Greetings

Thank you for the update on importing the STIG results into STIGviewer from a 
RHEL7 scan.
I noticed that only some of the checks are imported over and it leaves at least 
149 not reviewed. The result reference ID's were not found in the Checklist 
STIG. Is there action to mitigate this?

This capability is so needed.
Thank you


-----Original Message-----
From: open-scap-list-boun...@redhat.com 
[mailto:open-scap-list-boun...@redhat.com] On Behalf Of 
open-scap-list-requ...@redhat.com
Sent: Thursday, April 12, 2018 12:00 PM
To: open-scap-list@redhat.com
Subject: Open-scap-list Digest, Vol 108, Issue 1

Send Open-scap-list mailing list submissions to
open-scap-list@redhat.com

To subscribe or unsubscribe via the World Wide Web, visit
https://www.redhat.com/mailman/listinfo/open-scap-list
or, via email, send a message with subject or body 'help' to
open-scap-list-requ...@redhat.com

You can reach the person managing the list at
open-scap-list-ow...@redhat.com

When replying, please edit your Subject line so it is more specific than "Re: 
Contents of Open-scap-list digest..."


Today's Topics:

   1. OVAL filtering on directories? (ml+opens...@kcore.org)


----------------------------------------------------------------------

Message: 1
Date: Wed, 11 Apr 2018 16:10:14 +0200
From: ml+opens...@kcore.org
To: open-scap-list@redhat.com
Subject: [Open-scap] OVAL filtering on directories?
Message-ID:
<1523455814.682237.1334345176.13056...@webmail.messagingengine.com>
Content-Type: text/plain; charset="utf-8"

Hello list,

I'm fairly new to OVAL, and for a project I'm documenting several of our 
configuration rules into XCCDF, and adding OVAL rules to them to be able to 
have automated testing afterwards.

For most it's fairly straightforward, but for one I'm stumped and can't seem to 
get it right.

I want to scan /usr/foo and check that all directories in that directory have 
the correct permissions (0755).
(Also same but check that all files have the right selinux context.)

For some reason, I can't seem to get it to filter the way I want. The oval 
collector always returns
Collected: "oval:com.foobar:obj:24" : does not exist


OVAL content:
    <definition class="compliance" id="oval:com.foobar:def:20" version="1">
      <metadata>
        <title>/usr/foo permissions</title>
        <description>/usr/foo directory (and subdirectories) should have 
permissions 0755 (rwx r-x r-x)</description>
        <reference ref_id="REF-000020" source="REF"/>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
        </affected>
      </metadata>
      <criteria operator="AND">
        <criterion comment="/usr/foo permissions" 
test_ref="oval:com.foobar:tst:23"/>
        <criterion comment="/usr/foo permissions" 
test_ref="oval:com.foobar:tst:24"/>
      </criteria>
    </definition>

   <file_test check="all" check_existence="all_exist" comment="/usr/foo 
permissions" id="oval:com.foobar:tst:23" version="1" 
xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix";>
      <object object_ref="oval:com.foobar:obj:23"/>
      <state state_ref="oval:com.foobar:ste:20"/>
    </file_test>

    <file_test check="all" check_existence="all_exist" comment="/usr/foo 
permissions" id="oval:com.foobar:tst:24" version="1" 
xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix";>
      <object object_ref="oval:com.foobar:obj:24"/>
      <state state_ref="oval:com.foobar:ste:22"/>
    </file_test>

    <file_object id="oval:com.foobar:obj:23" version="1" 
xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix";>
      <path>/usr/foo</path>
      <filename xsi:nil="true"/>
    </file_object>
    <file_object id="oval:com.foobar:obj:24" version="1" 
xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix";>
      <set set_operator="INTERSECTION" 
xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5";>
        <object_reference>oval:com.foobar:obj:25</object_reference>
        <filter action="include">oval:com.foobar:ste:21</filter>
      </set>
    </file_object>

    <file_object id="oval:com.foobar:obj:25" version="1" 
xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix";>
      <behaviors recurse="directories" recurse_direction="down"/>
      <path>/usr/foo</path>
      <filename operation="pattern match">^.*$</filename>
    </file_object>

    <file_state id="oval:com.foobar:ste:20" version="1" 
xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix";>
      <suid datatype="boolean">false</suid>
      <sgid datatype="boolean">false</sgid>
      <sticky datatype="boolean">false</sticky>
      <uread datatype="boolean">true</uread>
      <uwrite datatype="boolean">true</uwrite>
      <uexec datatype="boolean">true</uexec>
      <gread datatype="boolean">true</gread>
      <gwrite datatype="boolean">false</gwrite>
      <gexec datatype="boolean">true</gexec>
      <oread datatype="boolean">true</oread>
      <owrite datatype="boolean">false</owrite>
      <oexec datatype="boolean">true</oexec>
    </file_state>

    <file_state id="oval:com.foobar:ste:21" version="1" 
xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix";>
      <type>directory</type>
    </file_state>

    <file_state id="oval:com.foobar:ste:22" version="1" 
xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix";>
      <suid datatype="boolean">false</suid>
      <sgid datatype="boolean">false</sgid>
      <sticky datatype="boolean">false</sticky>
      <uread datatype="boolean">true</uread>
      <uwrite datatype="boolean">true</uwrite>
      <uexec datatype="boolean">true</uexec>
      <gread datatype="boolean">true</gread>
      <gwrite datatype="boolean">false</gwrite>
      <gexec datatype="boolean">true</gexec>
      <oread datatype="boolean">true</oread>
      <owrite datatype="boolean">false</owrite>
      <oexec datatype="boolean">true</oexec>
    </file_state>


It seems that the include action filter on ste:21 is the problem - if i remove 
this, i get a bunch of files returned. If i change this to eg. an exclude 
filter on "regular", i'll just get all the other files. But an include on 
"directory" seems to not work?

I also tried using two exclude filters, but that also returned no results.

Any ideas?

Thanks in advance.




------------------------------

_______________________________________________
Open-scap-list mailing list
Open-scap-list@redhat.com
https://www.redhat.com/mailman/listinfo/open-scap-list

End of Open-scap-list Digest, Vol 108, Issue 1
**********************************************

________________________________

This e-mail and any attachments are intended only for the use of the 
addressee(s) named herein and may contain proprietary information. If you are 
not the intended recipient of this e-mail or believe that you received this 
email in error, please take immediate action to notify the sender of the 
apparent error by reply e-mail; permanently delete the e-mail and any 
attachments from your computer; and do not disseminate, distribute, use, or 
copy this message and any attachments.

_______________________________________________
Open-scap-list mailing list
Open-scap-list@redhat.com
https://www.redhat.com/mailman/listinfo/open-scap-list

Reply via email to