpenSCAP command line tool (oscap) 1.3.6
Copyright 2009--2021 Red Hat Inc., Durham, North Carolina.
==== Supported specifications ====
SCAP Version: 1.3
XCCDF Version: 1.2
OVAL Version: 5.11.1
CPE Version: 2.3
CVSS Version: 2.0
CVE Version: 2.0
Asset Identification Version: 1.1
Asset Reporting Format Version: 1.1
CVRF Version: 1.1
...
```
--------------------------------
### Prepare Source Package
Source: https://github.com/complianceascode/content/wiki/Release-Guide---Obsolete
Commands to generate the source package from the project root.
```bash
$ cd build/
$ cmake ../
$ make package_source
```
--------------------------------
### Set and Build Product for ComplianceAsCode
Source: https://github.com/complianceascode/content/blob/master/products/sle16/CMakeLists.txt
This snippet demonstrates how to set the product name and then initiate the build process for that product using the ssg_build_product macro.
```cmake
set(PRODUCT "sle16")
ssg_build_product("${PRODUCT}")
```
--------------------------------
### Render Policy Documentation
Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/03_creating_content.md
Generates an HTML file resolving controls for a specific product.
```bash
$ utils/render-policy.py --output doc.html rhel8 controls/abcd.yml
```
--------------------------------
### Define and Build Product
Source: https://github.com/complianceascode/content/blob/master/products/slmicro5/CMakeLists.txt
Sets the product variable and triggers the build process for the specified product.
```cmake
set(PRODUCT "slmicro5")
ssg_build_product("slmicro5")
```
--------------------------------
### Initialize Control File
Source: https://github.com/complianceascode/content/blob/master/docs/workshop/lab3_profiles.adoc
Commands to create and initialize the metadata for a new company policy file.
```bash
[... ]$ open controls/my-company.yml
```
```yaml
title: 'Security Guidelines of My Company'
id: my-company
```
--------------------------------
### Build Specific Product Content
Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/02_building_complianceascode.md
Build individual components like SCAP XML, HTML guides, or remediation scripts for a specific product.
```bash
cd build/
cmake ../
make -j4 rhel9-content # SCAP XML files for RHEL9
make -j4 rhel9-guides # HTML guides for RHEL9
make -j4 rhel9-tables # HTML tables for RHEL9
make -j4 rhel9-profile-bash-scripts # remediation Bash scripts for all RHEL9 profiles
make -j4 rhel9-profile-playbooks # Ansible Playbooks for all RHEL9 profiles
make -j4 rhel9 # everything above for RHEL9
```
--------------------------------
### Build Product Datastream
Source: https://github.com/complianceascode/content/blob/master/docs/workshop/lab5_oval.adoc
Builds the product datastream for RHEL8.
```bash
[... ]$ ./build_product rhel8 --datastream-only
```
--------------------------------
### Install Tox on Ubuntu/Debian
Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/02_building_complianceascode.md
Installs the 'tox' package on Ubuntu and Debian, used for managing virtual environments for building documentation.
```bash
apt-get install tox
```
--------------------------------
### Install Ansible and Python 3 on Fedora
Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/02_building_complianceascode.md
Installs the 'ansible' and 'python3' packages required for the openscap role on Fedora systems.
```bash
dnf install -y ansible python3
```
--------------------------------
### Run Documentation Build with Tox
Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/02_building_complianceascode.md
Executes the documentation build process using tox, which handles dependency management within a virtual environment.
```bash
tox -e docs
```
--------------------------------
### Display Help for e2e Test Makefile
Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/06_contributing_with_content.md
View available options and commands for the e2e test makefile.
```bash
make help
```
--------------------------------
### Install ComplianceAsCode on RHEL/Fedora
Source: https://github.com/complianceascode/content/blob/master/README.md
Use yum to install the scap-security-guide package on Red Hat Enterprise Linux and Fedora systems.
```bash
yum install scap-security-guide
```
--------------------------------
### Define Guide and Table Tests
Source: https://github.com/complianceascode/content/blob/master/CMakeLists.txt
Defines tests related to the security guide and its associated tables using the ssg_define_guide_and_table_tests function.
```cmake
ssg_define_guide_and_table_tests()
```
--------------------------------
### Initialize Ansible Directory
Source: https://github.com/complianceascode/content/blob/master/docs/workshop/lab4_ansible.adoc
Commands to create and enter the ansible directory within a rule path.
```bash
[... accounts_tmout]$ mkdir ansible
[... ansible]$ cd ansible
```
--------------------------------
### Load Product Configurations
Source: https://context7.com/complianceascode/content/llms.txt
Programmatically load and access product metadata and properties from YAML files.
