From 82194126f83518bab7feca590a48da46c861dc45 Mon Sep 17 00:00:00 2001
From: Gabriel Becker <ggasparb@redhat.com>
Date: Mon, 31 Aug 2020 17:03:21 +0200
Subject: [PATCH] Revert back OVAL check for sshd_disable_compression to use
 xccdf variable.

---
 .../sshd_disable_compression/oval/shared.xml  | 36 ++++++++++++++++++-
 .../{comment.pass.sh => comment.fail.sh}      |  0
 ...t_there.pass.sh => line_not_there.fail.sh} |  0
 ...ther_value.pass.sh => other_value.fail.sh} |  0
 4 files changed, 35 insertions(+), 1 deletion(-)
 rename linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/tests/{comment.pass.sh => comment.fail.sh} (100%)
 rename linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/tests/{line_not_there.pass.sh => line_not_there.fail.sh} (100%)
 rename linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/tests/{other_value.pass.sh => other_value.fail.sh} (100%)

diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/oval/shared.xml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/oval/shared.xml
index f0eda282acb..f0875a91aa3 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/oval/shared.xml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/oval/shared.xml
@@ -1 +1,35 @@
-{{{ oval_sshd_config(parameter="Compression", value="(no|delayed)", missing_parameter_pass=true) }}}
+<def-group>
+  <definition class="compliance" id="sshd_disable_compression" version="1">
+    <metadata>
+      <title>Disable Compression Or Set Compression to delayed</title>
+      {{{- oval_affected(products) }}}
+      <description>SSH should either have compression disabled or set to delayed.</description>
+    </metadata>
+    <criteria comment="SSH is configured correctly or is not installed"
+    operator="OR">
+      <criteria comment="sshd is not installed" operator="AND">
+        <extend_definition comment="sshd is not required or requirement is unset"
+        definition_ref="sshd_not_required_or_unset" />
+        <extend_definition comment="rpm package openssh-server removed"
+        definition_ref="package_openssh-server_removed" />
+      </criteria>
+      <criteria comment="sshd is installed and configured" operator="AND">
+        <extend_definition comment="sshd is required or requirement is unset"
+        definition_ref="sshd_required_or_unset" />
+        <extend_definition comment="rpm package openssh-server installed"
+        definition_ref="package_openssh-server_installed" />
+        <criterion comment="Check Compression in /etc/ssh/sshd_config"
+        test_ref="test_sshd_disable_compression" />
+      </criteria>
+    </criteria>
+  </definition>
+
+  {{{ oval_line_in_file_test(path='/etc/ssh/sshd_config', parameter='Compression') }}}
+  {{{ oval_line_in_file_object(path='/etc/ssh/sshd_config', prefix_regex="^[ \\t]*(?i)", parameter='Compression', separator_regex='(?-i)[ \\t]+') }}}
+
+  <ind:textfilecontent54_state id="state_sshd_disable_compression" version="1">
+  <ind:subexpression operation="equals" var_ref="var_sshd_disable_compression" />
+  </ind:textfilecontent54_state>
+
+  <external_variable comment="external variable for the desired value of Compression" datatype="string" id="var_sshd_disable_compression" version="1" />
+</def-group>
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/tests/comment.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/tests/comment.fail.sh
similarity index 100%
rename from linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/tests/comment.pass.sh
rename to linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/tests/comment.fail.sh
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/tests/line_not_there.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/tests/line_not_there.fail.sh
similarity index 100%
rename from linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/tests/line_not_there.pass.sh
rename to linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/tests/line_not_there.fail.sh
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/tests/other_value.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/tests/other_value.fail.sh
similarity index 100%
rename from linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/tests/other_value.pass.sh
rename to linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/tests/other_value.fail.sh