content
content copied to clipboard
ComplianceAsCode
Add Amazon Linux 2 support
Description:
This PR adds Amazon Linux 2 support.
This series of changes is based on the Amazon Linux 2 support, available as part of the scap-security-guide-0.1.40-12.amzn2.0.1.1.src.rpm package (2019-04-19), distributed as part of Amazon Linux 2.
- The first two commits are the changes done by Amazon themselves, as part of the
scap-security-guide-0.1.40-12.amzn2.0.1.1.src.rpmpackage, but rebased on the current version of ComplianceAsCode:
0001-Add-Amazon-Linux-2-derivative.patch0001-Add-cpe-definitions-and-oval-checks-for-AMZN2.patch
- The third commit is a changes to the
enable_derivatives.pyscript to use the same profiles as RHEL 7, since Amazon Linux 2 is very close to RHEL 7. For example theCIS_Amazon_Linux_2_Benchmark_v3.0.0.pdfdocument is an extract subset of theCIS_Red_Hat_Enterprise_Linux_7_Benchmark_v3.1.1.pdfdocument.
The Amazon Linux 2 support was originally based on ComplianceAsCode 0.1.40 (2018-07-25), but the changes have been rebased on the current version of ComplianceAsCode.
Rationale:
This PR adds supports for Amazon Linux 2, a Linux distribution, rebranded from Red Hat Linux 7, which is widely used on AWS.
The approach I chose was to implement Amazon Linux 2 as a derivative of RHEL 7, since the systems are very close. For example, the CIS Amazon Linux 2 Benchmark is a subset of CIS Red Hat Linux 7 Benchmark.
Hi @0intro. Thanks for your PR.
I'm waiting for a ComplianceAsCode member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.
Once the patch is verified, the new status will be reflected by the ok-to-test label.
I understand the commands that are listed here.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.
![openshift-ci[bot] avatar](https://avatars.githubusercontent.com/in/91280?v=4 "Published by a pub.dev verified publisher"){kind=small}
Start a new ephemeral environment with changes proposed in this pull request:
Fedora Environment
Oracle Linux 8 Environment
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
:robot: A k8s content image for this PR is available at:
ghcr.io/complianceascode/k8scontent:12087
This image was built from commit: c483d4a692c0d2040905feb7d2db117fb0ee911a
Click here to see how to deploy it
If you alread have Compliance Operator deployed:
utils/build_ds_container.py -i ghcr.io/complianceascode/k8scontent:12087
Otherwise deploy the content and operator together by checking out ComplianceAsCode/compliance-operator and:
CONTENT_IMAGE=ghcr.io/complianceascode/k8scontent:12087 make deploy-local
Code Climate has analyzed commit c483d4a6 and detected 2 issues on this pull request.
Here's the issue category breakdown:
| Category | Count |
|---|---|
| Style | 1 |
| Complexity | 1 |
The test coverage on the diff in this pull request is 100.0% (50% is the threshold).
This pull request will bring the total coverage in the repository to 59.4% (0.0% change).
View more on Code Climate.
![qlty-cloud-legacy[bot] avatar](https://avatars.githubusercontent.com/in/9403?v=4 "Published by a pub.dev verified publisher"){kind=small}
I think that creating a new derivative out of RHEL 7 content would be problematic because RHEL 7 is approaching end of maintenance this week and there is a request to remove RHEL 7 content from this project soon, see https://github.com/ComplianceAsCode/content/issues/12044.
I think that a better approach would be to create a new standalone product. That would avoid the collision with the planned RHEL 7 removal.
PR needs rebase.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.
With RHEL 7 being removed this PR will need to be rewritten to make Amazon Linux 2 as a standalone product.
Thanks for opening this PR.
I believe that opening a new PR and adding Amazon Linux 2 as a standalone product would better than reusing this PR.
Please reach in the discussions here on GitHub or Gitter if have any questions.