Merge pull request #1787 from oracle-devrel/oheimbur-250530

Updated OCI Security Health Check - Standard Edition for CIS OCI Foundation Benchmark 3.0.0

Author: oheimburger

.DS_Store

@@ -2,9 +2,7 @@
 
 Owner: Olaf Heimburger
 
-Version: 250430 (cis_report.py version 2.8.8.1) for CIS OCI Foundation Benchmark 2.0.0
-
-Reviewed: 01.02.2024
+Version: 250530 (cis_report.py version 3.0.0.4) for CIS OCI Foundation Benchmark 3.0.0
 
 # Introduction
 ![Flyer](./files/resources/OCI_Security_Health_Check_Standard.png)
@@ -38,7 +36,7 @@ The file standard.sh acts as the entry point and does the following:
 
 - Automatic check for Python runtime version
 - Automatic venv creation and activation
-- Automatci installation of required Python libraries
+- Automatic installation of required Python libraries
 - Automatic **OCI Cloud Shell** and tenancy name detection
 - Automatic creation of timestamped output directory
 - Call of cis_reports.py
@@ -58,22 +56,22 @@ See the *OCI Security Health Check - Standard Edition* in action and watch the [
 
 Before running the *OCI Security Health Check - Standard Edition* you should download and verify it.
 
-  - Download the latest distribution [oci-security-health-check-standard-250430.zip](https://github.com/oracle-devrel/technology-engineering/raw/main/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-250430.zip).
+  - Download the latest distribution [oci-security-health-check-standard-250530.zip](https://github.com/oracle-devrel/technology-engineering/raw/main/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-250530.zip).
   - Download the respective checksum file:
-    - [oci-security-health-check-standard-250430.sha512](https://github.com/oracle-devrel/technology-engineering/raw/main/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-250430.sha512).
-    - [oci-security-health-check-standard-250430.sha512256](https://github.com/oracle-devrel/technology-engineering/raw/main/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-250430.sha512256).
+    - [oci-security-health-check-standard-250530.sha512](https://github.com/oracle-devrel/technology-engineering/raw/main/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-250530.sha512).
+    - [oci-security-health-check-standard-250530.sha512256](https://github.com/oracle-devrel/technology-engineering/raw/main/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-250530.sha512256).
   - Verify the integrity of the distribution. Both files must be in the same directory (for example, in your downloads directory).
 
     On MacOS:
     ```
     cd <your_downloads_directory>
-    shasum -a 512256 -c oci-security-health-check-standard-250430.sha512256
+    shasum -a 512256 -c oci-security-health-check-standard-250530.sha512256
     ```
 
     On Linux (including Cloud Shell):
     ```
     cd <your_downloads_directory>
-    sha512sum -c oci-security-health-check-standard-250430.sha512
+    sha512sum -c oci-security-health-check-standard-250530.sha512
     ```
 
 **Reject the downloaded file if the check fails!**
@@ -86,10 +84,10 @@ In OCI Cloud Shell you can do a short cut without downloading the files mentione
 2. Open Cloud Shell
 3. Run these commands in your Cloud Shell:
   ```
-  wget -q https://github.com/oracle-devrel/technology-engineering/raw/main/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-250430.zip
-  wget -q https://github.com/oracle-devrel/technology-engineering/raw/main/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-250430.sha512
-  sha512sum -c oci-security-health-check-standard-250430.sha512
-  unzip -q oci-security-health-check-standard-250430.zip
+  wget -q https://github.com/oracle-devrel/technology-engineering/raw/main/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-250530.zip
+  wget -q https://github.com/oracle-devrel/technology-engineering/raw/main/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-250530.sha512
+  sha512sum -c oci-security-health-check-standard-250530.sha512
+  unzip -q oci-security-health-check-standard-250530.zip
   ```
 
 ## Prepare the OCI Tenancy

security/security-design/shared-assets/oci-security-health-check-standard/README.md

@@ -2,7 +2,7 @@
 
 Owner: Olaf Heimburger
 
-Version: 250430 (cis_report.py version 2.8.8.1) for CIS OCI Foundation Benchmark 2.0.0
+Version: 250530 (cis_report.py version 3.0.0.4) for CIS OCI Foundation Benchmark 3.0.0
 
 ## When to use this asset?
 
@@ -31,7 +31,7 @@ The file standard.sh acts as the entry point and does the following:
 
 - Automatic check for Python runtime version
 - Automatic venv creation and activation
-- Automatci installation of required Python libraries
+- Automatic installation of required Python libraries
 - Automatic **OCI Cloud Shell** and tenancy name detection
 - Automatic creation of timestamped output directory
 - Call of cis_reports.py
@@ -47,22 +47,22 @@ Tested on **OCI Cloud Shell** with **Public network**, **Oracle Linux**, **MacOS
 
 Before running the *OCI Security Health Check - Standard Edition* you should download and verify it.
 
