----- Original Message ----- > From: "Shawn Wells" <[email protected]> > To: [email protected] > Sent: Saturday, June 7, 2014 6:59:05 AM > Subject: Re: [Patch set #v2] [PATCH 0/2] Finish logrotate_rotate_all_files > => ensure_logrotate_activated transition. > Replace ensure_logrotate_activated unknown test stub with actual > OVAL check implementation. > > > On 6/6/14, 5:37 AM, Jan Lieskovsky wrote: > > From 32bbdecc7dda86f71f16cc8f0a47a02e959c717e Mon Sep 17 00:00:00 2001 > > From: Jan Lieskovsky <[email protected]> > > Date: Fri, 6 Jun 2014 14:09:33 +0200 > > Subject: [PATCH 0/2] Finish logrotate_rotate_all_files => > > ensure_logrotate_activated transition. Replace > > ensure_logrotate_activated unknown test stub with actual OVAL check > > implementation. > > > > Based on promise in: > > [1] > > https://lists.fedorahosted.org/pipermail/scap-security-guide/2014-June/005649.html > > > > the following patchset finishes the logrotate_rotate_all_files to > > ensure_logrotate_activated > > transition. The first patch [1/2] is identical with the original one > > from: > > [2] > > https://lists.fedorahosted.org/pipermail/scap-security-guide/2014-May/005640.html > > > > But in addition to that one, the ensure_logrotate_activated.xml OVAL > > check in [shared] > > has been modified via patch [2/2] to properly honour the syntax / > > behaviour of /etc/ > > logrotate.conf file (last rotate log setting uncommented option > > present is actually the > > honoured one). > > > > Implement the test it was pretty challenging (considering the > > possibilities OVAL language > > brings to check complex configuration files). Needed to try couple of > > alternatives, but > > the one following seems to be working properly. > > > > Note: When testing the change, be sure to comment out the > > 'test_cron_daily_logrotate_existence' > > sub-test (or move /etc/cron.daily/logrotate file under temporary > > backup with different > > name) to actually see, how behaviour of > > 'test_logrotate_conf_daily_setting' OVAL check > > changed (to actually see when making changes to /etc/logrotate.conf > > they to have impact > > on the final result of XCCDF rule scan). > > > > Testing status: Proposed change has been tested on both (RHEL-6, > > RHEL-7) products, > > and works properly in all various cases of /etc/logrotate.conf config > > file format, that might > > occur (as far as I have tested & can tell). > > > > The underlying regular expressions are pretty complex, but hopefully > > the comments before / > > around them will clarify the idea behind the test's work. Should there > > be a need to clarify > > some part of them, feel free to ask. > > > > Please review. > > > > Thank you && Regards, Jan. > > -- > > Jan iankko Lieskovsky / Red Hat Security Technologies Team > > > > Jan Lieskovsky (2): > > [RHEL/6, RHEL/7, shared] Finish logrotate_rotate_all_files => > > ensure_logrotate_activated transition. Replace > > ensure_logrotate_activated unknown test stub with actual OVAL check > > implementation. > > [shared] Fix ensure_logrotate_activated OVAL check to properly handle > > /etc/logrotate.conf format (last occurred rotate log > > directive to be the by the check honoured one) > > > > RHEL/6/input/checks/ensure_logrotate_activated.xml | 21 +------ > > RHEL/6/input/system/logging.xml | 2 +- > > RHEL/7/input/checks/ensure_logrotate_activated.xml | 1 + > > RHEL/7/input/system/logging.xml | 2 +- > > shared/oval/ensure_logrotate_activated.xml | 72 > > ++++++++++++++++++++++ > > 5 files changed, 76 insertions(+), 22 deletions(-) > > mode change 100644 => 120000 > > RHEL/6/input/checks/ensure_logrotate_activated.xml > > create mode 120000 RHEL/7/input/checks/ensure_logrotate_activated.xml > > create mode 100644 shared/oval/ensure_logrotate_activated.xml > > Applied locally & created various stanzas, placing monthly|daily between > them. Behaves as expected. Really novel idea to read in the stanza as > singleline=true. That approach might help with other OVAL rules, > particularly audit rule regex.
Yeah, will have a look yet how this approach could be applied to other checks (where appropriate). > > ack to set Thanks, Shawn. Pushed to master. Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Technologies Team > _______________________________________________ > scap-security-guide mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide > _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
