From 9d645e1d8f43109dc158369933ac3ee0ee58a903 Mon Sep 17 00:00:00 2001 From: Terrence Cort Date: Thu, 25 Apr 2019 13:10:42 -0400 Subject: [PATCH 1/8] added simple push to s3bucket. needs to be variables --- Jenkinsfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Jenkinsfile b/Jenkinsfile index 6fa16ce..ab48fa8 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -33,6 +33,8 @@ pipeline { sshCommand remote: remote, command: "sudo docker pull nexus-docker.52.61.140.4.nip.io/${IMAGE_TAG}" sshCommand remote: remote, command: "sudo oscap-docker image nexus-docker.52.61.140.4.nip.io/${IMAGE_TAG} xccdf eval --profile xccdf_org.ssgproject.content_profile_stig-rhel7-disa --report /tmp/report.html /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml" sshCommand remote: remote, command: "sudo oscap-docker image-cve nexus-docker.52.61.140.4.nip.io/${IMAGE_TAG} --report /tmp/report-cve.html" + sshCommand remote: remote, command: "aws s3 cp report-cve.html s3://dsop-pipeline-artifacts/openscap/report-cve.html" + sshCommand remote: remote, command: "aws s3 cp report.html s3://dsop-pipeline-artifacts/openscap/report.html" sshGet remote: remote, from: "/tmp/report.html", into: "/var/lib/jenkins/jobs/${env.JOB_NAME}/builds/${env.BUILD_NUMBER}/openscap-compliance-report.html", override: true sshGet remote: remote, from: "/tmp/report-cve.html", into: "/var/lib/jenkins/jobs/${env.JOB_NAME}/builds/${env.BUILD_NUMBER}/openscap-cve-report.html", override: true publishHTML([alwaysLinkToLastBuild: false, keepAll: false, reportDir: "/var/lib/jenkins/jobs/${env.JOB_NAME}/builds/${env.BUILD_NUMBER}", reportFiles: 'openscap-compliance-report.html', reportName: 'OpenSCAP Compliance Report', reportTitles: 'OpenSCAP Compliance Report']) -- GitLab From e6def42fdd259e263d8e1712f5c1ee9342da572b Mon Sep 17 00:00:00 2001 From: Terrence Cort Date: Thu, 25 Apr 2019 14:17:45 -0400 Subject: [PATCH 2/8] echo out path and ID --- Jenkinsfile | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index ab48fa8..dc3a646 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -33,8 +33,10 @@ pipeline { sshCommand remote: remote, command: "sudo docker pull nexus-docker.52.61.140.4.nip.io/${IMAGE_TAG}" sshCommand remote: remote, command: "sudo oscap-docker image nexus-docker.52.61.140.4.nip.io/${IMAGE_TAG} xccdf eval --profile xccdf_org.ssgproject.content_profile_stig-rhel7-disa --report /tmp/report.html /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml" sshCommand remote: remote, command: "sudo oscap-docker image-cve nexus-docker.52.61.140.4.nip.io/${IMAGE_TAG} --report /tmp/report-cve.html" - sshCommand remote: remote, command: "aws s3 cp report-cve.html s3://dsop-pipeline-artifacts/openscap/report-cve.html" - sshCommand remote: remote, command: "aws s3 cp report.html s3://dsop-pipeline-artifacts/openscap/report.html" + sshCommand remote: remote, command: "id" + sshCommand remote: remote, command: "echo $PATH" + sshCommand remote: remote, command: "sudo aws s3 cp report-cve.html s3://dsop-pipeline-artifacts/openscap/report-cve.html" + sshCommand remote: remote, command: "sudo aws s3 cp report.html s3://dsop-pipeline-artifacts/openscap/report.html" sshGet remote: remote, from: "/tmp/report.html", into: "/var/lib/jenkins/jobs/${env.JOB_NAME}/builds/${env.BUILD_NUMBER}/openscap-compliance-report.html", override: true sshGet remote: remote, from: "/tmp/report-cve.html", into: "/var/lib/jenkins/jobs/${env.JOB_NAME}/builds/${env.BUILD_NUMBER}/openscap-cve-report.html", override: true publishHTML([alwaysLinkToLastBuild: false, keepAll: false, reportDir: "/var/lib/jenkins/jobs/${env.JOB_NAME}/builds/${env.BUILD_NUMBER}", reportFiles: 'openscap-compliance-report.html', reportName: 'OpenSCAP Compliance Report', reportTitles: 'OpenSCAP Compliance Report']) -- GitLab From 52007205353217f52805e71b481206e73711a335 Mon Sep 