>From bd074ef5101e855e4ce92149694e557cc51ccffa Mon Sep 17 00:00:00 2001
From: Shawn Wells <shawn@redhat.com>
Date: Thu, 23 Jan 2014 01:17:10 -0500
Subject: [PATCH 07/10] Moved sshd_enable_warning_banner to shared/

- Tested on RHEL7, updated CPE
- Symlinks
- Added to rhel7 rht-ccp profile
---
 RHEL/6/input/checks/sshd_enable_warning_banner.xml | 31 +---------------------
 RHEL/7/input/checks/sshd_enable_warning_banner.xml |  1 +
 RHEL/7/input/profiles/rht-ccp.xml                  |  2 +-
 scap-security-guide.spec                           |  1 +
 shared/oval/sshd_enable_warning_banner.xml         | 31 ++++++++++++++++++++++
 5 files changed, 35 insertions(+), 31 deletions(-)
 mode change 100644 => 120000 RHEL/6/input/checks/sshd_enable_warning_banner.xml
 create mode 120000 RHEL/7/input/checks/sshd_enable_warning_banner.xml
 create mode 100644 shared/oval/sshd_enable_warning_banner.xml

diff --git a/RHEL/6/input/checks/sshd_enable_warning_banner.xml b/RHEL/6/input/checks/sshd_enable_warning_banner.xml
deleted file mode 100644
index 9e4fa8a..0000000
--- a/RHEL/6/input/checks/sshd_enable_warning_banner.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-<def-group>
-  <definition class="compliance" id="sshd_enable_warning_banner" version="1">
-    <metadata>
-      <title>Enable a Warning Banner</title>
-      <affected family="unix">
-        <platform>Red Hat Enterprise Linux 6</platform>
-      </affected>
-      <description>SSH warning banner should be enabled (and dependencies are
-      met)</description>
-      <reference source="MED" ref_id="20130813" ref_url="test_attestation" />
-    </metadata>
-    <criteria comment="SSH is not being used or conditions are met"
-    operator="OR">
-      <extend_definition comment="sshd service is disabled"
-      definition_ref="service_sshd_disabled" />
-      <criterion comment="Check Banner in /etc/ssh/sshd_config"
-      test_ref="test_sshd_banner_set" />
-    </criteria>
-  </definition>
-  <ind:textfilecontent54_test check="all" check_existence="all_exist"
-  comment="Tests the value of the Banner[\s]+/etc/issue setting in the /etc/ssh/sshd_config file"
-  id="test_sshd_banner_set" version="1">
-    <ind:object object_ref="obj_sshd_banner_set" />
-  </ind:textfilecontent54_test>
-  <ind:textfilecontent54_object id="obj_sshd_banner_set" version="1">
-    <ind:filepath>/etc/ssh/sshd_config</ind:filepath>
-    <ind:pattern operation="pattern match">^[\s]*(?i)Banner(?-i)[\s]+/etc/issue[\s]*$</ind:pattern>
-    <ind:instance datatype="int">1</ind:instance>
-  </ind:textfilecontent54_object>
-</def-group>
diff --git a/RHEL/6/input/checks/sshd_enable_warning_banner.xml b/RHEL/6/input/checks/sshd_enable_warning_banner.xml
new file mode 120000
index 0000000..9a2806d
--- /dev/null
+++ b/RHEL/6/input/checks/sshd_enable_warning_banner.xml
@@ -0,0 +1 @@
+../../../../shared/oval/sshd_enable_warning_banner.xml
\ No newline at end of file
diff --git a/RHEL/7/input/checks/sshd_enable_warning_banner.xml b/RHEL/7/input/checks/sshd_enable_warning_banner.xml
new file mode 120000
index 0000000..9a2806d
--- /dev/null
+++ b/RHEL/7/input/checks/sshd_enable_warning_banner.xml
@@ -0,0 +1 @@
+../../../../shared/oval/sshd_enable_warning_banner.xml
\ No newline at end of file
diff --git a/RHEL/7/input/profiles/rht-ccp.xml b/RHEL/7/input/profiles/rht-ccp.xml
index 4e66f38..cc14c81 100644
--- a/RHEL/7/input/profiles/rht-ccp.xml
+++ b/RHEL/7/input/profiles/rht-ccp.xml
@@ -130,9 +130,9 @@ SSH / REMOTE ACCESS CHECKS
 <select idref="sshd_disable_rhosts" selected="true"/>
 <select idref="disable_host_auth" selected="true"/>
 <select idref="sshd_disable_root_login" selected="true"/>
-<!--
 <select idref="sshd_disable_empty_passwords" selected="true"/>
 <select idref="sshd_enable_warning_banner" selected="true"/>
+<!--
 <select idref="sshd_do_not_permit_user_env" selected="true"/>
 <select idref="sshd_use_approved_ciphers" selected="true"/>
 -->
diff --git a/scap-security-guide.spec b/scap-security-guide.spec
index 57710fa..c48e943 100644
--- a/scap-security-guide.spec
+++ b/scap-security-guide.spec
@@ -60,6 +60,7 @@ cp -a RHEL/6/input/auxiliary/scap-security-guide.8 %{buildroot}%{_mandir}/en/man
 - OVAL for sshd_disable_rhosts
 - OVAL for sshd_disable_root_login
 - OVAL for sshd_disable_empty_passwords
+- OVAL for sshd_enable_warning_banner
 
 * Tue Dec 24 2013 Shawn Wells <shawn@redhat.com> 0.1-16.rc2
 + RHEL6 stig-rhel6-server XCCDF profile renamed to stig-rhel6-server-upstream
diff --git a/shared/oval/sshd_enable_warning_banner.xml b/shared/oval/sshd_enable_warning_banner.xml
new file mode 100644
index 0000000..656a644
--- /dev/null
+++ b/shared/oval/sshd_enable_warning_banner.xml
@@ -0,0 +1,31 @@
+<def-group>
+  <definition class="compliance" id="sshd_enable_warning_banner" version="1">
+    <metadata>
+      <title>Enable a Warning Banner</title>
+      <affected family="unix">
+        <platform>Red Hat Enterprise Linux 6</platform>
+        <platform>Red Hat Enterprise Linux 7</platform>
+      </affected>
+      <description>SSH warning banner should be enabled (and dependencies are
+      met)</description>
+      <reference source="MED" ref_id="20130813" ref_url="test_attestation" />
+    </metadata>
+    <criteria comment="SSH is not being used or conditions are met"
+    operator="OR">
+      <extend_definition comment="sshd service is disabled"
+      definition_ref="service_sshd_disabled" />
+      <criterion comment="Check Banner in /etc/ssh/sshd_config"
+      test_ref="test_sshd_banner_set" />
+    </criteria>
+  </definition>
+  <ind:textfilecontent54_test check="all" check_existence="all_exist"
+  comment="Tests the value of the Banner[\s]+/etc/issue setting in the /etc/ssh/sshd_config file"
+  id="test_sshd_banner_set" version="1">
+    <ind:object object_ref="obj_sshd_banner_set" />
+  </ind:textfilecontent54_test>
+  <ind:textfilecontent54_object id="obj_sshd_banner_set" version="1">
+    <ind:filepath>/etc/ssh/sshd_config</ind:filepath>
+    <ind:pattern operation="pattern match">^[\s]*(?i)Banner(?-i)[\s]+/etc/issue[\s]*$</ind:pattern>
+    <ind:instance datatype="int">1</ind:instance>
+  </ind:textfilecontent54_object>
+</def-group>
-- 
1.8.3.1