>From 34bf3b7e0432a778e1ed7f471aea253c88b7941a Mon Sep 17 00:00:00 2001 From: Shawn Wells <[email protected]> Date: Sun, 15 Sep 2013 19:20:10 -0400 Subject: [PATCH 17/22] [ticket 390] Updated ensure_redhat_gpgkey_installed - XCCDF/OVAL naming matchings - OVAL signoff
TESTING Evaluating with OVAL tempfile : /tmp/ensure_redhat_gpgkey_installedb24vwa.xml Writing results to : /tmp/ensure_redhat_gpgkey_installedb24vwa.xml-results Definition oval:scap-security-guide.testing:def:211: true Evaluation done. --- .../checks/ensure_redhat_gpgkey_installed.xml | 43 ++++++++++++++++++++ .../checks/package_red_hat_gpgkeys_installed.xml | 42 ------------------- RHEL6/input/system/software/updating.xml | 2 +- 3 files changed, 44 insertions(+), 43 deletions(-) create mode 100644 RHEL6/input/checks/ensure_redhat_gpgkey_installed.xml delete mode 100644 RHEL6/input/checks/package_red_hat_gpgkeys_installed.xml diff --git a/RHEL6/input/checks/ensure_redhat_gpgkey_installed.xml b/RHEL6/input/checks/ensure_redhat_gpgkey_installed.xml new file mode 100644 index 0000000..4afc79b --- /dev/null +++ b/RHEL6/input/checks/ensure_redhat_gpgkey_installed.xml @@ -0,0 +1,43 @@ +<def-group> + <definition class="compliance" id="ensure_redhat_gpgkey_installed" + version="1"> + <metadata> + <title>Red Hat Release and Auxiliary gpg-pubkey Packages Installed</title> + <affected family="unix"> + <platform>Red Hat Enterprise Linux 6</platform> + </affected> + <description>The Red Hat release and auxiliary key packages are required to be installed.</description> + <reference source="swells" ref_id="20130915" ref_url="test_attestation" /> + </metadata> + <criteria comment="packages gpg-pubkey-fd431d51-4ae0493b and gpg-pubkey-2fa658e0-45700c69 are installed" + operator="AND"> + <criterion comment="package gpg-pubkey-fd431d51-4ae0493b is installed" + test_ref="test_package_gpgkey-fd431d51-4ae0493b_installed" /> + <criterion comment="package gpg-pubkey-2fa658e0-45700c69 is installed" + test_ref="test_package_gpgkey-2fa658e0-45700c69_installed" /> + </criteria> + </definition> + <linux:rpminfo_test check="only one" check_existence="any_exist" + id="test_package_gpgkey-fd431d51-4ae0493b_installed" version="1" + comment="Red Hat release key package is installed"> + <linux:object object_ref="obj_package_gpg-pubkey" /> + <linux:state state_ref="state_package_gpg-pubkey-fd431d51-4ae0493b" /> + </linux:rpminfo_test> + <linux:rpminfo_state id="state_package_gpg-pubkey-fd431d51-4ae0493b" version="1"> + <linux:release>4ae0493b</linux:release> + <linux:version>fd431d51</linux:version> + </linux:rpminfo_state> + <linux:rpminfo_test check="only one" check_existence="any_exist" + id="test_package_gpgkey-2fa658e0-45700c69_installed" version="1" + comment="Red Hat auxiliary key package is installed"> + <linux:object object_ref="obj_package_gpg-pubkey" /> + <linux:state state_ref="state_package_gpg-pubkey-2fa658e0-45700c69" /> + </linux:rpminfo_test> + <linux:rpminfo_object id="obj_package_gpg-pubkey" version="1"> + <linux:name>gpg-pubkey</linux:name> + </linux:rpminfo_object> + <linux:rpminfo_state id="state_package_gpg-pubkey-2fa658e0-45700c69" version="1"> + <linux:release>45700c69</linux:release> + <linux:version>2fa658e0</linux:version> + </linux:rpminfo_state> +</def-group> diff --git a/RHEL6/input/checks/package_red_hat_gpgkeys_installed.xml b/RHEL6/input/checks/package_red_hat_gpgkeys_installed.xml deleted file mode 100644 index e06d0c0..0000000 --- a/RHEL6/input/checks/package_red_hat_gpgkeys_installed.xml +++ /dev/null @@ -1,42 +0,0 @@ -<def-group> - <definition class="compliance" id="package_red_hat_gpgkeys_installed" - version="1"> - <metadata> - <title>Red Hat Release and Auxiliary gpg-pubkey Packages Installed</title> - <affected family="unix"> - <platform>Red Hat Enterprise Linux 6</platform> - </affected> - <description>The Red Hat release and auxiliary key packages are required to be installed.</description> - </metadata> - <criteria comment="packages gpg-pubkey-fd431d51-4ae0493b and gpg-pubkey-2fa658e0-45700c69 are installed" - operator="AND"> - <criterion comment="package gpg-pubkey-fd431d51-4ae0493b is installed" - test_ref="test_package_gpgkey-fd431d51-4ae0493b_installed" /> - <criterion comment="package gpg-pubkey-2fa658e0-45700c69 is installed" - test_ref="test_package_gpgkey-2fa658e0-45700c69_installed" /> - </criteria> - </definition> - <linux:rpminfo_test check="only one" check_existence="any_exist" - id="test_package_gpgkey-fd431d51-4ae0493b_installed" version="1" - comment="Red Hat release key package is installed"> - <linux:object object_ref="obj_package_gpg-pubkey" /> - <linux:state state_ref="state_package_gpg-pubkey-fd431d51-4ae0493b" /> - </linux:rpminfo_test> - <linux:rpminfo_state id="state_package_gpg-pubkey-fd431d51-4ae0493b" version="1"> - <linux:release>4ae0493b</linux:release> - <linux:version>fd431d51</linux:version> - </linux:rpminfo_state> - <linux:rpminfo_test check="only one" check_existence="any_exist" - id="test_package_gpgkey-2fa658e0-45700c69_installed" version="1" - comment="Red Hat auxiliary key package is installed"> - <linux:object object_ref="obj_package_gpg-pubkey" /> - <linux:state state_ref="state_package_gpg-pubkey-2fa658e0-45700c69" /> - </linux:rpminfo_test> - <linux:rpminfo_object id="obj_package_gpg-pubkey" version="1"> - <linux:name>gpg-pubkey</linux:name> - </linux:rpminfo_object> - <linux:rpminfo_state id="state_package_gpg-pubkey-2fa658e0-45700c69" version="1"> - <linux:release>45700c69</linux:release> - <linux:version>2fa658e0</linux:version> - </linux:rpminfo_state> -</def-group> diff --git a/RHEL6/input/system/software/updating.xml b/RHEL6/input/system/software/updating.xml index 9dbf8b8..c441322 100644 --- a/RHEL6/input/system/software/updating.xml +++ b/RHEL6/input/system/software/updating.xml @@ -38,7 +38,7 @@ This key is necessary to cryptographically verify packages are from Red Hat. </rationale> <ident cce="26506-6"/> -<oval id="package_red_hat_gpgkeys_installed" /> +<oval id="ensure_redhat_gpgkey_installed" /> <ref nist="SI-7,MA-1(b)" disa="351"/> <tested by="MM" on="20120928"/> </Rule> -- 1.7.1
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
