[PATCH 01/25] partition_for_* --> shared/oval/ - Moved

Mon, 23 Dec 2013 17:58:18 -0800 

>From 0ee4bb5a628ce88e717146b4831039747bd86cf7 Mon Sep 17 00:00:00 2001
From: shawn <[email protected]>
Date: Sun, 22 Dec 2013 14:31:38 -0500
Subject: [PATCH 01/25] partition_for_* --> shared/oval/ - Moved
 partition_for_* checks to shared/oval/ - Tested on RHEL7, added platform tag
 - Removed RHEL7 gconf OVAL (as they're not tested yet) - Symlinked
 partition_for_* back to appropriate RHEL6 and RHEL7 directories

Signed-off-by: Shawn Wells <[email protected]>
---
:100644 120000 2081d18... 24da73c... T  
RHEL/6/input/checks/partition_for_home.xml
:100644 120000 9c28c13... 1d91875... T  
RHEL/6/input/checks/partition_for_tmp.xml
:100644 120000 2ed1d38... 760145b... T  
RHEL/6/input/checks/partition_for_var.xml
:100644 120000 94d235b... f19e088... T  
RHEL/6/input/checks/partition_for_var_log.xml
:100644 120000 b7a7d68... dc91923... T  
RHEL/6/input/checks/partition_for_var_log_audit.xml
:100644 000000 f78fc89... 0000000... D  
RHEL/7/input/checks/gconf_gnome_disable_automount.xml
:100644 000000 80045a3... 0000000... D  
RHEL/7/input/checks/gconf_gnome_disable_thumbnailers.xml
:100644 000000 0d012a7... 0000000... D  
RHEL/7/input/checks/gconf_gnome_screensaver_idle_activation_enabled.xml
:100644 000000 c77e608... 0000000... D  
RHEL/7/input/checks/gconf_gnome_screensaver_idle_delay.xml
:100644 000000 cc031fc... 0000000... D  
RHEL/7/input/checks/gconf_gnome_screensaver_lock_enabled.xml
:100644 000000 8229d71... 0000000... D  
RHEL/7/input/checks/gconf_gnome_screensaver_mode_blank.xml
:100644 120000 55b25d0... 24da73c... T  
RHEL/7/input/checks/partition_for_home.xml
:100644 120000 2438ac7... 1d91875... T  
RHEL/7/input/checks/partition_for_tmp.xml
:100644 120000 db883eb... 760145b... T  
RHEL/7/input/checks/partition_for_var.xml
:100644 120000 f0d2f30... f19e088... T  
RHEL/7/input/checks/partition_for_var_log.xml
:100644 120000 a9e7f37... dc91923... T  
RHEL/7/input/checks/partition_for_var_log_audit.xml
:000000 100644 0000000... eb50e33... A  shared/oval/partition_for_home.xml
:000000 100644 0000000... 83b482a... A  shared/oval/partition_for_tmp.xml
:000000 100644 0000000... d86610b... A  shared/oval/partition_for_var.xml
:000000 100644 0000000... 06cfffa... A  shared/oval/partition_for_var_log.xml
:000000 100644 0000000... ffe3092... A  
shared/oval/partition_for_var_log_audit.xml
 RHEL/6/input/checks/partition_for_home.xml         | 27 +------------
 RHEL/6/input/checks/partition_for_tmp.xml          | 25 +-----------
 RHEL/6/input/checks/partition_for_var.xml          | 27 +------------
 RHEL/6/input/checks/partition_for_var_log.xml      | 24 +----------
 .../6/input/checks/partition_for_var_log_audit.xml | 28 +------------
 .../input/checks/gconf_gnome_disable_automount.xml | 46 ----------------------
 .../checks/gconf_gnome_disable_thumbnailers.xml    | 32 ---------------
 ...f_gnome_screensaver_idle_activation_enabled.xml | 30 --------------
 .../checks/gconf_gnome_screensaver_idle_delay.xml  | 34 ----------------
 .../gconf_gnome_screensaver_lock_enabled.xml       | 29 --------------
 .../checks/gconf_gnome_screensaver_mode_blank.xml  | 29 --------------
 RHEL/7/input/checks/partition_for_home.xml         | 26 +-----------
 RHEL/7/input/checks/partition_for_tmp.xml          | 24 +----------
 RHEL/7/input/checks/partition_for_var.xml          | 26 +-----------
 RHEL/7/input/checks/partition_for_var_log.xml      | 23 +----------
 .../7/input/checks/partition_for_var_log_audit.xml | 27 +------------
 shared/oval/partition_for_home.xml                 | 28 +++++++++++++
 shared/oval/partition_for_tmp.xml                  | 26 ++++++++++++
 shared/oval/partition_for_var.xml                  | 27 +++++++++++++
 shared/oval/partition_for_var_log.xml              | 25 ++++++++++++
 shared/oval/partition_for_var_log_audit.xml        | 29 ++++++++++++++
 21 files changed, 145 insertions(+), 447 deletions(-)

diff --git a/RHEL/6/input/checks/partition_for_home.xml 
b/RHEL/6/input/checks/partition_for_home.xml
deleted file mode 100644
index 2081d18..0000000
--- a/RHEL/6/input/checks/partition_for_home.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<def-group>
-  <definition class="compliance" id="partition_for_home" version="1">
-    <metadata>
-      <title>Ensure /home Located On Separate Partition</title>
-      <affected family="unix">
-        <platform>Red Hat Enterprise Linux 6</platform>
-      </affected>
-      <description>If user home directories will be stored locally, create a
-      separate partition for /home. If /home will be mounted from another
-      system such as an NFS server, then creating a separate partition is not
-      necessary at this time, and the mountpoint can instead be configured
-      later.</description>
-      <reference source="MED" ref_id="20130830" ref_url="test_attestation" />
-    </metadata>
-    <criteria>
-      <criterion test_ref="test_home_partition" comment="/home on own 
partition" />
-    </criteria>
-  </definition>
-  <linux:partition_test check="all" check_existence="all_exist"
-  id="test_home_partition" version="1" comment="/home on own partition">
-    <linux:object object_ref="object_mount_home_own_partition" />
-  </linux:partition_test>
-  <linux:partition_object id="object_mount_home_own_partition" version="1">
-    <linux:mount_point>/home</linux:mount_point>
-  </linux:partition_object>
-</def-group>
diff --git a/RHEL/6/input/checks/partition_for_home.xml 
b/RHEL/6/input/checks/partition_for_home.xml
new file mode 120000
index 0000000..24da73c
--- /dev/null
+++ b/RHEL/6/input/checks/partition_for_home.xml
@@ -0,0 +1 @@
+../../../../shared/oval/partition_for_home.xml
