>From 32af2cab923c7340f58882ea86a1f3d015951aef Mon Sep 17 00:00:00 2001 From: Shawn Wells <[email protected]> Date: Mon, 23 Dec 2013 03:00:14 -0500 Subject: [PATCH 11/25] Added ensure_gpgcheck_never_disabled.xml to RHEL7
RHEL7 testing: [root@localhost checks]# grep gpgcheck /etc/yum.repos.d/rhel-beta.repo gpgcheck=1 gpgcheck=1 gpgcheck=1 [root@localhost checks]# ./testcheck.py ensure_gpgcheck_never_disabled.xml Evaluating with OVAL tempfile : /tmp/ensure_gpgcheck_never_disabledxaJN3G.xml Writing results to : /tmp/ensure_gpgcheck_never_disabledxaJN3G.xml-results Definition oval:scap-security-guide.testing:def:103: true Evaluation done. [root@localhost checks]# sed -i 's/gpgcheck=1/gpgcheck=0/g' /etc/yum.repos.d/rhel-beta.repo [root@localhost checks]# ./testcheck.py ensure_gpgcheck_never_disabled.xml Evaluating with OVAL tempfile : /tmp/ensure_gpgcheck_never_disabledGx87hV.xml Writing results to : /tmp/ensure_gpgcheck_never_disabledGx87hV.xml-results Definition oval:scap-security-guide.testing:def:103: false Evaluation done. [root@localhost checks]# sed -i 's/gpgcheck=0/gpgcheck=1/g' /etc/yum.repos.d/rhel-beta.repo [root@localhost checks]# ./testcheck.py ensure_gpgcheck_never_disabled.xml Evaluating with OVAL tempfile : /tmp/ensure_gpgcheck_never_disabledqJyRNR.xml Writing results to : /tmp/ensure_gpgcheck_never_disabledqJyRNR.xml-results Definition oval:scap-security-guide.testing:def:103: true Evaluation done. Signed-off-by: Shawn Wells <[email protected]> --- :000000 120000 0000000... a4534cc... A RHEL/7/input/checks/ensure_gpgcheck_never_disabled.xml :100644 100644 c9ee687... 4cf526e... M shared/oval/ensure_gpgcheck_never_disabled.xml RHEL/7/input/checks/ensure_gpgcheck_never_disabled.xml | 1 + shared/oval/ensure_gpgcheck_never_disabled.xml | 2 ++ 2 files changed, 3 insertions(+) diff --git a/RHEL/7/input/checks/ensure_gpgcheck_never_disabled.xml b/RHEL/7/input/checks/ensure_gpgcheck_never_disabled.xml new file mode 120000 index 0000000..a4534cc --- /dev/null +++ b/RHEL/7/input/checks/ensure_gpgcheck_never_disabled.xml @@ -0,0 +1 @@ +../../../../shared/oval/ensure_gpgcheck_never_disabled.xml \ No newline at end of file diff --git a/shared/oval/ensure_gpgcheck_never_disabled.xml b/shared/oval/ensure_gpgcheck_never_disabled.xml index c9ee687..4cf526e 100644 --- a/shared/oval/ensure_gpgcheck_never_disabled.xml +++ b/shared/oval/ensure_gpgcheck_never_disabled.xml @@ -5,9 +5,11 @@ <title>Ensure gpgcheck Enabled For All Yum Package Repositories</title> <affected family="unix"> <platform>Red Hat Enterprise Linux 6</platform> + <platform>Red Hat Enterprise Linux 7</platform> </affected> <description>Ensure all yum repositories utilize signature checking.</description> <reference source="MED" ref_id="20130807" ref_url="test_attestation" /> + <!-- rhel7 <reference source="SDW" ref_id="20131223" ref_url="test_attestation" /> --> </metadata> <criteria comment="ensure all yum repositories utilize signiature checking" operator="AND"> <criterion comment="verify no gpgpcheck=0 present in /etc/yum.repos.d files" -- 1.8.3.1
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
