>From 2bf2b26d9dad12d1647699fec12362cdf8a4b509 Mon Sep 17 00:00:00 2001 From: Shawn Wells <[email protected]> Date: Fri, 29 Mar 2013 20:04:46 -0400 Subject: [PATCH 16/21] Renamed OVAL in set_selinux_policy to match XCCDF rule name Renamed OVAL in set_selinux_policy to match XCCDF rule name
--- RHEL6/input/checks/selinux_policytype.xml | 41 ----------------------------- RHEL6/input/checks/set_selinux_policy.xml | 41 +++++++++++++++++++++++++++++ RHEL6/input/system/selinux.xml | 2 +- 3 files changed, 42 insertions(+), 42 deletions(-) delete mode 100644 RHEL6/input/checks/selinux_policytype.xml create mode 100644 RHEL6/input/checks/set_selinux_policy.xml diff --git a/RHEL6/input/checks/selinux_policytype.xml b/RHEL6/input/checks/selinux_policytype.xml deleted file mode 100644 index 43f7e3f..0000000 --- a/RHEL6/input/checks/selinux_policytype.xml +++ /dev/null @@ -1,41 +0,0 @@ -<def-group> - <definition class="compliance" - id="selinux_policytype" version="1"> - <metadata> - <title>Enable SELinux</title> - <affected family="unix"> - <platform>Red Hat Enterprise Linux 6</platform> - </affected> - <description>The SELinux policy should be set - appropriately.</description> - </metadata> - <criteria> - <criterion test_ref="test_selinux_policy" /> - </criteria> - </definition> - - <ind:textfilecontent54_test check="all" - check_existence="all_exist" - comment="Tests the value of the ^[\s]*SELINUXTYPE[\s]*=[\s]*([^#]*) expression in the /etc/selinux/config file" - id="test_selinux_policy" version="1"> - <ind:object object_ref="obj_selinux_policy" /> - <ind:state state_ref="state_selinux_policy" /> - </ind:textfilecontent54_test> - - <ind:textfilecontent54_state id="state_selinux_policy" version="1"> - <ind:subexpression operation="equals" var_check="all" - var_ref="var_selinux_policy_name" /> - </ind:textfilecontent54_state> - - <external_variable comment="External variable: name of selinux policy in /etc/selinux/config" - datatype="string" id="var_selinux_policy_name" - version="1" /> - - <ind:textfilecontent54_object id="obj_selinux_policy" - version="1"> - <ind:path>/etc/selinux</ind:path> - <ind:filename>config</ind:filename> - <ind:pattern operation="pattern match">^[\s]*SELINUXTYPE[\s]*=[\s]*([^#\s]*)</ind:pattern> - <ind:instance datatype="int">1</ind:instance> - </ind:textfilecontent54_object> -</def-group> diff --git a/RHEL6/input/checks/set_selinux_policy.xml b/RHEL6/input/checks/set_selinux_policy.xml new file mode 100644 index 0000000..43f7e3f --- /dev/null +++ b/RHEL6/input/checks/set_selinux_policy.xml @@ -0,0 +1,41 @@ +<def-group> + <definition class="compliance" + id="selinux_policytype" version="1"> + <metadata> + <title>Enable SELinux</title> + <affected family="unix"> + <platform>Red Hat Enterprise Linux 6</platform> + </affected> + <description>The SELinux policy should be set + appropriately.</description> + </metadata> + <criteria> + <criterion test_ref="test_selinux_policy" /> + </criteria> + </definition> + + <ind:textfilecontent54_test check="all" + check_existence="all_exist" + comment="Tests the value of the ^[\s]*SELINUXTYPE[\s]*=[\s]*([^#]*) expression in the /etc/selinux/config file" + id="test_selinux_policy" version="1"> + <ind:object object_ref="obj_selinux_policy" /> + <ind:state state_ref="state_selinux_policy" /> + </ind:textfilecontent54_test> + + <ind:textfilecontent54_state id="state_selinux_policy" version="1"> + <ind:subexpression operation="equals" var_check="all" + var_ref="var_selinux_policy_name" /> + </ind:textfilecontent54_state> + + <external_variable comment="External variable: name of selinux policy in /etc/selinux/config" + datatype="string" id="var_selinux_policy_name" + version="1" /> + + <ind:textfilecontent54_object id="obj_selinux_policy" + version="1"> + <ind:path>/etc/selinux</ind:path> + <ind:filename>config</ind:filename> + <ind:pattern operation="pattern match">^[\s]*SELINUXTYPE[\s]*=[\s]*([^#\s]*)</ind:pattern> + <ind:instance datatype="int">1</ind:instance> + </ind:textfilecontent54_object> +</def-group> diff --git a/RHEL6/input/system/selinux.xml b/RHEL6/input/system/selinux.xml index 6f519d4..bd9177f 100644 --- a/RHEL6/input/system/selinux.xml +++ b/RHEL6/input/system/selinux.xml @@ -147,7 +147,7 @@ ensures the system will confine processes that are likely to be targeted for exploitation, such as network or system services. </rationale> <ident cce="26875-5" /> -<oval id="selinux_policytype" value="var_selinux_policy_name"/> +<oval id="set_selinux_policy" value="var_selinux_policy_name"/> <ref nist="AC-3,AC-4,AC-6,AU-9" disa="22,32"/> <tested by="DS" on="20121024"/> </Rule> -- 1.7.1
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