```python
from ssg.products import Product, load_product_yaml, product_yaml_path, get_all
# Load a specific product
ssg_root = "/path/to/content"
product_path = product_yaml_path(ssg_root, "rhel9")
product = load_product_yaml(product_path)
# Access product properties
print(f"Product: {product['product']}")
print(f"Full Name: {product['full_name']}")
print(f"Benchmark ID: {product['benchmark_id']}")
print(f"Package Manager: {product['pkg_manager']}")
print(f"Init System: {product['init_system']}")
# Get all products categorized by type
products = get_all(ssg_root)
print(f"Linux products: {products.linux}")
print(f"Other products: {products.other}")
# Read additional properties from directory
product.read_properties_from_directory("/path/to/product_properties")
```
--------------------------------
### Install Pytest on Ubuntu/Debian
Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/02_building_complianceascode.md
Installs the python-pytest package for running tests that analyze Ansible Playbooks' YAML nodes on Ubuntu and Debian.
```bash
apt-get install python-pytest
```
--------------------------------
### Install lxml on Fedora/RHEL
Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/02_building_complianceascode.md
Installs the python3-lxml package required for Python unit tests on Fedora and Red Hat Enterprise Linux.
```bash
yum install python3-lxml
```
--------------------------------
### Build Product with CMake
Source: https://github.com/complianceascode/content/blob/master/products/debian13/CMakeLists.txt
This command initiates the build process for a specific product, 'debian13', within the ComplianceAsCode CMake build system.
```cmake
ssg_build_product("debian13")
```
--------------------------------
### Install Bats on Fedora/RHEL
Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/02_building_complianceascode.md
Installs the Bats package for running Bash unit tests on Fedora and Red Hat Enterprise Linux.
```bash
yum install bats
```
--------------------------------
### Bash Scenario with Platform and Variables Metadata
Source: https://github.com/complianceascode/content/blob/master/tests/README.md
This example demonstrates a Bash scenario script with metadata specifying the target platforms and XCCDF variables. Use this format to define test environments and parameterize tests.
```bash
#!/bin/bash
# platform = Red Hat Enterprise Linux 9,multi_platform_fedora
# variables = auth_enabled=yes,var_example_1=value_example
echo "KerberosAuthentication $auth_enabled" >> /etc/ssh/sshd_config
```
--------------------------------
### Install ShellCheck on Fedora/RHEL
Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/02_building_complianceascode.md
Installs the ShellCheck package for static analysis of shell scripts on Fedora and Red Hat Enterprise Linux.
```bash
yum install ShellCheck
```
--------------------------------
### Clone and Fork Repository
Source: https://github.com/complianceascode/content/blob/master/docs/release_process.md
Use fedpkg to clone the repository and create a fork. This is necessary for making changes.
```bash
fedpkg clone scap-security-guide
cd scap-security-guide
fedpkg fork
```
```bash
fedpkg clone --anonymous forks//rpms/scap-security-guide
cd scap-security-guide
```
--------------------------------
### Install Sphinx on Fedora/RHEL
Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/02_building_complianceascode.md
Installs the python3-sphinx package on Fedora and Red Hat Enterprise Linux, required for generating HTML documentation from source.
```bash
yum install python3-sphinx
```
--------------------------------
### Build ZIP File
Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/02_building_complianceascode.md
Generate a zip file containing all generated source data streams and kickstarts. Execute this command from the build directory.
```bash
cd build/
make zipfile
```
--------------------------------
### Install Ansible Linting Tools on Fedora/RHEL
Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/02_building_complianceascode.md
Installs 'yamllint' and 'ansible-lint' for checking Ansible playbooks on Fedora and Red Hat Enterprise Linux.
```bash
yum install yamllint ansible-lint
```
--------------------------------
### Install Tox on Fedora/RHEL
Source: https://github.com/complianceascode/content/blob/master/docs/manual/developer/02_building_complianceascode.md
Installs the 'tox' package on Fedora and Red Hat Enterprise Linux, used for managing virtual environments for building documentation.
```bash
yum install tox
```
--------------------------------
### Python API - Loading Products
Source: https://context7.com/complianceascode/content/llms.txt
Load and work with product configurations programmatically using the ssg.products module.
```APIDOC
## Python API - Loading Products
Load and work with product configurations programmatically.
```python
from ssg.products import Product, load_product_yaml, product_yaml_path, get_all
# Load a specific product
ssg_root = "/path/to/content"
product_path = product_yaml_path(ssg_root, "rhel9")
product = load_product_yaml(product_path)
# Access product properties
print(f"Product: {product['product']}")
print(f"Full Name: {product['full_name']}")
print(f"Benchmark ID: {product['benchmark_id']}")
print(f"Package Manager: {product['pkg_manager']}")
print(f"Init System: {product['init_system']}")
# Get all products categorized by type
products = get_all(ssg_root)
print(f"Linux products: {products.linux}")
print(f"Other products: {products.other}")
# Read additional properties from directory
product.read_properties_from_directory("/path/to/product_properties")
```
```