On 10/31/13, 10:32 AM, Matthew Mariani wrote:
- the attachment for #2
*From: *"Matthew Mariani" mmariani@redhat.com *To: *scap-security-guide@lists.fedorahosted.org *Cc: *"Karl Stevens" kstevens@redhat.com *Sent: *Thursday, October 31, 2013 10:30:37 AM *Subject: *Additional Checks for RH Cloud Provider Profile (rht-ccp)
Hi SSG team,
For the CCP profile recently added, I would like to add new RHEL6 checks for the bullets below. 1. Cloud image disk checks - do these checks exist already? a.) Minimum Disk - 6GB b.) Available Disk - 4GB or more 2. Non-RH packages installed on the RHEL system - ** For this one, on the open-scap-list, Danny Hynes provided the attached OVAL definition, but I'm not sure how to build that into the rht-ccp profile. Does anyone have an example?
Any guidance on how to proceed is appreciated.
Content creation docs are... limited. To start, check out Section 5 of the workbook: http://blog-shawndwells.rhcloud.com/wp-content/uploads/2013/07/SCAP-Workshop...
It will step you through a *very* basic rule creation, generating both the XCCDF and OVAL, and should help you understand the linkage between the two components.
As for disk space, do a find on "partition_item" here: http://oval.mitre.org/language/version5.10.1/ovalsc/documentation/linux-syst...
Notice the two extend options: - space_used - space_left
We should be able to create your #1 based off these.
As for non-RH packages, your attached OVAL is on par here. Do a search for "rpm_info" on the URL above to get an idea of capabilities.... specifically the signature_keyid check!
So then, start with the workbook, and when your build fails, check the spelling of "rational" vs rationale ;) Check back here when done & we'll work out the OVAL checks.