Add UID MAX

tests/data/product_stability/al2023.yml

@@ -0,0 +1,83 @@
+aide_also_checks_audispd: 'yes'
+aide_also_checks_rsyslog: 'no'
+aide_bin_path: /usr/sbin/aide
+aide_conf_path: /etc/aide.conf
+audisp_conf_path: /etc/audit
+auid: 1000
+basic_properties_derived: true
+benchmark_id: AL-2023
+benchmark_root: ../../linux_os/guide
+chrony_conf_path: /etc/chrony.conf
+chrony_d_path: /etc/chrony.d/
+components_root: ../../components
+cpes:
+- al2023:
+    check_id: installed_OS_is_al2023
+    name: cpe:/o:amazon:amazon_linux:2023
+    title: Amazon Linux 2023
+cpes_root: ../../shared/applicability
+dconf_gdm_dir: gdm.d
+faillock_path: /var/log/faillock
+full_name: Amazon Linux 2023
+gid_min: 1000
+groups:
+  dedicated_ssh_keyowner:
+    name: ssh_keys
+grub2_boot_path: /boot/grub2
+grub2_uefi_boot_path: /boot/grub2
+grub_helper_executable: grubby
+init_system: systemd
+journald_conf_dir_path: /etc/systemd/journald.conf.d
+nobody_gid: 65534
+nobody_uid: 65534
+pkg_manager: dnf
+pkg_manager_config_file: /etc/dnf/dnf.conf
+pkg_system: rpm
+platform_package_overrides:
+  aarch64_arch: null
+  grub2: grub2-common
+  login_defs: shadow-utils
+  no_ovirt: null
+  non-uefi: null
+  not_aarch64_arch: null
+  not_s390x_arch: null
+  ovirt: null
+  s390x_arch: null
+  sssd: sssd-common
+  sssd-ldap: null
+  uefi: null
+  zipl: s390utils-base
+product: al2023
+profiles_root: ./profiles
+reference_uris:
+  anssi: https://cyber.gouv.fr/sites/default/files/document/linux_configuration-en-v2.pdf
+  app-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers
+  app-srg-ctr: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=container-platform
+  bsi: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf
+  cis: https://www.cisecurity.org/benchmark/amazon_linux/
+  cis-csc: https://www.cisecurity.org/controls/
+  cjis: https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf
+  cobit5: https://www.isaca.org/resources/cobit
+  cui: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf
+  dcid: not_officially_available
+  disa: https://public.cyber.mil/stigs/cci/
+  hipaa: https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf
+  isa-62443-2009: https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat
+  isa-62443-2013: https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu
+  ism: https://www.cyber.gov.au/acsc/view-all-content/ism
+  iso27001-2013: https://www.iso.org/contents/data/standard/05/45/54534.html
+  nerc-cip: https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx
+  nist: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf
+  nist-csf: https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf
+  os-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os
+  ospp: https://www.niap-ccevs.org/Profile/PP.cfm
+  pcidss: https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf
+  pcidss4: https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf
+  stigid: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux
+  stigref: https://public.cyber.mil/stigs/srg-stig-tools/
+release_key_fingerprint: B21C50FA44A99720EAA72F7FE951904AD832C631
+sshd_distributed_config: 'true'
+sysctl_remediate_drop_in_file: 'false'
+type: platform
+uid_max: 60000
+uid_min: 1000

tests/data/product_stability/alinux2.yml

@@ -73,4 +73,5 @@ reference_uris:
 sshd_distributed_config: 'false'
 sysctl_remediate_drop_in_file: 'false'
 type: platform
+uid_max: 60000
 uid_min: 1000

tests/data/product_stability/alinux3.yml

@@ -73,4 +73,5 @@ reference_uris:
 sshd_distributed_config: 'false'
 sysctl_remediate_drop_in_file: 'false'
 type: platform
+uid_max: 60000
 uid_min: 1000

tests/data/product_stability/anolis23.yml

@@ -73,4 +73,5 @@ reference_uris:
 sshd_distributed_config: 'false'
 sysctl_remediate_drop_in_file: 'false'
 type: platform
+uid_max: 60000
 uid_min: 1000

tests/data/product_stability/anolis8.yml

@@ -73,4 +73,5 @@ reference_uris:
 sshd_distributed_config: 'false'
 sysctl_remediate_drop_in_file: 'false'
 type: platform
+uid_max: 60000
 uid_min: 1000

tests/data/product_stability/chromium.yml

@@ -69,4 +69,5 @@ reference_uris:
 sshd_distributed_config: 'false'
 sysctl_remediate_drop_in_file: 'false'
 type: product
+uid_max: 60000
 uid_min: 1000

tests/data/product_stability/debian11.yml

@@ -82,4 +82,5 @@ reference_uris:
 sshd_distributed_config: 'false'
 sysctl_remediate_drop_in_file: 'false'
 type: platform
+uid_max: 60000
 uid_min: 1000

