{
  "format_version": 3,
  "policy": {
    "external_id": "b564a1afc4b6009ec0f32d1daa8a1913",
    "name": "Patch Management",
    "version": "1.0.1",
    "description": "This policy will show missing patches for every linux platform (Ubuntu, RedHat, SUSE, Arch).\r\nCMD_enabled settings is required.",
    "author": "OpenSCM"
  },
  "tests": [
    {
      "external_id": "107ea7fbe787370bf02f285842001d3b",
      "name": "Ubuntu Missing Security Patches",
      "description": "this test will fail is there are missing security updates for Ubuntu.\r\nThis test require: cmd_enable = true",
      "rational": "A system with missing security patches is vulnerable and can be exploited.\r\nit's best practice to apply all security patches.",
      "remediation": "sudo  apt upgrade ",
      "severity": "High",
      "filter": "all",
      "app_filter": "all",
      "conditions": [
        {
          "type": "condition",
          "element": "CMD",
          "input": "apt list --upgradable | grep -i security",
          "selement": "OUTPUT",
          "condition": "NOT CONTAINS",
          "sinput": "security"
        }
      ],
      "applicability": [
        {
          "type": "applicability",
          "element": "OS",
          "input": "",
          "selement": "CONTENT",
          "condition": "CONTAINS",
          "sinput": "Ubuntu"
        }
      ]
    },
    {
      "external_id": "98d17ec52b992a1dec015826227849ed",
      "name": "OpenSUSE Missing Security Patches",
      "description": "this test will test if there are missing patches on OpenSUSE systems\r\nRequire cmd_enable = True",
      "rational": "A system with missing security patches is vulnerable and can be exploited.\r\nit's best practice to apply all security patches.",
      "remediation": "zypper update ",
      "severity": "High",
      "filter": "all",
      "app_filter": "all",
      "conditions": [
        {
          "type": "condition",
          "element": "CMD",
          "input": "zypper list-patches --category security",
          "selement": "OUTPUT",
          "condition": "CONTAINS",
          "sinput": "No updates found."
        }
      ],
      "applicability": [
        {
          "type": "applicability",
          "element": "OS",
          "input": "",
          "selement": "CONTENT",
          "condition": "CONTAINS",
          "sinput": "openSUSE"
        }
      ]
    },
    {
      "external_id": "467ff21e923dcbb502f2f76a6ec6f4ed",
      "name": "MacOS Missing security updates",
      "description": "check if there are missing security patches for MacOS\r\nThis test require: cmd_enabled = true",
      "rational": "A system with missing security patches is vulnerable and can be exploited.\r\nit's best practice to apply all security patches.",
      "remediation": "Apply all missing patches",
      "severity": "High",
      "filter": "all",
      "app_filter": "all",
      "conditions": [
        {
          "type": "condition",
          "element": "CMD",
          "input": "softwareupdate -l",
          "selement": "OUTPUT",
          "condition": "CONTAINS",
          "sinput": "No new software available."
        }
      ],
      "applicability": [
        {
          "type": "applicability",
          "element": "OS",
          "input": "",
          "selement": "CONTENT",
          "condition": "CONTAINS",
          "sinput": "Mac OS"
        }
      ]
    },
    {
      "external_id": "93e0c7fbee29ae5a28f5927d64f10458",
      "name": "Fedora Missing Security Updates",
      "description": "This test will check if there are missing security updates for Fedora OS\r\nThis test require: cmd_enabled = true\r\n",
      "rational": "A system with missing security patches is vulnerable and can be exploited.\r\nit's best practice to apply all security patches.",
      "remediation": "run: dnf update",
      "severity": "High",
      "filter": "all",
      "app_filter": "all",
      "conditions": [
        {
          "type": "condition",
          "element": "CMD",
          "input": "dnf updateinfo summary",
          "selement": "OUTPUT",
          "condition": "CONTAINS",
          "sinput": "Security    : 0"
        }
      ],
      "applicability": [
        {
          "type": "applicability",
          "element": "OS",
          "input": "",
          "selement": "CONTENT",
          "condition": "CONTAINS",
          "sinput": "Fedora"
        }
      ]
    },
    {
      "external_id": "009526f8a6fd3959f0e588f4d0b51815",
      "name": "Arch Linux Missing Security Patches",
      "description": "Check if there are missing patches on Arch Linux\r\nRequire cmd_enable = True",
      "rational": "A system with missing security patches is vulnerable and can be exploited.\r\nit's best practice to apply all security patches.",
      "remediation": "sudo pacman -Syu",
      "severity": "High",
      "filter": "all",
      "app_filter": "all",
      "conditions": [
        {
          "type": "condition",
          "element": "CMD",
          "input": "arch-audit -u",
          "selement": "OUTPUT",
          "condition": "NOT CONTAINS",
          "sinput": "risk!"
        }
      ],
      "applicability": [
        {
          "type": "applicability",
          "element": "OS",
          "input": "",
          "selement": "CONTENT",
          "condition": "CONTAINS",
          "sinput": "Arch Linux"
        },
        {
          "type": "applicability",
          "element": "PACKAGE",
          "input": "arch-audit",
          "selement": "EXISTS",
          "condition": "",
          "sinput": ""
        }
      ]
    }
  ]
}