Add KylinSecServer6 OS baseline support

[jcm-123]

Add security baseline content for KylinSec Server OS:

• Product definitions for kylinsecserver6 and kylinserver10
• CPE mappings and SCAP profiles
• Applicability checks and OVAL rules
• Build system integration (CMakeLists.txt, build_product)
• PAM faillock and IPv6 sysctl rules
• Emergency target authentication rules

Description:

• Description here. Replace this text. Don't use the italics format!

Rationale:

• Rationale here. Replace this text. Don't use the italics format!

• Fixes # Issue number here (e.g. Updating sysctl XCCDF naming #26) or remove this line if no issue exists.

Review Hints:

• Review hints here. Replace this text. Don't use the italics format!

• Use this optional section to give any relevant information which could help the reviewer to more quickly and assertively understand and test the changes.

• Good examples are useful commands, if it is better to review all commits together or in a suggested sequence, any relevant discussion in other PRs or issues, etc.

[openshift-ci]

Hi @jcm-123. Thanks for your PR.

I'm waiting for a ComplianceAsCode member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[Mab879]

This PR needs a rebase and some adjustment. This PR is removing many features and changing the version back to 0.1.81. Please review.

[jcm-123]

This PR needs a rebase and some adjustment. This PR is removing many features and changing the version back to 0.1.81. Please review.

Hi @Mab879, thanks for the review.

I have rebased this branch onto the latest master and fixed the issues you pointed out:

Restored SSG_PATCH_VERSION to 0.1.82 (it was incorrectly reverted to 0.1.81 during the previous rebase)
Restored ssg_generate_nist_viewer() in CMakeLists.txt
Restored --datastream and --cel-content options in build_product
Reverted unrelated changes to system_with_kernel applicability files
Fixed require_emergency_target_auth by updating oval/shared.xml (and removing the incorrectly added root-level shared.xml)
The PR now only contains the KylinSec Server 6 baseline additions and the necessary product-specific rule adaptations.

Could you please trigger /ok-to-test when you have a moment? Thanks!

[jcm-123]

Hi @Mab879 and reviewers,

I've rebased the branch onto the latest master and pushed the updated commit. Summary of changes:

Rebase & sync

Rebased onto current upstream master (branch was ~45 commits behind)
Single commit preserved: Add KylinSecServer6 OS baseline support
CI fix (Automatus Debian 12)

Root cause: modifying the shared rule service_rsyncd_disabled triggered CTF to run Automatus tests on Debian 12, where the default package name rsync-daemon does not exist (Debian uses rsync)
Added packagename@debian11/12: rsync overrides for Debian CI
After rebase, upstream had already added debian13; removed the duplicate packagename@debian13 entry from our commit
Other updates

Added kylinsecserver6 to the Gate Fedora build list in gate_fedora.yml
The UFW-related warnings in the Automatus logs are expected — those sysctl test scenarios are Ubuntu-specific and are skipped on Debian; they were not the cause of the failure.

Could you please trigger /ok-to-test and re-review when you have a moment? Thanks!