Update chronyd rules for bootable containers

The rules used `service_chronyd_enabled` or `service_ntpd_enabled` in their OVALs, but this won't work in the bootable container build environment where systemd services don't run. Therefore, we update the OVAL checks to rather use `package_chrony_installed` or `package_ntp_installed` instead of service enabled checks. This shouldn't be a big change as if `chrony` or `ntp` packages are installed their config files should exist and in case `chronyd` or `ntpd` services are enabled later they will already run with the expected configuration.
ComplianceAsCode · Nov 6, 2024 · 38043f2 · 38043f2
1 parent 9b736e5
commit 38043f2
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 10 deletions.
diff --git a/linux_os/guide/services/ntp/chronyd_client_only/oval/shared.xml b/linux_os/guide/services/ntp/chronyd_client_only/oval/shared.xml
@@ -3,7 +3,7 @@
     {{{ oval_metadata("Configure the port setting in " ~ chrony_conf_path ~ " to disable
       server operation.") }}}
     <criteria operator="AND">
-      <extend_definition definition_ref="service_chronyd_enabled" comment="service chronyd enabled" />
+      <extend_definition definition_ref="package_chrony_installed" comment="package chrony installed" />
       <criterion test_ref="test_chronyd_client_only" comment="check if port is 0 in {{{ chrony_conf_path }}}" />
     </criteria>
   </definition>

diff --git a/linux_os/guide/services/ntp/chronyd_no_chronyc_network/oval/shared.xml b/linux_os/guide/services/ntp/chronyd_no_chronyc_network/oval/shared.xml
@@ -3,7 +3,7 @@
     {{{ oval_metadata("Configure the cmdport setting in " ~ chrony_conf_path ~ " to disable
       chronyc management connections over network.") }}}
     <criteria operator="AND">
-      <extend_definition definition_ref="service_chronyd_enabled" comment="service chronyd enabled" />
+      <extend_definition definition_ref="package_chrony_installed" comment="package chrony installed" />
       <criterion test_ref="test_chronyd_no_chronyc_network" comment="check if cmdport is 0 in {{{ chrony_conf_path }}}" />
     </criteria>
   </definition>

diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/oval/shared.xml b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/oval/shared.xml
@@ -3,12 +3,12 @@
     {{{ oval_metadata("Multiple remote chronyd or ntpd NTP Servers for time synchronization should be specified (and dependencies are met)") }}}
 
     <criteria operator="OR">
-      <criteria comment="chronyd enabled and multiple remote servers specified" operator="AND">
-        <extend_definition comment="service chronyd enabled" definition_ref="service_chronyd_enabled" />
+      <criteria comment="package chrony installed and multiple remote servers specified" operator="AND">
+        <extend_definition comment="package chrony installed" definition_ref="package_chrony_installed" />
         <extend_definition comment="multiple chronyd remote servers specified" definition_ref="chronyd_specify_multiple_servers" />
       </criteria>
-      <criteria comment="ntpd enabled and multile remote servers specified" operator="AND">
-        <extend_definition comment="service ntpd enabled" definition_ref="service_ntpd_enabled" />
+      <criteria comment="package ntp installed and multile remote servers specified" operator="AND">
+        <extend_definition comment="package ntp installed" definition_ref="package_ntp_installed" />
         <extend_definition comment="multiple ntpd remote servers specified" definition_ref="ntpd_specify_multiple_servers" />
       </criteria>
     </criteria>

diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/oval/shared.xml b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/oval/shared.xml
@@ -3,12 +3,12 @@
     {{{ oval_metadata("A remote chronyd or ntpd NTP Server for time synchronization should be specified (and dependencies are met)") }}}
 
     <criteria operator="OR">
-      <criteria comment="chronyd enabled and remote server specified" operator="AND">
-        <extend_definition comment="service chronyd enabled" definition_ref="service_chronyd_enabled" />
+      <criteria comment="package chrony installed and remote server specified" operator="AND">
+        <extend_definition comment="package chrony installed" definition_ref="package_chrony_installed" />
         <extend_definition comment="chronyd remote server specified" definition_ref="chronyd_specify_remote_server" />
       </criteria>
-      <criteria comment="ntpd enabled and remote server specified" operator="AND">
-        <extend_definition comment="service ntpd enabled" definition_ref="service_ntpd_enabled" />
+      <criteria comment="package ntp installed and remote server specified" operator="AND">
+        <extend_definition comment="package ntp installed" definition_ref="package_ntp_installed" />
         <extend_definition comment="ntpd remote server specified" definition_ref="ntpd_specify_remote_server" />
       </criteria>
     </criteria>