For the GConf checks, it looks like the content first used the ind-def:textfilecontent54_test and was just updated to use the ind-def:xmlfilecontent_test which seems like a good improvement to me.
Just curious, has anyone considered using the unix-def:gconf_test (http://oval.mitre.org/language/version5.10.1/ovaldefinition/documentation/unix-definitions-schema.html#gconf_test)? If so, are there any problems with the gconf_test that make using the ind-def:xmlfilecontent_test more desirable? This seems to be a good opportunity for me to get some feedback on the usability of the unix-def:gconf_test from an OVAL content authoring perspective :). Thanks, Danny >-----Original Message----- >From: [email protected] [mailto:scap- >[email protected]] On Behalf Of Maura Dailey >Sent: Monday, December 16, 2013 12:07 PM >To: [email protected] >Subject: Re: [PATCH] Rewrote various GConf checks to standardize on >xmlfilecontent tests and ensured they were actually checking the correct >location (gconf.xml.mandatory, not gconf.xml.defaults). > >I pushed it! > >- Maura Dailey > >On 12/16/2013 11:59 AM, Shawn Wells wrote: >> On 12/16/13, 11:43 AM, Maura Dailey wrote: >>> I've been out sick, but I noticed that no one seems to have looked at >>> this one. Let me know if I can push this or if I need to change >>> something. >>> >>> Thanks, >>> Maura Dailey >>> >>> On 11/25/2013 04:02 PM, Maura Dailey wrote: >>>> Signed-off-by: Maura Dailey <[email protected]> >>>> --- >>>> .../input/checks/gconf_gnome_disable_automount.xml | 59 >>>> +++++++++++--------- >>>> .../checks/gconf_gnome_disable_thumbnailers.xml | 34 ++++++----- >>>> ...f_gnome_screensaver_idle_activation_enabled.xml | 19 ++++-- >>>> .../checks/gconf_gnome_screensaver_idle_delay.xml | 24 +++++--- >>>> .../gconf_gnome_screensaver_lock_enabled.xml | 14 +++-- >>>> .../checks/gconf_gnome_screensaver_mode_blank.xml | 12 +++- >>>> RHEL6/input/checks/package_GConf2_installed.xml | 26 +++++++++ >>>> .../input/checks/templates/packages_installed.csv | 1 + >>>> RHEL6/input/fixes/bash/package_GConf2_installed.sh | 1 + >>>> 9 files changed, 124 insertions(+), 66 deletions(-) >>>> create mode 100644 RHEL6/input/checks/package_GConf2_installed.xml >>>> create mode 100644 >RHEL6/input/fixes/bash/package_GConf2_installed.sh >>>> >>>> diff --git a/RHEL6/input/checks/gconf_gnome_disable_automount.xml >>>> b/RHEL6/input/checks/gconf_gnome_disable_automount.xml >>>> index e2e7efc..f78fc89 100644 >>>> --- a/RHEL6/input/checks/gconf_gnome_disable_automount.xml >>>> +++ b/RHEL6/input/checks/gconf_gnome_disable_automount.xml >>>> @@ -1,41 +1,46 @@ >>>> <def-group> >>>> - <definition class="compliance" >>>> - id="gconf_gnome_disable_automount" version="1"> >>>> + <definition class="compliance" id="gconf_gnome_disable_automount" >>>> version="1"> >>>> <metadata> >>>> <title>Disable GNOME Automounting</title> >>>> <affected family="unix"> >>>> <platform>Red Hat Enterprise Linux 6</platform> >>>> </affected> >>>> - <description>The system's default desktop environment, GNOME, >>>> will mount devices and removable media (such as DVDs, CDs and USB >>>> flash drives) whenever they are inserted into the system. Disable >>>> automount and autorun within GNOME.