tests/data/product_stability/debian12.yml

@@ -82,4 +82,5 @@ reference_uris:
 sshd_distributed_config: 'false'
 sysctl_remediate_drop_in_file: 'false'
 type: platform
+uid_max: 60000
 uid_min: 1000

tests/data/product_stability/eks.yml

@@ -80,4 +80,5 @@ reference_uris:
 sshd_distributed_config: 'false'
 sysctl_remediate_drop_in_file: 'false'
 type: platform
+uid_max: 60000
 uid_min: 1000

tests/data/product_stability/example.yml

@@ -74,4 +74,5 @@ reference_uris:
 sshd_distributed_config: 'false'
 sysctl_remediate_drop_in_file: 'false'
 type: platform
+uid_max: 60000
 uid_min: 1000

tests/data/product_stability/fedora.yml

@@ -117,4 +117,5 @@ reference_uris:
 sshd_distributed_config: 'true'
 sysctl_remediate_drop_in_file: 'false'
 type: platform
+uid_max: 60000
 uid_min: 1000

tests/data/product_stability/firefox.yml

@@ -69,4 +69,5 @@ reference_uris:
 sshd_distributed_config: 'false'
 sysctl_remediate_drop_in_file: 'false'
 type: product
+uid_max: 60000
 uid_min: 1000

tests/data/product_stability/kylinserver10.yml

@@ -0,0 +1,85 @@
+aide_also_checks_audispd: 'yes'
+aide_also_checks_rsyslog: 'no'
+aide_bin_path: /usr/sbin/aide
+aide_conf_path: /etc/aide.conf
+audisp_conf_path: /etc/audit
+auid: 1000
+basic_properties_derived: true
+benchmark_id: KYLINSERVER10
+benchmark_root: ../../linux_os/guide
+chrony_conf_path: /etc/chrony.conf
+chrony_d_path: /etc/chrony.d/
+cpes:
+- kylin-sp1:
+    check_id: installed_OS_is_kylinserver10
+    name: cpe:/o:Kylin:Kylin:V10_SP1:ga:server
+    title: Kylin V10 SP1
+- kylin-sp2:
+    check_id: installed_OS_is_kylinserver10
+    name: cpe:/o:Kylin:Kylin:V10_SP2:ga:server
+    title: Kylin V10 SP2
+- kylin-sp3:
+    check_id: installed_OS_is_kylinserver10
+    name: cpe:/o:Kylin:Kylin:V10_SP3:ga:server
+    title: Kylin V10 SP3
+cpes_root: ../../shared/applicability
+dconf_gdm_dir: gdm.d
+faillock_path: /var/run/faillock
+full_name: Kylin Server 10
+gid_min: 1000
+groups: {}
+grub2_boot_path: /boot/grub2
+grub2_uefi_boot_path: /boot/grub2
+grub_helper_executable: grubby
+init_system: systemd
+nobody_gid: 65534
+nobody_uid: 65534
+pkg_manager: dnf
+pkg_manager_config_file: /etc/yum.conf
+pkg_system: rpm
+platform_package_overrides:
+  aarch64_arch: null
+  grub2: grub2-common
+  login_defs: login
+  no_ovirt: null
+  non-uefi: null
+  not_aarch64_arch: null
+  not_s390x_arch: null
+  ovirt: null
+  s390x_arch: null
+  sssd: sssd-common
+  sssd-ldap: null
+  uefi: null
+  zipl: s390utils-base
+product: kylinserver10
+profiles_root: ./profiles
+reference_uris:
+  anssi: https://cyber.gouv.fr/sites/default/files/document/linux_configuration-en-v2.pdf
+  app-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers
+  app-srg-ctr: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=container-platform
+  bsi: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf
+  cis-csc: https://www.cisecurity.org/controls/
+  cjis: https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf
+  cobit5: https://www.isaca.org/resources/cobit
+  cui: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf
+  dcid: not_officially_available
+  disa: https://public.cyber.mil/stigs/cci/
+  hipaa: https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf
+  isa-62443-2009: https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat
+  isa-62443-2013: https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu
+  ism: https://www.cyber.gov.au/acsc/view-all-content/ism
+  iso27001-2013: https://www.iso.org/contents/data/standard/05/45/54534.html
+  nerc-cip: https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx
+  nist: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf
+  nist-csf: https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf
+  os-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os
+  ospp: https://www.niap-ccevs.org/Profile/PP.cfm
+  pcidss: https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf
+  pcidss4: https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf
+  stigid: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux
+  stigref: https://public.cyber.mil/stigs/srg-stig-tools/
+sshd_distributed_config: 'false'
+sysctl_remediate_drop_in_file: 'false'
+type: platform
+uid_max: 60000
+uid_min: 1000

tests/data/product_stability/macos1015.yml

@@ -69,4 +69,5 @@ reference_uris:
 sshd_distributed_config: 'false'
 sysctl_remediate_drop_in_file: 'false'
 type: platform
+uid_max: 60000
 uid_min: 1000

