Signed-off-by: David Smith dsmith@secure-innovations.net --- RHEL/6/input/checks/package_vsftpd_installed.xml | 26 ++++++++++++++++++++ .../input/checks/templates/packages_installed.csv | 1 + 2 files changed, 27 insertions(+), 0 deletions(-) create mode 100644 RHEL/6/input/checks/package_vsftpd_installed.xml
diff --git a/RHEL/6/input/checks/package_vsftpd_installed.xml b/RHEL/6/input/checks/package_vsftpd_installed.xml new file mode 100644 index 0000000..e4153a1 --- /dev/null +++ b/RHEL/6/input/checks/package_vsftpd_installed.xml @@ -0,0 +1,26 @@ +<def-group> + <!-- THIS FILE IS GENERATED by create_package_installed.py. DO NOT EDIT. --> + <definition class="compliance" id="package_vsftpd_installed" + version="1"> + <metadata> + <title>Package vsftpd Installed</title> + <affected family="unix"> + <platform>Red Hat Enterprise Linux 6</platform> + </affected> + <description>The RPM package vsftpd should be installed.</description> + <reference source="swells" ref_id="20130829" ref_url="test_attestation"/> + </metadata> + <criteria> + <criterion comment="package vsftpd is installed" + test_ref="test_package_vsftpd_installed" /> + </criteria> + </definition> + <linux:rpminfo_test check="all" check_existence="all_exist" + id="test_package_vsftpd_installed" version="1" + comment="package vsftpd is installed"> + <linux:object object_ref="obj_package_vsftpd_installed" /> + </linux:rpminfo_test> + <linux:rpminfo_object id="obj_package_vsftpd_installed" version="1"> + linux:namevsftpd</linux:name> + </linux:rpminfo_object> +</def-group> diff --git a/RHEL/6/input/checks/templates/packages_installed.csv b/RHEL/6/input/checks/templates/packages_installed.csv index ef6e737..dc0ae21 100644 --- a/RHEL/6/input/checks/templates/packages_installed.csv +++ b/RHEL/6/input/checks/templates/packages_installed.csv @@ -13,3 +13,4 @@ postfix psacct rsyslog screen +vsftpd
Hello David,
----- Original Message -----
From: "David Smith" dsmith@secure-innovations.net To: scap-security-guide@lists.fedorahosted.org Sent: Friday, June 27, 2014 6:37:14 PM Subject: [PATCH] Added vsftpd OVAL check and modified packages_installed.csv file
Just wondering, what's the motivation behind adding this check? If I am not wrong, the package_vsftpd_installed.xml in RHEL/6 is used from shared/oval directory:
scap-security-guide]$ file RHEL/6/input/checks/package_vsftpd_installed.xml RHEL/6/input/checks/package_vsftpd_installed.xml: symbolic link to `../../../../shared/oval/package_vsftpd_installed.xml'
So the corresponding XCCDF definition should work without issues. If not, the problem should be fixed (but the rules which can be shared we would like to keep in the /shared directory).
Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Technologies Team
Signed-off-by: David Smith dsmith@secure-innovations.net
RHEL/6/input/checks/package_vsftpd_installed.xml | 26 ++++++++++++++++++++ .../input/checks/templates/packages_installed.csv | 1 + 2 files changed, 27 insertions(+), 0 deletions(-) create mode 100644 RHEL/6/input/checks/package_vsftpd_installed.xml
diff --git a/RHEL/6/input/checks/package_vsftpd_installed.xml b/RHEL/6/input/checks/package_vsftpd_installed.xml new file mode 100644 index 0000000..e4153a1 --- /dev/null +++ b/RHEL/6/input/checks/package_vsftpd_installed.xml @@ -0,0 +1,26 @@ +<def-group>
- <!-- THIS FILE IS GENERATED by create_package_installed.py. DO NOT EDIT.
