Simplify SLE16 handling in SSH rules

- sle16 OVAL is removed and test for checking main config file exist is added
- tests checking /usr/etc/ssh stuff are removed and tests use sshd_main_config_file and sshd_config_dir

Author: teacup-on-rockingchair

linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/oval/shared.xml

@@ -6,14 +6,31 @@
 <def-group>
   <definition class="compliance" id="{{{ rule_id }}}" version="1">
     {{{ oval_metadata("One of the following parameters of the sshd configuration file is set:  AllowUsers, DenyUsers, AllowGroups, DenyGroups.", rule_title=rule_title) }}}
+    {{% if product in [ 'sle16', 'slmicro6' ] %}}
+    <criteria operator="AND">
+        <criterion comment="test if SSH main configuration {{{ sshd_main_config }}} exists for {{{ rule_id }}}"
+            test_ref="test_{{{ rule_id }}}_config_file_exists"/>
+        <criteria operator="OR">
+            <criterion test_ref="test_allow_user_is_configured" />
+            <criterion test_ref="test_allow_group_is_configured" />
+            <criterion test_ref="test_deny_user_is_configured" />
+            <criterion test_ref="test_deny_group_is_configured" />
+        </criteria>
+    </criteria>
+    {{% else %}}
     <criteria operator="OR">
       <criterion test_ref="test_allow_user_is_configured" />
       <criterion test_ref="test_allow_group_is_configured" />
       <criterion test_ref="test_deny_user_is_configured" />
       <criterion test_ref="test_deny_group_is_configured" />
     </criteria>
+    {{% endif %}}
   </definition>
 
+  {{% if product in [ 'sle16', 'slmicro6' ] %}}
+  {{{ oval_config_file_exists_test(sshd_main_config, rule_id=rule_id) }}}
+  {{{ oval_config_file_exists_object(sshd_main_config, rule_id=rule_id) }}}
+  {{% endif %}}
   <ind:textfilecontent54_test id="test_allow_user_is_configured" version="1" check="all"
     check_existence="only_one_exists" comment="Check if there is an AllowUsers entry">
     <ind:object object_ref="obj_allow_user" />

linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/oval/sle16.xml

@@ -1,4 +1,4 @@
 #!/bin/bash
 
 source common.sh
-echo "AllowGroups testgroup1 testgroup2 testgroup3" >> /etc/ssh/sshd_config
+echo "AllowGroups testgroup1 testgroup2 testgroup3" >> "{{{ sshd_main_config_file }}}"

linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/tests/allow_groups.pass.sh

@@ -1,4 +1,5 @@
 #!/bin/bash
 # platform = SUSE Linux Enterprise 16
 source common.sh
-echo "AllowGroups group" >> /etc/ssh/sshd_config.d/01-complianceascode-reinforce-os-defaults.conf
+touch "{{{ sshd_main_config_file }}}"
+echo "AllowGroups group" >> "{{{ sshd_config_dir }}}/01-complianceascode-reinforce-os-defaults.conf"

linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/tests/allow_groups_etc_ssh_sshd_config_dir.pass.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+# remediation = none
+# platform = SUSE Linux Enterprise 16
+source common.sh
+echo "AllowGroups group" >> "{{{ sshd_config_dir }}}/01-complianceascode-reinforce-os-defaults.conf"

linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/tests/allow_groups_main_config_missing.fail.sh

@@ -1,4 +1,4 @@
 #!/bin/bash
 
 source common.sh
-echo "AllowUsers testuser1 testuser2 testuser3" >> /etc/ssh/sshd_config
+echo "AllowUsers testuser1 testuser2 testuser3" >> "{{{ sshd_main_config_file }}}"

linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/tests/allow_users.pass.sh

@@ -1,5 +1,5 @@
 #!/bin/bash
 
 source common.sh
-echo "AllowUsers testuser1 testuser2 testuser3" >> /etc/ssh/sshd_config
-echo "AllowGroups testgroup1 testgroup2 testgroup3" >> /etc/ssh/sshd_config
+echo "AllowUsers testuser1 testuser2 testuser3" >> "{{{ sshd_main_config_file }}}"
+echo "AllowGroups testgroup1 testgroup2 testgroup3" >> "{{{ sshd_main_config_file }}}"

linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/tests/allow_users_groups.pass.sh

@@ -1,15 +1,15 @@
 #!/bin/bash
 
-declare -a SSHD_PATHS=("/etc/ssh/sshd_config")
-{{% if product == 'sle16' %}}
-SSHD_PATHS+=("/usr/etc/ssh/sshd_config" /usr/etc/ssh/sshd_config.d/* /etc/ssh/sshd_config.d/*)
+declare -a SSHD_PATHS=("{{{ sshd_main_config_file }}}")
+{{% if product in [ 'sle16', 'slmicro6' ] %}}
+SSHD_PATHS+=("{{{ sshd_config_dir }}}/*")
 {{% endif %}}
 # clean up configurations
 sed -i '/^(Allow|Deny)(Users|Groups).*/d' "${SSHD_PATHS[@]}"
 
-# restore to defaults for sle16
-{{% if product == 'sle16' %}}
-if [ -e "/etc/ssh/sshd_config" ] ; then
-    rm /etc/ssh/sshd_config
+# restore to defaults for sle16 and slmicro6
+{{% if product in [ 'sle16', 'slmicro6' ] %}}
+if [ -e "{{{ sshd_main_config_file }}}" ] ; then
+    rm "{{{ sshd_main_config_file }}}"
 fi
 {{% endif %}}

linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/tests/allow_users_usr_etc_ssh_sshd_config.pass.sh

@@ -3,5 +3,5 @@
 # platform = SUSE Linux Enterprise 16
 source common.sh
 
-touch /etc/ssh/sshd_config
+touch "{{{ sshd_main_config_file }}}"
 echo "DenyGroups testgroup" >> /usr/etc/ssh/sshd_config