</description> >>>> + <description>The system's default desktop environment, GNOME, >>>> will mount >>>> + devices and removable media (such as DVDs, CDs and USB flash >>>> drives) >>>> + whenever they are inserted into the system. Disable automount >>>> and autorun >>>> + within GNOME.</description> >>>> + <reference source="MED" ref_id="20131125" >>>> ref_url="test_attestation" /> >>>> </metadata> >>>> - <criteria operator="AND"> >>>> + <criteria operator="OR"> >>>> + <extend_definition comment="GConf2 installed" >>>> definition_ref="package_GConf2_installed" negate="true" /> >>>> <criterion comment="Disable automount in GNOME" >>>> test_ref="test_gconf_gnome_disable_automount" /> >>>> - <criterion comment="Disable autorun in GNOME" >>>> test_ref="test_gconf_gnome_disable_automount_autorun" /> >>>> + <criterion comment="Disable autorun in GNOME" >>>> test_ref="test_gconf_gnome_disable_automount_autorun" /> >>>> </criteria> >>>> </definition> >>>> - >>>> - <ind:textfilecontent54_test check="all" check_existence="all_exist" >>>> - comment="Disable automount in GNOME" >>>> - id="test_gconf_gnome_disable_automount" version="1"> >>>> + <ind:xmlfilecontent_test check="all" check_existence="all_exist" >>>> + comment="Disable automount in GNOME" >>>> id="test_gconf_gnome_disable_automount" >>>> + version="1"> >>>> <ind:object object_ref="obj_gconf_gnome_disable_automount" /> >>>> - </ind:textfilecontent54_test> >>>> - <ind:textfilecontent54_object >>>> id="obj_gconf_gnome_disable_automount" version="1"> >>>> - >>>> ><ind:path>/etc/gconf/gconf.xml.mandatory/apps/nautilus/preferences</ind:p >ath> >>>> - <ind:filename>%gconf.xml</ind:filename> >>>> - <ind:pattern operation="pattern >>>> >match">^\s*.entry\s+name="media_automount"\s+mtime="\d+"\s+type="bo >ol"\s+value="false"\/.$</ind:pattern> >>>> - <ind:instance datatype="int">1</ind:instance> >>>> - </ind:textfilecontent54_object> >>>> - >>>> - <ind:textfilecontent54_test check="all" check_existence="all_exist" >>>> - comment="Disable autorun in GNOME" >>>> + <ind:state state_ref="state_gconf_gnome_disable_automount" /> >>>> + </ind:xmlfilecontent_test> >>>> + <ind:xmlfilecontent_state >>>> id="state_gconf_gnome_disable_automount" version="1"> >>>> + <ind:value_of datatype="string">false</ind:value_of> >>>> + </ind:xmlfilecontent_state> >>>> + <ind:xmlfilecontent_object id="obj_gconf_gnome_disable_automount" >>>> version="1"> >>>> + >>>> ><ind:filepath>/etc/gconf/gconf.xml.mandatory/apps/nautilus/preferences/%g >conf.xml</ind:filepath> >>>> + ><ind:xpath>/gconf/entry[@name='media_automount']/@value</ind:xpath> >>>> + </ind:xmlfilecontent_object> >>>> + <ind:xmlfilecontent_test check="all" check_existence="all_exist" >>>> + comment="Disable autorun in GNOME" >>>> id="test_gconf_gnome_disable_automount_autorun" version="1"> >>>> <ind:object >>>> object_ref="obj_gconf_gnome_disable_automount_autorun" /> >>>> - </ind:textfilecontent54_test> >>>> - <ind:textfilecontent54_object >>>> id="obj_gconf_gnome_disable_automount_autorun" version="1"> >>>> - >>>> ><ind:path>/etc/gconf/gconf.xml.mandatory/apps/nautilus/preferences</ind:p >ath> >>>> - <ind:filename>%gconf.xml</ind:filename> >>>> - <ind:pattern operation="pattern >>>> >match">^\s*.entry\s+name="media_autorun_never"\s+mtime="\d+"\s+type= >"bool"\s+value="true"\/.$</ind:pattern> >>>> - <ind:instance datatype="int">1</ind:instance> >>>> - </ind:textfilecontent54_object> >>>> - >>>> + <ind:state >>>> state_ref="state_gconf_gnome_disable_automount_autorun" /> >>>> + </ind:xmlfilecontent_test> >>>> + <ind:xmlfilecontent_state >>>> id="state_gconf_gnome_disable_automount_autorun" version="1"> >>>> + <ind:value_of datatype="string">true</ind:value_of> >>>> + </ind:xmlfilecontent_state> >>>> + <ind:xmlfilecontent_object >>>> id="obj_gconf_gnome_disable_automount_autorun" version="1"> >>>> + >>>> ><ind:filepath>/etc/gconf/gconf.xml.mandatory/apps/nautilus/preferences/%g >conf.xml</ind:filepath> >>>> + >>>> ><ind:xpath>/gconf/entry[@name='media_autorun_never']/@value</ind:xpat >h> >>>> + </ind:xmlfilecontent_object> >>>> </def-group> >>>> diff --git a/RHEL6/input/checks/gconf_gnome_disable_thumbnailers.xml >>>> b/RHEL6/input/checks/gconf_gnome_disable_thumbnailers.xml >>>> index 72bf086..80045a3 100644 >>>> --- a/RHEL6/input/checks/gconf_gnome_disable_thumbnailers.xml >>>> +++ b/RHEL6/input/checks/gconf_gnome_disable_thumbnailers.xml >>>> @@ -1,28 +1,32 @@ >>>> <def-group> >>>> - <definition class="compliance" >>>> - id="gconf_gnome_disable_thumbnailers" version="1"> >>>> + <definition class="compliance" >>>> id="gconf_gnome_disable_thumbnailers" version="1"> >>>> <metadata> >>>> <title>Disable All GNOME Thumbnailers</title> >>>> <affected family="unix"> >>>> <platform>Red Hat Enterprise Linux 6</platform> >>>> </affected> >>>> - <description>The system's default desktop environment, GNOME, >>>> uses a number of different thumbnailer programs to generate >>>> thumbnails for any new or modified content in an opened folder. >>>> Disable the execution of these thumbnail applications within >>>> GNOME.</description> >>>> + <description>The system's default desktop environment, GNOME, >>>> uses a >>>> + number of different thumbnailer programs to generate >>>> thumbnails for any >>>> + new or modified content in an opened folder. Disable the >>>> execution of >>>> + these thumbnail applications within GNOME.</description> >>>> + <reference source="MED" ref_id="20131125" >>>> ref_url="test_attestation" /> >>>> </metadata> >>>> - <criteria> >>>> + <criteria operator="OR"> >>>> + <extend_definition comment="GConf2 installed" >>>> definition_ref="package_GConf2_installed" negate="true" /> >>>> <criterion comment="Disable thumbnailers in GNOME" >>>> test_ref="test_gconf_gnome_disable_thumbnailers" /> >>>> </criteria> >>>> </definition> >>>> - >>>> - <ind:textfilecontent54_test check="all" check_existence="none_exist" >>>> - comment="Disable thumbnailers in GNOME" >>>> + <ind:xmlfilecontent_test check="all" check_existence="all_exist" >>>> + comment="Disable thumbnailers in GNOME" >>>> id="test_gconf_gnome_disable_thumbnailers" version="1"> >>>> <ind:object object_ref="obj_gconf_gnome_disable_thumbnailers" /> >>>> - </ind:textfilecontent54_test> >>>> - <ind:textfilecontent54_object >>>> id="obj_gconf_gnome_disable_thumbnailers" version="1"> >>>> - >>>> ><ind:path>/etc/gconf/gconf.xml.mandatory/desktop/gnome/thumbnailers</i >nd:path> >>>> - <ind:filename>%gconf.xml</ind:filename> >>>> - <ind:pattern operation="pattern >>>> >match">^\s*.entry\s+name="disable_all"\s+mtime="\d+"\s+type="bool"\s+va >lue="true"\/.