-->
- <definition class="compliance" id="package_vsftpd_installed"
- version="1">
<metadata>
<title>Package vsftpd Installed</title><affected family="unix"><platform>Red Hat Enterprise Linux 6</platform></affected><description>The RPM package vsftpd should be installed.</description><reference source="swells" ref_id="20130829"ref_url="test_attestation"/>
</metadata>
<criteria>
<criterion comment="package vsftpd is installed"test_ref="test_package_vsftpd_installed" /></criteria>
</definition>
- <linux:rpminfo_test check="all" check_existence="all_exist"
- id="test_package_vsftpd_installed" version="1"
- comment="package vsftpd is installed">
- <linux:object object_ref="obj_package_vsftpd_installed" />
- </linux:rpminfo_test>
- <linux:rpminfo_object id="obj_package_vsftpd_installed" version="1">
- linux:namevsftpd</linux:name>
- </linux:rpminfo_object>
+</def-group> diff --git a/RHEL/6/input/checks/templates/packages_installed.csv b/RHEL/6/input/checks/templates/packages_installed.csv index ef6e737..dc0ae21 100644 --- a/RHEL/6/input/checks/templates/packages_installed.csv +++ b/RHEL/6/input/checks/templates/packages_installed.csv @@ -13,3 +13,4 @@ postfix psacct rsyslog screen
+vsftpd
1.7.1
-- SCAP Security Guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
Jan,
I may be missing something, then. The 'install_vsftpd' rule was flagged by 'make validate', and I was unable to locate the OVAL referenced in the XCCDF - in either the RHEL/6 or shared/oval directories. Here's my verification/sanity check of this from just a second ago:
*[root@localhost checks]# git pull* *Already up-to-date.* *[root@localhost checks]# ls | grep package_vsftpd ; file package_vsftpd_installed.xml * *package_vsftpd_installed.xml* *package_vsftpd_removed.xml* *package_vsftpd_installed.xml: ASCII HTML document text* *[root@localhost checks]# ls ../../../../shared/oval/package_* *package_aide_installed.xml package_ntp_installed.xml package_openssh-server_removed.xml * *[root@localhost checks]# ls ../../../../shared/oval/package_*
Dave
On Fri, Jun 27, 2014 at 1:06 PM, Jan Lieskovsky jlieskov@redhat.com wrote:
Hello David,
----- Original Message -----
From: "David Smith" dsmith@secure-innovations.net To: scap-security-guide@lists.fedorahosted.org Sent: Friday, June 27, 2014 6:37:14 PM Subject: [PATCH] Added vsftpd OVAL check and modified
packages_installed.csv file
Just wondering, what's the motivation behind adding this check? If I am not wrong, the package_vsftpd_installed.xml in RHEL/6 is used from shared/oval directory:
scap-security-guide]$ file RHEL/6/input/checks/package_vsftpd_installed.xml RHEL/6/input/checks/package_vsftpd_installed.xml: symbolic link to `../../../../shared/oval/package_vsftpd_installed.xml'
So the corresponding XCCDF definition should work without issues. If not, the problem should be fixed (but the rules which can be shared we would like to keep in the /shared directory).
Thank you && Regards, Jan.
Jan iankko Lieskovsky / Red Hat Security Technologies Team
Signed-off-by: David Smith dsmith@secure-innovations.net
RHEL/6/input/checks/package_vsftpd_installed.xml | 26 ++++++++++++++++++++ .../input/checks/templates/packages_installed.csv | 1 + 2 files changed, 27 insertions(+), 0 deletions(-) create mode 100644 RHEL/6/input/checks/package_vsftpd_installed.xml
diff --git a/RHEL/6/input/checks/package_vsftpd_installed.xml b/RHEL/6/input/checks/package_vsftpd_installed.xml new file mode 100644 index 0000000..e4153a1 --- /dev/null +++ b/RHEL/6/input/checks/package_vsftpd_installed.xml @@ -0,0 +1,26 @@ +<def-group>
- <!-- THIS FILE IS GENERATED by create_package_installed.py. DO NOT
EDIT.
