From a48ebb5bfd13bf7d2c782772b37902fe102a7445 Mon Sep 17 00:00:00 2001 From: Marcus Burghardt Date: Tue, 22 Aug 2023 13:55:32 +0200 Subject: [PATCH 1/2] Improve macros readability and description --- shared/macros/10-oval.jinja | 66 +++++++++++++++++-------------------- 1 file changed, 31 insertions(+), 35 deletions(-) diff --git a/shared/macros/10-oval.jinja b/shared/macros/10-oval.jinja index a4caae79f71..4bec3626102 100644 --- a/shared/macros/10-oval.jinja +++ b/shared/macros/10-oval.jinja @@ -1561,47 +1561,44 @@ Generates an OVAL check that checks a particular field in the "/etc/shadow" file {{%- endmacro %}} {{# - Macro to define service disabled criteria. The definition vary from socket to configuration - depending on the oval version + Macro to define service disabled criteria. The definition varies regarding socket configuration + depending on the oval version. These definitions are used together with the tests defined in + oval_test_service_disabled_tests macro. + :param name: Name of the service to be checked #}} {{%- macro oval_test_service_disabled_criteria(name='') -%}} -{{% if init_system == "systemd" %}} - {{% if target_oval_version >= [5, 11] %}} - +{{%- if init_system == "systemd" %}} + {{%- if target_oval_version >= [5, 11] %}} {{# we are using systemd and our target OVAL version does support the systemd related tests #}} - - - + + - {{% else %}} - + {{%- else %}} {{# fallback if we are using systemd but can't use the new systemd features of OVAL 5.11 #}} - - - + + - {{% endif %}} - + {{%- endif %}} {{% endif %}} - {{%- endmacro -%}} {{# - Macro to define service disabled tests. The definition vary from oval unit definition, - to check configuration unit file, depending on the oval version. + Macro to define service disabled tests. The tests varies depending on the oval version. These + tests are used together with the definitions defined in oval_test_service_disabled_criteria + macro. + :param name: Name of the service to be checked #}} {{%- macro oval_test_service_disabled_tests(name='') -%}} -{{% if init_system == "systemd" %}} - {{% if target_oval_version >= [5, 11] %}} - +{{%- if init_system == "systemd" %}} + {{%- if target_oval_version >= [5, 11] %}} {{# we are using systemd and our target OVAL version does support the systemd related tests #}} + ^{{{ name }}}\.(service|socket)$ ActiveState + inactive|failed + + ^{{{ name }}}\.(service|socket)$ LoadState + masked - - {{% else %}} - + {{%- else %}} {{# fallback if we are using systemd but can't use the new systemd features of OVAL 5.11 #}} + id="test_{{{ rule_id }}}_{{{ name }}}_disabled_sockets_target" version="1"> @@ -1669,10 +1669,6 @@ Generates an OVAL check that checks a particular field in the "/etc/shadow" file symbolic link - - {{% endif %}} - -{{% endif %}} - + {{%- endif %}} +{{%- endif %}} {{%- endmacro -%}} - From ce5fab2bdb472c6e7f6db5d7c29ed321fa85b098 Mon Sep 17 00:00:00 2001 From: Marcus Burghardt Date: Tue, 22 Aug 2023 14:09:27 +0200 Subject: [PATCH 2/2] Remove unused data definitions It was likely copied from service_disabled template, but it is not used or necessary in platform_service_disabled. --- shared/templates/platform_service_disabled/template.py | 4 ---- 1 file changed, 4 deletions(-) diff --git a/shared/templates/platform_service_disabled/template.py b/shared/templates/platform_service_disabled/template.py index e3de33c418a..20d444d7c6c 100644 --- a/shared/templates/platform_service_disabled/template.py +++ b/shared/templates/platform_service_disabled/template.py @@ -1,8 +1,4 @@ def preprocess(data, lang): if "packagename" not in data: data["packagename"] = data["servicename"] - if "daemonname" not in data: - data["daemonname"] = data["servicename"] - if "mask_service" not in data: - data["mask_service"] = "true" return data