17 00:00:00 2001 From: Terrence Cort Date: Thu, 25 Apr 2019 14:24:30 -0400 Subject: [PATCH 3/8] removed sudo on aws commands --- Jenkinsfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index dc3a646..17b5225 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -35,8 +35,8 @@ pipeline { sshCommand remote: remote, command: "sudo oscap-docker image-cve nexus-docker.52.61.140.4.nip.io/${IMAGE_TAG} --report /tmp/report-cve.html" sshCommand remote: remote, command: "id" sshCommand remote: remote, command: "echo $PATH" - sshCommand remote: remote, command: "sudo aws s3 cp report-cve.html s3://dsop-pipeline-artifacts/openscap/report-cve.html" - sshCommand remote: remote, command: "sudo aws s3 cp report.html s3://dsop-pipeline-artifacts/openscap/report.html" + sshCommand remote: remote, command: "aws s3 cp report-cve.html s3://dsop-pipeline-artifacts/openscap/report-cve.html" + sshCommand remote: remote, command: "aws s3 cp report.html s3://dsop-pipeline-artifacts/openscap/report.html" sshGet remote: remote, from: "/tmp/report.html", into: "/var/lib/jenkins/jobs/${env.JOB_NAME}/builds/${env.BUILD_NUMBER}/openscap-compliance-report.html", override: true sshGet remote: remote, from: "/tmp/report-cve.html", into: "/var/lib/jenkins/jobs/${env.JOB_NAME}/builds/${env.BUILD_NUMBER}/openscap-cve-report.html", override: true publishHTML([alwaysLinkToLastBuild: false, keepAll: false, reportDir: "/var/lib/jenkins/jobs/${env.JOB_NAME}/builds/${env.BUILD_NUMBER}", reportFiles: 'openscap-compliance-report.html', reportName: 'OpenSCAP Compliance Report', reportTitles: 'OpenSCAP Compliance Report']) -- GitLab From adbe89621af048e2c9f265d23e6afbf38504a62c Mon Sep 17 00:00:00 2001 From: Terrence Cort Date: Thu, 25 Apr 2019 14:29:30 -0400 Subject: [PATCH 4/8] testing --- Jenkinsfile | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 17b5225..8de3eb2 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -29,12 +29,13 @@ pipeline { remote.user = userName remote.identityFile = identity stage('OpenSCAP Scan') { - sshCommand remote: remote, command: "sudo docker login -u admin -p admin123 nexus-docker.52.61.140.4.nip.io" - sshCommand remote: remote, command: "sudo docker pull nexus-docker.52.61.140.4.nip.io/${IMAGE_TAG}" - sshCommand remote: remote, command: "sudo oscap-docker image nexus-docker.52.61.140.4.nip.io/${IMAGE_TAG} xccdf eval --profile xccdf_org.ssgproject.content_profile_stig-rhel7-disa --report /tmp/report.html /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml" - sshCommand remote: remote, command: "sudo oscap-docker image-cve nexus-docker.52.61.140.4.nip.io/${IMAGE_TAG} --report /tmp/report-cve.html" + //sshCommand remote: remote, command: "sudo docker login -u admin -p admin123 nexus-docker.52.61.140.4.nip.io" + //sshCommand remote: remote, command: "sudo docker pull nexus-docker.52.61.140.4.nip.io/${IMAGE_TAG}" + //sshCommand remote: remote, command: "sudo oscap-docker image nexus-docker.52.61.140.4.nip.io/${IMAGE_TAG} xccdf eval --profile xccdf_org.ssgproject.content_profile_stig-rhel7-disa --report /tmp/report.html /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml" + //sshCommand remote: remote, command: "sudo oscap-docker image-cve nexus-docker.52.61.140.4.nip.io/${IMAGE_TAG} --report /tmp/report-cve.html" sshCommand remote: remote, command: "id" sshCommand remote: remote, command: "echo $PATH" + sshCommand remote: remote, command: "aws --version" sshCommand remote: remote, command: "aws s3 cp report-cve.html s3://dsop-pipeline-artifacts/openscap/report-cve.html" sshCommand remote: remote, command: "aws s3 cp report.html s3://dsop-pipeline-artifacts/openscap/report.html" sshGet remote: remote, from: "/tmp/report.html", into: "/var/lib/jenkins/jobs/${env.JOB_NAME}/builds/${env.BUILD_NUMBER}/openscap-compliance-report.html", override: true -- GitLab From