-->
- <definition class="compliance" id="package_vsftpd_installed"
- version="1">
<metadata>
<title>Package vsftpd Installed</title><affected family="unix"><platform>Red Hat Enterprise Linux 6</platform></affected><description>The RPM package vsftpd should beinstalled.</description>
<reference source="swells" ref_id="20130829"ref_url="test_attestation"/>
</metadata>
<criteria>
<criterion comment="package vsftpd is installed"test_ref="test_package_vsftpd_installed" /></criteria>
</definition>
- <linux:rpminfo_test check="all" check_existence="all_exist"
- id="test_package_vsftpd_installed" version="1"
- comment="package vsftpd is installed">
- <linux:object object_ref="obj_package_vsftpd_installed" />
- </linux:rpminfo_test>
- <linux:rpminfo_object id="obj_package_vsftpd_installed" version="1">
- linux:namevsftpd</linux:name>
- </linux:rpminfo_object>
+</def-group> diff --git a/RHEL/6/input/checks/templates/packages_installed.csv b/RHEL/6/input/checks/templates/packages_installed.csv index ef6e737..dc0ae21 100644 --- a/RHEL/6/input/checks/templates/packages_installed.csv +++ b/RHEL/6/input/checks/templates/packages_installed.csv @@ -13,3 +13,4 @@ postfix psacct rsyslog screen
+vsftpd
1.7.1
-- SCAP Security Guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
-- SCAP Security Guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
Hello David,
----- Original Message -----
From: "David Smith" dsmith@secure-innovations.net To: "SCAP Security Guide" scap-security-guide@lists.fedorahosted.org Sent: Friday, June 27, 2014 8:21:20 PM Subject: Re: [PATCH] Added vsftpd OVAL check and modified packages_installed.csv file
Jan,
I may be missing something, then. The 'install_vsftpd' rule was flagged by 'make validate', and I was unable to locate the OVAL referenced in the XCCDF
- in either the RHEL/6 or shared/oval directories. Here's my
verification/sanity check of this from just a second ago:
[root@localhost checks]# git pull Already up-to-date. [root@localhost checks]# ls | grep package_vsftpd ; file package_vsftpd_installed.xml package_vsftpd_installed.xml package_vsftpd_removed.xml package_vsftpd_installed.xml: ASCII HTML document text [root@localhost checks]# ls ../../../../shared/oval/package_ package_aide_installed.xml package_ntp_installed.xml package_openssh-server_removed.xml [root@localhost checks]# ls ../../../../shared/oval/package_
There needs to be something rusty with that repository then. 'install_vsftpd' rule has been updated more than a month ago: https://git.fedorahosted.org/cgit/scap-security-guide.git/log/RHEL/6/input/c... https://git.fedorahosted.org/cgit/scap-security-guide.git/commit/?id=d08eb51...
What has 'git log' on that repository to say wrt to when the most recent change happened?
Either issuing just plain 'git pull' (due to custom local config) isn't automatically pulling content of master branch (is there any difference when issuing: 'git pull origin master' on that repo?), or the remote end is wrong (git remote -v), or git pull failed to merge changes & returned without error message (but I consider this scenario very unlikely / almost impossible).
You can ensure to start up each time with the fresh / most recent copy of the repo via: $ rm -rf scap_security_guide_folder $ git clone ssh://git.fedorahosted.org/git/scap-security-guide.git
IOW completely erasing the content & cloning the latest one each time (might be more aggressive wrt to network traffic vs git pull case, but should ensure this won't happen in the future again) at least till the issue with the configuration is fixed (based on the provided information hard to say why git pull claimed the repository being 'up2date' even when it obviously wasn't the case).
Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Technologies Team
Dave
On Fri, Jun 27, 2014 at 1:06 PM, Jan Lieskovsky < jlieskov@redhat.com > wrote:
Hello David,
----- Original Message -----
From: "David Smith" < dsmith@secure-innovations.net > To: scap-security-guide@lists.fedorahosted.org Sent: Friday, June 27, 2014 6:37:14 PM Subject: [PATCH] Added vsftpd OVAL check and modified packages_installed.csv file
Just wondering, what's the motivation behind adding this check? If I am not wrong, the package_vsftpd_installed.xml in RHEL/6 is used from shared/oval directory:
scap-security-guide]$ file RHEL/6/input/checks/package_vsftpd_installed.xml RHEL/6/input/checks/package_vsftpd_installed.xml: symbolic link to `../../../../shared/oval/package_vsftpd_installed.xml'
So the corresponding XCCDF definition should work without issues. If not, the problem should be fixed (but the rules which can be shared we would like to keep in the /shared directory).
Thank you && Regards, Jan.
Jan iankko Lieskovsky / Red Hat Security Technologies Team
Signed-off-by: David Smith < dsmith@secure-innovations.net >
RHEL/6/input/checks/package_vsftpd_installed.xml | 26 ++++++++++++++++++++ .../input/checks/templates/packages_installed.csv | 1 + 2 files changed, 27 insertions(+), 0 deletions(-) create mode 100644 RHEL/6/input/checks/package_vsftpd_installed.xml
diff --git a/RHEL/6/input/checks/package_vsftpd_installed.xml b/RHEL/6/input/checks/package_vsftpd_installed.xml new file mode 100644 index 0000000..e4153a1 --- /dev/null +++ b/RHEL/6/input/checks/package_vsftpd_installed.xml @@ -0,0 +1,26 @@ +<def-group>
- <!-- THIS FILE IS GENERATED by create_package_installed.py. DO NOT EDIT.