\ No newline at end of file
diff --git a/RHEL/6/input/checks/partition_for_tmp.xml 
b/RHEL/6/input/checks/partition_for_tmp.xml
deleted file mode 100644
index 9c28c13..0000000
--- a/RHEL/6/input/checks/partition_for_tmp.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<def-group>
-  <definition class="compliance" id="partition_for_tmp" version="1">
-    <metadata>
-      <title>Ensure /tmp Located On Separate Partition</title>
-      <affected family="unix">
-        <platform>Red Hat Enterprise Linux 6</platform>
-      </affected>
-      <description>The /tmp directory is a world-writable directory used for
-      temporary file storage. Verify that it has its own partition or logical
-      volume.</description>
-      <reference source="MED" ref_id="20130830" ref_url="test_attestation" />
-    </metadata>
-    <criteria>
-      <criterion test_ref="test_tmp_partition" comment="/tmp on own partition" 
/>
-    </criteria>
-  </definition>
-  <linux:partition_test check="all" check_existence="all_exist"
-  id="test_tmp_partition" version="1" comment="/tmp on own partition">
-    <linux:object object_ref="object_own_tmp_partition" />
-  </linux:partition_test>
-  <linux:partition_object id="object_own_tmp_partition" version="1">
-    <linux:mount_point>/tmp</linux:mount_point>
-  </linux:partition_object>
-</def-group>
diff --git a/RHEL/6/input/checks/partition_for_tmp.xml 
b/RHEL/6/input/checks/partition_for_tmp.xml
new file mode 120000
index 0000000..1d91875
--- /dev/null
+++ b/RHEL/6/input/checks/partition_for_tmp.xml
@@ -0,0 +1 @@
+../../../../shared/oval/partition_for_tmp.xml
\ No newline at end of file
diff --git a/RHEL/6/input/checks/partition_for_var.xml 
b/RHEL/6/input/checks/partition_for_var.xml
deleted file mode 100644
index 2ed1d38..0000000
--- a/RHEL/6/input/checks/partition_for_var.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<def-group>
-  <definition class="compliance" id="partition_for_var" version="1">
-    <metadata>
-      <title>Ensure /var Located On Separate Partition</title>
-      <affected family="unix">
-        <platform>Red Hat Enterprise Linux 6</platform>
-      </affected>
-      <description>Ensuring that /var is mounted on its own partition enables
-      the setting of more restrictive mount options, which is used as temporary
-      storage by many program, particularly system services such as daemons. It
-      is not uncommon for the /var directory to contain world-writable
-      directories, installed by other software packages.</description>
-      <reference source="MED" ref_id="20130830" ref_url="test_attestation" />
-    </metadata>
-    <criteria>
-      <criterion test_ref="test_var_partition" comment="/var on own partition" 
/>
-    </criteria>
-  </definition>
-  <linux:partition_test check="all" check_existence="all_exist"
-  id="test_var_partition" version="1" comment="/var on own partition">
-    <linux:object object_ref="object_mount_var_own_partition" />
-  </linux:partition_test>
-  <linux:partition_object id="object_mount_var_own_partition" version="1">
-    <linux:mount_point>/var</linux:mount_point>
-  </linux:partition_object>
-</def-group>
diff --git a/RHEL/6/input/checks/partition_for_var.xml 
b/RHEL/6/input/checks/partition_for_var.xml
new file mode 120000
index 0000000..760145b
--- /dev/null
+++ b/RHEL/6/input/checks/partition_for_var.xml
@@ -0,0 +1 @@
+../../../../shared/oval/partition_for_var.xml
\ No newline at end of file
diff --git a/RHEL/6/input/checks/partition_for_var_log.xml 
b/RHEL/6/input/checks/partition_for_var_log.xml
deleted file mode 100644
index 94d235b..0000000
--- a/RHEL/6/input/checks/partition_for_var_log.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<def-group>
-  <definition class="compliance" id="partition_for_var_log" version="1">
-    <metadata>
-      <title>Ensure /var/log Located On Separate Partition</title>
-      <affected family="unix">
-        <platform>Red Hat Enterprise Linux 6</platform>
-      </affected>
-      <description>System logs are stored in the /var/log directory. Ensure
-      that it has its own partition or logical volume.</description>
-      <reference source="MED" ref_id="20130830" ref_url="test_attestation" />
-    </metadata>
-    <criteria>
-      <criterion test_ref="test_var_log_partition" comment="/var/log on own 
partition" />
-    </criteria>
-  </definition>
-  <linux:partition_test check="all" check_existence="all_exist"
-  id="test_var_log_partition" version="1" comment="/var/log on own partition">
-    <linux:object object_ref="object_mount_var_log_own_partition" />
-  </linux:partition_test>
-  <linux:partition_object id="object_mount_var_log_own_partition" version="1">
-    <linux:mount_point>/var/log</linux:mount_point>
-  </linux:partition_object>
-</def-group>
diff --git a/RHEL/6/input/checks/partition_for_var_log.xml 
b/RHEL/6/input/checks/partition_for_var_log.xml
new file mode 120000
index 0000000..f19e088
--- /dev/null
+++ b/RHEL/6/input/checks/partition_for_var_log.xml
@@ -0,0 +1 @@
+../../../../shared/oval/partition_for_var_log.xml
\ No newline at end of file
diff --git a/RHEL/6/input/checks/partition_for_var_log_audit.xml 
b/RHEL/6/input/checks/partition_for_var_log_audit.xml
deleted file mode 100644
index b7a7d68..0000000
--- a/RHEL/6/input/checks/partition_for_var_log_audit.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<def-group>
-  <definition class="compliance" id="partition_for_var_log_audit" version="1">
-    <metadata>
-      <title>Ensure /var/log/audit Located On Separate Partition</title>
-      <affected family="unix">
-        <platform>Red Hat Enterprise Linux 6</platform>
-      </affected>
-      <description>Audit logs are stored in the /var/log/audit directory.
-      Ensure that it has its own partition or logical volume. Make absolutely
-      certain that it is large enough to store all audit logs that will be
-      created by the auditing daemon.</description>
-      <reference source="MED" ref_id="20130830" ref_url="test_attestation" />
-    </metadata>
-    <criteria>
-      <criterion test_ref="test_var_log_audit_partition" 
comment="/var/log/audit on own partition" />
-    </criteria>
-  </definition>
-  <linux:partition_test check="all" check_existence="all_exist"
-  id="test_var_log_audit_partition" version="1"
-  comment="check for /var/log/audit partition">
-    <linux:object object_ref="object_mount_var_log_audit_own_partition" />
-  </linux:partition_test>
-  <linux:partition_object id="object_mount_var_log_audit_own_partition"
-  version="1">
-    <linux:mount_point>/var/log/audit</linux:mount_point>
-  </linux:partition_object>
-</def-group>
diff --git a/RHEL/6/input/checks/partition_for_var_log_audit.xml 
b/RHEL/6/input/checks/partition_for_var_log_audit.xml
new file mode 120000
index 0000000..dc91923
--- /dev/null
+++ b/RHEL/6/input/checks/partition_for_var_log_audit.xml
@@ -0,0 +1 @@
+../../../../shared/oval/partition_for_var_log_audit.xml
\ No newline at end of file
diff --git a/RHEL/7/input/checks/gconf_gnome_disable_automount.xml 
b/RHEL/7/input/checks/gconf_gnome_disable_automount.xml
deleted file mode 100644
index f78fc89..0000000
--- a/RHEL/7/input/checks/gconf_gnome_disable_automount.xml
+++ /dev/null
@@ -1,46 +0,0 @@
-<def-group>
-  <definition class="compliance" id="gconf_gnome_disable_automount" 
version="1">
-    <metadata>
-      <title>Disable GNOME Automounting</title>
-      <affected family="unix">
-        <platform>Red Hat Enterprise Linux 6</platform>
-      </affected>
-      <description>The system's default desktop environment, GNOME, will mount
-      devices and removable media (such as DVDs, CDs and USB flash drives)
-      whenever they are inserted into the system. Disable automount and autorun
-      within GNOME.</description>
-      <reference source="MED" ref_id="20131125" ref_url="test_attestation" />
-    </metadata>
-    <criteria operator="OR">
-      <extend_definition comment="GConf2 installed" 
definition_ref="package_GConf2_installed" negate="true" />
-      <criterion comment="Disable automount in GNOME" 
test_ref="test_gconf_gnome_disable_automount" />
-      <criterion comment="Disable autorun in GNOME" 
test_ref="test_gconf_gnome_disable_automount_autorun" />
-    </criteria>
-  </definition>
-  <ind:xmlfilecontent_test check="all" check_existence="all_exist"
-  comment="Disable automount in GNOME" id="test_gconf_gnome_disable_automount"
-  version="1">
-    <ind:object object_ref="obj_gconf_gnome_disable_automount" />
-    <ind:state state_ref="state_gconf_gnome_disable_automount" />
-  </ind:xmlfilecontent_test>
-  <ind:xmlfilecontent_state id="state_gconf_gnome_disable_automount" 
version="1">
-    <ind:value_of datatype="string">false</ind:value_of>
-  </ind:xmlfilecontent_state>
-  <ind:xmlfilecontent_object id="obj_gconf_gnome_disable_automount" 
version="1">
-    
<ind:filepath>/etc/gconf/gconf.xml.mandatory/apps/nautilus/preferences/%gconf.xml</ind:filepath>
-    <ind:xpath>/gconf/entry[@name='media_automount']/@value</ind:xpath>
-  </ind:xmlfilecontent_object>
-  <ind:xmlfilecontent_test check="all" check_existence="all_exist"
-  comment="Disable autorun in GNOME"
-  id="test_gconf_gnome_disable_automount_autorun" version="1">
-    <ind:object object_ref="obj_gconf_gnome_disable_automount_autorun" />
-    <ind:state state_ref="state_gconf_gnome_disable_automount_autorun" />
-  </ind:xmlfilecontent_test>
-  <ind:xmlfilecontent_state id="state_gconf_gnome_disable_automount_autorun" 
version="1">
-    <ind:value_of datatype="string">true</ind:value_of>
-  </ind:xmlfilecontent_state>
-  <ind:xmlfilecontent_object id="obj_gconf_gnome_disable_automount_autorun" 
version="1">
-    
<ind:filepath>/etc/gconf/gconf.xml.mandatory/apps/nautilus/preferences/%gconf.xml</ind:filepath>
-    <ind:xpath>/gconf/entry[@name='media_autorun_never']/@value</ind:xpath>
-  </ind:xmlfilecontent_object>
-</def-group>
diff --git a/RHEL/7/input/checks/gconf_gnome_disable_thumbnailers.xml 
b/RHEL/7/input/checks/gconf_gnome_disable_thumbnailers.xml
deleted file mode 100644
index 80045a3..0000000
--- a/RHEL/7/input/checks/gconf_gnome_disable_thumbnailers.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<def-group>
-  <definition class="compliance" id="gconf_gnome_disable_thumbnailers" 
version="1">
-    <metadata>
-      <title>Disable All GNOME Thumbnailers</title>
-      <affected family="unix">
-        <platform>Red Hat Enterprise Linux 6</platform>
-      </affected>
-      <description>The system's default desktop environment, GNOME, uses a
-      number of different thumbnailer programs to generate thumbnails for any
-      new or modified content in an opened folder. Disable the execution of
