>From f2ba2b8e7d6b15f9a4a3492e1df3107b9560ee7e Mon Sep 17 00:00:00 2001 From: Shawn Wells <[email protected]> Date: Fri, 29 Mar 2013 19:56:17 -0400 Subject: [PATCH 12/21] Updated OVAL rule name in ensure_gpgcheck_never_disabled.xml - Updated OVAL rule to reflect XCCDF rule name
--- .../checks/ensure_gpgcheck_never_disabled.xml | 26 ++++++++++++++++++++ RHEL6/input/checks/yum_gpgcheck_never_disabled.xml | 26 -------------------- RHEL6/input/system/software/updating.xml | 2 +- 3 files changed, 27 insertions(+), 27 deletions(-) create mode 100644 RHEL6/input/checks/ensure_gpgcheck_never_disabled.xml delete mode 100644 RHEL6/input/checks/yum_gpgcheck_never_disabled.xml diff --git a/RHEL6/input/checks/ensure_gpgcheck_never_disabled.xml b/RHEL6/input/checks/ensure_gpgcheck_never_disabled.xml new file mode 100644 index 0000000..c3a0aec --- /dev/null +++ b/RHEL6/input/checks/ensure_gpgcheck_never_disabled.xml @@ -0,0 +1,26 @@ +<def-group> + <definition class="compliance" id="yum_gpgcheck_never_disabled" version="1"> + <metadata> + <title>All Yum Repos Ensure Package Signature Checking</title> + <affected family="unix"> + <platform>Red Hat Enterprise Linux 6</platform> + </affected> + <description>To ensure that signature checking is not + disabled for any repos, ensure that the following line DOES + NOT appear in any repo configuration files in + /etc/yum.repos.d or elsewhere</description> + </metadata> + <criteria> + <criterion comment="check value of gpgcheck=0 in /etc/yum.repos.d/*" test_ref="test_yum_gpgcheck_never_disabled" /> + </criteria> + </definition> + <ind:textfilecontent54_test check="all" check_existence="none_exist" id="test_yum_gpgcheck_never_disabled" comment="gpgcheck=0 should not exist in any repo file within /etc/yum.repos.d" version="1"> + <ind:object object_ref="object_yum_gpgcheck_never_disabled" /> + </ind:textfilecontent54_test> + <ind:textfilecontent54_object comment="gpgcheck=0 should not exist in any repo file within /etc/yum.repos.d" id="object_yum_gpgcheck_never_disabled" version="1"> + <ind:path>/etc/yum.repos.d</ind:path> + <ind:filename operation="pattern match">.*</ind:filename> + <ind:pattern operation="pattern match">^\s*gpgcheck\s*=\s*0\s*$</ind:pattern> + <ind:instance datatype="int" operation="equals">1</ind:instance> + </ind:textfilecontent54_object> +</def-group> diff --git a/RHEL6/input/checks/yum_gpgcheck_never_disabled.xml b/RHEL6/input/checks/yum_gpgcheck_never_disabled.xml deleted file mode 100644 index c3a0aec..0000000 --- a/RHEL6/input/checks/yum_gpgcheck_never_disabled.xml +++ /dev/null @@ -1,26 +0,0 @@ -<def-group> - <definition class="compliance" id="yum_gpgcheck_never_disabled" version="1"> - <metadata> - <title>All Yum Repos Ensure Package Signature Checking</title> - <affected family="unix"> - <platform>Red Hat Enterprise Linux 6</platform> - </affected> - <description>To ensure that signature checking is not - disabled for any repos, ensure that the following line DOES - NOT appear in any repo configuration files in - /etc/yum.repos.d or elsewhere</description> - </metadata> - <criteria> - <criterion comment="check value of gpgcheck=0 in /etc/yum.repos.d/*" test_ref="test_yum_gpgcheck_never_disabled" /> - </criteria> - </definition> - <ind:textfilecontent54_test check="all" check_existence="none_exist" id="test_yum_gpgcheck_never_disabled" comment="gpgcheck=0 should not exist in any repo file within /etc/yum.repos.d" version="1"> - <ind:object object_ref="object_yum_gpgcheck_never_disabled" /> - </ind:textfilecontent54_test> - <ind:textfilecontent54_object comment="gpgcheck=0 should not exist in any repo file within /etc/yum.repos.d" id="object_yum_gpgcheck_never_disabled" version="1"> - <ind:path>/etc/yum.repos.d</ind:path> - <ind:filename operation="pattern match">.*</ind:filename> - <ind:pattern operation="pattern match">^\s*gpgcheck\s*=\s*0\s*$</ind:pattern> - <ind:instance datatype="int" operation="equals">1</ind:instance> - </ind:textfilecontent54_object> -</def-group> diff --git a/RHEL6/input/system/software/updating.xml b/RHEL6/input/system/software/updating.xml index 091a052..9ffe4ab 100644 --- a/RHEL6/input/system/software/updating.xml +++ b/RHEL6/input/system/software/updating.xml @@ -100,7 +100,7 @@ installation ensures the provenance of the software and protects against malicious tampering. </rationale> <ident cce="26647-8" /> -<oval id="yum_gpgcheck_never_disabled" /> +<oval id="ensure_gpgcheck_never_disabled" /> <ref nist="SI-7" disa="352,663"/> <tested by="MM" on="20120928"/> </Rule> -- 1.7.1
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
