From maura at eclipse.ncsc.mil Thu Aug 20 11:35:59 2015
Content-Type: multipart/mixed; boundary="===============8170524183118950835=="
MIME-Version: 1.0
From: Maura Dailey <maura at eclipse.ncsc.mil>
To: scap-security-guide at lists.fedorahosted.org
Subject: Re: [PATCH] Rewrote various GConf checks to standardize on
 xmlfilecontent tests and ensured they were actually checking the correct
 location (gconf.xml.mandatory, not gconf.xml.defaults).
Date: Mon, 16 Dec 2013 11:43:38 -0500
Message-ID: <52AF2DBA.7030001@eclipse.ncsc.mil>
In-Reply-To: 1385413321-2707-2-git-send-email-maura@eclipse.ncsc.mil

--===============8170524183118950835==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

I've been out sick, but I noticed that no one seems to have looked at =

this one. Let me know if I can push this or if I need to change something.

Thanks,
Maura Dailey

On 11/25/2013 04:02 PM, Maura Dailey wrote:
> Signed-off-by: Maura Dailey <maura(a)eclipse.ncsc.mil>
> ---
>   .../input/checks/gconf_gnome_disable_automount.xml |   59 +++++++++++--=
-------
>   .../checks/gconf_gnome_disable_thumbnailers.xml    |   34 ++++++-----
>   ...f_gnome_screensaver_idle_activation_enabled.xml |   19 ++++--
>   .../checks/gconf_gnome_screensaver_idle_delay.xml  |   24 +++++---
>   .../gconf_gnome_screensaver_lock_enabled.xml       |   14 +++--
>   .../checks/gconf_gnome_screensaver_mode_blank.xml  |   12 +++-
>   RHEL6/input/checks/package_GConf2_installed.xml    |   26 +++++++++
>   .../input/checks/templates/packages_installed.csv  |    1 +
>   RHEL6/input/fixes/bash/package_GConf2_installed.sh |    1 +
>   9 files changed, 124 insertions(+), 66 deletions(-)
>   create mode 100644 RHEL6/input/checks/package_GConf2_installed.xml
>   create mode 100644 RHEL6/input/fixes/bash/package_GConf2_installed.sh
>
> diff --git a/RHEL6/input/checks/gconf_gnome_disable_automount.xml b/RHEL6=
/input/checks/gconf_gnome_disable_automount.xml
> index e2e7efc..f78fc89 100644
> --- a/RHEL6/input/checks/gconf_gnome_disable_automount.xml
> +++ b/RHEL6/input/checks/gconf_gnome_disable_automount.xml
> @@ -1,41 +1,46 @@
>   <def-group>
> -  <definition class=3D"compliance"
> -  id=3D"gconf_gnome_disable_automount" version=3D"1">
> +  <definition class=3D"compliance" id=3D"gconf_gnome_disable_automount" =
version=3D"1">
>       <metadata>
>         <title>Disable GNOME Automounting</title>
>         <affected family=3D"unix">
>           <platform>Red Hat Enterprise Linux 6</platform>
>         </affected>
> -      <description>The system's default desktop environment, GNOME, will=
 mount devices and removable media (such as DVDs, CDs and USB flash drives)=
 whenever they are inserted into the system.  Disable automount and autorun=
 within GNOME.</description>
> +      <description>The system's default desktop environment, GNOME, will=
 mount
> +      devices and removable media (such as DVDs, CDs and USB flash drive=
s)
> +      whenever they are inserted into the system. Disable automount and =
autorun
> +      within GNOME.</description>
> +      <reference source=3D"MED" ref_id=3D"20131125" ref_url=3D"test_atte=
station" />
>       </metadata>