-      these thumbnail applications within GNOME.</description>
-      <reference source="MED" ref_id="20131125" ref_url="test_attestation" />
-    </metadata>
-    <criteria operator="OR">
-      <extend_definition comment="GConf2 installed" 
definition_ref="package_GConf2_installed" negate="true" />
-      <criterion comment="Disable thumbnailers in GNOME" 
test_ref="test_gconf_gnome_disable_thumbnailers" />
-    </criteria>
-  </definition>
-  <ind:xmlfilecontent_test check="all" check_existence="all_exist"
-  comment="Disable thumbnailers in GNOME"
-  id="test_gconf_gnome_disable_thumbnailers" version="1">
-    <ind:object object_ref="obj_gconf_gnome_disable_thumbnailers" />
-    <ind:state state_ref="state_gconf_gnome_disable_thumbnailers" />
-  </ind:xmlfilecontent_test>
-  <ind:xmlfilecontent_state id="state_gconf_gnome_disable_thumbnailers" 
version="1">
-    <ind:value_of datatype="string">true</ind:value_of>
-  </ind:xmlfilecontent_state>
-  <ind:xmlfilecontent_object id="obj_gconf_gnome_disable_thumbnailers" 
version="1">
-    
<ind:filepath>/etc/gconf/gconf.xml.mandatory/desktop/gnome/thumbnailers/%gconf.xml</ind:filepath>
-    <ind:xpath>/gconf/entry[@name='disable_all']/@value</ind:xpath>
-  </ind:xmlfilecontent_object>
-</def-group>
diff --git 
a/RHEL/7/input/checks/gconf_gnome_screensaver_idle_activation_enabled.xml 
b/RHEL/7/input/checks/gconf_gnome_screensaver_idle_activation_enabled.xml
deleted file mode 100644
index 0d012a7..0000000
--- a/RHEL/7/input/checks/gconf_gnome_screensaver_idle_activation_enabled.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-<def-group>
-  <definition class="compliance" 
id="gconf_gnome_screensaver_idle_activation_enabled" version="1">
-    <metadata>
-      <title>Implement idle activation of screen saver</title>
-      <affected family="unix">
-        <platform>Red Hat Enterprise Linux 6</platform>
-      </affected>
-      <description>Idle activation of the screen saver should be
-      enabled.</description>
-      <reference source="MED" ref_id="20131125" ref_url="test_attestation" />
-    </metadata>
-    <criteria operator="OR">
-      <extend_definition comment="GConf2 installed" 
definition_ref="package_GConf2_installed" negate="true" />
-      <criterion comment="gnome screensaver is activated on idle" 
test_ref="test_gnome_screensaver_idle_activated" />
-    </criteria>
-  </definition>
-  <ind:xmlfilecontent_test check="all"
-  comment="gnome screensaver is activated on idle"
-  id="test_gnome_screensaver_idle_activated" version="1">
-    <ind:object object_ref="object_gnome_screensaver_idle_activated" />
-    <ind:state state_ref="state_gnome_screensaver_idle_activated" />
-  </ind:xmlfilecontent_test>
-  <ind:xmlfilecontent_state id="state_gnome_screensaver_idle_activated" 
version="1">
-    <ind:value_of datatype="string">true</ind:value_of>
-  </ind:xmlfilecontent_state>
-  <ind:xmlfilecontent_object id="object_gnome_screensaver_idle_activated" 
version="1">
-    
<ind:filepath>/etc/gconf/gconf.xml.mandatory/apps/gnome-screensaver/%gconf.xml</ind:filepath>
-    <ind:xpath>/gconf/entry[@name='idle_activation_enabled']/@value</ind:xpath>
-  </ind:xmlfilecontent_object>
-</def-group>
diff --git a/RHEL/7/input/checks/gconf_gnome_screensaver_idle_delay.xml 
b/RHEL/7/input/checks/gconf_gnome_screensaver_idle_delay.xml
deleted file mode 100644
index c77e608..0000000
--- a/RHEL/7/input/checks/gconf_gnome_screensaver_idle_delay.xml
+++ /dev/null
@@ -1,34 +0,0 @@
-<def-group>
-  <definition class="compliance" id="gconf_gnome_screensaver_idle_delay" 
version="1">
-    <metadata>
-      <title>Configure GUI Screen Locking</title>
-      <affected family="unix">
-        <platform>Red Hat Enterprise Linux 6</platform>
-      </affected>
-      <description>The allowed period of inactivity before the screensaver is
-      activated.</description>
-      <reference source="MED" ref_id="20131125" ref_url="test_attestation" />
-    </metadata>
-    <criteria operator="OR">
-      <extend_definition comment="GConf2 installed" 
definition_ref="package_GConf2_installed" negate="true" />
-      <criterion comment="check value of idle_delay in GCONF" 
test_ref="test_gnome_screensaver_idle_delay" />
-    </criteria>
-  </definition>
-  <ind:xmlfilecontent_test check="all"
-  comment="test screensaver timeout period"
-  id="test_gnome_screensaver_idle_delay" version="1">
-    <ind:object object_ref="object_gnome_screensaver_idle_delay" />
-    <ind:state state_ref="state_gnome_screensaver_idle_delay" />
-  </ind:xmlfilecontent_test>
-  <ind:xmlfilecontent_object id="object_gnome_screensaver_idle_delay" 
version="1">
-    
<ind:filepath>/etc/gconf/gconf.xml.mandatory/apps/gnome-screensaver/%gconf.xml</ind:filepath>
-    <ind:xpath>/gconf/entry[@name='idle_delay']/@value</ind:xpath>
-  </ind:xmlfilecontent_object>
-  <ind:xmlfilecontent_state comment="idle timeout"
-  id="state_gnome_screensaver_idle_delay" version="1">
-    <ind:value_of datatype="int" operation="less than or equal" var_check="all"
-    var_ref="inactivity_timeout_value" />
-  </ind:xmlfilecontent_state>
-  <external_variable comment="inactivity timeout variable" datatype="int"
-  id="inactivity_timeout_value" version="1" />
-</def-group>
diff --git a/RHEL/7/input/checks/gconf_gnome_screensaver_lock_enabled.xml 
b/RHEL/7/input/checks/gconf_gnome_screensaver_lock_enabled.xml
deleted file mode 100644
index cc031fc..0000000
--- a/RHEL/7/input/checks/gconf_gnome_screensaver_lock_enabled.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<def-group>
-  <definition class="compliance" id="gconf_gnome_screensaver_lock_enabled" 
version="1">
-    <metadata>
-      <title>Implement idle activation of screen lock</title>
-      <affected family="unix">
-        <platform>Red Hat Enterprise Linux 6</platform>
-      </affected>
-      <description>Idle activation of the screen lock should be
-      enabled.</description>
-      <reference source="MED" ref_id="20131125" ref_url="test_attestation" />
-    </metadata>
-    <criteria operator="OR">
-      <extend_definition comment="GConf2 installed" 
definition_ref="package_GConf2_installed" negate="true" />
-      <criterion comment="screensaver lock is enabled" 
test_ref="test_screensaver_lock_enabled" />
-    </criteria>
-  </definition>
-  <ind:xmlfilecontent_test check="all" comment="screensaver lock is enabled"
-  id="test_screensaver_lock_enabled" version="1">
-    <ind:object object_ref="object_screensaver_lock_enabled" />
-    <ind:state state_ref="state_screensaver_lock_enabled" />
-  </ind:xmlfilecontent_test>
-  <ind:xmlfilecontent_object id="object_screensaver_lock_enabled" version="1">
-    
<ind:filepath>/etc/gconf/gconf.xml.mandatory/apps/gnome-screensaver/%gconf.xml</ind:filepath>
-    <ind:xpath>/gconf/entry[@name='lock_enabled']/@value</ind:xpath>
-  </ind:xmlfilecontent_object>
-  <ind:xmlfilecontent_state id="state_screensaver_lock_enabled" version="1">
-    <ind:value_of datatype="string">true</ind:value_of>
-  </ind:xmlfilecontent_state>
-</def-group>
diff --git a/RHEL/7/input/checks/gconf_gnome_screensaver_mode_blank.xml 
b/RHEL/7/input/checks/gconf_gnome_screensaver_mode_blank.xml
deleted file mode 100644
index 8229d71..0000000
--- a/RHEL/7/input/checks/gconf_gnome_screensaver_mode_blank.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<def-group>
-  <definition class="compliance" id="gconf_gnome_screensaver_mode_blank" 
version="1">
-    <metadata>
-      <title>Implement blank screen saver</title>
-      <affected family="unix">
-        <platform>Red Hat Enterprise Linux 6</platform>
-      </affected>
-      <description>The screen saver should be blank.</description>
-      <reference source="MED" ref_id="20131125" ref_url="test_attestation" />
-    </metadata>
-    <criteria operator="OR">
-      <extend_definition comment="GConf2 installed" 
definition_ref="package_GConf2_installed" negate="true" />
-      <criterion comment="gnome screensaver set to blank screen" 
test_ref="test_gnome_screensaver_mode" />
-    </criteria>
-  </definition>
-  <ind:xmlfilecontent_test check="all"
-  comment="gnome screensaver set to blank screen"
-  id="test_gnome_screensaver_mode" version="1">
-    <ind:object object_ref="object_gnome_screensaver_mode" />
-    <ind:state state_ref="state_gnome_screensaver_mode" />
-  </ind:xmlfilecontent_test>
-  <ind:xmlfilecontent_state id="state_gnome_screensaver_mode" version="1">
-    <ind:value_of datatype="string">blank-only</ind:value_of>
-  </ind:xmlfilecontent_state>
-  <ind:xmlfilecontent_object id="object_gnome_screensaver_mode" version="1">
-    
<ind:filepath>/etc/gconf/gconf.xml.mandatory/apps/gnome-screensaver/%gconf.xml</ind:filepath>
-    <ind:xpath>/gconf/entry[@name='mode']/stringvalue[1]/text()</ind:xpath>
-  </ind:xmlfilecontent_object>
-</def-group>
diff --git a/RHEL/7/input/checks/partition_for_home.xml 
b/RHEL/7/input/checks/partition_for_home.xml
deleted file mode 100644
index 55b25d0..0000000
--- a/RHEL/7/input/checks/partition_for_home.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<def-group>
-  <definition class="compliance" id="partition_for_home" version="1">
-    <metadata>
-      <title>Ensure /home Located On Separate Partition</title>
-      <affected family="unix">
-        <platform>Red Hat Enterprise Linux 7</platform>
-      </affected>
-      <description>If user home directories will be stored locally, create a
-      separate partition for /home. If /home will be mounted from another
-      system such as an NFS server, then creating a separate partition is not
-      necessary at this time, and the mountpoint can instead be configured
-      later.</description>
-    </metadata>
-    <criteria>
-      <criterion test_ref="test_home_partition" comment="/home on own 
partition" />
-    </criteria>
-  </definition>
-  <linux:partition_test check="all" check_existence="all_exist"
-  id="test_home_partition" version="1" comment="/home on own partition">
-    <linux:object object_ref="object_mount_home_own_partition" />