$</ind:pattern> >>>> - <ind:instance datatype="int">1</ind:instance> >>>> - </ind:textfilecontent54_object> >>>> - >>>> + <ind:state state_ref="state_gconf_gnome_disable_thumbnailers" /> >>>> + </ind:xmlfilecontent_test> >>>> + <ind:xmlfilecontent_state >>>> id="state_gconf_gnome_disable_thumbnailers" version="1"> >>>> + <ind:value_of datatype="string">true</ind:value_of> >>>> + </ind:xmlfilecontent_state> >>>> + <ind:xmlfilecontent_object >>>> id="obj_gconf_gnome_disable_thumbnailers" version="1"> >>>> + >>>> ><ind:filepath>/etc/gconf/gconf.xml.mandatory/desktop/gnome/thumbnailers >/%gconf.xml</ind:filepath> >>>> + <ind:xpath>/gconf/entry[@name='disable_all']/@value</ind:xpath> >>>> + </ind:xmlfilecontent_object> >>>> </def-group> >>>> diff --git >>>> >a/RHEL6/input/checks/gconf_gnome_screensaver_idle_activation_enabled.xm >l >>>> >b/RHEL6/input/checks/gconf_gnome_screensaver_idle_activation_enabled.x >ml >>>> >>>> index 5776014..0d012a7 100644 >>>> --- >>>> >a/RHEL6/input/checks/gconf_gnome_screensaver_idle_activation_enabled.xm >l >>>> >>>> +++ >>>> >b/RHEL6/input/checks/gconf_gnome_screensaver_idle_activation_enabled.x >ml >>>> >>>> @@ -5,21 +5,26 @@ >>>> <affected family="unix"> >>>> <platform>Red Hat Enterprise Linux 6</platform> >>>> </affected> >>>> - <description>Idle activation of the screen saver should be >>>> enabled.</description> >>>> + <description>Idle activation of the screen saver should be >>>> + enabled.</description> >>>> + <reference source="MED" ref_id="20131125" >>>> ref_url="test_attestation" /> >>>> </metadata> >>>> - <criteria> >>>> + <criteria operator="OR"> >>>> + <extend_definition comment="GConf2 installed" >>>> definition_ref="package_GConf2_installed" negate="true" /> >>>> <criterion comment="gnome screensaver is activated on idle" >>>> test_ref="test_gnome_screensaver_idle_activated" /> >>>> </criteria> >>>> </definition> >>>> - <ind:xmlfilecontent_test check="all" comment="gnome screensaver >>>> is activated on idle" id="test_gnome_screensaver_idle_activated" >>>> version="1"> >>>> + <ind:xmlfilecontent_test check="all" >>>> + comment="gnome screensaver is activated on idle" >>>> + id="test_gnome_screensaver_idle_activated" version="1"> >>>> <ind:object >>>> object_ref="object_gnome_screensaver_idle_activated" /> >>>> - <ind:state state_ref="state_activated_on_idle" /> >>>> + <ind:state state_ref="state_gnome_screensaver_idle_activated" /> >>>> </ind:xmlfilecontent_test> >>>> - <ind:xmlfilecontent_state id="state_activated_on_idle" version="1"> >>>> + <ind:xmlfilecontent_state >>>> id="state_gnome_screensaver_idle_activated" version="1"> >>>> <ind:value_of datatype="string">true</ind:value_of> >>>> </ind:xmlfilecontent_state> >>>> <ind:xmlfilecontent_object >>>> id="object_gnome_screensaver_idle_activated" version="1"> >>>> - >>>> <ind:filepath>/etc/gconf/gconf.xml.defaults/%gconf- >tree.xml</ind:filepath> >>>> - >>>> ><ind:xpath>/gconf/dir[@name='schemas']/dir[@name='apps']/dir[@name='gn >ome- >screensaver']/entry[@name='idle_activation_enabled']/local_schema[1]/defau >lt[1]/@value</ind:xpath> >>>> + >>>> <ind:filepath>/etc/gconf/gconf.xml.mandatory/apps/gnome- >screensaver/%gconf.xml</ind:filepath> >>>> + >>>> ><ind:xpath>/gconf/entry[@name='idle_activation_enabled']/@value</ind:xpa >th> >>>> </ind:xmlfilecontent_object> >>>> </def-group> >>>> diff --git >>>> a/RHEL6/input/checks/gconf_gnome_screensaver_idle_delay.xml >>>> b/RHEL6/input/checks/gconf_gnome_screensaver_idle_delay.xml >>>> index 70cc1c2..c77e608 100644 >>>> --- a/RHEL6/input/checks/gconf_gnome_screensaver_idle_delay.xml >>>> +++ b/RHEL6/input/checks/gconf_gnome_screensaver_idle_delay.xml >>>> @@ -5,22 +5,30 @@ >>>> <affected family="unix"> >>>> <platform>Red Hat Enterprise Linux 6</platform> >>>> </affected> >>>> - <description>The allowed period of inactivity before the >>>> screensaver is activated.</description> >>>> + <description>The allowed period of inactivity before the >>>> screensaver is >>>> + activated.</description> >>>> + <reference source="MED" ref_id="20131125" >>>> ref_url="test_attestation" /> >>>> </metadata> >>>> - <criteria> >>>> + <criteria operator="OR"> >>>> + <extend_definition comment="GConf2 installed" >>>> definition_ref="package_GConf2_installed" negate="true" /> >>>> <criterion comment="check value of idle_delay in GCONF" >>>> test_ref="test_gnome_screensaver_idle_delay" /> >>>> </criteria> >>>> </definition> >>>> - <ind:xmlfilecontent_test check="all" comment="test screensaver >>>> timeout period" id="test_gnome_screensaver_idle_delay" version="1"> >>>> + <ind:xmlfilecontent_test check="all" >>>> + comment="test screensaver timeout period" >>>> + id="test_gnome_screensaver_idle_delay" version="1"> >>>> <ind:object object_ref="object_gnome_screensaver_idle_delay" /> >>>> <ind:state state_ref="state_gnome_screensaver_idle_delay" /> >>>> </ind:xmlfilecontent_test> >>>> <ind:xmlfilecontent_object >>>> id="object_gnome_screensaver_idle_delay" version="1"> >>>> - >>>> <ind:filepath>/etc/gconf/gconf.xml.defaults/%gconf- >tree.xml</ind:filepath> >>>> - <ind:xpath datatype="string" >>>> >operation="equals">/gconf/dir[@name='schemas']/dir[@name='apps']/dir[@ >name='gnome- >screensaver']/entry[@name='idle_delay']/local_schema[1]/default[1]/@value< >/ind:xpath> >>>> + >>>> <ind:filepath>/etc/gconf/gconf.xml.mandatory/apps/gnome- >screensaver/%gconf.xml</ind:filepath> >>>> + <ind:xpath>/gconf/entry[@name='idle_delay']/@value</ind:xpath> >>>> </ind:xmlfilecontent_object> >>>> - <ind:xmlfilecontent_state comment="idle timeout" >>>> id="state_gnome_screensaver_idle_delay" version="1"> >>>> - <ind:value_of datatype="int" operation="less than or equal" >>>> var_check="all" var_ref="inactivity_timeout_value" /> >>>> + <ind:xmlfilecontent_state comment="idle timeout" >>>> + id="state_gnome_screensaver_idle_delay" version="1"> >>>> + <ind:value_of datatype="int" operation="less than or equal" >>>> var_check="all" >>>> + var_ref="inactivity_timeout_value" /> >>>> </ind:xmlfilecontent_state> >>>> - <external_variable comment="inactivity timeout variable" >>>> datatype="int" id="inactivity_timeout_value" version="1" /> >>>> + <external_variable comment="inactivity timeout variable" >>>> datatype="int" >>>> + id="inactivity_timeout_value" version="1" /> >>>> </def-group> >>>> diff --git >>>> a/RHEL6/input/checks/gconf_gnome_screensaver_lock_enabled.xml >>>> b/RHEL6/input/checks/gconf_gnome_screensaver_lock_enabled.xml >>>> index 06d3020..cc031fc 100644 >>>> --- a/RHEL6/input/checks/gconf_gnome_screensaver_lock_enabled.xml >>>> +++ b/RHEL6/input/checks/gconf_gnome_screensaver_lock_enabled.xml >>>> @@ -5,19 +5,23 @@ >>>> <affected family="unix"> >>>> <platform>Red Hat Enterprise Linux 6</platform> >>>> </affected> >>>> - <description>Idle activation of the screen lock should be >>>> enabled.