> -    <criteria operator=3D"AND">
> +    <criteria operator=3D"OR">
> +      <extend_definition comment=3D"GConf2 installed" definition_ref=3D"=
package_GConf2_installed" negate=3D"true" />
>         <criterion comment=3D"Disable automount in GNOME" test_ref=3D"tes=
t_gconf_gnome_disable_automount" />
> -      <criterion comment=3D"Disable autorun in GNOME"   test_ref=3D"test=
_gconf_gnome_disable_automount_autorun" />
> +      <criterion comment=3D"Disable autorun in GNOME" test_ref=3D"test_g=
conf_gnome_disable_automount_autorun" />
>       </criteria>
>     </definition>
> -
> -  <ind:textfilecontent54_test check=3D"all" check_existence=3D"all_exist"
> -  comment=3D"Disable automount in GNOME"
> -  id=3D"test_gconf_gnome_disable_automount" version=3D"1">
> +  <ind:xmlfilecontent_test check=3D"all" check_existence=3D"all_exist"
> +  comment=3D"Disable automount in GNOME" id=3D"test_gconf_gnome_disable_=
automount"
> +  version=3D"1">
>       <ind:object object_ref=3D"obj_gconf_gnome_disable_automount" />
> -  </ind:textfilecontent54_test>
> -  <ind:textfilecontent54_object id=3D"obj_gconf_gnome_disable_automount"=
 version=3D"1">
> -    <ind:path>/etc/gconf/gconf.xml.mandatory/apps/nautilus/preferences</=
ind:path>
> -    <ind:filename>%gconf.xml</ind:filename>
> -    <ind:pattern operation=3D"pattern match">^\s*.entry\s+name=3D"media_=
automount"\s+mtime=3D"\d+"\s+type=3D"bool"\s+value=3D"false"\/.$</ind:patte=
rn>
> -    <ind:instance datatype=3D"int">1</ind:instance>
> -  </ind:textfilecontent54_object>
> -
> -  <ind:textfilecontent54_test check=3D"all" check_existence=3D"all_exist"
> -  comment=3D"Disable autorun in GNOME"
> +    <ind:state state_ref=3D"state_gconf_gnome_disable_automount" />
> +  </ind:xmlfilecontent_test>
> +  <ind:xmlfilecontent_state id=3D"state_gconf_gnome_disable_automount" v=
ersion=3D"1">
> +    <ind:value_of datatype=3D"string">false</ind:value_of>
> +  </ind:xmlfilecontent_state>
> +  <ind:xmlfilecontent_object id=3D"obj_gconf_gnome_disable_automount" ve=
rsion=3D"1">
> +    <ind:filepath>/etc/gconf/gconf.xml.mandatory/apps/nautilus/preferenc=
es/%gconf.xml</ind:filepath>
> +    <ind:xpath>/gconf/entry[@name=3D'media_automount']/@value</ind:xpath>
> +  </ind:xmlfilecontent_object>
> +  <ind:xmlfilecontent_test check=3D"all" check_existence=3D"all_exist"
> +  comment=3D"Disable autorun in GNOME"
>     id=3D"test_gconf_gnome_disable_automount_autorun" version=3D"1">
>       <ind:object object_ref=3D"obj_gconf_gnome_disable_automount_autorun=
" />
> -  </ind:textfilecontent54_test>
> -  <ind:textfilecontent54_object id=3D"obj_gconf_gnome_disable_automount_=
autorun" version=3D"1">
> -    <ind:path>/etc/gconf/gconf.xml.mandatory/apps/nautilus/preferences</=
ind:path>
> -    <ind:filename>%gconf.xml</ind:filename>
> -    <ind:pattern operation=3D"pattern match">^\s*.entry\s+name=3D"media_=
autorun_never"\s+mtime=3D"\d+"\s+type=3D"bool"\s+value=3D"true"\/.$</ind:pa=
ttern>
> -    <ind:instance datatype=3D"int">1</ind:instance>
> -  </ind:textfilecontent54_object>
> -
> +    <ind:state state_ref=3D"state_gconf_gnome_disable_automount_autorun"=
 />
> +  </ind:xmlfilecontent_test>
