manageiq-appliance_console 5.2.0 → 5.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: c6ba8e9cdf053c6d1eee9360c074ed3584d54e848d7d60e4f63c77a9d673ad60
|
4
|
+
data.tar.gz: 1ade599ce3628695ecf5b6a0444195ab3593e5ab539f5c3585f1ceffc9ace600
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: fd63b37fb4fb850a6b94efe35ebbb4d643992e7a9855fed584fb267b8939c122b93d4488c1b3eb2caaba37e7871e74280c07a4c5944f783a01cf10cb55ffd521
|
7
|
+
data.tar.gz: 9aa0a97f69f677a8b395c1fbaa724ae136f297f77ec9874ad7ffbbe4239b7d8b4e93bb619f8c43a271e36d0cf89f14cce264ebcb36a5e54cdb1b31f8e9b16cdd
|
@@ -8,6 +8,9 @@ unless defined?(say)
|
|
8
8
|
end
|
9
9
|
end
|
10
10
|
|
11
|
+
# define SCAP_RULES_DIR for scap fucntionality
|
12
|
+
SCAP_RULES_DIR = File.expand_path("productization/appliance_console/config", ManageIQ::ApplianceConsole::RAILS_ROOT)
|
13
|
+
|
11
14
|
module ManageIQ
|
12
15
|
module ApplianceConsole
|
13
16
|
class CliError < StandardError; end
|
@@ -97,6 +100,10 @@ module ApplianceConsole
|
|
97
100
|
options[:replication] == "primary" || (options[:replication] == "standby" && options[:primary_host])
|
98
101
|
end
|
99
102
|
|
103
|
+
def openscap?
|
104
|
+
options[:openscap]
|
105
|
+
end
|
106
|
+
|
100
107
|
def initialize(options = {})
|
101
108
|
self.options = options
|
102
109
|
end
|
@@ -164,6 +171,7 @@ module ApplianceConsole
|
|
164
171
|
opt :oidc_enable_sso, "Optionally enable SSO with OpenID-Connect Authentication", :type => :boolean, :default => false
|
165
172
|
opt :oidc_unconfig, "Unconfigure Appliance OpenID-Connect Authentication", :type => :boolean, :default => false
|
166
173
|
opt :server, "{start|stop|restart} actions on evmserverd Server", :type => :string
|
174
|
+
opt :openscap, "Setup OpenScap", :type => :boolean, :default => false
|
167
175
|
end
|
168
176
|
Optimist.die :region, "needed when setting up a local database" if region_number_required? && options[:region].nil?
|
169
177
|
self
|
@@ -176,9 +184,10 @@ module ApplianceConsole
|
|
176
184
|
def run
|
177
185
|
Optimist.educate unless set_host? || key? || database? || tmp_disk? || log_disk? ||
|
178
186
|
uninstall_ipa? || install_ipa? || certs? || extauth_opts? ||
|
179
|
-
set_server_state? || set_replication? ||
|
187
|
+
set_server_state? || set_replication? || openscap? ||
|
180
188
|
saml_config? || saml_unconfig? ||
|
181
189
|
oidc_config? || oidc_unconfig?
|
190
|
+
|
182
191
|
if set_host?
|
183
192
|
system_hosts = LinuxAdmin::Hosts.new
|
184
193
|
system_hosts.hostname = options[:host]
|
@@ -200,6 +209,7 @@ module ApplianceConsole
|
|
200
209
|
oidc_config if oidc_config?
|
201
210
|
oidc_unconfig if oidc_unconfig?
|
202
211
|
set_server_state if set_server_state?
|
212
|
+
openscap if openscap?
|
203
213
|
rescue CliError => e
|
204
214
|
say(e.message)
|
205
215
|
say("")
|
@@ -343,6 +353,11 @@ module ApplianceConsole
|
|
343
353
|
config.deactivate if config.ipa_client_configured?
|
344
354
|
end
|
345
355
|
|
356
|
+
def openscap
|
357
|
+
say("Configuring Openscap")
|
358
|
+
ManageIQ::ApplianceConsole::Scap.new(SCAP_RULES_DIR).lockdown
|
359
|
+
end
|
360
|
+
|
346
361
|
def config_tmp_disk
|
347
362
|
if (tmp_disk = disk_from_string(options[:tmpdisk]))
|
348
363
|
say "creating temp disk"
|
@@ -13,7 +13,7 @@ module ApplianceConsole
|
|
13
13
|
require 'yaml'
|
14
14
|
scap_config = YAML.load_file(yaml_filename)
|
15
15
|
begin
|
16
|
-
LinuxAdmin::Scap.new("
|
16
|
+
LinuxAdmin::Scap.new("rhel8").lockdown(*scap_config['rules'], scap_config['values'])
|
17
17
|
rescue => e
|
18
18
|
say("Configuration failed: #{e.message}")
|
19
19
|
else
|
@@ -32,7 +32,7 @@ module ApplianceConsole
|
|
32
32
|
if !LinuxAdmin::Scap.openscap_available?
|
33
33
|
say("OpenSCAP has not been installed")
|
34
34
|
false
|
35
|
-
elsif !LinuxAdmin::Scap.ssg_available?("
|
35
|
+
elsif !LinuxAdmin::Scap.ssg_available?("rhel8")
|
36
36
|
say("SCAP Security Guide has not been installed")
|
37
37
|
false
|
38
38
|
else
|
@@ -26,7 +26,7 @@ Gem::Specification.new do |spec|
|
|
26
26
|
spec.add_runtime_dependency "bcrypt", "~> 3.1.10"
|
27
27
|
spec.add_runtime_dependency "highline", "~> 1.6.21"
|
28
28
|
spec.add_runtime_dependency "i18n", "~> 0.8"
|
29
|
-
spec.add_runtime_dependency "linux_admin",
|
29
|
+
spec.add_runtime_dependency "linux_admin", "~> 2.0"
|
30
30
|
spec.add_runtime_dependency "manageiq-password", "~> 0.3"
|
31
31
|
spec.add_runtime_dependency "optimist", "~> 3.0"
|
32
32
|
spec.add_runtime_dependency "pg"
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: manageiq-appliance_console
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 5.
|
4
|
+
version: 5.3.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- ManageIQ Developers
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-12-
|
11
|
+
date: 2019-12-12 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activerecord
|
@@ -100,20 +100,14 @@ dependencies:
|
|
100
100
|
requirements:
|
101
101
|
- - "~>"
|
102
102
|
- !ruby/object:Gem::Version
|
103
|
-
version: '
|
104
|
-
- - ">="
|
105
|
-
- !ruby/object:Gem::Version
|
106
|
-
version: 1.2.4
|
103
|
+
version: '2.0'
|
107
104
|
type: :runtime
|
108
105
|
prerelease: false
|
109
106
|
version_requirements: !ruby/object:Gem::Requirement
|
110
107
|
requirements:
|
111
108
|
- - "~>"
|
112
109
|
- !ruby/object:Gem::Version
|
113
|
-
version: '
|
114
|
-
- - ">="
|
115
|
-
- !ruby/object:Gem::Version
|
116
|
-
version: 1.2.4
|
110
|
+
version: '2.0'
|
117
111
|
- !ruby/object:Gem::Dependency
|
118
112
|
name: manageiq-password
|
119
113
|
requirement: !ruby/object:Gem::Requirement
|