Hi All, I have a requirement to check that all system accounts are locked. So, I need to get the username from /etc/passwd file based on UIDs (<500) and then check the /etc/shadow file that the password field has either * or !.
This is the definition: <?xml version="1.0" encoding="UTF-8"?> <oval_definitions xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5"; xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5"; xmlns:linux-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux"; xmlns:unix-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix"; xmlns:independent-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent"; xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-definitions-5 oval-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-common-5 oval-common-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#independent independent-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#linux linux-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#unix unix-definitions-schema.xsd"> <generator> <oval:product_name>None</oval:product_name> <oval:product_version>None</oval:product_version> <oval:schema_version>5.11</oval:schema_version> <oval:timestamp>2017-02-04T12:32:41</oval:timestamp> </generator> <definitions> <definition id="oval:test.test.com:def:17" version="1" class="compliance"> <metadata> <title>Ensure System Accounts are disabled</title> <description>This rule verifies that the system accounts are disabled.</description> </metadata> <criteria operator="AND" negate="false" comment="None"> <criterion comment="None" test_ref="oval:test.test.com:tst:17" /> </criteria> </definition> </definitions> <tests> <shadow_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix"; id="oval:test.test.com:tst:17" version="1" check="all" comment="None" check_existence="any_exist"> <object object_ref="oval:test.test.com:obj:19" /> <state state_ref="oval:test.test.com:ste:10" /> </shadow_test> </tests> <objects> <shadow_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix"; id="oval:test.test.com:obj:19" version="1" comment="None"> <username datatype="string" operation="equals" var_check="all" var_ref="oval:test.test.com:var:6" /> </shadow_object> <password_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix"; id="oval:test.test.com:obj:17" version="1" comment="None"> <username datatype="string" operation="pattern match">.*</username> <filter xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5"; action="exclude">oval:test.test.com:ste:9</filter> </password_object> </objects> <states> <shadow_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix"; id="oval:test.test.com:ste:10" version="1" comment="None"> <password datatype="string" operation="pattern match">^(!?!|[\*])</password> </shadow_state> <password_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix"; id="oval:test.test.com:ste:9" version="1" comment="None"> <user_id datatype="int" operation="greater than or equal">500</user_id> </password_state> </states> <variables> <local_variable xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5"; id="oval:test.test.com:var:6" datatype="string" version="1" comment="None"> <object_component item_field="username" object_ref="oval:test.test.com:obj:17"/> </local_variable> </variables> </oval_definitions> The execution goes fine. But, the result is not correct. When I check the results file, I see below: <object id="oval:test.test.com:obj:19" version="1" flag="does not exist"> <variable_value variable_id="oval:test.test.com:var:6">root</variable_value> <variable_value variable_id="oval:test.test.com:var:6">daemon</variable_value> <variable_value variable_id="oval:test.test.com:var:6">bin</variable_value> <variable_value variable_id="oval:test.test.com:var:6">sys</variable_value> <variable_value variable_id="oval:test.test.com:var:6">sync</variable_value> <variable_value variable_id="oval:test.test.com:var:6">games</variable_value> <variable_value variable_id="oval:test.test.com:var:6">man</variable_value> <variable_value variable_id="oval:test.test.com:var:6">lp</variable_value> <variable_value variable_id="oval:test.test.com:var:6">mail</variable_value> <variable_value variable_id="oval:test.test.com:var:6">news</variable_value> <variable_value variable_id="oval:test.test.com:var:6">uucp</variable_value> <variable_value variable_id="oval:test.test.com:var:6">proxy</variable_value> <variable_value variable_id="oval:test.test.com:var:6">www-data</variable_value> <variable_value variable_id="oval:test.test.com:var:6">backup</variable_value> <variable_value variable_id="oval:test.test.com:var:6">list</variable_value> <variable_value variable_id="oval:test.test.com:var:6">irc</variable_value> <variable_value variable_id="oval:test.test.com:var:6">gnats</variable_value> <variable_value variable_id="oval:test.test.com:var:6">libuuid</variable_value> <variable_value variable_id="oval:test.test.com:var:6">syslog</variable_value> <variable_value variable_id="oval:test.test.com:var:6">messagebus</variable_value> <variable_value variable_id="oval:test.test.com:var:6">landscape</variable_value> <variable_value variable_id="oval:test.test.com:var:6">sshd</variable_value> <variable_value variable_id="oval:test.test.com:var:6">pollinate</variable_value> <variable_value variable_id="oval:test.test.com:var:6">mongodb</variable_value> <variable_value variable_id="oval:test.test.com:var:6">colord</variable_value> <variable_value variable_id="oval:test.test.com:var:6">tomcat7</variable_value> </object> Now, my question is why does the flag say "does not exist" even though the variables are getting populated? Please help. Thanks and regards, Pravin Goyal
_______________________________________________ Open-scap-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/open-scap-list