> +  <ind:xmlfilecontent_state id=3D"state_gconf_gnome_disable_automount_au=
torun" version=3D"1">
> +    <ind:value_of datatype=3D"string">true</ind:value_of>
> +  </ind:xmlfilecontent_state>
> +  <ind:xmlfilecontent_object id=3D"obj_gconf_gnome_disable_automount_aut=
orun" version=3D"1">
> +    <ind:filepath>/etc/gconf/gconf.xml.mandatory/apps/nautilus/preferenc=
es/%gconf.xml</ind:filepath>
> +    <ind:xpath>/gconf/entry[@name=3D'media_autorun_never']/@value</ind:x=
path>
> +  </ind:xmlfilecontent_object>
>   </def-group>
> diff --git a/RHEL6/input/checks/gconf_gnome_disable_thumbnailers.xml b/RH=
EL6/input/checks/gconf_gnome_disable_thumbnailers.xml
> index 72bf086..80045a3 100644
> --- a/RHEL6/input/checks/gconf_gnome_disable_thumbnailers.xml
> +++ b/RHEL6/input/checks/gconf_gnome_disable_thumbnailers.xml
> @@ -1,28 +1,32 @@
>   <def-group>
> -  <definition class=3D"compliance"
> -  id=3D"gconf_gnome_disable_thumbnailers" version=3D"1">
> +  <definition class=3D"compliance" id=3D"gconf_gnome_disable_thumbnailer=
s" version=3D"1">
>       <metadata>
>         <title>Disable All GNOME Thumbnailers</title>
>         <affected family=3D"unix">
>           <platform>Red Hat Enterprise Linux 6</platform>
>         </affected>
> -      <description>The system's default desktop environment, GNOME, uses=
 a number of different thumbnailer programs to generate thumbnails for any =
new or modified content in an opened folder. Disable the execution of these=
 thumbnail applications within GNOME.</description>
> +      <description>The system's default desktop environment, GNOME, uses=
 a
> +      number of different thumbnailer programs to generate thumbnails fo=
r any
> +      new or modified content in an opened folder. Disable the execution=
 of
> +      these thumbnail applications within GNOME.</description>
> +      <reference source=3D"MED" ref_id=3D"20131125" ref_url=3D"test_atte=
station" />
>       </metadata>
> -    <criteria>
> +    <criteria operator=3D"OR">
> +      <extend_definition comment=3D"GConf2 installed" definition_ref=3D"=
package_GConf2_installed" negate=3D"true" />
>         <criterion comment=3D"Disable thumbnailers in GNOME" test_ref=3D"=
test_gconf_gnome_disable_thumbnailers" />
>       </criteria>
>     </definition>
> -
> -  <ind:textfilecontent54_test check=3D"all" check_existence=3D"none_exis=
t"
> -  comment=3D"Disable thumbnailers in GNOME"
> +  <ind:xmlfilecontent_test check=3D"all" check_existence=3D"all_exist"
> +  comment=3D"Disable thumbnailers in GNOME"
>     id=3D"test_gconf_gnome_disable_thumbnailers" version=3D"1">
>       <ind:object object_ref=3D"obj_gconf_gnome_disable_thumbnailers" />
> -  </ind:textfilecontent54_test>
> -  <ind:textfilecontent54_object id=3D"obj_gconf_gnome_disable_thumbnaile=
rs" version=3D"1">
> -    <ind:path>/etc/gconf/gconf.xml.mandatory/desktop/gnome/thumbnailers<=
/ind:path>
> -    <ind:filename>%gconf.xml</ind:filename>
> -    <ind:pattern operation=3D"pattern match">^\s*.entry\s+name=3D"disabl=
e_all"\s+mtime=3D"\d+"\s+type=3D"bool"\s+value=3D"true"\/.$</ind:pattern>
> -    <ind:instance datatype=3D"int">1</ind:instance>
> -  </ind:textfilecontent54_object>
> -
