Merge pull request #13168 from jan-cerny/package_bind_removed

Update rule package_bind_removed for RHEL 9.6

Author: Mab879

docs/templates/template_reference.md

@@ -579,11 +579,12 @@ The only way to remediate is to recompile and reinstall the kernel, so no remedi
 -   Languages: Anaconda, Ansible, Bash, OVAL, Puppet, Blueprint, Kickstart, Bootc
 
 #### package_removed
--   Checks if the given package is not installed.
+-   Checks if the given package(s) are not installed.
 
 -   Parameters:
 
-    -   **pkgname** - name of the RPM or DEB package, eg. `tmux`
+    -   **pkgname** - name of the RPM or DEB package, eg. `tmux`.
+        Can be either a name of a single package or a list of names.
 
 -   Languages: Anaconda, Ansible, Bash, OVAL, Puppet, Kickstart, Bootc
 

linux_os/guide/services/dns/disabling_dns_server/package_bind_removed/rule.yml

@@ -5,6 +5,10 @@ title: 'Uninstall bind Package'
 description: |-
     The <tt>named</tt> service is provided by the <tt>bind</tt> package.
     {{{ describe_package_remove(package="bind") }}}
+    {{% if product == "rhel9" %}}
+    On Red Hat Enterprise Linux 9.6 and newer, the <tt>bind</tt> command is also provided by the <tt>bind9.18</tt> package.
+    {{{ describe_package_remove(package="bind9.18") }}}
+    {{% endif %}}
 
 rationale: |-
     If there is no need to make DNS server software available,
@@ -41,6 +45,9 @@ template:
     name: package_removed
     vars:
         pkgname: bind
+        pkgname@rhel9:
+            - bind
+            - bind9.18
         pkgname@ubuntu1604: bind9
         pkgname@ubuntu1804: bind9
         pkgname@ubuntu2004: bind9

linux_os/guide/services/dns/disabling_dns_server/package_bind_removed/tests/one_of_packages_installed.fail.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+# platform = Red Hat Enterprise Linux 9
+
+dnf install -y bind9.18 || dnf install -y bind

linux_os/guide/services/dns/disabling_dns_server/package_bind_removed/tests/package-installed-removed.pass.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+# platform = Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 10, multi_platform_fedora, multi_platform_debian, multi_platform_ol, multi_platform_sle
+
+{{{ bash_package_install("bind") }}}
+{{{ bash_package_remove("bind") }}}

linux_os/guide/services/dns/disabling_dns_server/package_bind_removed/tests/package-installed.fail.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+# platform = Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 10, multi_platform_fedora, multi_platform_debian, multi_platform_ol, multi_platform_sle
+
+{{{ bash_package_install("bind") }}}

shared/templates/package_removed/anaconda.template

@@ -4,4 +4,6 @@
 # complexity = low
 # disruption = low
 
-package --remove={{{ PKGNAME }}}
+{{% for package in PACKAGES %}}
+package --remove={{{ package }}}
+{{% endfor %}}

shared/templates/package_removed/ansible.template

@@ -3,8 +3,10 @@
 # strategy = disable
 # complexity = low
 # disruption = low
-- name: Ensure {{{ PKGNAME }}} is removed
-  package:
-    name: "{{{ PKGNAME }}}"
-    state: absent
 
+{{% for package in PACKAGES %}}
+- name: "{{{ rule_title }}}: Ensure {{{ package }}} is removed"
+  ansible.builtin.package:
+    name: "{{{ package }}}"
+    state: absent
+{{% endfor %}}

shared/templates/package_removed/bash.template

@@ -4,10 +4,12 @@
 # complexity = low
 # disruption = low
 
-# CAUTION: This remediation script will remove {{{ PKGNAME }}}
-#	   from the system, and may remove any packages
-#	   that depend on {{{ PKGNAME }}}. Execute this
-#	   remediation AFTER testing on a non-production
-#	   system!
+# CAUTION: This remediation script will remove {{{ PACKAGES | join(" and ") }}}
+# from the system, and may remove any packages
+# that depend on {{{ PACKAGES | join(" and ") }}}. Execute this
+# remediation AFTER testing on a non-production
+# system!
 
