From 2ce53c448bb4f8f8902190f6174ca25ce630128f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= Date: Thu, 12 Dec 2024 10:04:49 +0100 Subject: [PATCH] Optimize platform expressions in bootloader-grub2 group The bootloader-grub2 group contains multiple different platform expressions. However, all of them are related to grub2 and all of them should be applicable for bootable container, therefore, the platform can be set on the group level in group.yml to `grub2 and system_with_kernel`. Setting the platform on the group level allows us to simplify platform expressions in individual rules. Most of them that only set platform to `machine` or to `system_with_kernel` can be removed completely. --- linux_os/guide/system/bootloader-grub2/group.yml | 2 +- .../system/bootloader-grub2/grub2_disable_recovery/rule.yml | 2 -- .../system/bootloader-grub2/grub2_enable_iommu_force/rule.yml | 1 - .../bootloader-grub2/grub2_init_on_alloc_argument/rule.yml | 1 - .../system/bootloader-grub2/grub2_kernel_trust_cpu_rng/rule.yml | 1 - .../guide/system/bootloader-grub2/grub2_l1tf_argument/rule.yml | 1 - .../guide/system/bootloader-grub2/grub2_mce_argument/rule.yml | 1 - .../guide/system/bootloader-grub2/grub2_mds_argument/rule.yml | 1 - .../system/bootloader-grub2/grub2_mitigation_argument/rule.yml | 1 - .../bootloader-grub2/grub2_nosmap_argument_absent/rule.yml | 1 - .../bootloader-grub2/grub2_nosmep_argument_absent/rule.yml | 1 - .../bootloader-grub2/grub2_page_alloc_shuffle_argument/rule.yml | 1 - .../guide/system/bootloader-grub2/grub2_pti_argument/rule.yml | 1 - .../grub2_rng_core_default_quality_argument/rule.yml | 1 - .../bootloader-grub2/grub2_slab_nomerge_argument/rule.yml | 1 - .../grub2_spec_store_bypass_disable_argument/rule.yml | 1 - .../system/bootloader-grub2/grub2_spectre_v2_argument/rule.yml | 1 - .../grub2_systemd_debug-shell_argument_absent/rule.yml | 1 - .../system/bootloader-grub2/grub2_vsyscall_argument/rule.yml | 2 +- .../non-uefi/file_groupowner_grub2_cfg/rule.yml | 1 - .../bootloader-grub2/non-uefi/file_groupowner_user_cfg/rule.yml | 1 - .../bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml | 1 - .../bootloader-grub2/non-uefi/file_owner_user_cfg/rule.yml | 1 - .../non-uefi/file_permissions_grub2_cfg/rule.yml | 1 - .../non-uefi/file_permissions_user_cfg/rule.yml | 1 - .../bootloader-grub2/non-uefi/grub2_admin_username/rule.yml | 1 - .../non-uefi/grub2_no_removeable_media/rule.yml | 1 - .../system/bootloader-grub2/non-uefi/grub2_password/rule.yml | 1 - .../bootloader-grub2/non-uefi/grub2_password_legacy/rule.yml | 1 - .../uefi/file_groupowner_efi_grub2_cfg/rule.yml | 1 - .../bootloader-grub2/uefi/file_groupowner_efi_user_cfg/rule.yml | 1 - .../bootloader-grub2/uefi/file_owner_efi_grub2_cfg/rule.yml | 1 - .../bootloader-grub2/uefi/file_owner_efi_user_cfg/rule.yml | 1 - .../uefi/file_permissions_efi_grub2_cfg/rule.yml | 1 - .../uefi/file_permissions_efi_user_cfg/rule.yml | 1 - .../bootloader-grub2/uefi/grub2_uefi_admin_username/rule.yml | 1 - .../system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml | 1 - .../bootloader-grub2/uefi/grub2_uefi_password_legacy/rule.yml | 1 - .../bootloader-grub2/uefi/uefi_no_removeable_media/rule.yml | 1 - 39 files changed, 2 insertions(+), 40 deletions(-) diff --git a/linux_os/guide/system/bootloader-grub2/group.yml b/linux_os/guide/system/bootloader-grub2/group.yml index 4ffb40c0e8c..d1b4a3e3389 100644 --- a/linux_os/guide/system/bootloader-grub2/group.yml +++ b/linux_os/guide/system/bootloader-grub2/group.yml @@ -15,4 +15,4 @@ description: |- with a password and ensure its configuration file's permissions are set properly. -platform: grub2 +platform: grub2 and system_with_kernel diff --git a/linux_os/guide/system/bootloader-grub2/grub2_disable_recovery/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_disable_recovery/rule.yml index 6919ef54873..e8878c4cd45 100644 --- a/linux_os/guide/system/bootloader-grub2/grub2_disable_recovery/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/grub2_disable_recovery/rule.yml @@ -41,5 +41,3 @@ fixtext: |- Then, run