> +    <ind:state state_ref=3D"state_gconf_gnome_disable_thumbnailers" />
> +  </ind:xmlfilecontent_test>
> +  <ind:xmlfilecontent_state id=3D"state_gconf_gnome_disable_thumbnailers=
" version=3D"1">
> +    <ind:value_of datatype=3D"string">true</ind:value_of>
> +  </ind:xmlfilecontent_state>
> +  <ind:xmlfilecontent_object id=3D"obj_gconf_gnome_disable_thumbnailers"=
 version=3D"1">
> +    <ind:filepath>/etc/gconf/gconf.xml.mandatory/desktop/gnome/thumbnail=
ers/%gconf.xml</ind:filepath>
> +    <ind:xpath>/gconf/entry[@name=3D'disable_all']/@value</ind:xpath>
> +  </ind:xmlfilecontent_object>
>   </def-group>
> diff --git a/RHEL6/input/checks/gconf_gnome_screensaver_idle_activation_e=
nabled.xml b/RHEL6/input/checks/gconf_gnome_screensaver_idle_activation_ena=
bled.xml
> index 5776014..0d012a7 100644
> --- a/RHEL6/input/checks/gconf_gnome_screensaver_idle_activation_enabled.=
xml
> +++ b/RHEL6/input/checks/gconf_gnome_screensaver_idle_activation_enabled.=
xml
> @@ -5,21 +5,26 @@
>         <affected family=3D"unix">
>           <platform>Red Hat Enterprise Linux 6</platform>
>         </affected>
> -      <description>Idle activation of the screen saver should be enabled=
.</description>
> +      <description>Idle activation of the screen saver should be
> +      enabled.</description>
> +      <reference source=3D"MED" ref_id=3D"20131125" ref_url=3D"test_atte=
station" />
>       </metadata>
> -    <criteria>
> +    <criteria operator=3D"OR">
> +      <extend_definition comment=3D"GConf2 installed" definition_ref=3D"=
package_GConf2_installed" negate=3D"true" />
>         <criterion comment=3D"gnome screensaver is activated on idle" tes=
t_ref=3D"test_gnome_screensaver_idle_activated" />
>       </criteria>
>     </definition>
> -  <ind:xmlfilecontent_test check=3D"all" comment=3D"gnome screensaver is=
 activated on idle" id=3D"test_gnome_screensaver_idle_activated" version=3D=
"1">
> +  <ind:xmlfilecontent_test check=3D"all"
> +  comment=3D"gnome screensaver is activated on idle"
> +  id=3D"test_gnome_screensaver_idle_activated" version=3D"1">
>       <ind:object object_ref=3D"object_gnome_screensaver_idle_activated" =
/>
> -    <ind:state state_ref=3D"state_activated_on_idle" />
> +    <ind:state state_ref=3D"state_gnome_screensaver_idle_activated" />
>     </ind:xmlfilecontent_test>
> -  <ind:xmlfilecontent_state id=3D"state_activated_on_idle" version=3D"1">
> +  <ind:xmlfilecontent_state id=3D"state_gnome_screensaver_idle_activated=
" version=3D"1">
>       <ind:value_of datatype=3D"string">true</ind:value_of>
>     </ind:xmlfilecontent_state>
>     <ind:xmlfilecontent_object id=3D"object_gnome_screensaver_idle_activa=
ted" version=3D"1">
> -    <ind:filepath>/etc/gconf/gconf.xml.defaults/%gconf-tree.xml</ind:fil=
epath>
> -    <ind:xpath>/gconf/dir[@name=3D'schemas']/dir[@name=3D'apps']/dir[@na=
me=3D'gnome-screensaver']/entry[@name=3D'idle_activation_enabled']/local_sc=
hema[1]/default[1]/@value</ind:xpath>
> +    <ind:filepath>/etc/gconf/gconf.xml.mandatory/apps/gnome-screensaver/=
%gconf.xml</ind:filepath>
> +    <ind:xpath>/gconf/entry[@name=3D'idle_activation_enabled']/@value</i=
nd:xpath>
