Build reference tables in RHEL9 and RHEL10 and include CCE #13890
Conversation
|
|
||
| ssg_build_product(${PRODUCT}) | ||
|
|
||
| ssg_build_html_ref_tables("${PRODUCT}" "table-${PRODUCT}-{ref_id}refs" "anssi;cis;cui;nist;pcidss") |
There was a problem hiding this comment.
I'm not happy about reactivating the legacy tables in new products. Our goal is to get rid of them instead. We replaced them by control files, and also by rendering the control files as HTML online.
There was a problem hiding this comment.
Yeah, I understand that. The thing is that we don't have an easy way to map CCEs into references, and some customers find it useful.
Would be another way to creating these mappings?
There was a problem hiding this comment.
Yeah, I understand that. The thing is that we don't have an easy way to map CCEs into references, and some customers find it useful.
Good point, I have missed that CCEs can be useful to some people. But I still think we should evaluate whether a separate table is what you want. People also can see the CCEs in HTML guides and HTML reports.
Would be another way to creating these mappings?
You should be able to add CCE number to rendered control files (eg. https://complianceascode.github.io/content-pages/rendered-policies/rhel9/cis_rhel9.html ) this way:
diff --git a/utils/rendering/controls-template.html b/utils/rendering/controls-template.html
index 89d41299b0..0db14fc67b 100644
--- a/utils/rendering/controls-template.html
+++ b/utils/rendering/controls-template.html
@@ -30,7 +30,7 @@ based on <a href="{{{ policy.source }}}">{{{ policy.source }}}</a>
{{%- endif -%}}
{{%- else %}}
{{%- if selection in rules %}}
- <li><a href="https://github.com/ComplianceAsCode/content/tree/master/{{{ rules[selection].relative_definition_location }}}">{{{ selection }}}</a>: {{{ rules[selection].title }}}</li>
+ <li> {{{ rules[selection].identifiers['cce'] }}} <a href="https://github.com/ComplianceAsCode/content/tree/master/{{{ rules[selection].relative_definition_location }}}"> {{{ selection }}}</a>: {{{ rules[selection].title }}}</li>
{{%- else %}}
<li>{{{ selection }}} - not available for this product</li>
{{%- endif -%}}|
|
||
| ssg_build_product(${PRODUCT}) | ||
|
|
||
| ssg_build_html_ref_tables("${PRODUCT}" "table-${PRODUCT}-{ref_id}refs" "anssi;cis;cui;nist;pcidss") |
There was a problem hiding this comment.
Why this selection of profiles? What about E8, STIG, and other profiles?
There was a problem hiding this comment.
It's the same we had in RHEL8
There was a problem hiding this comment.
I think that if we do it we should do it for all profiles existing.
|
@ggbecker: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
Description:
Rationale:
These tables are a good source of information for people mapping things. The CCE is a unique identifier for rules and should help people managing content.
Tables are published at: https://complianceascode.github.io/content-pages/tables and can be easily accessed by people.
Note: These tables will be built into the final package and are seen as a change in the content of the rpm package for example. They will trigger a change and this change needs to be acknowledged.
Build the content and inspect files at build/tables
Rendered table
