Re: [PATCH] [bugfix] Ticket 168 - iptables_smtp_enabled false positive

Wed, 24 Apr 2013 22:33:16 -0700 

On 4/19/13 11:39 PM, Shawn Wells wrote:


0001-bugfix-Ticket-168-iptables_smtp_enabled-false-positi.patch


 From ff769fddff246376939d6b2812442aab79206c05 Mon Sep 17 00:00:00 2001
From: Shawn Wells<[email protected]>
Date: Fri, 19 Apr 2013 23:37:34 -0400
Subject: [PATCH] [bugfix] Ticket 168 - iptables_smtp_enabled false positive
  The test did not first check if Postfix is installed and running, so this was 
a false positive on most scans.
  Added OVAL to check for existence of Postfix

NOTE: Logic needs to be added to detect if IPv6 in use. But that's ticket 398 
(aka, for another time).
---
  RHEL6/input/checks/iptables_smtp_enabled.xml |   10 ++++++++++
  1 files changed, 10 insertions(+), 0 deletions(-)

diff --git a/RHEL6/input/checks/iptables_smtp_enabled.xml 
b/RHEL6/input/checks/iptables_smtp_enabled.xml
index a84d2b0..430da42 100644
--- a/RHEL6/input/checks/iptables_smtp_enabled.xml
+++ b/RHEL6/input/checks/iptables_smtp_enabled.xml
@@ -10,10 +10,20 @@
        the ldap service.</description>
      </metadata>
      <criteria operator="AND">
+      <criterion comment="Package Postfix is installed" 
test_ref="test_package_postfix_installed" />
        <criterion comment="Test ipv4 25 Accept" 
test_ref="test_iptables_smtp_enabled_ipv4" />
        <criterion comment="Test ipv6 25 Accept" 
test_ref="test_iptables_smtp_enabled_ipv6" />
      </criteria>
    </definition>
+
+  <linux:rpminfo_test check="all" check_existence="all_exist" 
id="test_package_postfix_installed" version="1"
+  comment="Package Postfix is installed">
+    <linux:object object_ref="obj_package_postfix" />
+  </linux:rpminfo_test>
+  <linux:rpminfo_object id="obj_package_postfix" version="1">
+    <linux:name>postfix</linux:name>
+  </linux:rpminfo_object>
+
    <ind:textfilecontent54_test check="all"
    check_existence="all_exist" comment="Test for 25 access over ipv4"
    id="test_iptables_smtp_enabled_ipv4" version="1">
-- 1.7.1


pushed as bugfix

[shawn@rhel6 scap-security-guide]$ git push
Counting objects: 11, done.
Compressing objects: 100% (6/6), done.
Writing objects: 100% (6/6), 878 bytes, done.
Total 6 (delta 5), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/scap-security-guide.git
   908e826..3d5c7ff  master -> master

_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide






















					Reply via email to