tests/data/product_stability/ocp4.yml

@@ -156,4 +156,5 @@ reference_uris:
 sshd_distributed_config: 'false'
 sysctl_remediate_drop_in_file: 'false'
 type: platform
+uid_max: 60000
 uid_min: 1000

tests/data/product_stability/ol10.yml

@@ -0,0 +1,89 @@
+aide_also_checks_audispd: 'yes'
+aide_also_checks_rsyslog: 'no'
+aide_bin_path: /usr/sbin/aide
+aide_conf_path: /etc/aide.conf
+audisp_conf_path: /etc/audit
+auid: 1000
+aux_pkg_release: ''
+aux_pkg_version: ''
+auxiliary_key_fingerprint: ''
+basic_properties_derived: true
+benchmark_id: OL-10
+benchmark_root: ../../linux_os/guide
+chrony_conf_path: /etc/chrony.conf
+chrony_d_path: /etc/chrony.d/
+cpes:
+- ol10:
+    check_id: installed_OS_is_ol10
+    name: cpe:/o:oracle:linux:10
+    title: Oracle Linux 10
+cpes_root: ../../shared/applicability
+dconf_gdm_dir: local.d
+faillock_path: /var/log/faillock
+families:
+- ol
+full_name: Oracle Linux 10
+gid_min: 1000
+groups:
+  dedicated_ssh_keyowner:
+    name: ssh_keys
+grub2_boot_path: /boot/grub2
+grub2_uefi_boot_path: /boot/grub2
+grub_helper_executable: grubby
+init_system: systemd
+major_version_ordinal: 10
+nobody_gid: 65534
+nobody_uid: 65534
+pkg_manager: dnf
+pkg_manager_config_file: /etc/dnf/dnf.conf
+pkg_release: ''
+pkg_system: rpm
+pkg_version: ''
+platform_package_overrides:
+  aarch64_arch: null
+  grub2: grub2-common
+  login_defs: shadow-utils
+  no_ovirt: null
+  non-uefi: null
+  not_aarch64_arch: null
+  not_s390x_arch: null
+  ovirt: null
+  s390x_arch: null
+  sssd: sssd-common
+  sssd-ldap: null
+  uefi: null
+  zipl: s390utils-base
+product: ol10
+profiles_root: ./profiles
+reference_uris:
+  anssi: https://cyber.gouv.fr/sites/default/files/document/linux_configuration-en-v2.pdf
+  app-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers
+  app-srg-ctr: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=container-platform
+  bsi: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf
+  cis: ''
+  cis-csc: https://www.cisecurity.org/controls/
+  cjis: https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf
+  cobit5: https://www.isaca.org/resources/cobit
+  cui: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf
+  dcid: not_officially_available
+  disa: https://public.cyber.mil/stigs/cci/
+  hipaa: https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf
+  isa-62443-2009: https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat
+  isa-62443-2013: https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu
+  ism: https://www.cyber.gov.au/acsc/view-all-content/ism
+  iso27001-2013: https://www.iso.org/contents/data/standard/05/45/54534.html
+  nerc-cip: https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx
+  nist: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf
+  nist-csf: https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf
+  os-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os
+  ospp: https://www.niap-ccevs.org/Profile/PP.cfm
+  pcidss: https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf
+  pcidss4: https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf
+  stigid: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux
+  stigref: https://public.cyber.mil/stigs/srg-stig-tools/
+release_key_fingerprint: ''
+sshd_distributed_config: 'false'
+sysctl_remediate_drop_in_file: 'false'
+type: platform
+uid_max: 60000
+uid_min: 1000

tests/data/product_stability/ol7.yml

@@ -85,4 +85,5 @@ release_key_fingerprint: 42144123FECFC55B9086313D72F97B74EC551F03
 sshd_distributed_config: 'false'
 sysctl_remediate_drop_in_file: 'false'
 type: platform
+uid_max: 60000
 uid_min: 1000

tests/data/product_stability/ol8.yml

@@ -84,4 +84,5 @@ release_key_fingerprint: 76FD3DB13AB67410B89DB10E82562EA9AD986DA3
 sshd_distributed_config: 'false'
 sysctl_remediate_drop_in_file: 'false'
 type: platform
+uid_max: 60000
 uid_min: 1000

tests/data/product_stability/ol9.yml

@@ -87,4 +87,5 @@ release_key_fingerprint: 3E6D826D3FBAB389C2F38E34BC4D06A08D8B756F
 sshd_distributed_config: 'false'
 sysctl_remediate_drop_in_file: 'false'
 type: platform
+uid_max: 60000
 uid_min: 1000

tests/data/product_stability/openembedded.yml

@@ -85,4 +85,5 @@ reference_uris:
 sshd_distributed_config: 'false'
 sysctl_remediate_drop_in_file: 'false'
 type: platform
+uid_max: 60000
 uid_min: 1000