On 5/22/14, 1:16 PM, Jan Lieskovsky wrote:
0001-RHEL-6-RHEL-7-shared-Fix-Invalid-OVAL-definition-ref.patch
From 28bf796f5adf6658adf55896bf40e1b93de67d43 Mon Sep 17 00:00:00 2001
From: Jan Lieskovsky<[email protected]>
Date: Thu, 22 May 2014 16:38:24 +0200
Subject: [PATCH 1/3] [RHEL/6, RHEL/7, shared] Fix "Invalid OVAL definition
referenced by XCCDF Rule: install_vsftpd" utils/verify-references.py issue
Signed-off-by: Jan Lieskovsky<[email protected]>
---
RHEL/6/input/checks/package_vsftpd_installed.xml | 1 +
.../input/checks/templates/packages_installed.csv | 1 +
RHEL/6/input/profiles/ftp.xml | 2 +-
RHEL/6/input/services/ftp.xml | 2 +-
RHEL/7/input/checks/package_vsftpd_installed.xml | 1 +
RHEL/7/input/services/ftp.xml | 2 +-
shared/fixes/bash/package_vsftpd_installed.sh | 1 +
shared/oval/package_vsftpd_installed.xml | 27 ++++++++++++++++++++++
8 files changed, 34 insertions(+), 3 deletions(-)
create mode 120000 RHEL/6/input/checks/package_vsftpd_installed.xml
create mode 120000 RHEL/7/input/checks/package_vsftpd_installed.xml
create mode 100644 shared/fixes/bash/package_vsftpd_installed.sh
create mode 100644 shared/oval/package_vsftpd_installed.xml
diff --git a/RHEL/6/input/checks/package_vsftpd_installed.xml
b/RHEL/6/input/checks/package_vsftpd_installed.xml
new file mode 120000
index 0000000..7957a23
--- /dev/null
+++ b/RHEL/6/input/checks/package_vsftpd_installed.xml
@@ -0,0 +1 @@
+../../../../shared/oval/package_vsftpd_installed.xml
\ No newline at end of file
diff --git a/RHEL/6/input/checks/templates/packages_installed.csv
b/RHEL/6/input/checks/templates/packages_installed.csv
index ef6e737..dc0ae21 100644
--- a/RHEL/6/input/checks/templates/packages_installed.csv
+++ b/RHEL/6/input/checks/templates/packages_installed.csv
@@ -13,3 +13,4 @@ postfix
psacct
rsyslog
screen
+vsftpd
diff --git a/RHEL/6/input/profiles/ftp.xml b/RHEL/6/input/profiles/ftp.xml
index 5bbb931..bc1682a 100644
--- a/RHEL/6/input/profiles/ftp.xml
+++ b/RHEL/6/input/profiles/ftp.xml
@@ -3,7 +3,7 @@
<!--<Profile id="ftp" extends="server" xmlns="http://checklists.nist.gov/xccdf/1.1";
> -->
<title>ftp</title>
<description>This profile is for FTP servers.</description>
-<select idref="install_vsftpd" selected="true"/>
+<select idref="package_vsftpd_installed" selected="true"/>
<select idref="ftp_log_transactions" selected="true"/>
<select idref="ftp_present_banner" selected="true"/>
<select idref="ftp_restrict_to_anon" selected="true"/>
diff --git a/RHEL/6/input/services/ftp.xml b/RHEL/6/input/services/ftp.xml
index ef3ad28..993d6cd 100644
--- a/RHEL/6/input/services/ftp.xml
+++ b/RHEL/6/input/services/ftp.xml
@@ -55,7 +55,7 @@ accidental activation.
<Group id="ftp_use_vsftpd">
<title>Use vsftpd to Provide FTP Service if Necessary</title>
-<Rule id="install_vsftpd">
+<Rule id="package_vsftpd_installed">
This content is great. You've changed an XCCDF name without updating the
XCCDF profiles, though ;)
Please submit a patch to update profiles/*
<title>Install vsftpd Package</title>
<description>If this machine must operate as an FTP server, install the
<tt>vsftpd</tt> package via the standard channels.
<pre># yum install vsftpd</pre>
diff --git a/RHEL/7/input/checks/package_vsftpd_installed.xml
b/RHEL/7/input/checks/package_vsftpd_installed.xml
new file mode 120000
index 0000000..7957a23
--- /dev/null
+++ b/RHEL/7/input/checks/package_vsftpd_installed.xml
@@ -0,0 +1 @@
+../../../../shared/oval/package_vsftpd_installed.xml
\ No newline at end of file
diff --git a/RHEL/7/input/services/ftp.xml b/RHEL/7/input/services/ftp.xml
index e4f76d4..c62618c 100644
--- a/RHEL/7/input/services/ftp.xml
+++ b/RHEL/7/input/services/ftp.xml
@@ -55,7 +55,7 @@ accidental activation.
<Group id="ftp_use_vsftpd">
<title>Use vsftpd to Provide FTP Service if Necessary</title>
-<Rule id="install_vsftpd">
+<Rule id="package_vsftpd_installed">
<title>Install vsftpd Package</title>
<description>If this machine must operate as an FTP server, install the
<tt>vsftpd</tt> package via the standard channels.
<pre># yum install vsftpd</pre>
diff --git a/shared/fixes/bash/package_vsftpd_installed.sh
b/shared/fixes/bash/package_vsftpd_installed.sh
new file mode 100644
index 0000000..5d56d77
--- /dev/null
+++ b/shared/fixes/bash/package_vsftpd_installed.sh
@@ -0,0 +1 @@
+yum -y install vsftpd
diff --git a/shared/oval/package_vsftpd_installed.xml
b/shared/oval/package_vsftpd_installed.xml
new file mode 100644
index 0000000..84a0bbe
--- /dev/null
+++ b/shared/oval/package_vsftpd_installed.xml
@@ -0,0 +1,27 @@
+<def-group>
+ <!-- THIS FILE IS GENERATED by create_package_installed.py. DO NOT EDIT. -->
+ <definition class="compliance" id="package_vsftpd_installed"
+ version="1">
+ <metadata>
+ <title>Package vsftpd Installed</title>
+ <affected family="unix">
+ <platform>Red Hat Enterprise Linux 6</platform>
+ <platform>Red Hat Enterprise Linux 7</platform>
+ </affected>
+ <description>The RPM package vsftpd should be installed.</description>
+ <reference source="JL" ref_id="20140522" ref_url="test_attestation"/>
+ </metadata>
+ <criteria>
+ <criterion comment="package vsftpd is installed"
+ test_ref="test_package_vsftpd_installed" />
+ </criteria>
+ </definition>
+ <linux:rpminfo_test check="all" check_existence="all_exist"
+ id="test_package_vsftpd_installed" version="1"
+ comment="package vsftpd is installed">
+ <linux:object object_ref="obj_package_vsftpd_installed" />
+ </linux:rpminfo_test>
+ <linux:rpminfo_object id="obj_package_vsftpd_installed" version="1">
+ <linux:name>vsftpd</linux:name>
+ </linux:rpminfo_object>
+</def-group>
-- 1.8.3.1
_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
--
Shawn Wells
Director, Innovation Programs
[email protected] | 443.534.0130
@shawndwells
_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
