[PATCH] [RHEL/6, RHEL/7, shared] Implement OVAL check & XCCDF definition for package_talk_removed rule
The proposed patch adds OVAL check & corresponding XCCDF definition for RHEL-6 & RHEL-7 for "package talk removed" rule. Tested on both of RHEL-6 & RHEL-7 (definition works as expected on both products & is displayed properly also in the HTML version[s] of the guide[s]), updated test attestations & moved the OVAL to shared.
Please review.
Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Technologies Team
On 6/25/14, 10:51 AM, Jan Lieskovsky wrote:
The proposed patch adds OVAL check & corresponding XCCDF definition for RHEL-6 & RHEL-7 for "package talk removed" rule. Tested on both of RHEL-6 & RHEL-7 (definition works as expected on both products & is displayed properly also in the HTML version[s] of the guide[s]), updated test attestations & moved the OVAL to shared.
Please review.
Thank you && Regards, Jan.
Jan iankko Lieskovsky / Red Hat Security Technologies Team
0001-RHEL-6-RHEL-7-shared-Implement-OVAL-check-XCCDF-defi.patch
From bddba46840a6d3c296241efbf9c3a10cd753897c Mon Sep 17 00:00:00 2001 From: Jan Lieskovskyjlieskov@redhat.com Date: Wed, 25 Jun 2014 16:44:23 +0200 Subject: [PATCH] [RHEL/6, RHEL/7, shared] Implement OVAL check & XCCDF definition for package_talk_removed rule
Signed-off-by: Jan Lieskovskyjlieskov@redhat.com
RHEL/6/input/checks/package_talk_removed.xml | 1 + RHEL/6/input/checks/templates/packages_removed.csv | 1 + RHEL/6/input/services/obsolete.xml | 18 +++++++++++++++ RHEL/7/input/checks/package_talk_removed.xml | 1 + RHEL/7/input/services/obsolete.xml | 18 +++++++++++++++ shared/oval/package_talk_removed.xml | 26 ++++++++++++++++++++++ 6 files changed, 65 insertions(+) create mode 120000 RHEL/6/input/checks/package_talk_removed.xml create mode 120000 RHEL/7/input/checks/package_talk_removed.xml create mode 100644 shared/oval/package_talk_removed.xml
diff --git a/RHEL/6/input/checks/package_talk_removed.xml b/RHEL/6/input/checks/package_talk_removed.xml new file mode 120000 index 0000000..6147e81 --- /dev/null +++ b/RHEL/6/input/checks/package_talk_removed.xml @@ -0,0 +1 @@ +../../../../shared/oval/package_talk_removed.xml \ No newline at end of file diff --git a/RHEL/6/input/checks/templates/packages_removed.csv b/RHEL/6/input/checks/templates/packages_removed.csv index 790b74d..a6c8e2a 100644 --- a/RHEL/6/input/checks/templates/packages_removed.csv +++ b/RHEL/6/input/checks/templates/packages_removed.csv @@ -35,6 +35,7 @@ squid subscription-manager sysstat talk-server +talk telnet telnet-server tftp diff --git a/RHEL/6/input/services/obsolete.xml b/RHEL/6/input/services/obsolete.xml index b46a912..457d342 100644 --- a/RHEL/6/input/services/obsolete.xml +++ b/RHEL/6/input/services/obsolete.xml @@ -422,5 +422,23 @@ risk of the accidental (or intentional) activation of talk services.
<tested by="JL" on="20140625"/> </Rule>
+<Rule id="package_talk_removed"> +<title>Uninstal talk Package</title> +<description>The <tt>talk</tt> package contains the client program for the +Internet talk protocol, which allows the user to chat with other users on +different systems. Talk is a communication program which copies lines from one +terminal to the terminal of another user. +</description> +<ocil><package-remove-macro package="talk"/></ocil> +<rationale> +The talk software presents a security risk as it uses unencrypted protocols +for communications. Removing the <tt>talk</tt> package decreases the +risk of the accidental (or intentional) activation of talk client program. +</rationale> +<ident cce="" /> +<oval id="package_talk_removed" /> +<tested by="JL" on="20140625"/> +</Rule>
</Group> </Group>
diff --git a/RHEL/7/input/checks/package_talk_removed.xml b/RHEL/7/input/checks/package_talk_removed.xml new file mode 120000 index 0000000..6147e81 --- /dev/null +++ b/RHEL/7/input/checks/package_talk_removed.xml @@ -0,0 +1 @@ +../../../../shared/oval/package_talk_removed.xml \ No newline at end of file diff --git a/RHEL/7/input/services/obsolete.xml b/RHEL/7/input/services/obsolete.xml index 4fd80a0..76f808c 100644 --- a/RHEL/7/input/services/obsolete.xml +++ b/RHEL/7/input/services/obsolete.xml @@ -376,5 +376,23 @@ risk of the accidental (or intentional) activation of talk services.
