[PATCH] Service check was still being used and header suggested it was being maintained by template, but that proved to be incorrect. Reimplementing line in templated code to maintain this going forward.

[Maura Dailey]

This was a weird one. I noticed that the check was still in use, and the check 
clearly referenced the templated script in its header, but it had been removed 
at some point, meaning that it was no longer a templated check. I verified that 
the output hadn't been customized and readded it here to the list of checks to 
generate by template.

- Maura Dailey

---
 RHEL6/input/checks/package_ntpdate_removed.xml     |    5 +++--
 RHEL6/input/checks/service_ntpdate_disabled.xml    |    1 -
 RHEL6/input/checks/templates/packages_removed.csv  |    1 +
 RHEL6/input/checks/templates/services_disabled.csv |    1 +
 4 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/RHEL6/input/checks/package_ntpdate_removed.xml 
b/RHEL6/input/checks/package_ntpdate_removed.xml
index a78fb82..fbfa68e 100644
--- a/RHEL6/input/checks/package_ntpdate_removed.xml
+++ b/RHEL6/input/checks/package_ntpdate_removed.xml
@@ -8,6 +8,7 @@
         <platform>Red Hat Enterprise Linux 6</platform>
       </affected>
       <description>The RPM package ntpdate should be removed.</description>
+      <reference source="swells" ref_id="20130829" ref_url="test_attestation"/>
     </metadata>
     <criteria>
       <criterion comment="package ntpdate is removed"
@@ -17,9 +18,9 @@
   <linux:rpminfo_test check="all" check_existence="none_exist"
   id="test_package_ntpdate_removed" version="1"
   comment="package ntpdate is removed">
-    <linux:object object_ref="obj_package_ntpdate" />
+    <linux:object object_ref="obj_package_ntpdate_removed" />
   </linux:rpminfo_test>
-  <linux:rpminfo_object id="obj_package_ntpdate" version="1">
+  <linux:rpminfo_object id="obj_package_ntpdate_removed" version="1">
     <linux:name>ntpdate</linux:name>
   </linux:rpminfo_object>
 </def-group>
diff --git a/RHEL6/input/checks/service_ntpdate_disabled.xml 
b/RHEL6/input/checks/service_ntpdate_disabled.xml
index 5a9559e..67fcbbd 100644
--- a/RHEL6/input/checks/service_ntpdate_disabled.xml
+++ b/RHEL6/input/checks/service_ntpdate_disabled.xml
@@ -8,7 +8,6 @@
         <platform>Red Hat Enterprise Linux 6</platform>
       </affected>
       <description>The ntpdate service should be disabled if 
possible.</description>
-      <reference source="DS" ref_id="20130918" ref_url="test_attestation" />
     </metadata>
    <criteria comment="package ntpdate removed or service ntpdate is not 
configured to start" operator="OR">
     <extend_definition comment="ntpdate removed" 
definition_ref="package_ntpdate_removed" />
diff --git a/RHEL6/input/checks/templates/packages_removed.csv 
b/RHEL6/input/checks/templates/packages_removed.csv
index 02d786f..a153bf9 100644
--- a/RHEL6/input/checks/templates/packages_removed.csv
+++ b/RHEL6/input/checks/templates/packages_removed.csv
@@ -16,6 +16,7 @@ libcgroup
 mdadm
 net-snmp
 nfs-utils
+ntpdate
 oddjob
 openldap-servers
 openssh-server
diff --git a/RHEL6/input/checks/templates/services_disabled.csv 
b/RHEL6/input/checks/templates/services_disabled.csv
index 7045072..e748cd0 100644
--- a/RHEL6/input/checks/templates/services_disabled.csv
+++ b/RHEL6/input/checks/templates/services_disabled.csv
@@ -21,6 +21,7 @@ netconsole,
 netfs,
 nfs,nfs-utils
 nfslock,nfs-utils
+ntpdate,ntpdate
 oddjobd,oddjob
 portreserve,portreserve
 qpidd,qpid-cpp-server
-- 
1.7.1

_______________________________________________
scap-security-guide mailing list
scap-security-guide@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide