Merge pull request #95 from Azure/bcwilhiteLinuxUpdate

Linux STIG Update
2023-05-10 12:36:28 -04:00 · 2023-05-10 12:36:28 -04:00 · c5d95812dd
--- a/stig/linux/config/CentOS74.mof
+++ b/stig/linux/config/CentOS74.mof
--- a/stig/linux/config/CentOS75.mof
+++ b/stig/linux/config/CentOS75.mof
--- a/stig/linux/config/CentOS76.mof
+++ b/stig/linux/config/CentOS76.mof
--- a/stig/linux/config/CentOS77.mof
+++ b/stig/linux/config/CentOS77.mof
--- a/stig/linux/config/CentOS78.mof
+++ b/stig/linux/config/CentOS78.mof
--- a/stig/linux/config/CentOS79.mof
+++ b/stig/linux/config/CentOS79.mof
--- a/stig/linux/config/RHEL74.mof
+++ b/stig/linux/config/RHEL74.mof
--- a/stig/linux/config/RHEL75.mof
+++ b/stig/linux/config/RHEL75.mof
--- a/stig/linux/config/RHEL77.mof
+++ b/stig/linux/config/RHEL77.mof
--- a/stig/linux/config/RHEL78.mof
+++ b/stig/linux/config/RHEL78.mof
--- a/stig/linux/config/RHEL79.mof
+++ b/stig/linux/config/RHEL79.mof
--- a/stig/linux/config/Ubuntu1804-DataScience.mof
+++ b/stig/linux/config/Ubuntu1804-DataScience.mof
--- a/stig/linux/config/Ubuntu1804.mof
+++ b/stig/linux/config/Ubuntu1804.mof
--- a/stig/linux/config/localhost.mof
+++ b/stig/linux/config/localhost.mof
@ -1,7 +1,7 @@
 /*
@TargetNode='localhost'
@GeneratedBy=Microsoft
-@GenerationDate=06/30/2022 11:38:45
+@GenerationDate=03/09/2023 13:59:47
@GenerationHost=Microsoft
 */

@ -10,7 +10,7 @@ instance of MSFT_nxScriptResource as $MSFT_nxScriptResource1ref
 ResourceID = "[nxScript]EmptyDsc";
 GetScript = "#!/bin/bash\necho emptyGet";
 TestScript = "#!/bin/bash\nexit 0";
- SourceInfo = "D:\\dev\\project-chairlift\\linux\\build-linux-config.ps1::105::9::nxScript";
+ SourceInfo = "D:\\build-linux-config.ps1::93::9::nxScript";
 SetScript = "#!/bin/bash\necho emptySet";
 ModuleName = "nx";
 ModuleVersion = "1.0";
@ -34,7 +34,7 @@ instance of OMI_ConfigurationDocument
                        Author="Microsoft";


-                        GenerationDate="06/30/2022 11:38:45";
+                        GenerationDate="03/09/2023 13:59:47";