<tested by="JL" on="20140625"/> </Rule>
+<Rule id="package_talk_removed"> +<title>Uninstal talk Package</title> +<description>The <tt>talk</tt> package contains the client program for the +Internet talk protocol, which allows the user to chat with other users on +different systems. Talk is a communication program which copies lines from one +terminal to the terminal of another user. +</description> +<ocil><package-remove-macro package="talk"/></ocil> +<rationale> +The talk software presents a security risk as it uses unencrypted protocols +for communications. Removing the <tt>talk</tt> package decreases the +risk of the accidental (or intentional) activation of talk client program. +</rationale> +<ident cce="" /> +<oval id="package_talk_removed" /> +<tested by="JL" on="20140625"/> +</Rule>
</Group> </Group>
diff --git a/shared/oval/package_talk_removed.xml b/shared/oval/package_talk_removed.xml new file mode 100644 index 0000000..122902a --- /dev/null +++ b/shared/oval/package_talk_removed.xml @@ -0,0 +1,26 @@ +<def-group>
<definition class="compliance" id="package_talk_removed" version="2">
<metadata>
<title>Package talk Removed</title><affected family="unix"><platform>Red Hat Enterprise Linux 6</platform><platform>Red Hat Enterprise Linux 7</platform></affected><description>The RPM package talk should be removed.</description><reference source="JL" ref_id="RHEL6_20140625" ref_url="test_attestation"/><reference source="JL" ref_id="RHEL7_20140625" ref_url="test_attestation"/></metadata>
<criteria>
<criterion comment="package talk is removed"test_ref="test_package_talk_removed" /></criteria>
</definition>
- <linux:rpminfo_test check="all" check_existence="none_exist"
- id="test_package_talk_removed" version="1"
- comment="package talk is removed">
- <linux:object object_ref="obj_package_talk_removed" />
- </linux:rpminfo_test>
- <linux:rpminfo_object id="obj_package_talk_removed" version="1">
- linux:nametalk</linux:name>
- </linux:rpminfo_object>
+</def-group> -- 1.8.3.1
s/Uninstal/Uninstall/g && ack
----- Original Message -----
From: "Shawn Wells" shawn@redhat.com To: scap-security-guide@lists.fedorahosted.org Sent: Thursday, June 26, 2014 8:30:39 PM Subject: Re: [PATCH] [RHEL/6, RHEL/7, shared] Implement OVAL check & XCCDF definition for package_talk_removed rule
On 6/25/14, 10:51 AM, Jan Lieskovsky wrote:
The proposed patch adds OVAL check & corresponding XCCDF definition for RHEL-6 & RHEL-7 for "package talk removed" rule. Tested on both of RHEL-6 & RHEL-7 (definition works as expected on both products & is displayed properly also in the HTML version[s] of the guide[s]), updated test attestations & moved the OVAL to shared.
Please review.
Thank you && Regards, Jan.
Jan iankko Lieskovsky / Red Hat Security Technologies Team
0001-RHEL-6-RHEL-7-shared-Implement-OVAL-check-XCCDF-defi.patch From bddba46840a6d3c296241efbf9c3a10cd753897c Mon Sep 17 00:00:00 2001 From: Jan Lieskovsky jlieskov@redhat.com Date: Wed, 25 Jun 2014 16:44:23 +0200 Subject: [PATCH] [RHEL/6, RHEL/7, shared] Implement OVAL check & XCCDF definition for package_talk_removed rule
Signed-off-by: Jan Lieskovsky jlieskov@redhat.com --- RHEL/6/input/checks/package_talk_removed.xml | 1 + RHEL/6/input/checks/templates/packages_removed.csv | 1 + RHEL/6/input/services/obsolete.xml | 18 +++++++++++++++ RHEL/7/input/checks/package_talk_removed.xml | 1 + RHEL/7/input/services/obsolete.xml | 18 +++++++++++++++ shared/oval/package_talk_removed.xml | 26 ++++++++++++++++++++++ 6 files changed, 65 insertions(+) create mode 120000 RHEL/6/input/checks/package_talk_removed.xml create mode 120000 RHEL/7/input/checks/package_talk_removed.xml create mode 100644 shared/oval/package_talk_removed.xml
diff --git a/RHEL/6/input/checks/package_talk_removed.xml b/RHEL/6/input/checks/package_talk_removed.xml new file mode 120000 index 0000000..6147e81 --- /dev/null +++ b/RHEL/6/input/checks/package_talk_removed.xml @@ -0,0 +1 @@ +../../../../shared/oval/package_talk_removed.xml \ No newline at end of file diff --git a/RHEL/6/input/checks/templates/packages_removed.csv b/RHEL/6/input/checks/templates/packages_removed.csv index 790b74d..a6c8e2a 100644 --- a/RHEL/6/input/checks/templates/packages_removed.csv +++ b/RHEL/6/input/checks/templates/packages_removed.csv @@ -35,6 +35,7 @@ squid subscription-manager sysstat talk-server +talk telnet telnet-server tftp diff --git a/RHEL/6/input/services/obsolete.xml b/RHEL/6/input/services/obsolete.xml index b46a912..457d342 100644 --- a/RHEL/6/input/services/obsolete.xml +++ b/RHEL/6/input/services/obsolete.xml @@ -422,5 +422,23 @@ risk of the accidental (or intentional) activation of talk services.
<tested by="JL" on="20140625"/> </Rule>
+<Rule id="package_talk_removed"> +<title>Uninstal talk Package</title> +<description>The <tt>talk</tt> package contains the client program for the +Internet talk protocol, which allows the user to chat with other users on +different systems. Talk is a communication program which copies lines from one +terminal to the terminal of another user. +</description> +<ocil><package-remove-macro package="talk"/></ocil> +<rationale> +The talk software presents a security risk as it uses unencrypted protocols +for communications. Removing the <tt>talk</tt> package decreases the +risk of the accidental (or intentional) activation of talk client program. +</rationale> +<ident cce="" /> +<oval id="package_talk_removed" /> +<tested by="JL" on="20140625"/> +</Rule>
</Group> </Group> diff --git a/RHEL/7/input/checks/package_talk_removed.xml b/RHEL/7/input/checks/package_talk_removed.xml new file mode 120000 index 0000000..6147e81 --- /dev/null +++ b/RHEL/7/input/checks/package_talk_removed.xml @@ -0,0 +1 @@ +../../../../shared/oval/package_talk_removed.xml \ No newline at end of file diff --git a/RHEL/7/input/services/obsolete.xml b/RHEL/7/input/services/obsolete.xml index 4fd80a0..76f808c 100644 --- a/RHEL/7/input/services/obsolete.xml +++ b/RHEL/7/input/services/obsolete.xml @@ -376,5 +376,23 @@ risk of the accidental (or intentional) activation of talk services. <tested by="JL" on="20140625"/> </Rule>
+<Rule id="package_talk_removed"> +<title>Uninstal talk Package</title> +<description>The <tt>talk</tt> package contains the client program for the +Internet talk protocol, which allows the user to chat with other users on +different systems. Talk is a communication program which copies lines from one +terminal to the terminal of another user. +</description> +<ocil><package-remove-macro package="talk"/></ocil> +<rationale> +The talk software presents a security risk as it uses unencrypted protocols +for communications. Removing the <tt>talk</tt> package decreases the +risk of the accidental (or intentional) activation of talk client program. +</rationale> +<ident cce="" /> +<oval id="package_talk_removed" /> +<tested by="JL" on="20140625"/> +</Rule>
</Group> </Group> diff --git a/shared/oval/package_talk_removed.xml b/shared/oval/package_talk_removed.xml new file mode 100644 index 0000000..122902a --- /dev/null +++ b/shared/oval/package_talk_removed.xml @@ -0,0 +1,26 @@ +<def-group> + <definition class="compliance" id="package_talk_removed" version="2"> + <metadata> + <title>Package talk Removed</title> + <affected family="unix"> + <platform>Red Hat Enterprise Linux 6</platform> + <platform>Red Hat Enterprise Linux 7</platform> + </affected> + <description>The RPM package talk should be removed.</description> + <reference source="JL" ref_id="RHEL6_20140625" ref_url="test_attestation"/> + <reference source="JL" ref_id="RHEL7_20140625" ref_url="test_attestation"/> + </metadata> + <criteria> + <criterion comment="package talk is removed" + test_ref="test_package_talk_removed" /> + </criteria> + </definition> + <linux:rpminfo_test check="all" check_existence="none_exist" + id="test_package_talk_removed" version="1" + comment="package talk is removed"> + <linux:object object_ref="obj_package_talk_removed" /> + </linux:rpminfo_test> + <linux:rpminfo_object id="obj_package_talk_removed" version="1"> + <linux:name>talk</linux:name> + </linux:rpminfo_object> +</def-group> -- 1.8.3.1
s/Uninstal/Uninstall/g && ack
Thank you. Replaced & pushed.
Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Technologies Team
scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
scap-security-guide@lists.fedorahosted.org
-
Jan Lieskovsky -
Shawn Wells