the following command: $ sudo {{{ grub_command("update") }}} - -platform: grub2 diff --git a/linux_os/guide/system/bootloader-grub2/grub2_enable_iommu_force/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_enable_iommu_force/rule.yml index 4fa2ffd16ac..41ee2618721 100644 --- a/linux_os/guide/system/bootloader-grub2/grub2_enable_iommu_force/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/grub2_enable_iommu_force/rule.yml @@ -20,7 +20,6 @@ identifiers: cce@sle12: CCE-91532-2 cce@sle15: CCE-91217-0 -platform: system_with_kernel ocil_clause: 'I/OMMU is not activated' diff --git a/linux_os/guide/system/bootloader-grub2/grub2_init_on_alloc_argument/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_init_on_alloc_argument/rule.yml index ef5dc89ebb0..2e721d99c54 100644 --- a/linux_os/guide/system/bootloader-grub2/grub2_init_on_alloc_argument/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/grub2_init_on_alloc_argument/rule.yml @@ -24,7 +24,6 @@ ocil_clause: 'the kernel is not configured to zero out memory before allocation' ocil: |- {{{ ocil_grub2_argument("init_on_alloc=1") | indent(4) }}} -platform: system_with_kernel template: name: grub2_bootloader_argument diff --git a/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/rule.yml index 93e6ac01ce2..3d6b750d92f 100644 --- a/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/rule.yml @@ -46,7 +46,6 @@ ocil: |- the kernel, check that the option is configured through boot parameter. {{{ ocil_grub2_argument("random.trust_cpu=on") | indent(4) }}} -platform: system_with_kernel template: name: grub2_bootloader_argument diff --git a/linux_os/guide/system/bootloader-grub2/grub2_l1tf_argument/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_l1tf_argument/rule.yml index 979ec7c3554..8776d5bf328 100644 --- a/linux_os/guide/system/bootloader-grub2/grub2_l1tf_argument/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/grub2_l1tf_argument/rule.yml @@ -36,7 +36,6 @@ ocil_clause: 'l1tf mitigations are not configured appropriately' ocil: |- {{{ ocil_grub2_argument("l1tf=" + xccdf_value("var_l1tf_options")) | indent(4) }}} -platform: system_with_kernel template: name: grub2_bootloader_argument diff --git a/linux_os/guide/system/bootloader-grub2/grub2_mce_argument/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_mce_argument/rule.yml index 8ebd96ed33d..b9d0db90b0f 100644 --- a/linux_os/guide/system/bootloader-grub2/grub2_mce_argument/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/grub2_mce_argument/rule.yml @@ -29,7 +29,6 @@ ocil_clause: 'MCE tolerance is not set to zero' ocil: |- {{{ ocil_grub2_argument("mce=0") | indent(4) }}} -platform: system_with_kernel template: name: grub2_bootloader_argument diff --git a/linux_os/guide/system/bootloader-grub2/grub2_mds_argument/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_mds_argument/rule.yml index afd6d1fccb6..6e24c5e5e07 100644 --- a/linux_os/guide/system/bootloader-grub2/grub2_mds_argument/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/grub2_mds_argument/rule.yml @@ -47,7 +47,6 @@ ocil_clause: 'MDS mitigations are not configured appropriately' ocil: |- {{{ ocil_grub2_argument("mds=" + xccdf_value(var_mds_options)) | indent(4) }}} -platform: system_with_kernel template: name: grub2_bootloader_argument diff --git a/linux_os/guide/system/bootloader-grub2/grub2_mitigation_argument/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_mitigation_argument/rule.yml index af4e46f8cfb..19ef226e4d6 100644 --- a/linux_os/guide/system/bootloader-grub2/grub2_mitigation_argument/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/grub2_mitigation_argument/rule.yml @@ -24,7 +24,6 @@ references: srg: SRG-OS-000480-GPOS-00227 stigid@ol8: OL08-00-010424 -platform: system_with_kernel ocil_clause: 'mitigations is set to off' diff --git a/linux_os/guide/system/bootloader-grub2/grub2_nosmap_argument_absent/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_nosmap_argument_absent/rule.yml index df1110432f2..691a8857d01 100644 --- a/linux_os/guide/system/bootloader-grub2/grub2_nosmap_argument_absent/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/grub2_nosmap_argument_absent/rule.yml @@ -34,7 +34,6 @@ ocil: |- 
grep -q nosmap /boot/config-`uname -r`
If the command returns a line, it means that SMAP is being disabled. -platform: system_with_kernel template: name: grub2_bootloader_argument_absent diff --git a/linux_os/guide/system/bootloader-grub2/grub2_nosmep_argument_absent/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_nosmep_argument_absent/rule.yml index ba17b67cc90..d887e29fbf6 100644 --- a/linux_os/guide/system/bootloader-grub2/grub2_nosmep_argument_absent/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/grub2_nosmep_argument_absent/rule.yml @@ -34,7 +34,6 @@ ocil: |- 
grep -q nosmep /boot/config-`uname -r`
If the command returns a line, it means that SMEP is being disabled. -platform: system_with_kernel template: name: grub2_bootloader_argument_absent diff --git a/linux_os/guide/system/bootloader-grub2/grub2_page_alloc_shuffle_argument/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_page_alloc_shuffle_argument/rule.yml index bf166f797d4..f94c8556847 100644 --- a/linux_os/guide/system/bootloader-grub2/grub2_page_alloc_shuffle_argument/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/grub2_page_alloc_shuffle_argument/rule.yml @@ -31,7 +31,6 @@ ocil_clause: 'randomization of the page allocator is not enabled in the kernel' ocil: |- {{{ ocil_grub2_argument("page_alloc.shuffle=1") | indent(4) }}} -platform: system_with_kernel template: name: grub2_bootloader_argument diff --git a/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/rule.yml index 373a3b49776..43ac06be3c1 100644 --- a/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/rule.yml @@ -34,7 +34,6 @@ ocil_clause: 'Kernel page-table isolation is not enabled' ocil: |- {{{ ocil_grub2_argument("pti=on") | indent(4) }}} -platform: system_with_kernel template: name: grub2_bootloader_argument diff --git a/linux_os/guide/system/bootloader-grub2/grub2_rng_core_default_quality_argument/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_rng_core_default_quality_argument/rule.yml index 6168d85abce..ed4f2ce3dfc 100644 --- a/linux_os/guide/system/bootloader-grub2/grub2_rng_core_default_quality_argument/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/grub2_rng_core_default_quality_argument/rule.yml @@ -37,7 +37,6 @@ ocil_clause: 'trust on hardware random number generator is not configured approp ocil: |- {{{ ocil_grub2_argument("rng_core.default_quality=" + xccdf_value("var_rng_core_default_quality")) | indent(4) }}} -platform: system_with_kernel template: name: grub2_bootloader_argument diff --git a/linux_os/guide/system/bootloader-grub2/grub2_slab_nomerge_argument/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_slab_nomerge_argument/rule.yml index f4e9ec445a3..bc977ab55fa 100644 --- a/linux_os/guide/system/bootloader-grub2/grub2_slab_nomerge_argument/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/grub2_slab_nomerge_argument/rule.yml @@ -35,7 +35,6 @@ ocil_clause: 'merging of slabs with similar size is enabled' ocil: |- {{{ ocil_grub2_argument("slab_nomerge=yes") | indent(4) }}} -platform: system_with_kernel template: name: grub2_bootloader_argument diff --git a/linux_os/guide/system/bootloader-grub2/grub2_spec_store_bypass_disable_argument/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_spec_store_bypass_disable_argument/rule.yml index c302a04e37a..31e883c710e 100644 --- a/linux_os/guide/system/bootloader-grub2/grub2_spec_store_bypass_disable_argument/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/grub2_spec_store_bypass_disable_argument/rule.yml @@ -39,7 +39,6 @@ ocil_clause: 'SSB is not configured appropriately' ocil: |- {{{ ocil_grub2_argument("spec_store_bypass_disable=" + xccdf_value("var_spec_store_bypass_disable_options")) | indent(4) }}} -platform: system_with_kernel template: name: grub2_bootloader_argument diff --git a/linux_os/guide/system/bootloader-grub2/grub2_spectre_v2_argument/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_spectre_v2_argument/rule.yml index c6dceb12c27..6d449bf5d21 100644 --- a/linux_os/guide/system/bootloader-grub2/grub2_spectre_v2_argument/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/grub2_spectre_v2_argument/rule.yml @@ -32,7 +32,6 @@ ocil_clause: 'spectre_v2 mitigation is not enforced' ocil: |- {{{ ocil_grub2_argument("spectre_v2=on") | indent(4) }}} -platform: system_with_kernel template: name: grub2_bootloader_argument diff --git a/linux_os/guide/system/bootloader-grub2/grub2_systemd_debug-shell_argument_absent/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_systemd_debug-shell_argument_absent/rule.yml index 973d2447dd7..a8315352e60 100644 --- a/linux_os/guide/system/bootloader-grub2/grub2_systemd_debug-shell_argument_absent/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/grub2_systemd_debug-shell_argument_absent/rule.yml @@ -44,7 +44,6 @@ ocil: |- fixtext: |- {{{ fixtext_grub2_bootloader_argument_absent("debug-shell") | indent(4) }}} -platform: system_with_kernel template: name: grub2_bootloader_argument_absent diff --git a/linux_os/guide/system/bootloader-grub2/grub2_vsyscall_argument/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_vsyscall_argument/rule.yml index f3907cd08d8..28da623cf90 100644 --- a/linux_os/guide/system/bootloader-grub2/grub2_vsyscall_argument/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/grub2_vsyscall_argument/rule.yml @@ -33,7 +33,7 @@ ocil_clause: 'vsyscalls are enabled' ocil: |- {{{ ocil_grub2_argument("vsyscall=none") | indent(4) }}} -platform: system_with_kernel and x86_64_arch +platform: x86_64_arch template: name: grub2_bootloader_argument diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml index 5c9a0b07154..fea605a8699 100644 --- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml @@ -50,7 +50,6 @@ fixtext: '{{{ fixtext_file_group_owner(grub2_boot_path ~ "/grub.cfg", "root") }} srg_requirement: '{{{ srg_requirement_file_group_owner(grub2_boot_path ~ "/grub.cfg", "root") }}}' -platform: system_with_kernel template: name: file_groupowner diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_user_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_user_cfg/rule.yml index 9dac1e38944..038ae369e6e 100644 --- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_user_cfg/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_user_cfg/rule.yml @@ -44,7 +44,6 @@ fixtext: '{{{ fixtext_file_group_owner(grub2_boot_path ~ "/user.cfg", "root") }} srg_requirement: '{{{ srg_requirement_file_group_owner(grub2_boot_path ~ "/user.cfg", "root") }}}' -platform: machine template: name: file_groupowner diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml index 0e797faaadd..2bbb3449f7e 100644 --- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml @@ -46,7 +46,6 @@ ocil_clause: '{{{ ocil_clause_file_owner(file=grub2_boot_path ~ "/grub.cfg", own ocil: |- {{{ ocil_file_owner(file=grub2_boot_path ~ "/grub.cfg", owner="root") }}} -platform: system_with_kernel template: name: file_owner diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_user_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_user_cfg/rule.yml index 85899b1ee9f..9d55b3ded1e 100644 --- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_user_cfg/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_user_cfg/rule.yml @@ -39,7 +39,6 @@ ocil_clause: '{{{ ocil_clause_file_owner(file=grub2_boot_path ~ "/user.cfg", own ocil: |- {{{ ocil_file_owner(file=grub2_boot_path ~ "/user.cfg", owner="root") }}} -platform: machine template: name: file_owner diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml index 08a379d1712..9bd39315826 100644 --- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml @@ -46,7 +46,6 @@ ocil: |- If properly configured, the output should indicate the following permissions: -rw------- -platform: system_with_kernel template: name: file_permissions diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_user_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_user_cfg/rule.yml index b8258f5e9f3..55653bd8c6d 100644 --- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_user_cfg/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_user_cfg/rule.yml @@ -35,7 +35,6 @@ ocil_clause: '{{{ ocil_clause_file_permissions(file=grub2_boot_path ~ "/user.cfg ocil: |- {{{ ocil_file_permissions(file=grub2_boot_path ~ "/user.cfg", perms="-rw-------") }}} -platform: machine template: name: file_permissions diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_admin_username/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_admin_username/rule.yml index c476ddec3f4..9f8cc264b95 100644 --- a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_admin_username/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_admin_username/rule.yml @@ -68,7 +68,6 @@ warnings: Also, do NOT manually add the superuser account and password to the grub.cfg file as the grub2-mkconfig command overwrites this file. -platform: machine fixtext: |- Configure {{{ full_name }}} to have a unique username for the grub superuser account. diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_no_removeable_media/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_no_removeable_media/rule.yml index eabe7356e79..114cfd9340f 100644 --- a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_no_removeable_media/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_no_removeable_media/rule.yml @@ -38,4 +38,3 @@ ocil: |- media which should not exist in the lines: 
set root='hd0,msdos1'
-platform: machine diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml index bb7ceedc8f8..a2b97c4ee57 100644 --- a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml @@ -92,7 +92,6 @@ warnings: Also, do NOT manually add the superuser account and password to the grub.cfg file as the grub2-mkconfig command overwrites this file. -platform: machine fixtext: |- Configure {{{ full_name }}} to require a grub bootloader password for the grub superuser account. diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password_legacy/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password_legacy/rule.yml index e492a98fa3f..b4f144c18b4 100644 --- a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password_legacy/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password_legacy/rule.yml @@ -51,4 +51,3 @@ warnings: Also, do NOT manually add the superuser account and password to the grub.cfg file as the grub2-mkconfig command overwrites this file. -platform: system_with_kernel diff --git a/linux_os/guide/system/bootloader-grub2/uefi/file_groupowner_efi_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/file_groupowner_efi_grub2_cfg/rule.yml index 1b18ddff95a..2cde2a0533e 100644 --- a/linux_os/guide/system/bootloader-grub2/uefi/file_groupowner_efi_grub2_cfg/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/uefi/file_groupowner_efi_grub2_cfg/rule.yml @@ -38,7 +38,6 @@ ocil_clause: '{{{ ocil_clause_file_group_owner(file=grub2_uefi_boot_path ~ "/gru ocil: |- {{{ ocil_file_group_owner(file=grub2_uefi_boot_path ~ "/grub.cfg", group="root") }}} -platform: machine template: name: file_groupowner diff --git a/linux_os/guide/system/bootloader-grub2/uefi/file_groupowner_efi_user_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/file_groupowner_efi_user_cfg/rule.yml index 55e0ccb1334..bea3273644f 100644 --- a/linux_os/guide/system/bootloader-grub2/uefi/file_groupowner_efi_user_cfg/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/uefi/file_groupowner_efi_user_cfg/rule.yml @@ -38,7 +38,6 @@ ocil_clause: '{{{ ocil_clause_file_group_owner(file=grub2_uefi_boot_path ~ "/use ocil: |- {{{ ocil_file_group_owner(file=grub2_uefi_boot_path ~ "/user.cfg", group="root") }}} -platform: machine template: name: file_groupowner diff --git a/linux_os/guide/system/bootloader-grub2/uefi/file_owner_efi_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/file_owner_efi_grub2_cfg/rule.yml index 63e6683341b..acbf05579a4 100644 --- a/linux_os/guide/system/bootloader-grub2/uefi/file_owner_efi_grub2_cfg/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/uefi/file_owner_efi_grub2_cfg/rule.yml @@ -36,7 +36,6 @@ ocil_clause: '{{{ ocil_clause_file_owner(file=grub2_uefi_boot_path ~ "/grub.cfg" ocil: |- {{{ ocil_file_owner(file=grub2_uefi_boot_path ~ "/grub.cfg", owner="root") }}} -platform: machine template: name: file_owner diff --git a/linux_os/guide/system/bootloader-grub2/uefi/file_owner_efi_user_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/file_owner_efi_user_cfg/rule.yml index 4c154afd3d2..ff55a8112e1 100644 --- a/linux_os/guide/system/bootloader-grub2/uefi/file_owner_efi_user_cfg/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/uefi/file_owner_efi_user_cfg/rule.yml @@ -38,7 +38,6 @@ ocil_clause: '{{{ ocil_clause_file_owner(file=grub2_uefi_boot_path ~ "/user.cfg" ocil: |- {{{ ocil_file_owner(file=grub2_uefi_boot_path ~ "/user.cfg", owner="root") }}} -platform: machine template: name: file_owner diff --git a/linux_os/guide/system/bootloader-grub2/uefi/file_permissions_efi_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/file_permissions_efi_grub2_cfg/rule.yml index e6c401a43c9..16acb38ae7a 100644 --- a/linux_os/guide/system/bootloader-grub2/uefi/file_permissions_efi_grub2_cfg/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/uefi/file_permissions_efi_grub2_cfg/rule.yml @@ -38,7 +38,6 @@ ocil: |- If properly configured, the output should indicate the following permissions: -rwx------ -platform: machine template: name: file_permissions diff --git a/linux_os/guide/system/bootloader-grub2/uefi/file_permissions_efi_user_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/file_permissions_efi_user_cfg/rule.yml index 1254dfbaade..6112e68f8b0 100644 --- a/linux_os/guide/system/bootloader-grub2/uefi/file_permissions_efi_user_cfg/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/uefi/file_permissions_efi_user_cfg/rule.yml @@ -35,7 +35,6 @@ ocil_clause: '{{{ ocil_clause_file_permissions(file=grub2_uefi_boot_path ~ "/use ocil: |- {{{ ocil_file_permissions(file=grub2_uefi_boot_path ~ "/user.cfg", perms="-rw-------") }}} -platform: machine template: name: file_permissions diff --git a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_admin_username/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_admin_username/rule.yml index bd64b621f10..83be376b8dc 100644 --- a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_admin_username/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_admin_username/rule.yml @@ -69,7 +69,6 @@ warnings: Also, do NOT manually add the superuser account and password to the grub.cfg file as the grub2-mkconfig command overwrites this file. -platform: machine fixtext: |- Configure {{{ full_name }}} to have a unique username for the grub superuser account. diff --git a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml index 4cf5ee4725c..831aa6ec3dd 100644 --- a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml @@ -93,7 +93,6 @@ warnings: Also, do NOT manually add the superuser account and password to the grub.cfg file as the grub2-mkconfig command overwrites this file. -platform: system_with_kernel fixtext: |- Configure {{{ full_name }}} to use a secure UEFI boot loader password. diff --git a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password_legacy/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password_legacy/rule.yml index 8014fa95781..75218ef36d3 100644 --- a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password_legacy/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password_legacy/rule.yml @@ -50,4 +50,3 @@ warnings: Also, do NOT manually add the superuser account and password to the grub.cfg file as the grub2-mkconfig command overwrites this file. -platform: machine diff --git a/linux_os/guide/system/bootloader-grub2/uefi/uefi_no_removeable_media/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/uefi_no_removeable_media/rule.yml index 059e63db720..f03bda5d61f 100644 --- a/linux_os/guide/system/bootloader-grub2/uefi/uefi_no_removeable_media/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/uefi/uefi_no_removeable_media/rule.yml @@ -38,4 +38,3 @@ ocil: |- media which should not exist in the lines: 
set root='hd0,msdos1'
-platform: machine