</description> >>>> + <description>Idle activation of the screen lock should be >>>> + enabled.</description> >>>> + <reference source="MED" ref_id="20131125" >>>> ref_url="test_attestation" /> >>>> </metadata> >>>> - <criteria> >>>> + <criteria operator="OR"> >>>> + <extend_definition comment="GConf2 installed" >>>> definition_ref="package_GConf2_installed" negate="true" /> >>>> <criterion comment="screensaver lock is enabled" >>>> test_ref="test_screensaver_lock_enabled" /> >>>> </criteria> >>>> </definition> >>>> - <ind:xmlfilecontent_test check="all" comment="screensaver lock is >>>> enabled" id="test_screensaver_lock_enabled" version="1"> >>>> + <ind:xmlfilecontent_test check="all" comment="screensaver lock is >>>> enabled" >>>> + id="test_screensaver_lock_enabled" version="1"> >>>> <ind:object object_ref="object_screensaver_lock_enabled" /> >>>> <ind:state state_ref="state_screensaver_lock_enabled" /> >>>> </ind:xmlfilecontent_test> >>>> <ind:xmlfilecontent_object id="object_screensaver_lock_enabled" >>>> version="1"> >>>> - >>>> <ind:filepath>/etc/gconf/gconf.xml.defaults/%gconf- >tree.xml</ind:filepath> >>>> - >>>> ><ind:xpath>/gconf/dir[@name='schemas']/dir[@name='apps']/dir[@name='gn >ome- >screensaver']/entry[@name='lock_enabled']/local_schema[1]/default[1]/@val >ue</ind:xpath> >>>> + >>>> <ind:filepath>/etc/gconf/gconf.xml.mandatory/apps/gnome- >screensaver/%gconf.xml</ind:filepath> >>>> + <ind:xpath>/gconf/entry[@name='lock_enabled']/@value</ind:xpath> >>>> </ind:xmlfilecontent_object> >>>> <ind:xmlfilecontent_state id="state_screensaver_lock_enabled" >>>> version="1"> >>>> <ind:value_of datatype="string">true</ind:value_of> >>>> diff --git >>>> a/RHEL6/input/checks/gconf_gnome_screensaver_mode_blank.xml >>>> b/RHEL6/input/checks/gconf_gnome_screensaver_mode_blank.xml >>>> index 7cad7cd..8229d71 100644 >>>> --- a/RHEL6/input/checks/gconf_gnome_screensaver_mode_blank.xml >>>> +++ b/RHEL6/input/checks/gconf_gnome_screensaver_mode_blank.xml >>>> @@ -6,12 +6,16 @@ >>>> <platform>Red Hat Enterprise Linux 6</platform> >>>> </affected> >>>> <description>The screen saver should be blank.</description> >>>> + <reference source="MED" ref_id="20131125" >>>> ref_url="test_attestation" /> >>>> </metadata> >>>> - <criteria> >>>> + <criteria operator="OR"> >>>> + <extend_definition comment="GConf2 installed" >>>> definition_ref="package_GConf2_installed" negate="true" /> >>>> <criterion comment="gnome screensaver set to blank screen" >>>> test_ref="test_gnome_screensaver_mode" /> >>>> </criteria> >>>> </definition> >>>> - <ind:xmlfilecontent_test check="all" comment="gnome screensaver >>>> set to blank screen" id="test_gnome_screensaver_mode" version="1"> >>>> + <ind:xmlfilecontent_test check="all" >>>> + comment="gnome screensaver set to blank screen" >>>> + id="test_gnome_screensaver_mode" version="1"> >>>> <ind:object object_ref="object_gnome_screensaver_mode" /> >>>> <ind:state state_ref="state_gnome_screensaver_mode" /> >>>> </ind:xmlfilecontent_test> >>>> @@ -19,7 +23,7 @@ >>>> <ind:value_of