These look excellent - ack to the patch set!
On Sun, May 11, 2014 at 9:30 PM, Shawn Wells <[email protected]> wrote: > Updating RHEL6 check to match RHEL7 style, as submitted by Simon Lukasik > on 17-MAR-2014. > > Signed-off-by: Shawn Wells <[email protected]> > --- > RHEL/6/input/checks/installed_OS_is_rhel6.xml | 37 > ++++++++++++++++--------- > 1 files changed, 24 insertions(+), 13 deletions(-) > > diff --git a/RHEL/6/input/checks/installed_OS_is_rhel6.xml > b/RHEL/6/input/checks/installed_OS_is_rhel6.xml > index 7f77491..0c61df5 100644 > --- a/RHEL/6/input/checks/installed_OS_is_rhel6.xml > +++ b/RHEL/6/input/checks/installed_OS_is_rhel6.xml > @@ -14,8 +14,12 @@ > <criteria> > <criterion comment="Installed operating system is part of the unix > family" > test_ref="test_unix_family" /> > - <criterion comment="Red Hat Enterprise Linux 6 is installed" > - test_ref="test_rhel_6" /> > + <criteria operator="OR"> > + <criterion comment="Red Hat Enterprise Linux 6 Workstation is > installed" > + test_ref="test_rhel_workstation" /> > + <criterion comment="Red Hat Enterprise Linux 6 Server is > installed" > + test_ref="test_rhel_server" /> > + </criteria> > </criteria> > </definition> > > @@ -28,18 +32,25 @@ > </ind:family_state> > <ind:family_object id="obj_unix_family" version="1" /> > > - <linux:rpminfo_test check="all" check_existence="at_least_one_exists" > comment="redhat-release-* is version 6" id="test_rhel_6" version="1"> > - <linux:object object_ref="obj_rhel_release" /> > - <linux:state state_ref="state_rhel_6" /> > + <linux:rpminfo_test check="all" check_existence="at_least_one_exists" > comment="redhat-release-workstation is version 6" > id="test_rhel_workstation" version="1"> > + <linux:object object_ref="obj_rhel_workstation" /> > + <linux:state state_ref="state_rhel_workstation" /> > </linux:rpminfo_test> > - <linux:rpminfo_state id="state_rhel_6" version="1"> > - <linux:name operation="pattern match">^redhat-release</linux:name> > - <linux:version operation="pattern match">^6[^\d]</linux:version> > + <linux:rpminfo_state id="state_rhel_workstation" version="1"> > + <linux:version operation="pattern match">^6\.\d+$</linux:version> > </linux:rpminfo_state> > - <linux:rpmverifyfile_object id="obj_rhel_release" version="1"> > - <!-- Sadly, OVAL cannot do the right query (that is: rpm -q > -whatprovides system-release). > - Let's check the filename instead. --> > - <linux:filepath>/etc/redhat-release</linux:filepath> > - </linux:rpmverifyfile_object> > + <linux:rpminfo_object id="obj_rhel_workstation" version="1"> > + <linux:name>redhat-release-workstation</linux:name> > + </linux:rpminfo_object> > > + <linux:rpminfo_test check="all" check_existence="at_least_one_exists" > comment="redhat-release-server is version 6" id="test_rhel_server" > version="1"> > + <linux:object object_ref="obj_rhel_server" /> > + <linux:state state_ref="state_rhel_server" /> > + </linux:rpminfo_test> > + <linux:rpminfo_state id="state_rhel_server" version="1"> > + <linux:version operation="pattern match">^6\.\d+$</linux:version> > + </linux:rpminfo_state> > + <linux:rpminfo_object id="obj_rhel_server" version="1"> > + <linux:name>redhat-release-server</linux:name> > + </linux:rpminfo_object> > </def-group> > -- > 1.7.1 > > _______________________________________________ > scap-security-guide mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide > -- David Smith Sr. Information Security Engineer Secure Innovations, LLC
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
