Re: STIG ID RHEL-06-000324 /SSG ID Enable GUI Warning Banner PATCH

Thu, 07 Nov 2013 21:05:23 -0800 

On 11/5/13, 1:17 PM, Rodney L. Mercer wrote:

8<====================

Subject: [PATCH] Added proper filepath, addition of the
  state, filename->filepath conversion to
RHEL6/input/checks/banner_gui_enabled.xml

---
  RHEL6/input/checks/banner_gui_enabled.xml |   10 +++++++---
  1 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/RHEL6/input/checks/banner_gui_enabled.xml
b/RHEL6/input/checks/banner_gui_enabled.xml
index 786a7b7..f9612d3 100644
--- a/RHEL6/input/checks/banner_gui_enabled.xml
+++ b/RHEL6/input/checks/banner_gui_enabled.xml
@@ -6,6 +6,7 @@
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>Enable the GUI warning banner.</description>
+      <reference source="rmercer" ref_id="20131104"
ref_url="test_attestation" />
      </metadata>
      <criteria>
        <criterion comment="check settings"
test_ref="test_banner_gui_enabled" />
@@ -13,10 +14,13 @@
    </definition>
    <ind:xmlfilecontent_test check="all" comment="stuff"
id="test_banner_gui_enabled" version="1">
      <ind:object object_ref="object_banner_message_enable" />
+    <ind:state state_ref="state_banner_message_enable" />
    </ind:xmlfilecontent_test>
    <ind:xmlfilecontent_object id="object_banner_message_enable"
version="1">
-    <ind:path>/etc/gconf/gconf.xml.defaults</ind:path>
-    <ind:filename>%gconf-tree.xml</ind:filename>
-
<ind:xpath>/gconf/dir[@name='apps']/dir[@name='gdm']/dir[@name='simple-greeter']/entry[@name='banner_message_enable']/local_schema[1]/default[1]/@value</ind:xpath>
+    <ind:filepath>/var/lib/gdm/.gconf/apps/gdm/simple-greeter/%
gconf.xml</ind:filepath>
+
<ind:xpath>/gconf/entry[@name='banner_message_enable']/@value</ind:xpath>
    </ind:xmlfilecontent_object>
+  <ind:xmlfilecontent_state id="state_banner_message_enable"
version="1">
+    <ind:value_of datatype="string">true</ind:value_of>
+  </ind:xmlfilecontent_state>
  </def-group>




Pushed:
https://git.fedorahosted.org/cgit/scap-security-guide.git/commit/?id=9050ce1d4c294a3c32b0bcf2d2b18cc6d51bfcf9
It's very likely your xpath fix could be reused across the other GDM checks. It's been awhile since the Melbourne visit.... took a few months, but welcome to the commit club! :) 
_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide

Reply via email to