[PATCH 02/25] RHEL6

Mon, 23 Dec 2013 17:59:28 -0800 

>From e044f217f5f6fe1e6c36dffc64f9fd3015afcb24 Mon Sep 17 00:00:00 2001
From: shawn <[email protected]>
Date: Sun, 22 Dec 2013 14:44:25 -0500
Subject: [PATCH 02/25] RHEL6: selinux_bootloader_notdisabled.xml ->
 enable_selinux_bootloader.xml - Updated OVAL to match XCCDF name

Signed-off-by: Shawn Wells <[email protected]>
---
:000000 100644 0000000... 2a1caf2... A  
RHEL/6/input/checks/enable_selinux_bootloader.xml
:100644 000000 368902d... 0000000... D  
RHEL/6/input/checks/selinux_bootloader_notdisabled.xml
:100644 100644 3b6b338... 1e7c0af... M  RHEL/6/input/system/selinux.xml
 RHEL/6/input/checks/enable_selinux_bootloader.xml  | 29 ++++++++++++++++++++++
 .../checks/selinux_bootloader_notdisabled.xml      | 29 ----------------------
 RHEL/6/input/system/selinux.xml                    |  2 +-
 3 files changed, 30 insertions(+), 30 deletions(-)

diff --git a/RHEL/6/input/checks/enable_selinux_bootloader.xml 
b/RHEL/6/input/checks/enable_selinux_bootloader.xml
new file mode 100644
index 0000000..2a1caf2
--- /dev/null
+++ b/RHEL/6/input/checks/enable_selinux_bootloader.xml
@@ -0,0 +1,29 @@
+<def-group>
+  <definition class="compliance" id="enable_selinux_bootloader" version="1">
+    <metadata>
+      <title>Enable SELinux in /etc/grub.conf</title>
+      <affected family="unix">
+        <platform>Red Hat Enterprise Linux 6</platform>
+      </affected>
+      <description>
+        Check if selinux=0 OR enforcing=0 within /etc/grub.conf lines, fail if 
found.
+      </description>
+      <reference source="swells" ref_id="20130901" ref_url="test_attestation" 
/>
+    </metadata>
+    <criteria>
+      <criterion comment="check value selinux|enforcing=0 in /etc/grub.conf, 
fail if found" test_ref="test_selinux_grub" />
+    </criteria>
+  </definition>
+  <ind:textfilecontent54_test check="all" check_existence="none_exist"
+  comment="check value selinux|enforcing=0 in /etc/grub.conf, fail if found"
+  id="test_selinux_grub" version="1">
+    <ind:object object_ref="object_selinux_grub" />
+  </ind:textfilecontent54_test>
+  <ind:textfilecontent54_object id="object_selinux_grub" 
+  comment="check value selinux|enforcing=0 in /etc/grub.conf, fail if found"
+  version="1">
+    <ind:filepath>/etc/grub.conf</ind:filepath>
+    <ind:pattern operation="pattern 
match">^[\s]*kernel[\s]+.*(selinux|enforcing)=0.*$</ind:pattern>
+    <ind:instance datatype="int" operation="equals">1</ind:instance>
+  </ind:textfilecontent54_object>
+</def-group>
diff --git a/RHEL/6/input/checks/selinux_bootloader_notdisabled.xml 
b/RHEL/6/input/checks/selinux_bootloader_notdisabled.xml
deleted file mode 100644
index 368902d..0000000
--- a/RHEL/6/input/checks/selinux_bootloader_notdisabled.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<def-group>
-  <definition class="compliance" id="selinux_bootloader_notdisabled" 
version="1">
-    <metadata>
-      <title>Enable SELinux in /etc/grub.conf</title>
-      <affected family="unix">
-        <platform>Red Hat Enterprise Linux 6</platform>
-      </affected>
-      <description>
-        Check if selinux=0 OR enforcing=0 within /etc/grub.conf lines, fail if 
found.
-      </description>
-      <reference source="swells" ref_id="20130901" ref_url="test_attestation" 
/>
-    </metadata>
-    <criteria>
-      <criterion comment="check value selinux|enforcing=0 in /etc/grub.conf, 
fail if found" test_ref="test_selinux_grub" />
-    </criteria>
-  </definition>
-  <ind:textfilecontent54_test check="all" check_existence="none_exist"
-  comment="check value selinux|enforcing=0 in /etc/grub.conf, fail if found"
-  id="test_selinux_grub" version="1">
-    <ind:object object_ref="object_selinux_grub" />
-  </ind:textfilecontent54_test>
-  <ind:textfilecontent54_object id="object_selinux_grub" 
-  comment="check value selinux|enforcing=0 in /etc/grub.conf, fail if found"
-  version="1">
-    <ind:filepath>/etc/grub.conf</ind:filepath>
-    <ind:pattern operation="pattern 
match">^[\s]*kernel[\s]+.*(selinux|enforcing)=0.*$</ind:pattern>
-    <ind:instance datatype="int" operation="equals">1</ind:instance>
-  </ind:textfilecontent54_object>
-</def-group>
diff --git a/RHEL/6/input/system/selinux.xml b/RHEL/6/input/system/selinux.xml
index 3b6b338..1e7c0af 100644
--- a/RHEL/6/input/system/selinux.xml
+++ b/RHEL/6/input/system/selinux.xml
@@ -98,7 +98,7 @@ it from confining system services at boot time.  Further, it 
increases
 the chances that it will remain off during system operation.
 </rationale>
 <ident cce="26956-3" />
-<oval id="selinux_bootloader_notdisabled" />
+<oval id="enable_selinux_bootloader" />
 <ref nist="AC-3,AC-3(3),AC-6,AU-9" disa="22,32"/>
 <tested by="DS" on="20121024"/>
 </Rule>
-- 
1.8.3.1


_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide






















					Reply via email to