b9159f85b4170e388b8e63e0b1c3ff909facd9ca Mon Sep 17 00:00:00 2001 From: Terrence Cort Date: Thu, 25 Apr 2019 14:38:20 -0400 Subject: [PATCH 5/8] testing again --- Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index 8de3eb2..5d2fce3 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -35,7 +35,7 @@ pipeline { //sshCommand remote: remote, command: "sudo oscap-docker image-cve nexus-docker.52.61.140.4.nip.io/${IMAGE_TAG} --report /tmp/report-cve.html" sshCommand remote: remote, command: "id" sshCommand remote: remote, command: "echo $PATH" - sshCommand remote: remote, command: "aws --version" + sshCommand remote: remote, command: "/usr/sbin/aws --version" sshCommand remote: remote, command: "aws s3 cp report-cve.html s3://dsop-pipeline-artifacts/openscap/report-cve.html" sshCommand remote: remote, command: "aws s3 cp report.html s3://dsop-pipeline-artifacts/openscap/report.html" sshGet remote: remote, from: "/tmp/report.html", into: "/var/lib/jenkins/jobs/${env.JOB_NAME}/builds/${env.BUILD_NUMBER}/openscap-compliance-report.html", override: true -- GitLab From ae65427db915bdf06b261558f644fd9ca4ecd0ce Mon Sep 17 00:00:00 2001 From: Terrence Cort Date: Thu, 25 Apr 2019 14:41:17 -0400 Subject: [PATCH 6/8] added full path to aws command --- Jenkinsfile | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 5d2fce3..b75702a 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -29,15 +29,12 @@ pipeline { remote.user = userName remote.identityFile = identity stage('OpenSCAP Scan') { - //sshCommand remote: remote, command: "sudo docker login -u admin -p admin123 nexus-docker.52.61.140.4.nip.io" - //sshCommand remote: remote, command: "sudo docker pull nexus-docker.52.61.140.4.nip.io/${IMAGE_TAG}" - //sshCommand remote: remote, command: "sudo oscap-docker image nexus-docker.52.61.140.4.nip.io/${IMAGE_TAG} xccdf eval --profile xccdf_org.ssgproject.content_profile_stig-rhel7-disa --report /tmp/report.html /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml" - //sshCommand remote: remote, command: "sudo oscap-docker image-cve nexus-docker.52.61.140.4.nip.io/${IMAGE_TAG} --report /tmp/report-cve.html" - sshCommand remote: remote, command: "id" - sshCommand remote: remote, command: "echo $PATH" - sshCommand remote: remote, command: "/usr/sbin/aws --version" - sshCommand remote: remote, command: "aws s3 cp report-cve.html s3://dsop-pipeline-artifacts/openscap/report-cve.html" - sshCommand remote: remote, command: "aws s3 cp report.html s3://dsop-pipeline-artifacts/openscap/report.html" + sshCommand remote: remote, command: "sudo docker login -u admin -p admin123 nexus-docker.52.61.140.4.nip.io" + sshCommand remote: remote, command: "sudo docker pull nexus-docker.52.61.140.4.nip.io/${IMAGE_TAG}" + sshCommand remote: remote, command: "sudo oscap-docker image nexus-docker.52.61.140.4.nip.io/${IMAGE_TAG} xccdf eval --profile xccdf_org.ssgproject.content_profile_stig-rhel7-disa --report /tmp/report.html /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml" + sshCommand remote: remote, command: "sudo oscap-docker image-cve nexus-docker.52.61.140.4.nip.io/${IMAGE_TAG} --report /tmp/report-cve.html" + sshCommand remote: remote, command: "/usr/sbin/aws s3 cp report-cve.html s3://dsop-pipeline-artifacts/openscap/report-cve.html" + sshCommand remote: remote, command: "/usr/bin/aws s3 cp report.html s3://dsop-pipeline-artifacts/openscap/report.html" sshGet remote: remote, from: "/tmp/report.html", into: "/var/lib/jenkins/jobs/${env.JOB_NAME}/builds/${env.BUILD_NUMBER}/openscap-compliance-report.html", override: true sshGet remote: remote, from: "/tmp/report-cve.html", into: "/var/lib/jenkins/jobs/${env.JOB_NAME}/builds/${env.BUILD_NUMBER}/openscap-cve-report.html", override: true publishHTML([alwaysLinkToLastBuild: false, keepAll: false, reportDir: "/var/lib/jenkins/jobs/${env.JOB_NAME}/builds/${env.BUILD_NUMBER}", reportFiles: 