datatype="string">blank-only</ind:value_of> >>>> </ind:xmlfilecontent_state> >>>> <ind:xmlfilecontent_object id="object_gnome_screensaver_mode" >>>> version="1"> >>>> - >>>> <ind:filepath>/etc/gconf/gconf.xml.defaults/%gconf- >tree.xml</ind:filepath> >>>> - >>>> ><ind:xpath>/gconf/dir[@name='schemas']/dir[@name='apps']/dir[@name='gn >ome- >screensaver']/entry[@name='mode']/local_schema[1]/default[1]/stringvalue[1 >]/text()</ind:xpath> >>>> + >>>> <ind:filepath>/etc/gconf/gconf.xml.mandatory/apps/gnome- >screensaver/%gconf.xml</ind:filepath> >>>> + >>>> ><ind:xpath>/gconf/entry[@name='mode']/stringvalue[1]/text()</ind:xpath> >>>> </ind:xmlfilecontent_object> >>>> </def-group> >>>> diff --git a/RHEL6/input/checks/package_GConf2_installed.xml >>>> b/RHEL6/input/checks/package_GConf2_installed.xml >>>> new file mode 100644 >>>> index 0000000..032d76b >>>> --- /dev/null >>>> +++ b/RHEL6/input/checks/package_GConf2_installed.xml >>>> @@ -0,0 +1,26 @@ >>>> +<def-group> >>>> + <!-- THIS FILE IS GENERATED by create_package_installed.py. DO >>>> NOT EDIT. --> >>>> + <definition class="compliance" id="package_GConf2_installed" >>>> + version="1"> >>>> + <metadata> >>>> + <title>Package GConf2 Installed</title> >>>> + <affected family="unix"> >>>> + <platform>Red Hat Enterprise Linux 6</platform> >>>> + </affected> >>>> + <description>The RPM package GConf2 should be >>>> installed.</description> >>>> + <reference source="swells" ref_id="20130829" >>>> ref_url="test_attestation"/> >>>> + </metadata> >>>> + <criteria> >>>> + <criterion comment="package GConf2 is installed" >>>> + test_ref="test_package_GConf2_installed" /> >>>> + </criteria> >>>> + </definition> >>>> + <linux:rpminfo_test check="all" check_existence="all_exist" >>>> + id="test_package_GConf2_installed" version="1" >>>> + comment="package GConf2 is installed"> >>>> + <linux:object object_ref="obj_package_GConf2_installed" /> >>>> + </linux:rpminfo_test> >>>> + <linux:rpminfo_object id="obj_package_GConf2_installed" >version="1"> >>>> + <linux:name>GConf2</linux:name> >>>> + </linux:rpminfo_object> >>>> +</def-group> >>>> diff --git a/RHEL6/input/checks/templates/packages_installed.csv >>>> b/RHEL6/input/checks/templates/packages_installed.csv >>>> index 990f332..d956daa 100644 >>>> --- a/RHEL6/input/checks/templates/packages_installed.csv >>>> +++ b/RHEL6/input/checks/templates/packages_installed.csv >>>> @@ -1,6 +1,7 @@ >>>> aide >>>> audit >>>> cronie >>>> +GConf2 >>>> iptables >>>> iptables-ipv6 >>>> irqbalance >>>> diff --git a/RHEL6/input/fixes/bash/package_GConf2_installed.sh >>>> b/RHEL6/input/fixes/bash/package_GConf2_installed.sh >>>> new file mode 100644 >>>> index 0000000..02c8768 >>>> --- /dev/null >>>> +++ b/RHEL6/input/fixes/bash/package_GConf2_installed.sh >>>> @@ -0,0 +1 @@ >>>> +yum -y install GConf2 >> >> This is great! Ack. >> >> This tracks back to >> https://bugzilla.redhat.com/show_bug.cgi?id=1043053. Give a shout >> after you've pushed and I'll resolve the bug. >> _______________________________________________ >> scap-security-guide mailing list >> [email protected] >> https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide > >_______________________________________________ >scap-security-guide mailing list >[email protected] >https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