>     </ind:xmlfilecontent_object>
>   </def-group>
> diff --git a/RHEL6/input/checks/gconf_gnome_screensaver_idle_delay.xml b/=
RHEL6/input/checks/gconf_gnome_screensaver_idle_delay.xml
> index 70cc1c2..c77e608 100644
> --- a/RHEL6/input/checks/gconf_gnome_screensaver_idle_delay.xml
> +++ b/RHEL6/input/checks/gconf_gnome_screensaver_idle_delay.xml
> @@ -5,22 +5,30 @@
>         <affected family=3D"unix">
>           <platform>Red Hat Enterprise Linux 6</platform>
>         </affected>
> -      <description>The allowed period of inactivity before the screensav=
er is activated.</description>
> +      <description>The allowed period of inactivity before the screensav=
er is
> +      activated.</description>
> +      <reference source=3D"MED" ref_id=3D"20131125" ref_url=3D"test_atte=
station" />
>       </metadata>
> -    <criteria>
> +    <criteria operator=3D"OR">
> +      <extend_definition comment=3D"GConf2 installed" definition_ref=3D"=
package_GConf2_installed" negate=3D"true" />
>         <criterion comment=3D"check value of idle_delay in GCONF" test_re=
f=3D"test_gnome_screensaver_idle_delay" />
>       </criteria>
>     </definition>
> -  <ind:xmlfilecontent_test check=3D"all" comment=3D"test screensaver tim=
eout period" id=3D"test_gnome_screensaver_idle_delay" version=3D"1">
> +  <ind:xmlfilecontent_test check=3D"all"
> +  comment=3D"test screensaver timeout period"
> +  id=3D"test_gnome_screensaver_idle_delay" version=3D"1">
>       <ind:object object_ref=3D"object_gnome_screensaver_idle_delay" />
>       <ind:state state_ref=3D"state_gnome_screensaver_idle_delay" />
>     </ind:xmlfilecontent_test>
>     <ind:xmlfilecontent_object id=3D"object_gnome_screensaver_idle_delay"=
 version=3D"1">
> -    <ind:filepath>/etc/gconf/gconf.xml.defaults/%gconf-tree.xml</ind:fil=
epath>
> -    <ind:xpath datatype=3D"string" operation=3D"equals">/gconf/dir[@name=
=3D'schemas']/dir[@name=3D'apps']/dir[@name=3D'gnome-screensaver']/entry[@n=
ame=3D'idle_delay']/local_schema[1]/default[1]/@value</ind:xpath>
> +    <ind:filepath>/etc/gconf/gconf.xml.mandatory/apps/gnome-screensaver/=
%gconf.xml</ind:filepath>
> +    <ind:xpath>/gconf/entry[@name=3D'idle_delay']/@value</ind:xpath>
>     </ind:xmlfilecontent_object>
> -  <ind:xmlfilecontent_state comment=3D"idle timeout" id=3D"state_gnome_s=
creensaver_idle_delay" version=3D"1">
> -    <ind:value_of datatype=3D"int" operation=3D"less than or equal" var_=
check=3D"all" var_ref=3D"inactivity_timeout_value" />
> +  <ind:xmlfilecontent_state comment=3D"idle timeout"
> +  id=3D"state_gnome_screensaver_idle_delay" version=3D"1">
> +    <ind:value_of datatype=3D"int" operation=3D"less than or equal" var_=
check=3D"all"
> +    var_ref=3D"inactivity_timeout_value" />
>     </ind:xmlfilecontent_state>
> -  <external_variable comment=3D"inactivity timeout variable" datatype=3D=
"int" id=3D"inactivity_timeout_value" version=3D"1" />
> +  <external_variable comment=3D"inactivity timeout variable" datatype=3D=
"int"
> +  id=3D"inactivity_timeout_value" version=3D"1" />
>   </def-group>
> diff --git a/RHEL6/input/checks/gconf_gnome_screensaver_lock_enabled.xml =
b/RHEL6/input/checks/gconf_gnome_screensaver_lock_enabled.xml