-  </linux:partition_test>
-  <linux:partition_object id="object_mount_home_own_partition" version="1">
-    <linux:mount_point>/home</linux:mount_point>
-  </linux:partition_object>
-</def-group>
diff --git a/RHEL/7/input/checks/partition_for_home.xml 
b/RHEL/7/input/checks/partition_for_home.xml
new file mode 120000
index 0000000..24da73c
--- /dev/null
+++ b/RHEL/7/input/checks/partition_for_home.xml
@@ -0,0 +1 @@
+../../../../shared/oval/partition_for_home.xml
\ No newline at end of file
diff --git a/RHEL/7/input/checks/partition_for_tmp.xml 
b/RHEL/7/input/checks/partition_for_tmp.xml
deleted file mode 100644
index 2438ac7..0000000
--- a/RHEL/7/input/checks/partition_for_tmp.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<def-group>
-  <definition class="compliance" id="partition_for_tmp" version="1">
-    <metadata>
-      <title>Ensure /tmp Located On Separate Partition</title>
-      <affected family="unix">
-        <platform>Red Hat Enterprise Linux 7</platform>
-      </affected>
-      <description>The /tmp directory is a world-writable directory used for
-      temporary file storage. Verify that it has its own partition or logical
-      volume.</description>
-    </metadata>
-    <criteria>
-      <criterion test_ref="test_tmp_partition" comment="/tmp on own partition" 
/>
-    </criteria>
-  </definition>
-  <linux:partition_test check="all" check_existence="all_exist"
-  id="test_tmp_partition" version="1" comment="/tmp on own partition">
-    <linux:object object_ref="object_own_tmp_partition" />
-  </linux:partition_test>
-  <linux:partition_object id="object_own_tmp_partition" version="1">
-    <linux:mount_point>/tmp</linux:mount_point>
-  </linux:partition_object>
-</def-group>
diff --git a/RHEL/7/input/checks/partition_for_tmp.xml 
b/RHEL/7/input/checks/partition_for_tmp.xml
new file mode 120000
index 0000000..1d91875
--- /dev/null
+++ b/RHEL/7/input/checks/partition_for_tmp.xml
@@ -0,0 +1 @@
+../../../../shared/oval/partition_for_tmp.xml
\ No newline at end of file
diff --git a/RHEL/7/input/checks/partition_for_var.xml 
b/RHEL/7/input/checks/partition_for_var.xml
deleted file mode 100644
index db883eb..0000000
--- a/RHEL/7/input/checks/partition_for_var.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<def-group>
-  <definition class="compliance" id="partition_for_var" version="1">
-    <metadata>
-      <title>Ensure /var Located On Separate Partition</title>
-      <affected family="unix">
-        <platform>Red Hat Enterprise Linux 7</platform>
-      </affected>
-      <description>Ensuring that /var is mounted on its own partition enables
-      the setting of more restrictive mount options, which is used as temporary
-      storage by many program, particularly system services such as daemons. It
-      is not uncommon for the /var directory to contain world-writable
-      directories, installed by other software packages.</description>
-    </metadata>
-    <criteria>
-      <criterion test_ref="test_var_partition" comment="/var on own partition" 
/>
-    </criteria>
-  </definition>
-  <linux:partition_test check="all" check_existence="all_exist"
-  id="test_var_partition" version="1" comment="/var on own partition">
-    <linux:object object_ref="object_mount_var_own_partition" />
-  </linux:partition_test>
-  <linux:partition_object id="object_mount_var_own_partition" version="1">
-    <linux:mount_point>/var</linux:mount_point>
-  </linux:partition_object>
-</def-group>
diff --git a/RHEL/7/input/checks/partition_for_var.xml 
b/RHEL/7/input/checks/partition_for_var.xml
new file mode 120000
index 0000000..760145b
--- /dev/null
+++ b/RHEL/7/input/checks/partition_for_var.xml
@@ -0,0 +1 @@
+../../../../shared/oval/partition_for_var.xml
\ No newline at end of file
diff --git a/RHEL/7/input/checks/partition_for_var_log.xml 
b/RHEL/7/input/checks/partition_for_var_log.xml
deleted file mode 100644
index f0d2f30..0000000
--- a/RHEL/7/input/checks/partition_for_var_log.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<def-group>
-  <definition class="compliance" id="partition_for_var_log" version="1">
-    <metadata>
-      <title>Ensure /var/log Located On Separate Partition</title>
-      <affected family="unix">
-        <platform>Red Hat Enterprise Linux 7</platform>
-      </affected>
-      <description>System logs are stored in the /var/log directory. Ensure
-      that it has its own partition or logical volume.</description>
-    </metadata>
-    <criteria>
-      <criterion test_ref="test_var_log_partition" comment="/var/log on own 
partition" />
-    </criteria>
-  </definition>
-  <linux:partition_test check="all" check_existence="all_exist"
-  id="test_var_log_partition" version="1" comment="/var/log on own partition">
-    <linux:object object_ref="object_mount_var_log_own_partition" />
-  </linux:partition_test>
-  <linux:partition_object id="object_mount_var_log_own_partition" version="1">
-    <linux:mount_point>/var/log</linux:mount_point>
