Re: [PATCH 02/8] Updated verify-references.py to ignore ocil-transitional

Fri, 28 Dec 2012 17:38:06 -0800 

On 12/13/12 9:49 PM, Shawn Wells wrote:


0002-Updated-verify-references.py-to-ignore-ocil-transiti.patch


 From c69f76b1ed965dce8cab420202834f6193cc2713 Mon Sep 17 00:00:00 2001
From: Shawn Wells<[email protected]>
Date: Thu, 13 Dec 2012 21:02:15 -0500
Subject: [PATCH 02/28] Updated verify-references.py to ignore ocil-transitional
  The verify-references.py script was generating significant noice on our OCIL 
checks,
  however ocil-transitional is expected as it generates our "this is a finding 
if...."
  language.

Updated verify-references ignore ocil-transitional as an OVAL tag

Behavior before:
$ /var/www/html/scap-security-guide/RHEL6/utils/verify-references.py -p 
stig-rhel6-server --rules-with-disarefs-outside-profile ssg-rhel6-xccdf.xml
Non-OVAL checking system found: ocil-transitional
Non-OVAL checking system found: ocil-transitional
Non-OVAL checking system found: ocil-transitional
Non-OVAL checking system found: ocil-transitional
Non-OVAL checking system found: ocil-transitional
.....
XCCDF Rule found with DISA CCI reference outside Profile stig-rhel6-server: 
disable_prelink
XCCDF Rule found with DISA CCI reference outside Profile stig-rhel6-server: 
aide_build_database
XCCDF Rule found with DISA CCI reference outside Profile stig-rhel6-server: 
mountopt_nodev_on_nonroot_partitions

Behavior after:
$ /var/www/html/scap-security-guide/RHEL6/utils/verify-references.py -p 
stig-rhel6-server --rules-with-disarefs-outside-profile ssg-rhel6-xccdf.xml
XCCDF Rule found with DISA CCI reference outside Profile stig-rhel6-server: 
disable_prelink
XCCDF Rule found with DISA CCI reference outside Profile stig-rhel6-server: 
aide_build_database
XCCDF Rule found with DISA CCI reference outside Profile stig-rhel6-server: 
mountopt_nodev_on_nonroot_partitions
---
  RHEL6/utils/verify-references.py |    3 ++-
  1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/RHEL6/utils/verify-references.py b/RHEL6/utils/verify-references.py
index d7f082d..ddaec7b 100755
--- a/RHEL6/utils/verify-references.py
+++ b/RHEL6/utils/verify-references.py
@@ -55,7 +55,8 @@ def get_ovalfiles(checks):
                if check.get("system") == oval_ns:
                        checkcontentref = check.find("./{%s}check-content-ref" 
% xccdf_ns)
                        ovalfiles.add(checkcontentref.get("href"))
-               else:
+               #else:
+               elif check.get("system") != "ocil-transitional":
                        print "Non-OVAL checking system found: " + 
check.get("system")
        return ovalfiles

  


I went ahead and pushed this

_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide














    











					Reply via email to