Modify yum.conf.jinja to include localpkg_gpgcheck rather than modifying it with so-stig

Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
2025-12-06 09:12:45 +01:00 · 2024-01-15 21:30:31 -05:00
parent 4bffd8e27c
commit 6cf0b365e6
2 changed files with 1 additions and 10 deletions
--- a/salt/repo/client/files/oracle/yum.conf.jinja
+++ b/salt/repo/client/files/oracle/yum.conf.jinja
@@ -7,6 +7,7 @@ logfile=/var/log/yum.log
 exactarch=1
 obsoletes=1
 gpgcheck=1
+localpkg_gpgcheck=1
 plugins=1
 installonly_limit={{ salt['pillar.get']('yum:config:installonly_limit', 2) }}
 bugtracker_url=http://bugs.centos.org/set_project.php?project_id=23&ref=http://bugs.centos.org/bug_report_page.php?category=yum
--- a/salt/stig/files/so-stig
+++ b/salt/stig/files/so-stig
@@ -62,16 +62,6 @@ apply_stigs(){
    else
        logCmd "echo 'PermitUserEnvironment no' >> /etc/ssh/sshd_config"
    fi
-    if is_manager_node; then
-        echo "Setting localpkg_gpgcheck=1 OSCAP rule id: xccdf_org.ssgproject.content_rule_ensure_gpgcheck_local_packages"
-        if [ ! -f /opt/so/saltstack/local/salt/repo/client/files/oracle/yum.conf.jinja ]; then
-            logCmd "cp /opt/so/saltstack/default/salt/repo/client/files/oracle/yum.conf.jinja /opt/so/saltstack/local/salt/repo/client/files/oracle/yum.conf.jinja"
-        fi
-        if ! grep -q "^localpkg_gpgcheck=1$" /opt/so/saltstack/local/salt/repo/client/files/oracle/yum.conf.jinja; then
-            echo 'localpkg_gpgcheck=1' >> /opt/so/saltstack/local/salt/repo/client/files/oracle/yum.conf.jinja
-            logCmd "grep localpkg_gpgcheck /opt/so/saltstack/local/salt/repo/client/files/oracle/yum.conf.jinja"
-        fi
-    fi

    echo "Running custom OSCAP profile to remediate applicable STIGs"
    logCmd "oscap xccdf eval --remediate --profile xccdf_org.ssgproject.content_profile_stig --results $stig_log/results.xml $stig_conf/sos-oscap.xml"