Add OL into jinja conditionals

[mrkanon]

Description:

Add OL into jinja conditionals in the following files:

controls/anssi.yml
auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/rule.yml auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml services/obsolete/package_rsync_removed/rule.yml
services/rng/service_rngd_enabled/rule.yml
system/bootloader-grub2/grub2_kernel_trust_cpu_rng/oval/shared.xml system/logging/log_rotation/ensure_logrotate_activated/oval/shared.xml system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_exec_shield/ansible/shared.yml system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_exec_shield/bash/shared.sh system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_exec_shield/oval/shared.xml system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_exec_shield/rule.yml system/software/sudo/sudo_add_env_reset/rule.yml
system/software/sudo/sudo_add_ignore_dot/rule.yml
system/software/sudo/sudo_add_passwd_timeout/rule.yml system/software/sudo/sudo_add_umask/rule.yml

Remove package_audit-audispd-plugins_installed rule, the package is not available in OL products/ol9/profiles/default.profile

Fix word error in sudo_add_ignore_dot rule

Rationale:

Filling OL gaps in jinja conditionals

[openshift-ci]

Hi @mrkanon. Thanks for your PR.

I'm waiting for a ComplianceAsCode member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[github-actions]

Start a new ephemeral environment with changes proposed in this pull request:

rhel8 (from CTF) Environment (using Fedora as testing environment)

Fedora Testing Environment

Oracle Linux 8 Environment

[github-actions]

This datastream diff is auto generated by the check Compare DS/Generate Diff

Click here to see the full diff

New content has different text for rule 'xccdf_org.ssgproject.content_rule_sudo_add_ignore_dot'.
--- xccdf_org.ssgproject.content_rule_sudo_add_ignore_dot
+++ xccdf_org.ssgproject.content_rule_sudo_add_ignore_dot
@@ -5,7 +5,7 @@
 [description]:
 The sudo ignore_dot tag, when specified, will ignore the current directory
 in the PATH environment variable.
-On Red Hat Enterprise Linux 8, env_reset is enabled by default
+On Red Hat Enterprise Linux 8, ignore_dot is enabled by default
 This should be enabled by making sure that the ignore_dot tag exists in
 /etc/sudoers configuration file or any sudo configuration snippets
 in /etc/sudoers.d/.

[github-actions]

🤖 A k8s content image for this PR is available at:
ghcr.io/complianceascode/k8scontent:12461
This image was built from commit: e42c89d

Click here to see how to deploy it

If you alread have Compliance Operator deployed:
utils/build_ds_container.py -i ghcr.io/complianceascode/k8scontent:12461

Otherwise deploy the content and operator together by checking out ComplianceAsCode/compliance-operator and:
CONTENT_IMAGE=ghcr.io/complianceascode/k8scontent:12461 make deploy-local

[codeclimate]

Code Climate has analyzed commit e42c89d and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 59.5% (0.0% change).

View more on Code Climate.

[Xeicker]

The failing tests about automatus are because debian and ubuntu don't include the rule sysctl_kernel_exec_shield