> index 06d3020..cc031fc 100644
> --- a/RHEL6/input/checks/gconf_gnome_screensaver_lock_enabled.xml
> +++ b/RHEL6/input/checks/gconf_gnome_screensaver_lock_enabled.xml
> @@ -5,19 +5,23 @@
>         <affected family=3D"unix">
>           <platform>Red Hat Enterprise Linux 6</platform>
>         </affected>
> -      <description>Idle activation of the screen lock should be enabled.=
</description>
> +      <description>Idle activation of the screen lock should be
> +      enabled.</description>
> +      <reference source=3D"MED" ref_id=3D"20131125" ref_url=3D"test_atte=
station" />
>       </metadata>
> -    <criteria>
> +    <criteria operator=3D"OR">
> +      <extend_definition comment=3D"GConf2 installed" definition_ref=3D"=
package_GConf2_installed" negate=3D"true" />
>         <criterion comment=3D"screensaver lock is enabled" test_ref=3D"te=
st_screensaver_lock_enabled" />
>       </criteria>
>     </definition>
> -  <ind:xmlfilecontent_test check=3D"all" comment=3D"screensaver lock is =
enabled" id=3D"test_screensaver_lock_enabled" version=3D"1">
> +  <ind:xmlfilecontent_test check=3D"all" comment=3D"screensaver lock is =
enabled"
> +  id=3D"test_screensaver_lock_enabled" version=3D"1">
>       <ind:object object_ref=3D"object_screensaver_lock_enabled" />
>       <ind:state state_ref=3D"state_screensaver_lock_enabled" />
>     </ind:xmlfilecontent_test>
>     <ind:xmlfilecontent_object id=3D"object_screensaver_lock_enabled" ver=
sion=3D"1">
> -    <ind:filepath>/etc/gconf/gconf.xml.defaults/%gconf-tree.xml</ind:fil=
epath>
> -    <ind:xpath>/gconf/dir[@name=3D'schemas']/dir[@name=3D'apps']/dir[@na=
me=3D'gnome-screensaver']/entry[@name=3D'lock_enabled']/local_schema[1]/def=
ault[1]/@value</ind:xpath>
> +    <ind:filepath>/etc/gconf/gconf.xml.mandatory/apps/gnome-screensaver/=
%gconf.xml</ind:filepath>
> +    <ind:xpath>/gconf/entry[@name=3D'lock_enabled']/@value</ind:xpath>
>     </ind:xmlfilecontent_object>
>     <ind:xmlfilecontent_state id=3D"state_screensaver_lock_enabled" versi=
on=3D"1">
>       <ind:value_of datatype=3D"string">true</ind:value_of>
> diff --git a/RHEL6/input/checks/gconf_gnome_screensaver_mode_blank.xml b/=
RHEL6/input/checks/gconf_gnome_screensaver_mode_blank.xml
> index 7cad7cd..8229d71 100644
> --- a/RHEL6/input/checks/gconf_gnome_screensaver_mode_blank.xml
> +++ b/RHEL6/input/checks/gconf_gnome_screensaver_mode_blank.xml
> @@ -6,12 +6,16 @@
>           <platform>Red Hat Enterprise Linux 6</platform>
>         </affected>
>         <description>The screen saver should be blank.</description>
> +      <reference source=3D"MED" ref_id=3D"20131125" ref_url=3D"test_atte=
station" />
>       </metadata>
> -    <criteria>
> +    <criteria operator=3D"OR">
> +      <extend_definition comment=3D"GConf2 installed" definition_ref=3D"=
package_GConf2_installed" negate=3D"true" />
>         <criterion comment=3D"gnome screensaver set to blank screen" test=
_ref=3D"test_gnome_screensaver_mode" />
>       </criteria>
>     </definition>
> -  <ind:xmlfilecontent_test check=3D"all" comment=3D"gnome screensaver se=
t to blank screen" id=3D"test_gnome_screensaver_mode" version=3D"1">
