Re: banner_gui_enabled.xml

Mon, 04 Nov 2013 17:03:33 -0800 

On 11/4/13, 5:31 PM, Rodney L. Mercer wrote:

I was seeing a fail on "Result for Enable GUI Warning Banner"
CCE-27195-7.

I found this ticket:
https://fedorahosted.org/scap-security-guide/ticket/319

So I worked on the banner_gui_enabled.xml file and came up with the
attached replacement. I tested it and it appears to work correctly.

Could someone check this to see if I have this right?

Thanks,
Rodney.
---------

<def-group>
   <definition class="compliance" id="banner_gui_enabled" version="1">
     <metadata>
       <title>Enable GUI Warning Banner</title>
       <affected family="unix">
         <platform>Red Hat Enterprise Linux 6</platform>
       </affected>
       <description>Enable the GUI warning banner.</description>
     </metadata>
     <criteria>
       <criterion comment="check settings" test_ref="test_banner_gui_enabled" />
     </criteria>
   </definition>
   <ind:xmlfilecontent_test check="all" comment="stuff" id="test_banner_gui_enabled" 
version="1">
     <ind:object object_ref="object_banner_message_enable" />
     <ind:state state_ref="state_banner_message_enable" />
   </ind:xmlfilecontent_test>
   <ind:xmlfilecontent_object id="object_banner_message_enable" version="1">
     
<ind:filepath>/var/lib/gdm/.gconf/apps/gdm/simple-greeter/%gconf.xml</ind:filepath>
     <ind:xpath>/gconf/entry[@name='banner_message_enable']/@value</ind:xpath>
   </ind:xmlfilecontent_object>
   <ind:xmlfilecontent_state id="state_banner_message_enable" version="1">
     <ind:value_of datatype="string">true</ind:value_of>
   </ind:xmlfilecontent_state>
</def-group>
There's a ton of goodness in this. Proper filepath, addition of the state, filename->filepath conversion! 

As for testing:

[root@SSG-RHEL6 checks]# sudo -u gdm gconftool-2 \
>   --type bool \
>   --set /apps/gdm/simple-greeter/banner_message_enable false

[root@SSG-RHEL6 checks]# ./testcheck.py banner_gui_enabled.xml
Evaluating with OVAL tempfile : /tmp/banner_gui_enabledzCPQAU.xml
Writing results to : /tmp/banner_gui_enabledzCPQAU.xml-results
Definition oval:scap-security-guide.testing:def:241: false
Evaluation done.
[root@SSG-RHEL6 checks]# sudo -u gdm gconftool-2 --type bool --set /apps/gdm/simple-greeter/banner_message_enable true 

[root@SSG-RHEL6 checks]# ./testcheck.py banner_gui_enabled.xml
Evaluating with OVAL tempfile : /tmp/banner_gui_enabled72tTqS.xml
Writing results to : /tmp/banner_gui_enabled72tTqS.xml-results
Definition oval:scap-security-guide.testing:def:241: true
Evaluation done.
Add OVAL signoff within the <metadata> tags and please resubmit for an ACK, e.g.: 

<reference source="rmercer" ref_id="20131104" ref_url="test_attestation" />

Nice work!


_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide

Reply via email to