-  </linux:partition_object>
-</def-group>
diff --git a/RHEL/7/input/checks/partition_for_var_log.xml 
b/RHEL/7/input/checks/partition_for_var_log.xml
new file mode 120000
index 0000000..f19e088
--- /dev/null
+++ b/RHEL/7/input/checks/partition_for_var_log.xml
@@ -0,0 +1 @@
+../../../../shared/oval/partition_for_var_log.xml
\ No newline at end of file
diff --git a/RHEL/7/input/checks/partition_for_var_log_audit.xml 
b/RHEL/7/input/checks/partition_for_var_log_audit.xml
deleted file mode 100644
index a9e7f37..0000000
--- a/RHEL/7/input/checks/partition_for_var_log_audit.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<def-group>
-  <definition class="compliance" id="partition_for_var_log_audit" version="1">
-    <metadata>
-      <title>Ensure /var/log/audit Located On Separate Partition</title>
-      <affected family="unix">
-        <platform>Red Hat Enterprise Linux 7</platform>
-      </affected>
-      <description>Audit logs are stored in the /var/log/audit directory.
-      Ensure that it has its own partition or logical volume. Make absolutely
-      certain that it is large enough to store all audit logs that will be
-      created by the auditing daemon.</description>
-    </metadata>
-    <criteria>
-      <criterion test_ref="test_var_log_audit_partition" 
comment="/var/log/audit on own partition" />
-    </criteria>
-  </definition>
-  <linux:partition_test check="all" check_existence="all_exist"
-  id="test_var_log_audit_partition" version="1"
-  comment="check for /var/log/audit partition">
-    <linux:object object_ref="object_mount_var_log_audit_own_partition" />
-  </linux:partition_test>
-  <linux:partition_object id="object_mount_var_log_audit_own_partition"
-  version="1">
-    <linux:mount_point>/var/log/audit</linux:mount_point>
-  </linux:partition_object>
-</def-group>
diff --git a/RHEL/7/input/checks/partition_for_var_log_audit.xml 
b/RHEL/7/input/checks/partition_for_var_log_audit.xml
new file mode 120000
index 0000000..dc91923
--- /dev/null
+++ b/RHEL/7/input/checks/partition_for_var_log_audit.xml
@@ -0,0 +1 @@
+../../../../shared/oval/partition_for_var_log_audit.xml
\ No newline at end of file
diff --git a/shared/oval/partition_for_home.xml 
b/shared/oval/partition_for_home.xml
new file mode 100644
index 0000000..eb50e33
--- /dev/null
+++ b/shared/oval/partition_for_home.xml
@@ -0,0 +1,28 @@
+<def-group>
+  <definition class="compliance" id="partition_for_home" version="1">
+    <metadata>
+      <title>Ensure /home Located On Separate Partition</title>
+      <affected family="unix">
+        <platform>Red Hat Enterprise Linux 6</platform>
+        <platform>Red Hat Enterprise Linux 7</platform>
+      </affected>
+      <description>If user home directories will be stored locally, create a
+      separate partition for /home. If /home will be mounted from another
+      system such as an NFS server, then creating a separate partition is not
+      necessary at this time, and the mountpoint can instead be configured
+      later.</description>
+      <reference source="MED" ref_id="20130830" ref_url="test_attestation" />
+      <!-- RHEL7:  <reference source="SDW" ref_id="20131222" 
ref_url="test_attestation" /> -->
+    </metadata>
+    <criteria>
+      <criterion test_ref="test_home_partition" comment="/home on own 
partition" />
+    </criteria>
+  </definition>
+  <linux:partition_test check="all" check_existence="all_exist"
+  id="test_home_partition" version="1" comment="/home on own partition">
+    <linux:object object_ref="object_mount_home_own_partition" />
+  </linux:partition_test>
+  <linux:partition_object id="object_mount_home_own_partition" version="1">
+    <linux:mount_point>/home</linux:mount_point>
+  </linux:partition_object>
+</def-group>
diff --git a/shared/oval/partition_for_tmp.xml 
b/shared/oval/partition_for_tmp.xml
new file mode 100644
index 0000000..83b482a
--- /dev/null
+++ b/shared/oval/partition_for_tmp.xml
@@ -0,0 +1,26 @@
+<def-group>
+  <definition class="compliance" id="partition_for_tmp" version="1">
+    <metadata>
+      <title>Ensure /tmp Located On Separate Partition</title>
+      <affected family="unix">
+        <platform>Red Hat Enterprise Linux 6</platform>
+        <platform>Red Hat Enterprise Linux 7</platform>
+      </affected>
+      <description>The /tmp directory is a world-writable directory used for
+      temporary file storage. Verify that it has its own partition or logical
+      volume.</description>
+      <reference source="MED" ref_id="20130830" ref_url="test_attestation" />
+      <!-- RHEL7: <reference source="SDW" ref_id="20131222" 
ref_url="test_attestation" /> -->
+    </metadata>
+    <criteria>
+      <criterion test_ref="test_tmp_partition" comment="/tmp on own partition" 
/>
+    </criteria>
+  </definition>
+  <linux:partition_test check="all" check_existence="all_exist"
+  id="test_tmp_partition" version="1" comment="/tmp on own partition">
+    <linux:object object_ref="object_own_tmp_partition" />
