[PATCH 06/25] selinux_state.xml --> shared/ - Updated CPE for RHEL7

Mon, 23 Dec 2013 17:59:32 -0800 

>From de5e63e7cbd16da2defa0b08fe28cfe0889ff6c8 Mon Sep 17 00:00:00 2001
From: Shawn Wells <[email protected]>
Date: Sun, 22 Dec 2013 14:59:32 -0500
Subject: [PATCH 06/25] selinux_state.xml --> shared/ - Updated CPE for RHEL7
 (after retesting) - Updated filename -> filepath in OVAL

Signed-off-by: Shawn Wells <[email protected]>
---
:100644 120000 4ba9018... b1b9ae9... T  RHEL/6/input/checks/selinux_state.xml
:000000 120000 0000000... b1b9ae9... A  RHEL/7/input/checks/selinux_state.xml
:000000 100644 0000000... 5ed7f5d... A  shared/oval/selinux_state.xml
 RHEL/6/input/checks/selinux_state.xml | 36 +----------------------------------
 RHEL/7/input/checks/selinux_state.xml |  1 +
 shared/oval/selinux_state.xml         | 35 ++++++++++++++++++++++++++++++++++
 3 files changed, 37 insertions(+), 35 deletions(-)

diff --git a/RHEL/6/input/checks/selinux_state.xml 
b/RHEL/6/input/checks/selinux_state.xml
deleted file mode 100644
index 4ba9018..0000000
--- a/RHEL/6/input/checks/selinux_state.xml
+++ /dev/null
@@ -1,35 +0,0 @@
-<def-group>
-  <definition class="compliance" id="selinux_state" version="1">
-    <metadata>
-      <title>SELinux Enforcing</title>
-      <affected family="unix">
-        <platform>Red Hat Enterprise Linux 6</platform>
-      </affected>
-      <description>The SELinux state should be enforcing the local 
policy.</description>
-      <reference source="MED" ref_id="20130819" ref_url="test_attestation" />
-    </metadata>
-    <criteria operator="AND">
-      <criterion comment="enforce is disabled" 
test_ref="test_etc_selinux_config" />
-    </criteria>
-  </definition>
-
-  <ind:textfilecontent54_test check="all" check_existence="all_exist"
-  comment="/selinux/enforce is 1" id="test_etc_selinux_config" version="1">
-    <ind:object object_ref="object_etc_selinux_config" />
-    <ind:state state_ref="state_etc_selinux_config" />
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_object id="object_etc_selinux_config" version="1">
-    <ind:path>/etc/selinux</ind:path>
-    <ind:filename>config</ind:filename>
-    <ind:pattern operation="pattern 
match">^[\s]*SELINUX[\s]*=[\s]*(.*)[\s]*$</ind:pattern>
-    <ind:instance datatype="int">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_state id="state_etc_selinux_config" version="1">
-    <ind:subexpression datatype="string" operation="equals" var_check="all" 
var_ref="var_selinux_state" />
-  </ind:textfilecontent54_state>
-
-  <external_variable comment="external variable for selinux state"
-  datatype="string" id="var_selinux_state" version="1" />
-</def-group>
diff --git a/RHEL/6/input/checks/selinux_state.xml 
b/RHEL/6/input/checks/selinux_state.xml
new file mode 120000
index 0000000..b1b9ae9
--- /dev/null
+++ b/RHEL/6/input/checks/selinux_state.xml
@@ -0,0 +1 @@
+../../../../shared/oval/selinux_state.xml
\ No newline at end of file
diff --git a/RHEL/7/input/checks/selinux_state.xml 
b/RHEL/7/input/checks/selinux_state.xml
new file mode 120000
index 0000000..b1b9ae9
--- /dev/null
+++ b/RHEL/7/input/checks/selinux_state.xml
@@ -0,0 +1 @@
+../../../../shared/oval/selinux_state.xml
\ No newline at end of file
diff --git a/shared/oval/selinux_state.xml b/shared/oval/selinux_state.xml
new file mode 100644
index 0000000..5ed7f5d
--- /dev/null
+++ b/shared/oval/selinux_state.xml
@@ -0,0 +1,35 @@
+<def-group>
+  <definition class="compliance" id="selinux_state" version="1">
+    <metadata>
+      <title>SELinux Enforcing</title>
+      <affected family="unix">
+        <platform>Red Hat Enterprise Linux 6</platform>
+        <platform>Red Hat Enterprise Linux 7</platform>
+      </affected>
+      <description>The SELinux state should be enforcing the local 
policy.</description>
+      <reference source="MED" ref_id="20130819" ref_url="test_attestation" />
+    </metadata>
+    <criteria operator="AND">
+      <criterion comment="enforce is disabled" 
test_ref="test_etc_selinux_config" />
+    </criteria>
+  </definition>
+
+  <ind:textfilecontent54_test check="all" check_existence="all_exist"
+  comment="/selinux/enforce is 1" id="test_etc_selinux_config" version="1">
+    <ind:object object_ref="object_etc_selinux_config" />
+    <ind:state state_ref="state_etc_selinux_config" />
+  </ind:textfilecontent54_test>
+
+  <ind:textfilecontent54_object id="object_etc_selinux_config" version="1">
+    <ind:filepath>/etc/selinux/config</ind:path>
+    <ind:pattern operation="pattern 
match">^[\s]*SELINUX[\s]*=[\s]*(.*)[\s]*$</ind:pattern>
+    <ind:instance datatype="int">1</ind:instance>
+  </ind:textfilecontent54_object>
+
+  <ind:textfilecontent54_state id="state_etc_selinux_config" version="1">
+    <ind:subexpression datatype="string" operation="equals" var_check="all" 
var_ref="var_selinux_state" />
+  </ind:textfilecontent54_state>
+
+  <external_variable comment="external variable for selinux state"
+  datatype="string" id="var_selinux_state" version="1" />
+</def-group>
-- 
1.8.3.1


_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide














    











					Reply via email to