[PATCH] [Fedora] Adjust service-enable-macro, service-disable-macro XSLT transforms. Fix service_ntpd_enabled OVAL check. Include patch from Simon Lukasik to obsolete openscap-content package

Tue, 26 Nov 2013 02:16:40 -0800 

[Fedora] Adjust service-enable-macro, service-disable-macro XSLT transforms
         definition to evaluate to proper systemd syntax
[Fedora] Fix service_ntpd_enabled OVAL check Fedora's make validate to pass 
again
[Fedora] Include patch from Simon Lukasik to obsolete openscap-content
         package (RH BZ#1028706)

This patch includes the following:
* modifies the service-enable-macro, service-disable-macro definitions to use
  systemd based syntax instead of chkconfig one (levels not present on Fedora
  already),
* fix service_ntpd_enabled OVAL check Fedora's make validate not to fail with
  "the max_depth, recurse, and recurse_direction behaviors are not allowed
  with a filepath entity" error message,
* include Simon's patch to obsolete Fedora's openscap-content package

Passed basic sanity && regression testing. Pushed to master (since
the changes aren't invasive).

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Technologies Team

From ef59178b736fa2a126b9a336335f3a04de13d155 Mon Sep 17 00:00:00 2001
From: Jan Lieskovsky <[email protected]>
Date: Tue, 26 Nov 2013 10:57:59 +0100
Subject: [PATCH] [Fedora] Adjust service-enable-macro, service-disable-macro
 XSLT transforms          definition to evaluate to proper systemd syntax
 [Fedora] Fix service_ntpd_enabled OVAL check Fedora's make validate to pass
 again [Fedora] Include patch from Simon Lukasik to obsolete openscap-content 
         package (RH BZ#1028706)

Signed-off-by: Jan Lieskovsky <[email protected]>
---
 Fedora/input/checks/service_ntpd_enabled.xml |  1 -
 Fedora/scap-security-guide.spec              | 10 +++++++++-
 Fedora/transforms/shorthand2xccdf.xslt       |  4 ++--
 3 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/Fedora/input/checks/service_ntpd_enabled.xml b/Fedora/input/checks/service_ntpd_enabled.xml
index 171640b..3957188 100644
--- a/Fedora/input/checks/service_ntpd_enabled.xml
+++ b/Fedora/input/checks/service_ntpd_enabled.xml
@@ -25,7 +25,6 @@
   <unix:file_object comment="look for ntpd.service in /etc/systemd/system/multi-user.target.wants"
    id="object_ntpd_enabled_multi_user_target" version="1">
 
-    <unix:behaviors recurse="directories" recurse_direction="down" max_depth="1" recurse_file_system="all" />
     <unix:filepath>/etc/systemd/system/multi-user.target.wants/ntpd.service</unix:filepath>
     <filter action="include">state_symlink</filter>
   </unix:file_object>
diff --git a/Fedora/scap-security-guide.spec b/Fedora/scap-security-guide.spec
index c0ead6c..930edad 100644
--- a/Fedora/scap-security-guide.spec
+++ b/Fedora/scap-security-guide.spec
@@ -5,7 +5,7 @@
 # file one level up - in the main scap-security-guide directory (instead of
 # this one).
 
-%global	fedorassgversion	4.rc5
+%global	fedorassgversion	4.rc6
 
 Name:		scap-security-guide
 Version:	0.1.%{fedorassgversion}
@@ -18,6 +18,7 @@ Source0:	http://fedorapeople.org/~jlieskov/%{name}-%{version}.tar.gz
 BuildArch:	noarch
 BuildRequires:	libxslt, expat, python, openscap-utils >= 0.9.1, python-lxml
 Requires:	xml-common, openscap-utils >= 0.9.1
+Obsoletes:	openscap-content < 0:0.9.13
 
 %description
 The scap-security-guide project provides a guide for configuration of the
@@ -53,6 +54,13 @@ cp -a Fedora/input/auxiliary/scap-security-guide.8 %{buildroot}%{_mandir}/en/man
 %doc Fedora/LICENSE Fedora/output/ssg-fedora-guide.html
 
 %changelog
+* Tue Nov 26 2013 Jan iankko Lieskovsky <[email protected]> 0.1.4.rc6-1
+- Adjust service-enable-macro, service-disable-macro XSLT transforms
+  definition to evaluate to proper systemd syntax
+- Fix service_ntpd_enabled OVAL check make validate to pass again
+- Include patch from Šimon Lukašík to obsolete openscap-content
+  package (RH BZ#1028706)
+
 * Mon Nov 25 2013 Jan iankko Lieskovsky <[email protected]> 0.1.4.rc5-1
 - Add OVAL check to test if there's is remote NTP server configured for
   time data
diff --git a/Fedora/transforms/shorthand2xccdf.xslt b/Fedora/transforms/shorthand2xccdf.xslt
index e2d0a16..c0f4546 100644
--- a/Fedora/transforms/shorthand2xccdf.xslt
+++ b/Fedora/transforms/shorthand2xccdf.xslt
@@ -383,12 +383,12 @@
 
   <xsl:template match="service-disable-macro">
     The <xhtml:code><xsl:value-of select="@service"/></xhtml:code> service can be disabled with the following command:
-    <xhtml:pre># chkconfig <xsl:value-of select="@service"/> off</xhtml:pre>
+    <xhtml:pre># systemctl disable <xsl:value-of select="@service"/>.service</xhtml:pre>
   </xsl:template>
 
   <xsl:template match="service-enable-macro">
     The <xhtml:code><xsl:value-of select="@service"/></xhtml:code> service can be enabled with the following command:
-    <xhtml:pre># chkconfig --level 2345 <xsl:value-of select="@service"/> on</xhtml:pre>
+    <xhtml:pre># systemctl enable <xsl:value-of select="@service"/>.service</xhtml:pre>
   </xsl:template>
 
   <xsl:template match="service-disable-check-macro">
-- 
1.8.3.1


_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide

Reply via email to