+  </linux:partition_test>
+  <linux:partition_object id="object_own_tmp_partition" version="1">
+    <linux:mount_point>/tmp</linux:mount_point>
+  </linux:partition_object>
+</def-group>
diff --git a/shared/oval/partition_for_var.xml 
b/shared/oval/partition_for_var.xml
new file mode 100644
index 0000000..d86610b
--- /dev/null
+++ b/shared/oval/partition_for_var.xml
@@ -0,0 +1,27 @@
+<def-group>
+  <definition class="compliance" id="partition_for_var" version="1">
+    <metadata>
+      <title>Ensure /var Located On Separate Partition</title>
+      <affected family="unix">
+        <platform>Red Hat Enterprise Linux 7</platform>
+      </affected>
+      <description>Ensuring that /var is mounted on its own partition enables
+      the setting of more restrictive mount options, which is used as temporary
+      storage by many program, particularly system services such as daemons. It
+      is not uncommon for the /var directory to contain world-writable
+      directories, installed by other software packages.</description>
+      <reference source="MED" ref_id="20130830" ref_url="test_attestation" />
+      <!-- RHEL7: <reference source="SDW" ref_id="20131222" 
ref_url="test_attestation" /> -->
+    </metadata>
+    <criteria>
+      <criterion test_ref="test_var_partition" comment="/var on own partition" 
/>
+    </criteria>
+  </definition>
+  <linux:partition_test check="all" check_existence="all_exist"
+  id="test_var_partition" version="1" comment="/var on own partition">
+    <linux:object object_ref="object_mount_var_own_partition" />
+  </linux:partition_test>
+  <linux:partition_object id="object_mount_var_own_partition" version="1">
+    <linux:mount_point>/var</linux:mount_point>
+  </linux:partition_object>
+</def-group>
diff --git a/shared/oval/partition_for_var_log.xml 
b/shared/oval/partition_for_var_log.xml
new file mode 100644
index 0000000..06cfffa
--- /dev/null
+++ b/shared/oval/partition_for_var_log.xml
@@ -0,0 +1,25 @@
+<def-group>
+  <definition class="compliance" id="partition_for_var_log" version="1">
+    <metadata>
+      <title>Ensure /var/log Located On Separate Partition</title>
+      <affected family="unix">
+        <platform>Red Hat Enterprise Linux 6</platform>
+        <platform>Red Hat Enterprise Linux 7</platform>
+      </affected>
+      <description>System logs are stored in the /var/log directory. Ensure
+      that it has its own partition or logical volume.</description>
+      <reference source="MED" ref_id="20130830" ref_url="test_attestation" />
+      <!-- RHEL7: <reference source="SDW" ref_id="20131222" 
ref_url="test_attestation" /> -->
+    </metadata>
+    <criteria>
+      <criterion test_ref="test_var_log_partition" comment="/var/log on own 
partition" />
+    </criteria>
+  </definition>
+  <linux:partition_test check="all" check_existence="all_exist"
+  id="test_var_log_partition" version="1" comment="/var/log on own partition">
+    <linux:object object_ref="object_mount_var_log_own_partition" />
+  </linux:partition_test>
+  <linux:partition_object id="object_mount_var_log_own_partition" version="1">
+    <linux:mount_point>/var/log</linux:mount_point>
+  </linux:partition_object>
+</def-group>
diff --git a/shared/oval/partition_for_var_log_audit.xml 
b/shared/oval/partition_for_var_log_audit.xml
new file mode 100644
index 0000000..ffe3092
--- /dev/null
+++ b/shared/oval/partition_for_var_log_audit.xml
@@ -0,0 +1,29 @@
+<def-group>
+  <definition class="compliance" id="partition_for_var_log_audit" version="1">
+    <metadata>
+      <title>Ensure /var/log/audit Located On Separate Partition</title>
+      <affected family="unix">
+        <platform>Red Hat Enterprise Linux 6</platform>
+        <platform>Red Hat Enterprise Linux 7</platform>
+      </affected>
+      <description>Audit logs are stored in the /var/log/audit directory.
+      Ensure that it has its own partition or logical volume. Make absolutely
+      certain that it is large enough to store all audit logs that will be
+      created by the auditing daemon.</description>
+      <reference source="MED" ref_id="20130830" ref_url="test_attestation" />
+      <!-- RHEL7: <reference source="SDW" ref_id="20131222" 
ref_url="test_attestation" /> -->
+    </metadata>
+    <criteria>
+      <criterion test_ref="test_var_log_audit_partition" 
comment="/var/log/audit on own partition" />
+    </criteria>
+  </definition>
+  <linux:partition_test check="all" check_existence="all_exist"
+  id="test_var_log_audit_partition" version="1"
+  comment="check for /var/log/audit partition">
+    <linux:object object_ref="object_mount_var_log_audit_own_partition" />
+  </linux:partition_test>
+  <linux:partition_object id="object_mount_var_log_audit_own_partition"
+  version="1">
+    <linux:mount_point>/var/log/audit</linux:mount_point>
+  </linux:partition_object>
+</def-group>
-- 
1.8.3.1


_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide






















					Reply via email to