                        GenerationHost="Microsoft";
--- a/stig/linux/config/rhel8STIG-ansible.zip
+++ b/stig/linux/config/rhel8STIG-ansible.zip
--- a/stig/linux/createUiDefinition.json
+++ b/stig/linux/createUiDefinition.json
@ -179,14 +179,6 @@
                                    "value": "RHEL74",
                                    "label": "Red Hat Enterprise Linux 7.4"
                                },
-                                {
-                                    "value": "RHEL73",
-                                    "label": "Red Hat Enterprise Linux 7.3"
-                                },
-                                {
-                                    "value": "RHEL72",
-                                    "label": "Red Hat Enterprise Linux 7.2"
-                                },
                                {
                                    "value": "Ubuntu1804",
                                    "label": "Canonical Ubuntu 18.04 LTS"
@ -461,7 +453,8 @@
                                "subscription": "onBasic",
                                "location": "onBasic"
                            }
-                        }
+                        },
+                        "visible": "[not(equals(steps('instance').osVersion, 'Ubuntu1804-DataScience'))]"
                    },
                    {
                        "name": "textBlock1",
@ -505,6 +498,16 @@
                            "uri": "http://go.microsoft.com/fwlink/?LinkId=2125807"
                        },
                        "visible": "[or(equals(steps('instance').osVersion, 'RHEL77'), equals(steps('instance').osVersion, 'RHEL78'), equals(steps('instance').osVersion, 'Ubuntu1804'), equals(steps('instance').osVersion, 'Ubuntu1804-DataScience'), equals(steps('instance').osVersion, 'CentOS77'), equals(steps('instance').osVersion, 'CentOS78'), equals(steps('instance').osVersion, 'CentOS79'))]"
+                    },
+                    {
+                        "name": "infoBox1",
+                        "type": "Microsoft.Common.InfoBox",
+                        "options": {
+                            "icon": "Info",
+                            "text": "Ubuntu Data Science STIG Solution Template does not currently support Log Analytics workspace configuration at deployment time. However, this can be performed after deployment by uninstalling the DSCForLinux extension, then deploying the Log Analytics agent.",
+                            "uri": "https://learn.microsoft.com/en-us/azure/azure-government/documentation-government-stig-linux-vm"
+                        },
+                        "visible": "[equals(steps('instance').osVersion, 'Ubuntu1804-DataScience')]"
                    }
                ]
            }
--- a/stig/linux/mainTemplate.json
+++ b/stig/linux/mainTemplate.json
@ -66,8 +66,6 @@
                "RHEL77",
                "RHEL75",
                "RHEL74",
-                "RHEL73",
-                "RHEL72",
                "Ubuntu1804",
                "Ubuntu1804-DataScience"
            ],
@ -254,6 +252,7 @@
            "[variables('linuxBashUri')]",
            "[if(contains(variables('rhel8Versions'), parameters('osVersion')), variables('rhel8FileUri'), variables('mofDscFileUri'))]"
        ],
+        "omsAutoUpgrade": "[if(contains(variables('rhel8Versions'), parameters('osVersion')), 'true', 'false')]",
        "images": {
            "CentOS79": {
                "reference": {
@ -399,24 +398,6 @@
                },
                "stigFileName": "rhel7STIG.sh"
            },
-            "RHEL73": {
-                "reference": {
-                    "publisher": "RedHat",
-                    "offer": "RHEL",
-                    "sku": "7.3",
-                    "version": "latest"
-                },
-                "stigFileName": "rhel7STIG.sh"
-            },
-            "RHEL72": {
-                "reference": {
-                    "publisher": "RedHat",
-                    "offer": "RHEL",
-                    "sku": "7.2",
-                    "version": "latest"
-                },
-                "stigFileName": "rhel7STIG.sh"
-            },
            "Ubuntu1804": {
                "reference": {
                    "publisher": "Canonical",
@ -708,7 +689,7 @@
            "name": "[concat(parameters('vmName'), if(equals(variables('instanceCount'), 1), '', copyIndex()), '/Microsoft.EnterpriseCloud.Monitoring')]",
            "apiVersion": "2015-06-15",
            "location": "[parameters('location')]",
-            "condition": "[not(equals(parameters('logAnalyticsWorkspaceId'), ''))]",
+            "condition": "[and(not(equals(parameters('logAnalyticsWorkspaceId'), '')), not(equals(parameters('osVersion'), 'Ubuntu1804-DataScience')))]",
            "copy": {
                "name": "monitoringAgentLoop",
                "count": "[variables('instanceCount')]"
@ -720,7 +701,7 @@
                "publisher": "Microsoft.EnterpriseCloud.Monitoring",
                "type": "OmsAgentForLinux",
                "typeHandlerVersion": "1.12",
-                "autoUpgradeMinorVersion": true,
+                "autoUpgradeMinorVersion": "[variables('omsAutoUpgrade')]",
                "settings": {
                    "workspaceId": "[if(equals(parameters('logAnalyticsWorkspaceId'), ''), json('null'), reference(parameters('logAnalyticsWorkspaceId'),'2015-03-20').customerId)]"
                },
--- a/stig/linux/rhel8STIG.sh
+++ b/stig/linux/rhel8STIG.sh
@ -9,6 +9,11 @@ echo "Setting script variables"
 ###############################################################################
 version=$(. /etc/os-release && echo $VERSION_ID)

+###############################################################################
+echo "Enabling Microsoft Repos"
+###############################################################################
+yum update -y --disablerepo='*' --enablerepo='*microsoft*'
+
 ###############################################################################
 echo "Automating Rule Id V-230233"
 ###############################################################################