>From fd33bd7c2a1ca6bc6f9efe14e4af9ea086106f02 Mon Sep 17 00:00:00 2001 From: Shawn Wells <[email protected]> Date: Fri, 29 Mar 2013 19:52:29 -0400 Subject: [PATCH 11/21] Updated OVAL reference in ensure_gpgcheck_globally_activated - Renamed OVAL check to match XCCDF rule name
--- .../checks/ensure_gpgcheck_globally_activated.xml | 24 ++++++++++++++++++++ .../checks/yum_gpgcheck_global_activation.xml | 24 -------------------- RHEL6/input/system/software/updating.xml | 2 +- 3 files changed, 25 insertions(+), 25 deletions(-) create mode 100644 RHEL6/input/checks/ensure_gpgcheck_globally_activated.xml delete mode 100644 RHEL6/input/checks/yum_gpgcheck_global_activation.xml diff --git a/RHEL6/input/checks/ensure_gpgcheck_globally_activated.xml b/RHEL6/input/checks/ensure_gpgcheck_globally_activated.xml new file mode 100644 index 0000000..7577cd4 --- /dev/null +++ b/RHEL6/input/checks/ensure_gpgcheck_globally_activated.xml @@ -0,0 +1,24 @@ +<def-group> + <definition class="compliance" id="yum_gpgcheck_global_activation" version="1"> + <metadata> + <title>Ensure Yum gpgcheck Globally Activated</title> + <affected family="unix"> + <platform>Red Hat Enterprise Linux 6</platform> + </affected> + <description>The gpgcheck option should be used to ensure + that checking of an RPM package's signature always occurs + prior to its installation./</description> + </metadata> + <criteria> + <criterion comment="check value of gpgcheck in /etc/yum.conf" test_ref="test_yum_gpgcheck_global_activation" /> + </criteria> + </definition> + <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="check value of gpgcheck in /etc/yum.conf" id="test_yum_gpgcheck_global_activation" version="1"> + <ind:object object_ref="object_yum_gpgcheck_global_activation" /> + </ind:textfilecontent54_test> + <ind:textfilecontent54_object id="object_yum_gpgcheck_global_activation" comment="gpgcheck set in /etc/yum.conf" version="1"> + <ind:filepath>/etc/yum.conf</ind:filepath> + <ind:pattern operation="pattern match">^\s*gpgcheck\s*=\s*1\s*$</ind:pattern> + <ind:instance datatype="int" operation="equals">1</ind:instance> + </ind:textfilecontent54_object> +</def-group> diff --git a/RHEL6/input/checks/yum_gpgcheck_global_activation.xml b/RHEL6/input/checks/yum_gpgcheck_global_activation.xml deleted file mode 100644 index 7577cd4..0000000 --- a/RHEL6/input/checks/yum_gpgcheck_global_activation.xml +++ /dev/null @@ -1,24 +0,0 @@ -<def-group> - <definition class="compliance" id="yum_gpgcheck_global_activation" version="1"> - <metadata> - <title>Ensure Yum gpgcheck Globally Activated</title> - <affected family="unix"> - <platform>Red Hat Enterprise Linux 6</platform> - </affected> - <description>The gpgcheck option should be used to ensure - that checking of an RPM package's signature always occurs - prior to its installation./</description> - </metadata> - <criteria> - <criterion comment="check value of gpgcheck in /etc/yum.conf" test_ref="test_yum_gpgcheck_global_activation" /> - </criteria> - </definition> - <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="check value of gpgcheck in /etc/yum.conf" id="test_yum_gpgcheck_global_activation" version="1"> - <ind:object object_ref="object_yum_gpgcheck_global_activation" /> - </ind:textfilecontent54_test> - <ind:textfilecontent54_object id="object_yum_gpgcheck_global_activation" comment="gpgcheck set in /etc/yum.conf" version="1"> - <ind:filepath>/etc/yum.conf</ind:filepath> - <ind:pattern operation="pattern match">^\s*gpgcheck\s*=\s*1\s*$</ind:pattern> - <ind:instance datatype="int" operation="equals">1</ind:instance> - </ind:textfilecontent54_object> -</def-group> diff --git a/RHEL6/input/system/software/updating.xml b/RHEL6/input/system/software/updating.xml index 315324d..091a052 100644 --- a/RHEL6/input/system/software/updating.xml +++ b/RHEL6/input/system/software/updating.xml @@ -75,7 +75,7 @@ installation ensures the provenance of the software and protects against malicious tampering. </rationale> <ident cce="26709-6" /> -<oval id="yum_gpgcheck_global_activation" /> +<oval id="ensure_gpgcheck_globally_activated" /> <ref nist="SI-7" disa="352,663" /> <tested by="MM" on="20120928"/> </Rule> -- 1.7.1
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
