----- Original Message -----
From: "Shawn Wells" <shawn(a)redhat.com>
To: scap-security-guide(a)lists.fedorahosted.org
Sent: Thursday, June 26, 2014 8:30:39 PM
Subject: Re: [PATCH] [RHEL/6, RHEL/7, shared] Implement OVAL check & XCCDF definition
for package_talk_removed rule
On 6/25/14, 10:51 AM, Jan Lieskovsky wrote:
The proposed patch adds OVAL check & corresponding XCCDF definition for
RHEL-6 & RHEL-7 for "package talk removed" rule. Tested on both of RHEL-6
&
RHEL-7
(definition works as expected on both products & is displayed properly also
in the
HTML version[s] of the guide[s]), updated test attestations & moved the OVAL
to shared.
Please review.
Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Technologies Team
0001-RHEL-6-RHEL-7-shared-Implement-OVAL-check-XCCDF-defi.patch
From bddba46840a6d3c296241efbf9c3a10cd753897c Mon Sep 17 00:00:00 2001
From: Jan Lieskovsky <jlieskov(a)redhat.com> Date: Wed, 25 Jun 2014 16:44:23
+0200
Subject: [PATCH] [RHEL/6, RHEL/7, shared] Implement OVAL check & XCCDF
definition for package_talk_removed rule
Signed-off-by: Jan Lieskovsky <jlieskov(a)redhat.com> ---
RHEL/6/input/checks/package_talk_removed.xml | 1 +
RHEL/6/input/checks/templates/packages_removed.csv | 1 +
RHEL/6/input/services/obsolete.xml | 18 +++++++++++++++
RHEL/7/input/checks/package_talk_removed.xml | 1 +
RHEL/7/input/services/obsolete.xml | 18 +++++++++++++++
shared/oval/package_talk_removed.xml | 26
++++++++++++++++++++++
6 files changed, 65 insertions(+)
create mode 120000 RHEL/6/input/checks/package_talk_removed.xml
create mode 120000 RHEL/7/input/checks/package_talk_removed.xml
create mode 100644 shared/oval/package_talk_removed.xml
diff --git a/RHEL/6/input/checks/package_talk_removed.xml
b/RHEL/6/input/checks/package_talk_removed.xml
new file mode 120000
index 0000000..6147e81
--- /dev/null
+++ b/RHEL/6/input/checks/package_talk_removed.xml
@@ -0,0 +1 @@
+../../../../shared/oval/package_talk_removed.xml
\ No newline at end of file
diff --git a/RHEL/6/input/checks/templates/packages_removed.csv
b/RHEL/6/input/checks/templates/packages_removed.csv
index 790b74d..a6c8e2a 100644
--- a/RHEL/6/input/checks/templates/packages_removed.csv
+++ b/RHEL/6/input/checks/templates/packages_removed.csv
@@ -35,6 +35,7 @@ squid
subscription-manager
sysstat
talk-server
+talk
telnet
telnet-server
tftp
diff --git a/RHEL/6/input/services/obsolete.xml
b/RHEL/6/input/services/obsolete.xml
index b46a912..457d342 100644
--- a/RHEL/6/input/services/obsolete.xml
+++ b/RHEL/6/input/services/obsolete.xml
@@ -422,5 +422,23 @@ risk of the accidental (or intentional) activation of
talk services.
<tested by="JL" on="20140625"/>
</Rule>
+<Rule id="package_talk_removed">
+<title>Uninstal talk Package</title>
+<description>The <tt>talk</tt> package contains the client program for
the
+Internet talk protocol, which allows the user to chat with other users on
+different systems. Talk is a communication program which copies lines from
one
+terminal to the terminal of another user.
+</description>
+<ocil><package-remove-macro package="talk"/></ocil>
+<rationale>
+The talk software presents a security risk as it uses unencrypted protocols
+for communications. Removing the <tt>talk</tt> package decreases the
+risk of the accidental (or intentional) activation of talk client program.
+</rationale>
+<ident cce="" />
+<oval id="package_talk_removed" />
+<tested by="JL" on="20140625"/>
+</Rule>
+
</Group>
</Group>
diff --git a/RHEL/7/input/checks/package_talk_removed.xml
b/RHEL/7/input/checks/package_talk_removed.xml
new file mode 120000
index 0000000..6147e81
--- /dev/null
+++ b/RHEL/7/input/checks/package_talk_removed.xml
@@ -0,0 +1 @@
+../../../../shared/oval/package_talk_removed.xml
\ No newline at end of file
diff --git a/RHEL/7/input/services/obsolete.xml
b/RHEL/7/input/services/obsolete.xml
index 4fd80a0..76f808c 100644
--- a/RHEL/7/input/services/obsolete.xml
+++ b/RHEL/7/input/services/obsolete.xml
@@ -376,5 +376,23 @@ risk of the accidental (or intentional) activation of
talk services.
<tested by="JL" on="20140625"/>
</Rule>
+<Rule id="package_talk_removed">
+<title>Uninstal talk Package</title>
+<description>The <tt>talk</tt> package contains the client program for
the
+Internet talk protocol, which allows the user to chat with other users on
+different systems. Talk is a communication program which copies lines from
one
+terminal to the terminal of another user.
+</description>
+<ocil><package-remove-macro package="talk"/></ocil>
+<rationale>
+The talk software presents a security risk as it uses unencrypted protocols
+for communications. Removing the <tt>talk</tt> package decreases the
+risk of the accidental (or intentional) activation of talk client program.
+</rationale>
+<ident cce="" />
+<oval id="package_talk_removed" />
+<tested by="JL" on="20140625"/>
+</Rule>
+
</Group>
</Group>
diff --git a/shared/oval/package_talk_removed.xml
b/shared/oval/package_talk_removed.xml
new file mode 100644
index 0000000..122902a
--- /dev/null
+++ b/shared/oval/package_talk_removed.xml
@@ -0,0 +1,26 @@
+<def-group>
+ <definition class="compliance" id="package_talk_removed"
version="2">
+ <metadata>
+ <title>Package talk Removed</title>
+ <affected family="unix">
+ <platform>Red Hat Enterprise Linux 6</platform>
+ <platform>Red Hat Enterprise Linux 7</platform>
+ </affected>
+ <description>The RPM package talk should be removed.</description>
+ <reference source="JL" ref_id="RHEL6_20140625"
ref_url="test_attestation"/>
+ <reference source="JL" ref_id="RHEL7_20140625"
ref_url="test_attestation"/>
+ </metadata>
+ <criteria>
+ <criterion comment="package talk is removed"
+ test_ref="test_package_talk_removed" />
+ </criteria>
+ </definition>
+ <linux:rpminfo_test check="all" check_existence="none_exist"
+ id="test_package_talk_removed" version="1"
+ comment="package talk is removed">
+ <linux:object object_ref="obj_package_talk_removed" />
+ </linux:rpminfo_test>
+ <linux:rpminfo_object id="obj_package_talk_removed"
version="1">
+ <linux:name>talk</linux:name>
+ </linux:rpminfo_object>
+</def-group>
--
1.8.3.1
s/Uninstal/Uninstall/g && ack
Thank you. Replaced & pushed.
Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Technologies Team
_______________________________________________
scap-security-guide mailing list
scap-security-guide(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide