Fantastic, please push. This is getting us quite close to OVAL that
doesn't merely execute, but is actually structurally valid! (And with a
little testing help, also has the correct behavior -- though I suspect
we're doing pretty good in that department by now.)
On Thu, May 30, 2013 at 4:43 PM, Maura Dailey <maura(a)eclipse.ncsc.mil>wrote:
There are a few more coming that need more testing or aren't
working
correctly, but here's a small batch for now.
The behavior recurse="files" was deprecated, so I changed it to the normal
"symlinks and directories". Also, the
environment variable tests were updated and replaced by the
environmentvariable58 tests, objects, and states.
One check I can't submit an update to yet that has a similar problem is
"accounts_root_path_dirs_no_write". I was
cleaning it up and replacing the deprecated check when I noticed that the
check is not actually working correctly.
Specifying a single path in file_object gets the correct result of true or
false, but passing in a variable with
multiple values (PATH, split into multiple strings) appears to always fail
with "does not exist".
- Maura Dailey
Maura Dailey (3):
Replacing deprecated <ind:environmentvariable_...> tags with
<ind:environmentvariable58_...> tags
Removing deprecated recurse=files behavior.
Removing deprecated recurse="files" behavior
.../checks/accounts_dangerous_path_for_root.xml | 53
++++++++++----------
.../input/checks/file_permissions_ungroupowned.xml | 4 +-
RHEL6/input/checks/file_permissions_unowned.xml | 4 +-
3 files changed, 31 insertions(+), 30 deletions(-)
_______________________________________________
scap-security-guide mailing list
scap-security-guide(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide