diff --git a/data/security/autoyast/create_hdd_gnome_aarch64.xml b/data/security/autoyast/create_hdd_gnome_aarch64.xml deleted file mode 100644 index 692b151d27d3..000000000000 --- a/data/security/autoyast/create_hdd_gnome_aarch64.xml +++ /dev/null @@ -1,416 +0,0 @@ - - - - - - auto - auto - false - false - true - gfxterm - -1 - true - vga=gfx-1024x768x16 - - grub2-efi - - - public - true - off - true - - - For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted. - - eth0 - - false - public - - - - dhcpv6-client - - Public - default - - - - - - false - - - - - 100 - users - - - - - - - 127.0.0.1 - - localhost - - - - ::1 - - localhost ipv6-localhost ipv6-loopback - - - - fe00::0 - - ipv6-localnet - - - - ff00::0 - - ipv6-mcastprefix - - - - ff02::1 - - ipv6-allnodes - - - - ff02::2 - - ipv6-allrouters - - - - ff02::3 - - ipv6-allhosts - - - - - - - - AUTO - - - true - localhost - auto - - - - dhcp - eth0 - auto - public - - - true - true - false - - - eth0 - KERNELS - 0000:00:03.0 - - - - false - false - - - - auto - false - false - - false - - - - - false - false - - - - /dev/vda - gpt - true - - - true - vfat - true - utf8 - /boot/efi - uuid - 259 - 1 - false - 134217728 - - - true - true - btrfs - true - / - uuid - 131 - 2 - true - false - 29928456192 - - - false - var - - - true - usr/local - - - true - tmp - - - true - srv - - - true - root - - - true - opt - - - true - home - - - true - boot/grub2/arm64-efi - - - @ - - - true - swap - true - swap - uuid - 130 - 3 - false - 2148515328 - - - CT_DISK - all - - - - false - - - reboot - /usr/lib/cracklib_dict - no - no - insecure - 3 - 60000 - 1000 - active_console - 184 - apparmor - secure - 0 - 0 - 0 - 99999 - 0 - 5 - 7 - sha512 - 0 - yes - easy - - no - 499 - 100 - 499 - 100 - no - 60000 - 1000 - /usr/sbin/useradd.local - /usr/sbin/userdel-post.local - /usr/sbin/userdel-pre.local - - - graphical - - - bluetooth - firewalld - wickedd-auto4 - wickedd-dhcp4 - wickedd-dhcp6 - wickedd-nanny - wicked - sshd - systemd-remount-fs - - - - - true - - - wicked - snapper - sle-module-server-applications-release - sle-module-desktop-applications-release - sle-module-basesystem-release - shim - openssh - mokutil - kexec-tools - grub2-arm64-efi - glibc - firewalld - e2fsprogs - dosfstools - btrfsprogs - autoyast2 - - - apparmor - base - basesystem - basic_desktop - enhanced_base - fonts - gnome_basic - gnome_basis - minimal_base - x11 - x11_enhanced - x11_yast - yast2_basis - yast2_desktop - yast2_server - - - SLES - - - - false - false - - - - - {{ARCH}} - sle-module-desktop-applications - - nil - {{VERSION}} - - - {{ARCH}} - sle-module-server-applications - - nil - {{VERSION}} - - - {{ARCH}} - sle-module-basesystem - - nil - {{VERSION}} - - - true - - false - {{SCC_REGCODE}} - {{SCC_URL}} - false - - - false - - - America/New_York - - - - 100 - /home - -1 - /bin/bash - 022 - - - - - true - bernhard - 100 - /home/bernhard - false - - - - - 99999 - 0 - 7 - - /bin/bash - 1000 - $6$nlyUsz9D5QndKC3b$eJ5qKJKrKgYnnm4x0iHoXikFCtdfX2kJioW.1SlZcyAJb.plseJaOMrVAbjdcXidD1dlGMwv.PkVp.joRG0Xa. - bernhard - - - - true - root - 0 - /root - false - - - - - - - - - /bin/bash - 0 - $6$mhonb/3TIuegSE4m$l/1CZdAxYWvV8KwIWwQxXxo5JOh9IGOu11VMnd2XHuJGQzXnN.rN6LGv5189751zOYm/ommDfJtp3UzK300QI0 - root - - - diff --git a/data/security/autoyast/create_hdd_gnome_s390x.xml b/data/security/autoyast/create_hdd_gnome_s390x.xml deleted file mode 100644 index f6a038427905..000000000000 --- a/data/security/autoyast/create_hdd_gnome_s390x.xml +++ /dev/null @@ -1,464 +0,0 @@ - - - - - - auto - auto - false - false - false - console - -1 - false - true - crashkernel=147M\<4G - - grub2 - - - - false - - - public - true - off - true - - - For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted. - - eth0 - - false - public - - - - dhcpv6-client - ssh - tigervnc - tigervnc-https - - Public - default - - - - - false - - false - - - - - 100 - users - - - - - - - 127.0.0.1 - - localhost - - - - ::1 - - localhost ipv6-localhost ipv6-loopback - - - - fe00::0 - - ipv6-localnet - - - - ff00::0 - - ipv6-mcastprefix - - - - ff02::1 - - ipv6-allnodes - - - - ff02::2 - - ipv6-allrouters - - - - ff02::3 - - ipv6-allhosts - - - - - - true - 147M - 147M\<4G - - - - - true - yes - - lzo - 31 - 64 - - yes - 5 - - auto - 30 - - - - - - /var/crash - - - - - 3 - - - - - - - AUTO - - - false - localhost - auto - - - - dhcp - eth0 - auto - public - - - true - true - false - - - eth0 - KERNELS - 0.0.0001 - - - - false - false - - - - auto - false - false - suse.de - false - - - - - false - false - - - - /dev/disk/by-path/ccw-0.0.0000 - gpt - true - - - true - ext2 - true - /boot/zipl - path - 131 - 1 - false - 314572800 - - - true - true - btrfs - true - / - path - 131 - 2 - true - false - 29748101120 - - - false - var - - - true - usr/local - - - true - tmp - - - true - srv - - - true - root - - - true - opt - - - true - home - - - true - boot/grub2/s390x-emu - - - @ - - - true - swap - true - swap - path - 130 - 3 - false - 2148515328 - - - CT_DISK - all - - - - false - - - halt - /usr/lib/cracklib_dict - no - no - insecure - 3 - 60000 - 1000 - active_console - 184 - apparmor - secure - 0 - 0 - 0 - 99999 - 0 - 5 - 7 - sha512 - 0 - yes - easy - - no - 499 - 100 - 499 - 100 - no - 60000 - 1000 - /usr/sbin/useradd.local - /usr/sbin/userdel-post.local - /usr/sbin/userdel-pre.local - - - graphical - - - bluetooth - firewalld - wickedd-auto4 - wickedd-dhcp4 - wickedd-dhcp6 - wickedd-nanny - kdump - kdump-early - wicked - sshd - systemd-remount-fs - - - - - true - - - xorg-x11-fonts - xorg-x11-Xvnc - wicked - snapper - sle-module-server-applications-release - sle-module-desktop-applications-release - sle-module-basesystem-release - openssh - kexec-tools - kdump - icewm - grub2 - glibc - firewalld - e2fsprogs - btrfsprogs - autoyast2 - - - apparmor - base - basesystem - basic_desktop - enhanced_base - fonts - gnome_basic - gnome_basis - minimal_base - x11 - x11_enhanced - x11_yast - yast2_basis - yast2_desktop - yast2_server - - - SLES - - - - false - false - - - - - {{ARCH}} - sle-module-desktop-applications - - nil - {{VERSION}} - - - {{ARCH}} - sle-module-server-applications - - nil - {{VERSION}} - - - {{ARCH}} - sle-module-basesystem - - nil - {{VERSION}} - - - true - - true - {{SCC_REGCODE}} - {{SCC_URL}} - false - - - false - - - America/New_York - - - - 100 - /home - -1 - /bin/bash - 022 - - - - - true - bernhard - 100 - /home/bernhard - false - - - - - 99999 - 0 - 7 - - /bin/bash - 1000 - $6$6RgkTGJ05UVUJU88$Ua5zt.hGkbPlxmcZl4WPFL.42VW1llVEIFPuG61GRjq3asF9uld5WvyigHsuBk.UYoX0nzTwqKQt0gHZtxoyl. - bernhard - - - - true - root - 0 - /root - false - - - - - - - - - /bin/bash - 0 - $6$zZ1FLsISt3B04DXN$67ySUew7yGeC95sNgAXBlu1H4.V1p1A.iTZClUi2sxv3wcpfKz6S3K85gaseR..4hUhGxhlFGgh/W/U8JrOaz1 - root - - - - - - diff --git a/data/security/autoyast/create_hdd_gnome_x86_64.xml b/data/security/autoyast/create_hdd_gnome_x86_64.xml deleted file mode 100644 index 0dfdfe178822..000000000000 --- a/data/security/autoyast/create_hdd_gnome_x86_64.xml +++ /dev/null @@ -1,414 +0,0 @@ - - - - - - auto - auto - false - false - true - gfxterm - -1 - false - true - vga=gfx-1024x768x16 - - grub2 - - - public - true - off - true - - - For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted. - - eth0 - - false - public - - - - dhcpv6-client - - Public - default - - - - - - false - - - - - 100 - users - - - - - - - 127.0.0.1 - - localhost - - - - ::1 - - localhost ipv6-localhost ipv6-loopback - - - - fe00::0 - - ipv6-localnet - - - - ff00::0 - - ipv6-mcastprefix - - - - ff02::1 - - ipv6-allnodes - - - - ff02::2 - - ipv6-allrouters - - - - ff02::3 - - ipv6-allhosts - - - - - - - - AUTO - - - true - localhost - auto - - - - dhcp - eth0 - auto - public - - - true - true - false - - - eth0 - KERNELS - 0000:00:04.0 - - - - false - false - - - - auto - false - false - - false - - - - - false - false - - - - /dev/vda - gpt - true - - - true - false - 263 - 1 - false - 8388608 - - - true - true - btrfs - true - / - uuid - 131 - 2 - true - false - 30054285312 - - - false - var - - - true - usr/local - - - true - tmp - - - true - srv - - - true - root - - - true - opt - - - true - home - - - true - boot/grub2/x86_64-efi - - - true - boot/grub2/i386-pc - - - @ - - - true - swap - true - swap - uuid - 130 - 3 - false - 2148515328 - - - CT_DISK - all - - - - false - - - reboot - /usr/lib/cracklib_dict - no - no - insecure - 3 - 60000 - 1000 - active_console - 184 - apparmor - secure - 0 - 0 - 0 - 99999 - 0 - 5 - 7 - sha512 - 0 - yes - easy - - no - 499 - 100 - 499 - 100 - no - 60000 - 1000 - /usr/sbin/useradd.local - /usr/sbin/userdel-post.local - /usr/sbin/userdel-pre.local - - - graphical - - - bluetooth - firewalld - wickedd-auto4 - wickedd-dhcp4 - wickedd-dhcp6 - wickedd-nanny - wicked - sshd - systemd-remount-fs - - - - - true - - - wicked - snapper - sle-module-server-applications-release - sle-module-desktop-applications-release - sle-module-basesystem-release - openssh - kexec-tools - grub2 - glibc - firewalld - e2fsprogs - btrfsprogs - autoyast2 - - - apparmor - base - basesystem - basic_desktop - enhanced_base - fonts - gnome_basic - gnome_basis - minimal_base - x11 - x11_enhanced - x11_yast - yast2_basis - yast2_desktop - yast2_server - - - SLES - - - - false - false - - - - - {{ARCH}} - sle-module-desktop-applications - - nil - {{VERSION}} - - - {{ARCH}} - sle-module-server-applications - - nil - {{VERSION}} - - - {{ARCH}} - sle-module-basesystem - - nil - {{VERSION}} - - - true - - false - {{SCC_REGCODE}} - {{SCC_URL}} - false - - - false - - - America/New_York - - - - 100 - /home - -1 - /bin/bash - 022 - - - - - true - bernhard - 100 - /home/bernhard - false - - - - - 99999 - 0 - 7 - - /bin/bash - 1000 - $6$vYbbuJ9WMriFxGHY$gQ7shLw9ZBsRcPgo6/8KmfDvQ/lCqxW8/WnMoLCoWGdHO6Touush1nhegYfdBbXRpsQuy/FTZZeg7gQL50IbA/ - bernhard - - - - true - root - 0 - /root - false - - - - - - - - - /bin/bash - 0 - $6$gdDHoMtVLjs4CCzf$2tSvAdgvqrKo84pA59bEjZRh7IGMfv4u0Yl4hrRzPgFPWLd8RXWdn/boT7yM3K3BlTk57qyR0TZ/nMb9rlpzx1 - root - - - diff --git a/data/security/autoyast/create_hdd_gnome_x86_64_uefi.xml b/data/security/autoyast/create_hdd_gnome_x86_64_uefi.xml deleted file mode 100644 index c157ec3c296b..000000000000 --- a/data/security/autoyast/create_hdd_gnome_x86_64_uefi.xml +++ /dev/null @@ -1,417 +0,0 @@ - - - - - - auto - auto - false - false - true - gfxterm - -1 - false - true - vga=gfx-1024x768x16 - - grub2-efi - - - public - true - off - true - - - For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted. - - eth0 - - false - public - - - - dhcpv6-client - - Public - default - - - - - - false - - - - - 100 - users - - - - - - - 127.0.0.1 - - localhost - - - - ::1 - - localhost ipv6-localhost ipv6-loopback - - - - fe00::0 - - ipv6-localnet - - - - ff00::0 - - ipv6-mcastprefix - - - - ff02::1 - - ipv6-allnodes - - - - ff02::2 - - ipv6-allrouters - - - - ff02::3 - - ipv6-allhosts - - - - - - - - AUTO - - - true - localhost - auto - - - - dhcp - eth0 - auto - public - - - true - true - false - - - eth0 - KERNELS - 0000:00:04.0 - - - - false - false - - - - auto - false - false - - false - - - - - false - false - - - - /dev/vda - gpt - true - - - true - false - utf8 - /boot/efi - uuid - 263 - 1 - false - 8388608 - - - true - true - btrfs - true - / - uuid - 131 - 2 - true - false - 30054285312 - - - false - var - - - true - usr/local - - - true - tmp - - - true - srv - - - true - root - - - true - opt - - - true - home - - - true - boot/grub2/x86_64-efi - - - true - boot/grub2/i386-pc - - - @ - - - true - swap - true - swap - uuid - 130 - 3 - false - 2148515328 - - - CT_DISK - all - - - - false - - - reboot - /usr/lib/cracklib_dict - no - no - insecure - 3 - 60000 - 1000 - active_console - 184 - apparmor - secure - 0 - 0 - 0 - 99999 - 0 - 5 - 7 - sha512 - 0 - yes - easy - - no - 499 - 100 - 499 - 100 - no - 60000 - 1000 - /usr/sbin/useradd.local - /usr/sbin/userdel-post.local - /usr/sbin/userdel-pre.local - - - graphical - - - bluetooth - firewalld - wickedd-auto4 - wickedd-dhcp4 - wickedd-dhcp6 - wickedd-nanny - wicked - sshd - systemd-remount-fs - - - - - true - - - wicked - snapper - sle-module-server-applications-release - sle-module-desktop-applications-release - sle-module-basesystem-release - openssh - kexec-tools - grub2 - glibc - firewalld - e2fsprogs - btrfsprogs - autoyast2 - - - apparmor - base - basesystem - basic_desktop - enhanced_base - fonts - gnome_basic - gnome_basis - minimal_base - x11 - x11_enhanced - x11_yast - yast2_basis - yast2_desktop - yast2_server - - - SLES - - - - false - false - - - - - {{ARCH}} - sle-module-desktop-applications - - nil - {{VERSION}} - - - {{ARCH}} - sle-module-server-applications - - nil - {{VERSION}} - - - {{ARCH}} - sle-module-basesystem - - nil - {{VERSION}} - - - true - - true - {{SCC_REGCODE}} - {{SCC_URL}} - false - - - false - - - America/New_York - - - - 100 - /home - -1 - /bin/bash - 022 - - - - - true - bernhard - 100 - /home/bernhard - false - - - - - 99999 - 0 - 7 - - /bin/bash - 1000 - $6$vYbbuJ9WMriFxGHY$gQ7shLw9ZBsRcPgo6/8KmfDvQ/lCqxW8/WnMoLCoWGdHO6Touush1nhegYfdBbXRpsQuy/FTZZeg7gQL50IbA/ - bernhard - - - - true - root - 0 - /root - false - - - - - - - - - /bin/bash - 0 - $6$gdDHoMtVLjs4CCzf$2tSvAdgvqrKo84pA59bEjZRh7IGMfv4u0Yl4hrRzPgFPWLd8RXWdn/boT7yM3K3BlTk57qyR0TZ/nMb9rlpzx1 - root - - - diff --git a/data/security/autoyast/create_hdd_textmode_aarch64.xml b/data/security/autoyast/create_hdd_textmode_aarch64.xml deleted file mode 100644 index ed4b62fd5d4e..000000000000 --- a/data/security/autoyast/create_hdd_textmode_aarch64.xml +++ /dev/null @@ -1,409 +0,0 @@ - - - - - - auto - auto - false - false - true - gfxterm - -1 - true - vga=gfx-1024x768x16 - - grub2-efi - - - public - true - off - true - - - For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted. - - eth0 - - false - public - - - - dhcpv6-client - - Public - default - - - - - - false - - - - - 100 - users - - - - - - - 127.0.0.1 - - localhost - - - - ::1 - - localhost ipv6-localhost ipv6-loopback - - - - fe00::0 - - ipv6-localnet - - - - ff00::0 - - ipv6-mcastprefix - - - - ff02::1 - - ipv6-allnodes - - - - ff02::2 - - ipv6-allrouters - - - - ff02::3 - - ipv6-allhosts - - - - - - - - AUTO - - - true - localhost - auto - - - - dhcp - eth0 - auto - public - - - true - true - false - - - eth0 - KERNELS - 0000:00:03.0 - - - - false - false - - - - auto - false - false - - false - - - - - false - false - - - - /dev/vda - gpt - true - - - true - vfat - true - utf8 - /boot/efi - uuid - 259 - 1 - false - 134217728 - - - true - true - btrfs - true - / - uuid - 131 - 2 - true - false - 29928456192 - - - false - var - - - true - usr/local - - - true - tmp - - - true - srv - - - true - root - - - true - opt - - - true - home - - - true - boot/grub2/arm64-efi - - - @ - - - true - swap - true - swap - uuid - 130 - 3 - false - 2148515328 - - - CT_DISK - all - - - - false - - - reboot - /usr/lib/cracklib_dict - no - no - insecure - 3 - 60000 - 1000 - active_console - 184 - apparmor - secure - 0 - 0 - 0 - 99999 - 0 - 5 - 7 - sha512 - 0 - yes - easy - - no - 499 - 100 - 499 - 100 - no - 60000 - 1000 - /usr/sbin/useradd.local - /usr/sbin/userdel-post.local - /usr/sbin/userdel-pre.local - - - multi-user - - - bluetooth - firewalld - wickedd-auto4 - wickedd-dhcp4 - wickedd-dhcp6 - wickedd-nanny - wicked - sshd - systemd-remount-fs - - - - - true - - - wicked - snapper - sle-module-server-applications-release - sle-module-basesystem-release - shim - openssh - mokutil - kexec-tools - grub2-arm64-efi - glibc - firewalld - e2fsprogs - dosfstools - btrfsprogs - autoyast2 - - - apparmor - base - basesystem - basic_desktop - enhanced_base - minimal_base - x11 - x11_yast - yast2_basis - - - SLES - - - - false - false - - - - - {{ARCH}} - sle-module-desktop-applications - - nil - {{VERSION}} - - - {{ARCH}} - sle-module-server-applications - - nil - {{VERSION}} - - - {{ARCH}} - sle-module-basesystem - - nil - {{VERSION}} - - - true - - false - {{SCC_REGCODE}} - {{SCC_URL}} - false - - - false - - - America/New_York - - - - 100 - /home - -1 - /bin/bash - 022 - - - - - true - bernhard - 100 - /home/bernhard - false - - - - - 99999 - 0 - 7 - - /bin/bash - 1000 - $6$nlyUsz9D5QndKC3b$eJ5qKJKrKgYnnm4x0iHoXikFCtdfX2kJioW.1SlZcyAJb.plseJaOMrVAbjdcXidD1dlGMwv.PkVp.joRG0Xa. - bernhard - - - - true - root - 0 - /root - false - - - - - - - - - /bin/bash - 0 - $6$mhonb/3TIuegSE4m$l/1CZdAxYWvV8KwIWwQxXxo5JOh9IGOu11VMnd2XHuJGQzXnN.rN6LGv5189751zOYm/ommDfJtp3UzK300QI0 - root - - - diff --git a/data/security/autoyast/create_hdd_textmode_s390x.xml b/data/security/autoyast/create_hdd_textmode_s390x.xml deleted file mode 100644 index 0d386f9408de..000000000000 --- a/data/security/autoyast/create_hdd_textmode_s390x.xml +++ /dev/null @@ -1,457 +0,0 @@ - - - - - - auto - auto - false - false - false - console - -1 - false - true - crashkernel=147M\<4G - - grub2 - - - - false - - - public - true - off - true - - - For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted. - - eth0 - - false - public - - - - dhcpv6-client - ssh - tigervnc - tigervnc-https - - Public - default - - - - - false - - false - - - - - 100 - users - - - - - - - 127.0.0.1 - - localhost - - - - ::1 - - localhost ipv6-localhost ipv6-loopback - - - - fe00::0 - - ipv6-localnet - - - - ff00::0 - - ipv6-mcastprefix - - - - ff02::1 - - ipv6-allnodes - - - - ff02::2 - - ipv6-allrouters - - - - ff02::3 - - ipv6-allhosts - - - - - - true - 147M - 147M\<4G - - - - - true - yes - - lzo - 31 - 64 - - yes - 5 - - auto - 30 - - - - - - /var/crash - - - - - 3 - - - - - - - AUTO - - - false - localhost - auto - - - - dhcp - eth0 - auto - public - - - true - true - false - - - eth0 - KERNELS - 0.0.0001 - - - - false - false - - - - auto - false - false - suse.de - false - - - - - false - false - - - - /dev/disk/by-path/ccw-0.0.0000 - gpt - true - - - true - ext2 - true - /boot/zipl - path - 131 - 1 - false - 314572800 - - - true - true - btrfs - true - / - path - 131 - 2 - true - false - 29748101120 - - - false - var - - - true - usr/local - - - true - tmp - - - true - srv - - - true - root - - - true - opt - - - true - home - - - true - boot/grub2/s390x-emu - - - @ - - - true - swap - true - swap - path - 130 - 3 - false - 2148515328 - - - CT_DISK - all - - - - false - - - halt - /usr/lib/cracklib_dict - no - no - insecure - 3 - 60000 - 1000 - active_console - 184 - apparmor - secure - 0 - 0 - 0 - 99999 - 0 - 5 - 7 - sha512 - 0 - yes - easy - - no - 499 - 100 - 499 - 100 - no - 60000 - 1000 - /usr/sbin/useradd.local - /usr/sbin/userdel-post.local - /usr/sbin/userdel-pre.local - - - multi-user - - - bluetooth - firewalld - wickedd-auto4 - wickedd-dhcp4 - wickedd-dhcp6 - wickedd-nanny - kdump - kdump-early - wicked - sshd - systemd-remount-fs - - - - - true - - - xorg-x11-Xvnc - wicked - snapper - sle-module-server-applications-release - sle-module-desktop-applications-release - sle-module-basesystem-release - openssh - kexec-tools - kdump - icewm - grub2 - glibc - firewalld - e2fsprogs - btrfsprogs - autoyast2 - - - apparmor - base - basesystem - basic_desktop - enhanced_base - minimal_base - x11 - x11_yast - yast2_basis - - - SLES - - - - false - false - - - - - {{ARCH}} - sle-module-desktop-applications - - nil - {{VERSION}} - - - {{ARCH}} - sle-module-server-applications - - nil - {{VERSION}} - - - {{ARCH}} - sle-module-basesystem - - nil - {{VERSION}} - - - true - - true - {{SCC_REGCODE}} - {{SCC_URL}} - false - - - false - - - America/New_York - - - - 100 - /home - -1 - /bin/bash - 022 - - - - - true - bernhard - 100 - /home/bernhard - false - - - - - 99999 - 0 - 7 - - /bin/bash - 1000 - $6$6RgkTGJ05UVUJU88$Ua5zt.hGkbPlxmcZl4WPFL.42VW1llVEIFPuG61GRjq3asF9uld5WvyigHsuBk.UYoX0nzTwqKQt0gHZtxoyl. - bernhard - - - - true - root - 0 - /root - false - - - - - - - - - /bin/bash - 0 - $6$zZ1FLsISt3B04DXN$67ySUew7yGeC95sNgAXBlu1H4.V1p1A.iTZClUi2sxv3wcpfKz6S3K85gaseR..4hUhGxhlFGgh/W/U8JrOaz1 - root - - - - - - diff --git a/data/security/autoyast/create_hdd_textmode_x86_64.xml b/data/security/autoyast/create_hdd_textmode_x86_64.xml deleted file mode 100644 index 469ba583bc78..000000000000 --- a/data/security/autoyast/create_hdd_textmode_x86_64.xml +++ /dev/null @@ -1,392 +0,0 @@ - - - - - - auto - auto - false - false - true - gfxterm - -1 - false - true - vga=gfx-1024x768x16 - - grub2 - - - public - true - off - true - - - For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted. - - eth0 - - false - public - - - - dhcpv6-client - - Public - default - - - - - - false - - - - - 100 - users - - - - - - - 127.0.0.1 - - localhost - - - - ::1 - - localhost ipv6-localhost ipv6-loopback - - - - fe00::0 - - ipv6-localnet - - - - ff00::0 - - ipv6-mcastprefix - - - - ff02::1 - - ipv6-allnodes - - - - ff02::2 - - ipv6-allrouters - - - - ff02::3 - - ipv6-allhosts - - - - - - - - AUTO - - - true - localhost - auto - - - - dhcp - eth0 - auto - public - - - true - true - false - - - eth0 - KERNELS - 0000:00:04.0 - - - - false - false - - - - auto - false - false - - false - - - - - false - false - - - - /dev/vda - gpt - true - - - true - true - btrfs - true - / - uuid - 131 - 2 - true - false - 29525803008 - - - false - var - - - true - usr/local - - - true - tmp - - - true - srv - - - true - root - - - true - opt - - - true - home - - - true - boot/grub2/x86_64-efi - - - true - boot/grub2/i386-pc - - - @ - - - true - swap - true - swap - uuid - 130 - 3 - false - 2148515328 - - - CT_DISK - all - - - - false - - - reboot - /usr/lib/cracklib_dict - no - no - insecure - 3 - 60000 - 1000 - active_console - 184 - apparmor - secure - 0 - 0 - 0 - 99999 - 0 - 5 - 7 - sha512 - 0 - yes - easy - - no - 499 - 100 - 499 - 100 - no - 60000 - 1000 - /usr/sbin/useradd.local - /usr/sbin/userdel-post.local - /usr/sbin/userdel-pre.local - - - multi-user - - - bluetooth - firewalld - wickedd-auto4 - wickedd-dhcp4 - wickedd-dhcp6 - wickedd-nanny - wicked - sshd - systemd-remount-fs - - - - - true - - - wicked - snapper - sle-module-server-applications-release - sle-module-basesystem-release - openssh - grub2 - kexec-tools - glibc - firewalld - e2fsprogs - dosfstools - btrfsprogs - autoyast2 - - - apparmor - base - basic_desktop - enhanced_base - minimal_base - x11 - x11_yast - yast2_basis - - - SLES - - - - false - false - - - - - {{ARCH}} - sle-module-server-applications - - nil - {{VERSION}} - - - {{ARCH}} - sle-module-basesystem - - nil - {{VERSION}} - - - true - - false - {{SCC_REGCODE}} - {{SCC_URL}} - false - - - false - - - America/New_York - - - - 100 - /home - -1 - /bin/bash - 022 - - - - - true - bernhard - 100 - /home/bernhard - false - - - - - 99999 - 0 - 7 - - /bin/bash - 1000 - $6$vYbbuJ9WMriFxGHY$gQ7shLw9ZBsRcPgo6/8KmfDvQ/lCqxW8/WnMoLCoWGdHO6Touush1nhegYfdBbXRpsQuy/FTZZeg7gQL50IbA/ - bernhard - - - - true - root - 0 - /root - false - - - - - - - - - /bin/bash - 0 - $6$gdDHoMtVLjs4CCzf$2tSvAdgvqrKo84pA59bEjZRh7IGMfv4u0Yl4hrRzPgFPWLd8RXWdn/boT7yM3K3BlTk57qyR0TZ/nMb9rlpzx1 - root - - - diff --git a/data/security/autoyast/create_hdd_textmode_x86_64_uefi.xml b/data/security/autoyast/create_hdd_textmode_x86_64_uefi.xml deleted file mode 100644 index fc551622b74c..000000000000 --- a/data/security/autoyast/create_hdd_textmode_x86_64_uefi.xml +++ /dev/null @@ -1,406 +0,0 @@ - - - - - - auto - auto - false - false - true - gfxterm - -1 - false - true - vga=gfx-1024x768x16 - - grub2-efi - - - public - true - off - true - - - For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted. - - eth0 - - false - public - - - - dhcpv6-client - - Public - default - - - - - - false - - - - - 100 - users - - - - - - - 127.0.0.1 - - localhost - - - - ::1 - - localhost ipv6-localhost ipv6-loopback - - - - fe00::0 - - ipv6-localnet - - - - ff00::0 - - ipv6-mcastprefix - - - - ff02::1 - - ipv6-allnodes - - - - ff02::2 - - ipv6-allrouters - - - - ff02::3 - - ipv6-allhosts - - - - - - - - AUTO - - - true - localhost - auto - - - - dhcp - eth0 - auto - public - - - true - true - false - - - eth0 - KERNELS - 0000:00:04.0 - - - - false - false - - - - auto - false - false - - false - - - - - false - false - - - - /dev/vda - gpt - true - - - true - vfat - true - utf8 - /boot/efi - uuid - 259 - 1 - false - 536870912 - - - true - true - btrfs - true - / - uuid - 131 - 2 - true - false - 29525803008 - - - false - var - - - true - usr/local - - - true - tmp - - - true - srv - - - true - root - - - true - opt - - - true - home - - - true - boot/grub2/x86_64-efi - - - true - boot/grub2/i386-pc - - - @ - - - true - swap - true - swap - uuid - 130 - 3 - false - 2148515328 - - - CT_DISK - all - - - - false - - - reboot - /usr/lib/cracklib_dict - no - no - insecure - 3 - 60000 - 1000 - active_console - 184 - apparmor - secure - 0 - 0 - 0 - 99999 - 0 - 5 - 7 - sha512 - 0 - yes - easy - - no - 499 - 100 - 499 - 100 - no - 60000 - 1000 - /usr/sbin/useradd.local - /usr/sbin/userdel-post.local - /usr/sbin/userdel-pre.local - - - multi-user - - - bluetooth - firewalld - wickedd-auto4 - wickedd-dhcp4 - wickedd-dhcp6 - wickedd-nanny - wicked - sshd - systemd-remount-fs - - - - - true - - - wicked - snapper - sle-module-server-applications-release - sle-module-basesystem-release - shim - openssh - mokutil - kexec-tools - grub2-x86_64-efi - glibc - firewalld - e2fsprogs - dosfstools - btrfsprogs - autoyast2 - - - apparmor - base - basic_desktop - enhanced_base - minimal_base - x11 - x11_yast - yast2_basis - - - SLES - - - - false - false - - - - - {{ARCH}} - sle-module-server-applications - - nil - {{VERSION}} - - - {{ARCH}} - sle-module-basesystem - - nil - {{VERSION}} - - - true - - true - {{SCC_REGCODE}} - {{SCC_URL}} - false - - - false - - - America/New_York - - - - 100 - /home - -1 - /bin/bash - 022 - - - - - true - bernhard - 100 - /home/bernhard - false - - - - - 99999 - 0 - 7 - - /bin/bash - 1000 - $6$vYbbuJ9WMriFxGHY$gQ7shLw9ZBsRcPgo6/8KmfDvQ/lCqxW8/WnMoLCoWGdHO6Touush1nhegYfdBbXRpsQuy/FTZZeg7gQL50IbA/ - bernhard - - - - true - root - 0 - /root - false - - - - - - - - - /bin/bash - 0 - $6$gdDHoMtVLjs4CCzf$2tSvAdgvqrKo84pA59bEjZRh7IGMfv4u0Yl4hrRzPgFPWLd8RXWdn/boT7yM3K3BlTk57qyR0TZ/nMb9rlpzx1 - root - - - diff --git a/data/security/autoyast/gnome.xml b/data/security/autoyast/gnome.xml new file mode 100644 index 000000000000..4be65d2dde52 --- /dev/null +++ b/data/security/autoyast/gnome.xml @@ -0,0 +1,194 @@ + + + + + true + + {{SCC_REGCODE}} + true + {{SCC_URL}} + + + sle-module-server-applications + {{VERSION}} + {{ARCH}} + + + sle-module-desktop-applications + {{VERSION}} + {{ARCH}} + + + sle-module-development-tools + {{VERSION}} + {{ARCH}} + + + sle-module-python3 + {{VERSION}} + {{ARCH}} + + + + + + -1 + + + + + false + + + + + true + true + 0 + + + true + true + 0 + + + true + true + 0 + + + true + true + 0 + + + + + + false + bios + + + english-us + + + en_US + + + + auto + + + true + + grub2 + sles-release + sle-module-server-applications-release + sle-module-development-tools-release + sle-module-desktop-applications-release + sle-module-basesystem-release + sle-module-python3-release + + + apparmor + base + basesystem + documentation + enhanced_base + gnome_basic + gnome_basis + minimal_base + x11 + x11_enhanced + + + SLES + + + + + + dhcp + eth0 + yes + auto + + + + + public + true + off + true + + + For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted. + + eth0 + + false + public + + + + dhcpv6-client + ssh + tigervnc + tigervnc-https + + Public + default + + + + + UTC + Europe/Berlin + + + graphical + + + sshd + + + + + + false + Bernhard M. Wiedemann + 100 + /home/bernhard + + + + -1 + 99999 + 0 + 7 + + /bin/bash + 1000 + {{PASSWORD}} + bernhard + + + false + root + 0 + /root + + + + + + + + + /bin/bash + 0 + {{PASSWORD}} + root + + + diff --git a/data/security/autoyast/textmode.xml b/data/security/autoyast/textmode.xml new file mode 100644 index 000000000000..7495d7812432 --- /dev/null +++ b/data/security/autoyast/textmode.xml @@ -0,0 +1,192 @@ + + + + + true + + {{SCC_REGCODE}} + true + {{SCC_URL}} + + + sle-module-server-applications + {{VERSION}} + {{ARCH}} + + + sle-module-desktop-applications + {{VERSION}} + {{ARCH}} + + + sle-module-development-tools + {{VERSION}} + {{ARCH}} + + + sle-module-python3 + {{VERSION}} + {{ARCH}} + + + + + + -1 + + + + + false + + + + + true + true + 0 + + + true + true + 0 + + + true + true + 0 + + + true + true + 0 + + + + + + false + bios + + + english-us + + + en_US + + + + auto + + + true + + grub2 + sles-release + sle-module-server-applications-release + sle-module-development-tools-release + sle-module-desktop-applications-release + sle-module-basesystem-release + sle-module-python3-release + + + apparmor + base + basic_desktop + enhanced_base + minimal_base + x11 + x11_yast + yast2_basis + + + SLES + + + + + + dhcp + eth0 + yes + auto + + + + + public + true + off + true + + + For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted. + + eth0 + + false + public + + + + dhcpv6-client + ssh + tigervnc + tigervnc-https + + Public + default + + + + + UTC + Europe/Berlin + + + multi-user + + + sshd + + + + + + false + Bernhard M. Wiedemann + 100 + /home/bernhard + + + + -1 + 99999 + 0 + 7 + + /bin/bash + 1000 + {{PASSWORD}} + bernhard + + + false + root + 0 + /root + + + + + + + + + /bin/bash + 0 + {{PASSWORD}} + root + + + diff --git a/schedule/security/create_hdd_autoyast/autoyast_qesec.yaml b/schedule/security/create_hdd_autoyast/autoyast_qesec.yaml new file mode 100644 index 000000000000..31a5eb5468b5 --- /dev/null +++ b/schedule/security/create_hdd_autoyast/autoyast_qesec.yaml @@ -0,0 +1,20 @@ +name: autoyast_qesec +description: > + Autoyast installation of a gnome/textmode SLES system. +schedule: + - autoyast/prepare_profile + - installation/bootloader_start + - autoyast/installation + - installation/first_boot + - console/system_prepare + - console/hostname + - console/force_scheduled_tasks + - shutdown/grub_set_bootargs + - shutdown/cleanup_before_shutdown + - shutdown/shutdown + - '{{svirt_upload}}' +conditional_schedule: + svirt_upload: + ARCH: + s390x: + - shutdown/svirt_upload_assets diff --git a/schedule/security/extratests_fips_kernelmode.yaml b/schedule/security/extratests_fips_kernelmode.yaml deleted file mode 100644 index d23913cf21da..000000000000 --- a/schedule/security/extratests_fips_kernelmode.yaml +++ /dev/null @@ -1,47 +0,0 @@ ---- -name: extratests_fips_kernelmode -description: Qe Security test cases with fips enabled for Vendor Affirmation -schedule: - - installation/bootloader_start - - boot/boot_to_desktop - - fips/fips_setup - - console/prepare_test_data - - console/consoletest_setup - - console/curl_ipv6 - - console/wget_ipv6 - - console/ca_certificates_mozilla - - console/unzip - - console/rsync - - console/shells - - console/sudo - - console/dstat - - console/supportutils - - console/mdadm - - console/quota - - console/vhostmd - - console/rpcbind - - console/timezone - - console/procps - - console/iotop - - console/systemd_rpm_macros - - console/kmod - - console/suse_module_tools - - console/aaa_base - - console/gd - - console/vsftpd - - console/coredump_collect - - console/osinfo_db - - console/ovn - - console/firewalld - - console/libgcrypt - - console/zziplib - - console/nginx - - console/gdb - - console/sysctl - - '{{arch_specific}}' -conditional_schedule: - arch_specific: - ARCH: - x86_64: - - console/ansible -... diff --git a/schedule/security/fips_install_autoyast/separate_boot_textmode.yaml b/schedule/security/fips/autoyast_installation/separate_boot_textmode.yaml similarity index 100% rename from schedule/security/fips_install_autoyast/separate_boot_textmode.yaml rename to schedule/security/fips/autoyast_installation/separate_boot_textmode.yaml diff --git a/schedule/security/fips_check_packages_version.yaml b/schedule/security/fips/fips_check_packages_version.yaml similarity index 100% rename from schedule/security/fips_check_packages_version.yaml rename to schedule/security/fips/fips_check_packages_version.yaml diff --git a/schedule/security/fips/fips_env_mode_gnome.yaml b/schedule/security/fips/fips_env_mode_gnome.yaml new file mode 100644 index 000000000000..9f79c6ade503 --- /dev/null +++ b/schedule/security/fips/fips_env_mode_gnome.yaml @@ -0,0 +1,23 @@ +name: fips_ker_mode_textmode +description: > + This is for FIPS testing in env mode on a textmode system. +schedule: + - installation/bootloader_start + - boot/boot_to_desktop + - console/consoletest_setup + - fips/fips_setup + - '{{we_tests}}' + - x11/x3270_ssl + - '{{xca}}' + - fips/openjdk/prepare_env + - fips/openjdk/openjdk_fips +conditional_schedule: + xca: + ARCH: + x86_64: + - fips/xca + we_tests: + RUN_WE_MODULE_TESTS: + 1: + - x11/seahorse_sshkey + - x11/hexchat_ssl diff --git a/schedule/security/fips/fips_env_mode_textmode_core.yaml b/schedule/security/fips/fips_env_mode_textmode_core.yaml new file mode 100644 index 000000000000..193479f004f5 --- /dev/null +++ b/schedule/security/fips/fips_env_mode_textmode_core.yaml @@ -0,0 +1,25 @@ +name: fips_env_mode_textmode_core +description: > + This is for FIPS testing of core modules in env mode on a textmode system. +schedule: + - installation/bootloader_start + - boot/boot_to_desktop + - console/consoletest_setup + - fips/fips_setup + - console/cryptsetup + - security/libserf/libserf + - fips/openssl/openssl_fips_alglist + - fips/openssl/openssl_fips_hash + - fips/openssl/openssl_fips_cipher + - fips/openssl/dirmngr_setup + - fips/openssl/dirmngr_daemon + - console/openssl_alpn + - fips/mozilla_nss/nss_smoke + - fips/gnutls/gnutls_base_check + - fips/gnutls/gnutls_server + - fips/gnutls/gnutls_client + - fips/openssl/openssl_tlsv1_3 + - fips/openssl/openssl_pubkey_rsa + - fips/openssl/openssl_pubkey_dsa + - fips/openssh/openssh_fips + - console/libgcrypt diff --git a/schedule/security/fips/fips_env_mode_textmode_extra.yaml b/schedule/security/fips/fips_env_mode_textmode_extra.yaml new file mode 100644 index 000000000000..6180a8507943 --- /dev/null +++ b/schedule/security/fips/fips_env_mode_textmode_extra.yaml @@ -0,0 +1,68 @@ +name: fips_env_mode_textmode_extra +description: > + This is for FIPS testing of extra modules in env mode on a textmode system. +schedule: + - installation/bootloader_start + - boot/boot_to_desktop + - console/consoletest_setup + - fips/fips_setup + - fips/curl_fips_rc4_seed + - console/aide_check + - console/gpg + - console/journald_fss + - console/git + - console/clamav + - console/openvswitch_ssl + - security/ntpd + - console/ntp_client + - console/cups + - console/syslog + - x11/evolution/evolution_prepare_servers + - console/mutt + - console/curl_https + - console/wget_https + - console/w3m_https + - console/links_https + - console/lynx_https + - console/curl_ipv6 + - console/wget_ipv6 + - fips/squid/squid_init + - fips/squid/squid_web_proxy + - fips/squid/squid_reverse_proxy + - console/apache_ssl + - fips/mozilla_nss/apache_nssfips + - security/ecryptfs/ecryptfs + - security/vsftpd/vsftpd_setup + - security/vsftpd/vsftpd + - security/vsftpd/lftp + - console/ca_certificates_mozilla + - console/unzip + - console/rsync + - console/shells + - console/sudo + - console/dstat + - console/supportutils + - console/mdadm + - console/quota + - console/vhostmd + - console/rpcbind + - console/timezone + - console/procps + - console/iotop + - console/kmod + - console/suse_module_tools + - console/aaa_base + - console/gd + - console/coredump_collect + - console/osinfo_db + - console/ovn + - console/firewalld + - console/nginx + - console/gdb + - console/sysctl + - '{{suseconnect}}' +conditional_schedule: + suseconnect: + ARCH: + x86_64: + - console/suseconnect.pm diff --git a/schedule/security/fips_crypt_x11.yaml b/schedule/security/fips/fips_ker_mode_gnome.yaml similarity index 59% rename from schedule/security/fips_crypt_x11.yaml rename to schedule/security/fips/fips_ker_mode_gnome.yaml index c064c329956c..f49f45b08582 100644 --- a/schedule/security/fips_crypt_x11.yaml +++ b/schedule/security/fips/fips_ker_mode_gnome.yaml @@ -1,24 +1,18 @@ -name: fips_crypt_x11 +name: fips_ker_mode_gnome description: > - This is for the crypt_x11 fips tests. + This is for FIPS testing of in kernel mode on a GNOME system. schedule: - installation/bootloader_start - boot/boot_to_desktop - console/consoletest_setup - - '{{repo_setup}}' - fips/fips_setup - - '{{tests_for_64bit}}' + - '{{we_tests}}' - x11/x3270_ssl - '{{xca}}' - fips/mozilla_nss/firefox_nss + - fips/openjdk/prepare_env + - fips/openjdk/openjdk_fips conditional_schedule: - repo_setup: - BETA: - 1: - - security/test_repo_setup - FLAVOR: - Online-QR: - - security/test_repo_setup tests_for_64bit: ARCH: x86_64: @@ -27,8 +21,8 @@ conditional_schedule: ARCH: x86_64: - fips/xca - we_supported_versions: - VERSION: - 15-SP5: + we_tests: + WE_REQUIRED: + 1: - x11/seahorse_sshkey - x11/hexchat_ssl diff --git a/schedule/security/fips_crypt_core.yaml b/schedule/security/fips/fips_ker_mode_textmode_core.yaml similarity index 50% rename from schedule/security/fips_crypt_core.yaml rename to schedule/security/fips/fips_ker_mode_textmode_core.yaml index 9cde7d21d45e..c30ddf6957f5 100644 --- a/schedule/security/fips_crypt_core.yaml +++ b/schedule/security/fips/fips_ker_mode_textmode_core.yaml @@ -1,12 +1,14 @@ -name: fips_crypt_core +name: fips_ker_mode_textmode_core description: > - This is for the crypt_core fips tests. + This is for FIPS testing of core modules in kernel mode on a textmode system. schedule: - installation/bootloader_start - boot/boot_to_desktop - console/consoletest_setup - - '{{repo_setup}}' - fips/fips_setup + - security/dm_crypt + - console/cryptsetup + - security/libserf/libserf - fips/openssl/openssl_fips_alglist - fips/openssl/openssl_fips_hash - fips/openssl/openssl_fips_cipher @@ -20,25 +22,13 @@ schedule: - fips/openssl/openssl_tlsv1_3 - fips/openssl/openssl_pubkey_rsa - fips/openssl/openssl_pubkey_dsa - # dhparam only in ker mode - - '{{dhparam}}' + - fips/openssl/openssl_fips_dhparam - fips/openssh/openssh_fips - # ssh disabled in env mode, see poo#125648 - - '{{ssh}}' + - console/libgcrypt + - '{{libica}}' conditional_schedule: - repo_setup: - BETA: - 1: - - security/test_repo_setup - FLAVOR: - Online-QR: - - security/test_repo_setup - dhparam: - TEST: - fips_ker_mode_tests_crypt_core: - - fips/openssl/openssl_fips_dhparam - ssh: - TEST_SUITE_NAME: - fips_ker_mode_tests_crypt_core: - - console/sshd - - console/ssh_cleanup + libica: + ARCH: + s390x: + - fips/libica + - fips/libica_upstream_testsuite diff --git a/schedule/security/fips/fips_ker_mode_textmode_extra.yaml b/schedule/security/fips/fips_ker_mode_textmode_extra.yaml new file mode 100644 index 000000000000..b83dd0593097 --- /dev/null +++ b/schedule/security/fips/fips_ker_mode_textmode_extra.yaml @@ -0,0 +1,70 @@ +name: fips_ker_mode_textmode_extra +description: > + This is for FIPS testing of extra modules in kernel mode on a textmode system. +schedule: + - installation/bootloader_start + - boot/boot_to_desktop + - console/consoletest_setup + - fips/fips_setup + - fips/curl_fips_rc4_seed + - console/aide_check + - console/gpg + - console/journald_fss + - console/git + - console/clamav + - console/openvswitch_ssl + - security/ntpd + - console/ntp_client + - console/cups + - console/syslog + - x11/evolution/evolution_prepare_servers + - console/mutt + - console/curl_https + - console/wget_https + - console/w3m_https + - console/links_https + - console/lynx_https + - console/curl_ipv6 + - console/wget_ipv6 + - fips/squid/squid_init + - fips/squid/squid_web_proxy + - fips/squid/squid_reverse_proxy + - console/apache_ssl + - fips/mozilla_nss/apache_nssfips + - security/ecryptfs/ecryptfs + - security/vsftpd/vsftpd_setup + - security/vsftpd/vsftpd + - security/vsftpd/lftp + - console/ca_certificates_mozilla + - console/unzip + - console/rsync + - console/shells + - console/sudo + - console/dstat + - console/supportutils + - console/mdadm + - console/quota + - console/vhostmd + - console/rpcbind + - console/timezone + - console/procps + - console/iotop + - console/kmod + - console/suse_module_tools + - console/aaa_base + - console/gd + - console/coredump_collect + - console/osinfo_db + - console/ovn + - console/firewalld + - console/nginx + - console/gdb + - console/sysctl + - console/sshd + - console/ssh_cleanup + - '{{tests_for_x64}}' +conditional_schedule: + tests_for_x64: + ARCH: + x86_64: + - console/ansible diff --git a/schedule/security/crypt_krb5client.yaml b/schedule/security/fips/fips_krb5client.yaml similarity index 90% rename from schedule/security/crypt_krb5client.yaml rename to schedule/security/fips/fips_krb5client.yaml index d724f42ce332..03ca3de387dc 100644 --- a/schedule/security/crypt_krb5client.yaml +++ b/schedule/security/fips/fips_krb5client.yaml @@ -4,7 +4,6 @@ description: > schedule: - boot/boot_to_desktop - console/consoletest_setup - - security/verify_fips_enabled - security/krb5/krb5_crypt_prepare - security/krb5/krb5_crypt_setup_client - security/krb5/krb5_crypt_ssh_client diff --git a/schedule/security/crypt_krb5kdc.yaml b/schedule/security/fips/fips_krb5kdc.yaml similarity index 86% rename from schedule/security/crypt_krb5kdc.yaml rename to schedule/security/fips/fips_krb5kdc.yaml index 434210171426..05bc480cba29 100644 --- a/schedule/security/crypt_krb5kdc.yaml +++ b/schedule/security/fips/fips_krb5kdc.yaml @@ -4,6 +4,5 @@ description: > schedule: - boot/boot_to_desktop - console/consoletest_setup - - security/verify_fips_enabled - security/krb5/krb5_crypt_prepare - security/krb5/krb5_crypt_setup_kdc diff --git a/schedule/security/crypt_krb5server.yaml b/schedule/security/fips/fips_krb5server.yaml similarity index 90% rename from schedule/security/crypt_krb5server.yaml rename to schedule/security/fips/fips_krb5server.yaml index 251f2e2ce6a7..5b578c56feaa 100644 --- a/schedule/security/crypt_krb5server.yaml +++ b/schedule/security/fips/fips_krb5server.yaml @@ -4,7 +4,6 @@ description: > schedule: - boot/boot_to_desktop - console/consoletest_setup - - security/verify_fips_enabled - security/krb5/krb5_crypt_prepare - security/krb5/krb5_crypt_setup_server - security/krb5/krb5_crypt_ssh_server diff --git a/schedule/security/fips_strongswan_maint.yaml b/schedule/security/fips/fips_strongswan.yaml similarity index 54% rename from schedule/security/fips_strongswan_maint.yaml rename to schedule/security/fips/fips_strongswan.yaml index 0da64f0447db..0470d473067b 100644 --- a/schedule/security/fips_strongswan_maint.yaml +++ b/schedule/security/fips/fips_strongswan.yaml @@ -2,23 +2,21 @@ name: fips_strongswan description: > This is for testing strongswan in fips mode schedule: - - '{{bootloader_zkvm}}' + - installation/bootloader_start - boot/boot_to_desktop - - '{{setup_multimachine}}' + - network/setup_multimachine - console/consoletest_setup + - '{{repo_setup}}' - fips/fips_setup - '{{strongswan}}' conditional_schedule: - bootloader_zkvm: - ARCH: - s390x: - - installation/bootloader_zkvm - setup_multimachine: - ARCH: - aarch64: - - network/setup_multimachine - x86_64: - - network/setup_multimachine + repo_setup: + BETA: + 1: + - security/test_repo_setup + FLAVOR: + Online-QR: + - security/test_repo_setup strongswan: HOSTNAME: server: diff --git a/schedule/security/fips_crypt_kernel.yaml b/schedule/security/fips/fips_stunnel.yaml similarity index 71% rename from schedule/security/fips_crypt_kernel.yaml rename to schedule/security/fips/fips_stunnel.yaml index a36d09222120..0f6de4fdb335 100644 --- a/schedule/security/fips_crypt_kernel.yaml +++ b/schedule/security/fips/fips_stunnel.yaml @@ -1,14 +1,14 @@ -name: fips_crypt_kernel -description: > - This is for the crypt_kernel fips tests. +name: stunntl fips test +description: > + Update stunnel to 5.59 schedule: - installation/bootloader_start - boot/boot_to_desktop + - network/setup_multimachine - console/consoletest_setup - '{{repo_setup}}' - fips/fips_setup - - console/cryptsetup - - security/dm_crypt + - fips/stunnel conditional_schedule: repo_setup: BETA: diff --git a/schedule/security/fips_ipmi/fips_crypt_core.yaml b/schedule/security/fips/ipmi/fips_crypt_core.yaml similarity index 100% rename from schedule/security/fips_ipmi/fips_crypt_core.yaml rename to schedule/security/fips/ipmi/fips_crypt_core.yaml diff --git a/schedule/security/fips_ipmi/fips_crypt_kernel.yaml b/schedule/security/fips/ipmi/fips_crypt_kernel.yaml similarity index 100% rename from schedule/security/fips_ipmi/fips_crypt_kernel.yaml rename to schedule/security/fips/ipmi/fips_crypt_kernel.yaml diff --git a/schedule/security/fips_ipmi/fips_crypt_tool.yaml b/schedule/security/fips/ipmi/fips_crypt_tool.yaml similarity index 100% rename from schedule/security/fips_ipmi/fips_crypt_tool.yaml rename to schedule/security/fips/ipmi/fips_crypt_tool.yaml diff --git a/schedule/security/fips_ipmi/fips_crypt_web.yaml b/schedule/security/fips/ipmi/fips_crypt_web.yaml similarity index 100% rename from schedule/security/fips_ipmi/fips_crypt_web.yaml rename to schedule/security/fips/ipmi/fips_crypt_web.yaml diff --git a/schedule/security/fips/ipmi/fips_ker_mode_textmode.yaml b/schedule/security/fips/ipmi/fips_ker_mode_textmode.yaml new file mode 100644 index 000000000000..946c352dfa1c --- /dev/null +++ b/schedule/security/fips/ipmi/fips_ker_mode_textmode.yaml @@ -0,0 +1,7 @@ +name: fips_crypt_kernel +description: > + This is for the crypt_kernel fips tests. +schedule: + - boot/boot_to_desktop + - console/cryptsetup + - security/dm_crypt diff --git a/schedule/security/fips_ipmi/prepare_baremetal_fips.yaml b/schedule/security/fips/ipmi/prepare_baremetal_fips.yaml similarity index 100% rename from schedule/security/fips_ipmi/prepare_baremetal_fips.yaml rename to schedule/security/fips/ipmi/prepare_baremetal_fips.yaml diff --git a/schedule/security/fips_crypt_libica.yaml b/schedule/security/fips_crypt_libica.yaml deleted file mode 100644 index ccae95a42919..000000000000 --- a/schedule/security/fips_crypt_libica.yaml +++ /dev/null @@ -1,19 +0,0 @@ -name: fips_crypt_libica -description: > - This is for the crypt_libica fips tests. -schedule: - - installation/bootloader_start - - boot/boot_to_desktop - - console/consoletest_setup - - '{{repo_setup}}' - - fips/fips_setup - - fips/libica - - fips/libica_upstream_testsuite -conditional_schedule: - repo_setup: - BETA: - 1: - - security/test_repo_setup - FLAVOR: - Online-QR: - - security/test_repo_setup diff --git a/schedule/security/fips_crypt_openjdk.yaml b/schedule/security/fips_crypt_openjdk.yaml deleted file mode 100644 index bb844a92e4bf..000000000000 --- a/schedule/security/fips_crypt_openjdk.yaml +++ /dev/null @@ -1,19 +0,0 @@ -name: fips_crypt_openjdk -description: > - This is for the crypt_openjdk fips tests. -schedule: - - installation/bootloader_start - - boot/boot_to_desktop - - console/consoletest_setup - - '{{repo_setup}}' - - fips/fips_setup - - fips/openjdk/prepare_env - - fips/openjdk/openjdk_fips -conditional_schedule: - repo_setup: - BETA: - 1: - - security/test_repo_setup - FLAVOR: - Online-QR: - - security/test_repo_setup diff --git a/schedule/security/fips_crypt_tool.yaml b/schedule/security/fips_crypt_tool.yaml deleted file mode 100644 index 3f84c8f63a99..000000000000 --- a/schedule/security/fips_crypt_tool.yaml +++ /dev/null @@ -1,50 +0,0 @@ -name: fips_crypt_tool -description: > - This is for the crypt_tool fips tests. -schedule: - - installation/bootloader_start - - boot/boot_to_desktop - - console/consoletest_setup - - '{{repo_setup}}' - - fips/fips_setup - - fips/curl_fips_rc4_seed - - console/aide_check - - console/gpg - - console/journald_fss - - console/git - - console/clamav - - console/openvswitch_ssl - - security/ntpd - - console/ntp_client - - console/cups - - console/cryptsetup - - console/syslog - - x11/evolution/evolution_prepare_servers - - console/mutt - - fips/squid/squid_init - - fips/squid/squid_web_proxy - - fips/squid/squid_reverse_proxy - - security/ecryptfs/ecryptfs - - security/libserf/libserf - - security/vsftpd/vsftpd_setup - - security/vsftpd/vsftpd - - security/vsftpd/lftp - - '{{kern_only_tests}}' -conditional_schedule: - repo_setup: - BETA: - 1: - - security/test_repo_setup - FLAVOR: - Online-QR: - - security/test_repo_setup - kern_only_tests: - TEST: - fips_ker_mode_tests_crypt_tool: - - '{{live_patch_available}}' - live_patch_available: - ARCH: - s390x: - - console/suseconnect.pm - x86_64: - - console/suseconnect.pm diff --git a/schedule/security/fips_crypt_web.yaml b/schedule/security/fips_crypt_web.yaml deleted file mode 100644 index 65f53f201f27..000000000000 --- a/schedule/security/fips_crypt_web.yaml +++ /dev/null @@ -1,24 +0,0 @@ -name: fips_crypt_web -description: > - This is for the crypt_web fips tests. -schedule: - - installation/bootloader_start - - boot/boot_to_desktop - - console/consoletest_setup - - '{{repo_setup}}' - - fips/fips_setup - - console/curl_https - - console/wget_https - - console/w3m_https - - console/links_https - - console/lynx_https - - console/apache_ssl - - fips/mozilla_nss/apache_nssfips -conditional_schedule: - repo_setup: - BETA: - 1: - - security/test_repo_setup - FLAVOR: - Online-QR: - - security/test_repo_setup diff --git a/schedule/security/fips_env_mode_powervm.yaml b/schedule/security/fips_env_mode_powervm.yaml deleted file mode 100644 index 5276e1f331b6..000000000000 --- a/schedule/security/fips_env_mode_powervm.yaml +++ /dev/null @@ -1,53 +0,0 @@ -name: fips_env_mode_powervm -description: > - This is for the FIPS tests in ENV mode on the pvm_hmc backend. -schedule: - - installation/bootloader_start - - boot/boot_to_desktop - - console/consoletest_setup - - '{{repo_setup}}' - - fips/fips_setup - - console/yast2_vnc - - fips/openssl/openssl_fips_alglist - - fips/openssl/openssl_fips_hash - - fips/openssl/openssl_fips_cipher - - fips/openssl/dirmngr_setup - - fips/openssl/dirmngr_daemon - - fips/gnutls/gnutls_base_check - - fips/gnutls/gnutls_server - - fips/gnutls/gnutls_client - - fips/openssl/openssl_tlsv1_3 - - fips/openssl/openssl_pubkey_rsa - - fips/openssl/openssl_pubkey_dsa - - fips/openssh/openssh_fips - - fips/curl_fips_rc4_seed - - fips/squid/squid_init - - fips/squid/squid_web_proxy - - fips/squid/squid_reverse_proxy - - console/aide_check - - console/gpg - - console/journald_fss - - console/git - - console/clamav - - console/openvswitch_ssl - - console/ntp_client - - console/cups - - console/syslog - - console/curl_https - - console/wget_https - - console/w3m_https - - console/links_https - - console/lynx_https - - console/apache_ssl - - fips/mozilla_nss/apache_nssfips - - x11/x3270_ssl - - x11/evolution/evolution_prepare_servers - - console/mutt -conditional_schedule: - repo_setup: - BETA: - 1: - - security/test_repo_setup - FLAVOR: - Online-QR: - - security/test_repo_setup diff --git a/schedule/security/fips_ker_mode_powervm.yaml b/schedule/security/fips_ker_mode_powervm.yaml deleted file mode 100644 index 18e025c33d12..000000000000 --- a/schedule/security/fips_ker_mode_powervm.yaml +++ /dev/null @@ -1,59 +0,0 @@ -name: fips_env_mode_powervm -description: > - This is for the FIPS tests in ENV mode on the pvm_hmc backend. -schedule: - - installation/bootloader_start - - boot/boot_to_desktop - - console/consoletest_setup - - '{{repo_setup}}' - - fips/fips_setup - - console/yast2_vnc - - fips/openssl/openssl_fips_alglist - - fips/openssl/openssl_fips_hash - - fips/openssl/openssl_fips_cipher - - fips/openssl/dirmngr_setup - - fips/openssl/dirmngr_daemon - - fips/gnutls/gnutls_base_check - - fips/gnutls/gnutls_server - - fips/gnutls/gnutls_client - - fips/openssl/openssl_tlsv1_3 - - fips/openssl/openssl_pubkey_rsa - - fips/openssl/openssl_pubkey_dsa - - fips/openssh/openssh_fips - - fips/curl_fips_rc4_seed - - fips/squid/squid_init - - fips/squid/squid_web_proxy - - fips/squid/squid_reverse_proxy - - console/aide_check - - console/gpg - - console/journald_fss - - console/git - - console/clamav - - console/openvswitch_ssl - - console/ntp_client - - console/cups - - console/syslog - - console/curl_https - - console/wget_https - - console/w3m_https - - console/links_https - - console/lynx_https - - console/apache_ssl - - fips/mozilla_nss/nss_smoke - - fips/mozilla_nss/apache_nssfips - - fips/mozilla_nss/firefox_nss - - x11/x3270_ssl - - x11/evolution/evolution_prepare_servers - - console/mutt - - console/cryptsetup - - security/dm_crypt - - console/sshd - - console/ssh_cleanup -conditional_schedule: - repo_setup: - BETA: - 1: - - security/test_repo_setup - FLAVOR: - Online-QR: - - security/test_repo_setup diff --git a/schedule/security/fips_strongswan.yaml b/schedule/security/fips_strongswan.yaml deleted file mode 100644 index ac4c39212ee4..000000000000 --- a/schedule/security/fips_strongswan.yaml +++ /dev/null @@ -1,28 +0,0 @@ -name: fips_strongswan -description: > - This is for testing strongswan in fips mode -schedule: - - '{{bootloader_zkvm}}' - - boot/boot_to_desktop - - '{{setup_multimachine}}' - - console/consoletest_setup - - security/test_repo_setup - - fips/fips_setup - - '{{strongswan}}' -conditional_schedule: - bootloader_zkvm: - ARCH: - s390x: - - installation/bootloader_zkvm - setup_multimachine: - ARCH: - aarch64: - - network/setup_multimachine - x86_64: - - network/setup_multimachine - strongswan: - HOSTNAME: - server: - - fips/strongswan/strongswan_server - client: - - fips/strongswan/strongswan_client diff --git a/schedule/security/fips_xrdp.yaml b/schedule/security/fips_xrdp.yaml deleted file mode 100644 index bd982cffe52c..000000000000 --- a/schedule/security/fips_xrdp.yaml +++ /dev/null @@ -1,17 +0,0 @@ -name: fips_xrdp -description: > - This is for the XRDP tests. -schedule: - - '{{role_type}}' -conditional_schedule: - role_type: - REMOTE_DESKTOP_TYPE: - 'xrdp_server': - - boot/boot_to_desktop - - security/verify_fips_enabled - - x11/window_system - - security/fips_xrdp_server - 'win_client': - - x11/remote_desktop/windows_client_boot - - x11/remote_desktop/windows_network_setup - - x11/remote_desktop/windows_client_remotelogin diff --git a/schedule/security/stunnel_fips.yaml b/schedule/security/stunnel_fips.yaml deleted file mode 100644 index d220e1bb5a50..000000000000 --- a/schedule/security/stunnel_fips.yaml +++ /dev/null @@ -1,10 +0,0 @@ -name: stunntl fips test -description: > - Update stunnel to 5.59 -schedule: - - boot/boot_to_desktop - - console/consoletest_setup - - network/setup_multimachine - - security/test_repo_setup - - fips/fips_setup - - fips/stunnel diff --git a/schedule/security/stunnel_fips_maint.yaml b/schedule/security/stunnel_fips_maint.yaml deleted file mode 100644 index 4551130b131a..000000000000 --- a/schedule/security/stunnel_fips_maint.yaml +++ /dev/null @@ -1,9 +0,0 @@ -name: stunntl fips test -description: > - Update stunnel to 5.59 -schedule: - - boot/boot_to_desktop - - console/consoletest_setup - - network/setup_multimachine - - fips/fips_setup - - fips/stunnel diff --git a/tests/security/verify_fips_enabled.pm b/tests/security/verify_fips_enabled.pm deleted file mode 100644 index 5cba35fc9a2b..000000000000 --- a/tests/security/verify_fips_enabled.pm +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright 2024 SUSE LLC -# SPDX-License-Identifier: GPL-2.0-or-later -# -# Summary: make sure that FIPS is enabled -# Maintainer: QE Security - -use base "opensusebasetest"; -use strict; -use warnings; -use testapi; -use serial_terminal 'select_serial_terminal'; - -sub run { - my ($self) = @_; - - select_serial_terminal; - - assert_script_run q(grep '^1$' /proc/sys/crypto/fips_enabled); -} - -1; diff --git a/tests/x11/seahorse_sshkey.pm b/tests/x11/seahorse_sshkey.pm index 9d34f4f37a9d..cb1e880d4fe3 100644 --- a/tests/x11/seahorse_sshkey.pm +++ b/tests/x11/seahorse_sshkey.pm @@ -43,7 +43,7 @@ sub run { assert_screen 'seahorse-new-sshkey'; # Dialog : "Add password; New ssh key" send_key 'alt-d'; type_string "Keyring test"; # Name of new ssh key - send_key 'alt-j'; # Just Create ssh key without setup + send_key is_sle('<15-SP6') ? 'alt-j' : 'alt-g'; # Just Create ssh key without setup if (check_screen("seahorse-sshkey-inhibit", timeout => 8)) { assert_and_click "seahorse-sshkey-inhibit"; }