-  - Download the latest distribution [oci-security-health-check-standard-250430.zip](https://github.com/oracle-devrel/technology-engineering/raw/main/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-250430.zip).
+  - Download the latest distribution [oci-security-health-check-standard-250530.zip](https://github.com/oracle-devrel/technology-engineering/raw/main/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-250530.zip).
   - Download the respective checksum file:
-    - [oci-security-health-check-standard-250430.sha512](https://github.com/oracle-devrel/technology-engineering/raw/main/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-250430.sha512).
-    - [oci-security-health-check-standard-250430.sha512256](https://github.com/oracle-devrel/technology-engineering/raw/main/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-250430.sha512256).
+    - [oci-security-health-check-standard-250530.sha512](https://github.com/oracle-devrel/technology-engineering/raw/main/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-250530.sha512).
+    - [oci-security-health-check-standard-250530.sha512256](https://github.com/oracle-devrel/technology-engineering/raw/main/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-250530.sha512256).
   - Verify the integrity of the distribution. Both files must be in the same directory (for example, in your downloads directory).
 
     On MacOS:
     ```
     cd <your_downloads_directory>
-    shasum -a 512256 -c oci-security-health-check-standard-250430.sha512256
+    shasum -a 512256 -c oci-security-health-check-standard-250530.sha512256
     ```
 
     On Linux (including Cloud Shell):
     ```
     cd <your_downloads_directory>
-    sha512sum -c oci-security-health-check-standard-250430.sha512
+    sha512sum -c oci-security-health-check-standard-250530.sha512
     ```
 
 **Reject the downloaded file when the check fails!**
@@ -207,7 +207,7 @@ allow group 'Default'/'grp-auditors' to inspect vcns in compartment <compartment
   - Upload the distribution file.
   - Extract it
     ```
-    unzip -q oci-security-health-check-standard-250430.zip
+    unzip -q oci-security-health-check-standard-250530.zip
     ```
 
 #### Run the script
@@ -281,11 +281,11 @@ allow group 'Default'/'grp-auditors' to inspect vcns in compartment <compartment
       Follow the instructions to select /usr/bin/python3.9
     - Log out
 
-  - From your desktop, upload the `oci-security-health-check-standard-250430.zip` file to the Compute VM using any SFTP client.
+  - From your desktop, upload the `oci-security-health-check-standard-250530.zip` file to the Compute VM using any SFTP client.
   - Log into the Compute VM
     - Extract the distribution
       ```
-      unzip -q oci-security-health-check-standard-250430.zip
+      unzip -q oci-security-health-check-standard-250530.zip
       ```
     - Change directory into `oci-security-health-check-standard`:
       ```
@@ -343,7 +343,11 @@ The report results are summarized in two files:
 
 ## Known Issues
 
-No known issues.
+1. Python 3.8 is not supported anymore.
+   OCI Cloud Shell is the minimal required environment. The Python version used in OCI Cloud Shell is 3.9.
+2. Diagrams are not part of the HTML page.
+   This may be because of broken `numpy installation`. The following command should resolve this:
+   `pip3 install --upgrade --force-reinstall --user numpy`
 
 ## Credits
 

security/security-design/shared-assets/oci-security-health-check-standard/files/oci-security-health-check-standard/README.md

@@ -2,7 +2,7 @@
 OCI Security Health Check - Standard Edition
 ============================================
 Owner: Olaf Heimburger
-Version: 250430 (cis_report.py version 2.8.8.1)  for CIS OCI Foundation Benchmark 2.0.0
+Version: 250530 (cis_report.py version 3.0.0.4)  for CIS OCI Foundation Benchmark 3.0.0
 
 When to use this asset?
 
@@ -37,7 +37,7 @@ The file standard.sh acts as the entry point and does the following:
 
 - Automatic check for Python runtime version
 - Automatic venv creation and activation
-- Automatci installation of required Python libraries
+- Automatic installation of required Python libraries
 - Automatic OCI Cloud Shell and tenancy name detection
 - Automatic creation of timestamped output directory
 - Call of cis_reports.py
@@ -112,7 +112,7 @@ Usage
   - From the menu select the Cloud Shell item.
   - When running it the first time:
     - Upload the provided ZIP file.
-    - Extract it with unzip -q oci-security-health-check-standard-250430.zip
+    - Extract it with unzip -q oci-security-health-check-standard-250530.zip
   - Change directory into oci-security-health-check-standard
     $ cd oci-security-health-check-standard
     $ screen
@@ -169,11 +169,11 @@ Usage
     - Log out
 
   - From your desktop, upload the
-    "oci-security-health-check-standard-250430.zip" file to the Compute VM
+    "oci-security-health-check-standard-250530.zip" file to the Compute VM
     using any SFTP client.
   - Log into the Compute VM
     - Extract the distribution
-      unzip -q oci-security-health-check-standard-250430.zip
+      unzip -q oci-security-health-check-standard-250530.zip
 
     - Change directory into "oci-security-health-check-standard":
       cd oci-security-health-check-standard
@@ -221,7 +221,11 @@ Usage
 
 5 Known Issues
 
-No known issues.
+1. Python 3.8 is not supported anymore.
+   OCI Cloud Shell is the minimal required environment. The Python version used in OCI Cloud Shell is 3.9.
+2. Diagrams are not part of the HTML page.
+   This may be because of broken `numpy installation`. The following command should resolve this:
+   `pip3 install --upgrade --force-reinstall --user numpy`
 
 6 Credits
 

security/security-design/shared-assets/oci-security-health-check-standard/files/oci-security-health-check-standard/README.txt

@@ -3,7 +3,7 @@ pytz
 pandas
 openpyxl>=3.1.5
 pyyaml>=6.0
-oci>=2.147.0
+oci>=2.152.1
 requests
 matplotlib
 numpy