-{{{ bash_package_remove(package=PKGNAME) }}}
+{{% for package in PACKAGES %}}
+{{{ bash_package_remove(package=package) }}}
+{{% endfor %}}

shared/templates/package_removed/bootc.template

@@ -4,4 +4,6 @@
 # complexity = low
 # disruption = low
 
-dnf remove {{{ PKGNAME }}}
+{{% for package in PACKAGES %}}
+dnf remove {{{ package }}}
+{{% endfor %}}

shared/templates/package_removed/kickstart.template

@@ -4,4 +4,6 @@
 # complexity = low
 # disruption = low
 
-package remove {{{ PKGNAME }}}
+{{% for package in PACKAGES %}}
+package remove {{{ package }}}
+{{% endfor %}}

shared/templates/package_removed/oval.template

@@ -1,11 +1,14 @@
 <def-group>
-  <definition class="compliance" id="{{{ _RULE_ID }}}"
-  version="1">
-    {{{ oval_metadata("The " + pkg_system|upper + " package " + PKGNAME + " should be removed.", affected_platforms=["multi_platform_all"]) }}}
-    <criteria>
-      <criterion comment="package {{{ PKGNAME }}} is removed"
-      test_ref="test_package_{{{ PKGNAME }}}_removed" />
-    </criteria>
-  </definition>
-{{{ oval_test_package_removed(package=PKGNAME, test_id="test_package_"+PKGNAME+"_removed") }}}
+<definition class="compliance" id="{{{ _RULE_ID }}}" version="1">
+  {{{ oval_metadata("The " + pkg_system|upper + " package " + PACKAGES | join(" and ") + " should be removed.", affected_platforms=["multi_platform_all"]) }}}
+  <criteria>
+  {{% for package in PACKAGES %}}
+    <criterion comment="package {{{ package }}} is removed" test_ref="test_package_{{{ package }}}_removed" />
+  {{% endfor %}}
+  </criteria>
+</definition>
+{{% for package in PACKAGES %}}
+{{{ oval_test_package_removed(package=package, test_id="test_package_"+package+"_removed") }}}
+{{% endfor %}}
+
 </def-group>

shared/templates/package_removed/puppet.template

@@ -3,10 +3,12 @@
 # strategy = disable
 # complexity = low
 # disruption = low
-include remove_{{{ PKGNAME }}}
+{{% for package in PACKAGES %}}
+include remove_{{{ package }}}
 
-class remove_{{{ PKGNAME }}} {
-  package { '{{{ PKGNAME }}}':
+class remove_{{{ package }}} {
+  package { '{{{ package }}}':
     ensure => 'purged',
   }
 }
+{{% endfor %}}

shared/templates/package_removed/template.py

@@ -0,0 +1,6 @@
+def preprocess(data, lang):
+    if isinstance(data["pkgname"], list):
+        data["packages"] = data["pkgname"]
+    else:
+        data["packages"] = [data["pkgname"]]
+    return data

shared/templates/package_removed/tests/package-removed.pass.sh

@@ -1,3 +1,5 @@
 #!/bin/bash
 
-{{{ bash_package_remove(PKGNAME) }}}
+{{% for package in PACKAGES %}}
+{{{ bash_package_remove(package) }}}
+{{% endfor %}}

tests/test_components.py

@@ -40,6 +40,8 @@ def test_template_package(
     template_vars = template["vars"]
     if template_name in ["package_installed", "package_removed"]:
         package = template_vars["pkgname"]
+        if isinstance(package, list):
+            package = package[0]
         component = package_to_component.get(package, [package])[0]
         reason = (
             "rule uses template '%s' with 'pkgname' parameter set to '%s' "