def run_oscap_remediate_profile( mock_subprocess, monkeypatch, anaconda_remediate_args, oscap_remediate_args): mock_run_remediate(mock_subprocess, monkeypatch) common.run_oscap_remediate(* anaconda_remediate_args) expected_args = [ "oscap", "xccdf", "eval", "--remediate", "--results=%s" % common.RESULTS_PATH, "--report=%s" % common.REPORT_PATH, "--profile=myprofile", ] expected_args.extend(oscap_remediate_args) kwargs = { "stdout": mock_subprocess.PIPE, "stderr": mock_subprocess.PIPE, } # it's impossible to check the preexec_func as it is an internal # function of the run_oscap_remediate function for arg in expected_args: assert arg in mock_subprocess.Popen.call_args[0][0] mock_subprocess.Popen.call_args[0][0].remove(arg) # nothing else should have been passed assert not mock_subprocess.Popen.call_args[0][0] for (key, val) in kwargs.items(): assert kwargs[key] == mock_subprocess.Popen.call_args[1].pop(key) # plus the preexec_fn kwarg should have been passed assert "preexec_fn" in mock_subprocess.Popen.call_args[1]
def run(self): """Run the task.""" try: common.assert_scanner_works(chroot=self._sysroot, executable="oscap") except Exception as exc: msg_lines = [ _("The 'oscap' scanner doesn't work in the installed system: {error}" .format(error=str(exc))) ] msg_lines.append( _("As a result, the installed system can't be hardened.")) terminate("\n".join(msg_lines)) return try: common.run_oscap_remediate(self._policy_data.profile_id, self._target_content_path, self._policy_data.datastream_id, self._policy_data.xccdf_id, self._target_tailoring_path, chroot=self._sysroot) except Exception as exc: msg = _( f"Something went wrong during the final hardening: {str(exc)}." ) terminate(msg) return
def execute(self, storage, ksdata, instclass, users, payload): """ The execute method that should make changes to the installed system. It is called only once in the post-install setup phase. :see: setup :param users: information about created users :type users: pyanaconda.users.Users instance """ if self.dry_run or not self.profile_id: # nothing more to be done in the dry-run mode or if no profile is # selected return target_content_dir = utils.join_paths(getSysroot(), common.TARGET_CONTENT_DIR) utils.ensure_dir_exists(target_content_dir) if self.content_type == "datastream": shutil.copy2(self.preinst_content_path, target_content_dir) elif self.content_type == "rpm": # copy the RPM to the target system shutil.copy2(self.raw_preinst_content_path, target_content_dir) # and install it with yum ret = iutil.execInSysroot( "yum", ["-y", "--nogpg", "install", self.raw_postinst_content_path]) if ret != 0: raise common.ExtractionError("Failed to install content " "RPM to the target system") elif self.content_type == "scap-security-guide": # nothing needed pass else: utils.universal_copy( utils.join_paths(common.INSTALLATION_CONTENT_DIR, "*"), target_content_dir) if os.path.exists(self.preinst_tailoring_path): shutil.copy2(self.preinst_tailoring_path, target_content_dir) common.run_oscap_remediate(self.profile_id, self.postinst_content_path, self.datastream_id, self.xccdf_id, self.postinst_tailoring_path, chroot=getSysroot())
def execute(self, storage, ksdata, users, payload): """ The execute method that should make changes to the installed system. It is called only once in the post-install setup phase. :see: setup :param users: information about created users :type users: pyanaconda.users.Users instance """ if self.dry_run or not self.profile_id: # nothing more to be done in the dry-run mode or if no profile is # selected return target_content_dir = utils.join_paths(getSysroot(), common.TARGET_CONTENT_DIR) utils.ensure_dir_exists(target_content_dir) if self.content_type == "datastream": shutil.copy2(self.preinst_content_path, target_content_dir) elif self.content_type == "rpm": # copy the RPM to the target system shutil.copy2(self.raw_preinst_content_path, target_content_dir) # and install it with yum ret = util.execInSysroot("yum", ["-y", "--nogpg", "install", self.raw_postinst_content_path]) if ret != 0: raise common.ExtractionError("Failed to install content " "RPM to the target system") elif self.content_type == "scap-security-guide": # nothing needed pass else: utils.universal_copy(utils.join_paths(common.INSTALLATION_CONTENT_DIR, "*"), target_content_dir) if os.path.exists(self.preinst_tailoring_path): shutil.copy2(self.preinst_tailoring_path, target_content_dir) common.run_oscap_remediate(self.profile_id, self.postinst_content_path, self.datastream_id, self.xccdf_id, self.postinst_tailoring_path, chroot=getSysroot())
def test_run_oscap_remediate_create_chroot_dir(mock_subprocess, monkeypatch): mock_run_remediate(mock_subprocess, monkeypatch) common.run_oscap_remediate("myprofile", "my_ds.xml", chroot="/mnt/test") chroot_dir = "/mnt/test" + os.path.dirname(common.RESULTS_PATH) common.utils.ensure_dir_exists.assert_called_with(chroot_dir)