> +  <ind:xmlfilecontent_test check=3D"all"
> +  comment=3D"gnome screensaver set to blank screen"
> +  id=3D"test_gnome_screensaver_mode" version=3D"1">
>       <ind:object object_ref=3D"object_gnome_screensaver_mode" />
>       <ind:state state_ref=3D"state_gnome_screensaver_mode" />
>     </ind:xmlfilecontent_test>
> @@ -19,7 +23,7 @@
>       <ind:value_of datatype=3D"string">blank-only</ind:value_of>
>     </ind:xmlfilecontent_state>
>     <ind:xmlfilecontent_object id=3D"object_gnome_screensaver_mode" versi=
on=3D"1">
> -    <ind:filepath>/etc/gconf/gconf.xml.defaults/%gconf-tree.xml</ind:fil=
epath>
> -    <ind:xpath>/gconf/dir[@name=3D'schemas']/dir[@name=3D'apps']/dir[@na=
me=3D'gnome-screensaver']/entry[@name=3D'mode']/local_schema[1]/default[1]/=
stringvalue[1]/text()</ind:xpath>
> +    <ind:filepath>/etc/gconf/gconf.xml.mandatory/apps/gnome-screensaver/=
%gconf.xml</ind:filepath>
> +    <ind:xpath>/gconf/entry[@name=3D'mode']/stringvalue[1]/text()</ind:x=
path>
>     </ind:xmlfilecontent_object>
>   </def-group>
> diff --git a/RHEL6/input/checks/package_GConf2_installed.xml b/RHEL6/inpu=
t/checks/package_GConf2_installed.xml
> new file mode 100644
> index 0000000..032d76b
> --- /dev/null
> +++ b/RHEL6/input/checks/package_GConf2_installed.xml
> @@ -0,0 +1,26 @@
> +<def-group>
> + <!-- THIS FILE IS GENERATED by create_package_installed.py.  DO NOT EDI=
T.  -->
> +  <definition class=3D"compliance" id=3D"package_GConf2_installed"
> +  version=3D"1">
> +    <metadata>
> +      <title>Package GConf2 Installed</title>
> +      <affected family=3D"unix">
> +        <platform>Red Hat Enterprise Linux 6</platform>
> +      </affected>
> +      <description>The RPM package GConf2 should be installed.</descript=
ion>
> +      <reference source=3D"swells" ref_id=3D"20130829" ref_url=3D"test_a=
ttestation"/>
> +    </metadata>	=

> +    <criteria>
> +      <criterion comment=3D"package GConf2 is installed"
> +      test_ref=3D"test_package_GConf2_installed" />
> +    </criteria>
> +  </definition>
> +  <linux:rpminfo_test check=3D"all" check_existence=3D"all_exist"
> +  id=3D"test_package_GConf2_installed" version=3D"1"
> +  comment=3D"package GConf2 is installed">
> +    <linux:object object_ref=3D"obj_package_GConf2_installed" />
> +  </linux:rpminfo_test>
> +  <linux:rpminfo_object id=3D"obj_package_GConf2_installed" version=3D"1=
">
> +    <linux:name>GConf2</linux:name>
> +  </linux:rpminfo_object>
> +</def-group>
> diff --git a/RHEL6/input/checks/templates/packages_installed.csv b/RHEL6/=
input/checks/templates/packages_installed.csv
> index 990f332..d956daa 100644
> --- a/RHEL6/input/checks/templates/packages_installed.csv
> +++ b/RHEL6/input/checks/templates/packages_installed.csv
> @@ -1,6 +1,7 @@
>   aide
>   audit
>   cronie
> +GConf2
>   iptables
>   iptables-ipv6
>   irqbalance
> diff --git a/RHEL6/input/fixes/bash/package_GConf2_installed.sh b/RHEL6/i=
nput/fixes/bash/package_GConf2_installed.sh
> new file mode 100644
> index 0000000..02c8768
> --- /dev/null
> +++ b/RHEL6/input/fixes/bash/package_GConf2_installed.sh
> @@ -0,0 +1 @@
> +yum -y install GConf2


--===============8170524183118950835==--