-->
- <definition class="compliance" id="package_vsftpd_installed"
- version="1">
<metadata>
<title>Package vsftpd Installed</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 6</platform>
</affected>
- <description>The RPM package vsftpd should be installed.</description>
- <reference source="swells" ref_id="20130829"
ref_url="test_attestation"/>
</metadata>
<criteria>
- <criterion comment="package vsftpd is installed"
- test_ref="test_package_vsftpd_installed" />
</criteria>
</definition>
- <linux:rpminfo_test check="all" check_existence="all_exist"
- id="test_package_vsftpd_installed" version="1"
- comment="package vsftpd is installed">
- <linux:object object_ref="obj_package_vsftpd_installed" />
- </linux:rpminfo_test>
- <linux:rpminfo_object id="obj_package_vsftpd_installed" version="1">
- linux:namevsftpd</linux:name>
- </linux:rpminfo_object>
+</def-group> diff --git a/RHEL/6/input/checks/templates/packages_installed.csv b/RHEL/6/input/checks/templates/packages_installed.csv index ef6e737..dc0ae21 100644 --- a/RHEL/6/input/checks/templates/packages_installed.csv +++ b/RHEL/6/input/checks/templates/packages_installed.csv @@ -13,3 +13,4 @@ postfix psacct rsyslog screen
+vsftpd
1.7.1
-- SCAP Security Guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
-- SCAP Security Guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
-- SCAP Security Guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
On 6/30/14, 4:53 AM, Jan Lieskovsky wrote:
Hello David,
----- Original Message -----
From: "David Smith"dsmith@secure-innovations.net To: "SCAP Security Guide"scap-security-guide@lists.fedorahosted.org Sent: Friday, June 27, 2014 8:21:20 PM Subject: Re: [PATCH] Added vsftpd OVAL check and modified packages_installed.csv file
Jan,
I may be missing something, then. The 'install_vsftpd' rule was flagged by 'make validate', and I was unable to locate the OVAL referenced in the XCCDF
- in either the RHEL/6 or shared/oval directories. Here's my
verification/sanity check of this from just a second ago:
[root@localhost checks]# git pull Already up-to-date. [root@localhost checks]# ls | grep package_vsftpd ; file package_vsftpd_installed.xml package_vsftpd_installed.xml package_vsftpd_removed.xml package_vsftpd_installed.xml: ASCII HTML document text [root@localhost checks]# ls ../../../../shared/oval/package_ package_aide_installed.xml package_ntp_installed.xml package_openssh-server_removed.xml [root@localhost checks]# ls ../../../../shared/oval/package_
There needs to be something rusty with that repository then. 'install_vsftpd' rule has been updated more than a month ago: https://git.fedorahosted.org/cgit/scap-security-guide.git/log/RHEL/6/input/c... https://git.fedorahosted.org/cgit/scap-security-guide.git/commit/?id=d08eb51...
What has 'git log' on that repository to say wrt to when the most recent change happened?
Either issuing just plain 'git pull' (due to custom local config) isn't automatically pulling content of master branch (is there any difference when issuing: 'git pull origin master' on that repo?), or the remote end is wrong (git remote -v), or git pull failed to merge changes & returned without error message (but I consider this scenario very unlikely / almost impossible).
You can ensure to start up each time with the fresh / most recent copy of the repo via: $ rm -rf scap_security_guide_folder $ git clonessh://git.fedorahosted.org/git/scap-security-guide.git
IOW completely erasing the content & cloning the latest one each time (might be more aggressive wrt to network traffic vs git pull case, but should ensure this won't happen in the future again) at least till the issue with the configuration is fixed (based on the provided information hard to say why git pull claimed the repository being 'up2date' even when it obviously wasn't the case).
Something seems up with Dave's repo.
On my box:
## check to see if templates for vsftp installed && removed exist: $ cd /var/www/html/scap-security-guide/RHEL/6/input/ $ grep vsftp checks/templates/packages_* checks/templates/packages_installed.csv:vsftpd checks/templates/packages_removed.csv:vsftpd
## double check existence in RHEL6/input/checks: $ ll checks/package_vsftpd_* lrwxrwxrwx. 1 shawnw shawnw 52 May 24 10:08 checks/package_vsftpd_installed.xml -> ../../../../shared/oval/package_vsftpd_installed.xml -rw-rw-r--. 1 shawnw shawnw 1027 May 24 10:08 checks/package_vsftpd_removed.xml
scap-security-guide@lists.fedorahosted.org
-
David Smith -
Jan Lieskovsky -
Shawn Wells