'openscap-compliance-report.html', reportName: 'OpenSCAP Compliance Report', reportTitles: 'OpenSCAP Compliance Report']) -- GitLab From 7233e4014faa11c28bbcbfd136ad26aac9b1b2bf Mon Sep 17 00:00:00 2001 From: Terrence Cort Date: Thu, 25 Apr 2019 14:43:09 -0400 Subject: [PATCH 7/8] typo --- Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index b75702a..75bdb66 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -34,7 +34,7 @@ pipeline { sshCommand remote: remote, command: "sudo oscap-docker image nexus-docker.52.61.140.4.nip.io/${IMAGE_TAG} xccdf eval --profile xccdf_org.ssgproject.content_profile_stig-rhel7-disa --report /tmp/report.html /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml" sshCommand remote: remote, command: "sudo oscap-docker image-cve nexus-docker.52.61.140.4.nip.io/${IMAGE_TAG} --report /tmp/report-cve.html" sshCommand remote: remote, command: "/usr/sbin/aws s3 cp report-cve.html s3://dsop-pipeline-artifacts/openscap/report-cve.html" - sshCommand remote: remote, command: "/usr/bin/aws s3 cp report.html s3://dsop-pipeline-artifacts/openscap/report.html" + sshCommand remote: remote, command: "/usr/sbin/aws s3 cp report.html s3://dsop-pipeline-artifacts/openscap/report.html" sshGet remote: remote, from: "/tmp/report.html", into: "/var/lib/jenkins/jobs/${env.JOB_NAME}/builds/${env.BUILD_NUMBER}/openscap-compliance-report.html", override: true sshGet remote: remote, from: "/tmp/report-cve.html", into: "/var/lib/jenkins/jobs/${env.JOB_NAME}/builds/${env.BUILD_NUMBER}/openscap-cve-report.html", override: true publishHTML([alwaysLinkToLastBuild: false, keepAll: false, reportDir: "/var/lib/jenkins/jobs/${env.JOB_NAME}/builds/${env.BUILD_NUMBER}", reportFiles: 'openscap-compliance-report.html', reportName: 'OpenSCAP Compliance Report', reportTitles: 'OpenSCAP Compliance Report']) -- GitLab From 64bd67d2ae7340ca4850e1e76818adb6e4d6b8a9 Mon Sep 17 00:00:00 2001 From: Terrence Cort Date: Thu, 25 Apr 2019 14:52:33 -0400 Subject: [PATCH 8/8] added tmp to report path --- Jenkinsfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 75bdb66..fcae09a 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -33,8 +33,8 @@ pipeline { sshCommand remote: remote, command: "sudo docker pull nexus-docker.52.61.140.4.nip.io/${IMAGE_TAG}" sshCommand remote: remote, command: "sudo oscap-docker image nexus-docker.52.61.140.4.nip.io/${IMAGE_TAG} xccdf eval --profile xccdf_org.ssgproject.content_profile_stig-rhel7-disa --report /tmp/report.html /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml" sshCommand remote: remote, command: "sudo oscap-docker image-cve nexus-docker.52.61.140.4.nip.io/${IMAGE_TAG} --report /tmp/report-cve.html" - sshCommand remote: remote, command: "/usr/sbin/aws s3 cp report-cve.html s3://dsop-pipeline-artifacts/openscap/report-cve.html" - sshCommand remote: remote, command: "/usr/sbin/aws s3 cp report.html s3://dsop-pipeline-artifacts/openscap/report.html" + sshCommand remote: remote, command: "/usr/sbin/aws s3 cp /tmp/report-cve.html s3://dsop-pipeline-artifacts/openscap/report-cve.html" + sshCommand remote: remote, command: "/usr/sbin/aws s3 cp /tmp/report.html s3://dsop-pipeline-artifacts/openscap/report.html" sshGet remote: remote, from: "/tmp/report.html", into: "/var/lib/jenkins/jobs/${env.JOB_NAME}/builds/${env.BUILD_NUMBER}/openscap-compliance-report.html", override: true sshGet remote: remote, from: "/tmp/report-cve.html", into: "/var/lib/jenkins/jobs/${env.JOB_NAME}/builds/${env.BUILD_NUMBER}/openscap-cve-report.html", override: true publishHTML([alwaysLinkToLastBuild: false, keepAll: false, reportDir: "/var/lib/jenkins/jobs/${env.JOB_NAME}/builds/${env.BUILD_NUMBER}", reportFiles: 'openscap-compliance-report.html', reportName: 'OpenSCAP Compliance Report', reportTitles: 'OpenSCAP Compliance Report']) -- GitLab