11:37 a.m.
Signed-off-by: David Smith <dsmith(a)secure-innovations.net>
---
RHEL/6/input/checks/package_vsftpd_installed.xml | 26 ++++++++++++++++++++
.../input/checks/templates/packages_installed.csv | 1 +
2 files changed, 27 insertions(+), 0 deletions(-)
create mode 100644 RHEL/6/input/checks/package_vsftpd_installed.xml
diff --git a/RHEL/6/input/checks/package_vsftpd_installed.xml
b/RHEL/6/input/checks/package_vsftpd_installed.xml
new file mode 100644
index 0000000..e4153a1
--- /dev/null
+++ b/RHEL/6/input/checks/package_vsftpd_installed.xml
@@ -0,0 +1,26 @@
+<def-group>
+ <!-- THIS FILE IS GENERATED by create_package_installed.py. DO NOT EDIT. -->
+ <definition class="compliance" id="package_vsftpd_installed"
+ version="1">
+ <metadata>
+ <title>Package vsftpd Installed</title>
+ <affected family="unix">
+ <platform>Red Hat Enterprise Linux 6</platform>
+ </affected>
+ <description>The RPM package vsftpd should be installed.</description>
+ <reference source="swells" ref_id="20130829"
ref_url="test_attestation"/>
+ </metadata>
+ <criteria>
+ <criterion comment="package vsftpd is installed"
+ test_ref="test_package_vsftpd_installed" />
+ </criteria>
+ </definition>
+ <linux:rpminfo_test check="all" check_existence="all_exist"
+ id="test_package_vsftpd_installed" version="1"
+ comment="package vsftpd is installed">
+ <linux:object object_ref="obj_package_vsftpd_installed" />
+ </linux:rpminfo_test>
+ <linux:rpminfo_object id="obj_package_vsftpd_installed"
version="1">
+ <linux:name>vsftpd</linux:name>
+ </linux:rpminfo_object>
+</def-group>
diff --git a/RHEL/6/input/checks/templates/packages_installed.csv
b/RHEL/6/input/checks/templates/packages_installed.csv
index ef6e737..dc0ae21 100644
--- a/RHEL/6/input/checks/templates/packages_installed.csv
+++ b/RHEL/6/input/checks/templates/packages_installed.csv
@@ -13,3 +13,4 @@ postfix
psacct
rsyslog
screen
+vsftpd
--
1.7.1
12:06 p.m.
New subject: [PATCH] Added vsftpd OVAL check and modified packages_installed.csv file
Hello David,
----- Original Message -----
From: "David Smith" <dsmith(a)secure-innovations.net>
To: scap-security-guide(a)lists.fedorahosted.org
Sent: Friday, June 27, 2014 6:37:14 PM
Subject: [PATCH] Added vsftpd OVAL check and modified packages_installed.csv file
Just wondering, what's the motivation behind adding this check? If I am not wrong,
the package_vsftpd_installed.xml in RHEL/6 is used from shared/oval directory:
scap-security-guide]$ file RHEL/6/input/checks/package_vsftpd_installed.xml
RHEL/6/input/checks/package_vsftpd_installed.xml: symbolic link to
`../../../../shared/oval/package_vsftpd_installed.xml'
So the corresponding XCCDF definition should work without issues. If not, the problem
should be fixed (but the rules which can be shared we would like to keep in the /shared
directory).
Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Technologies Team
Signed-off-by: David Smith <dsmith(a)secure-innovations.net>
---
RHEL/6/input/checks/package_vsftpd_installed.xml | 26
++++++++++++++++++++
.../input/checks/templates/packages_installed.csv | 1 +
2 files changed, 27 insertions(+), 0 deletions(-)
create mode 100644 RHEL/6/input/checks/package_vsftpd_installed.xml
diff --git a/RHEL/6/input/checks/package_vsftpd_installed.xml
b/RHEL/6/input/checks/package_vsftpd_installed.xml
new file mode 100644
index 0000000..e4153a1
--- /dev/null
+++ b/RHEL/6/input/checks/package_vsftpd_installed.xml
@@ -0,0 +1,26 @@
+<def-group>
+ <!-- THIS FILE IS GENERATED by create_package_installed.py. DO NOT EDIT.
-->
+ <definition class="compliance" id="package_vsftpd_installed"
+ version="1">
+ <metadata>
+ <title>Package vsftpd Installed</title>
+ <affected family="unix">
+ <platform>Red Hat Enterprise Linux 6</platform>
+ </affected>
+ <description>The RPM package vsftpd should be
installed.</description>
+ <reference source="swells" ref_id="20130829"
ref_url="test_attestation"/>
+ </metadata>
+ <criteria>
+ <criterion comment="package vsftpd is installed"
+ test_ref="test_package_vsftpd_installed" />
+ </criteria>
+ </definition>
+ <linux:rpminfo_test check="all" check_existence="all_exist"
+ id="test_package_vsftpd_installed" version="1"
+ comment="package vsftpd is installed">
+ <linux:object object_ref="obj_package_vsftpd_installed" />
+ </linux:rpminfo_test>
+ <linux:rpminfo_object id="obj_package_vsftpd_installed"
version="1">
+ <linux:name>vsftpd</linux:name>
+ </linux:rpminfo_object>
+</def-group>
diff --git a/RHEL/6/input/checks/templates/packages_installed.csv
b/RHEL/6/input/checks/templates/packages_installed.csv
index ef6e737..dc0ae21 100644
--- a/RHEL/6/input/checks/templates/packages_installed.csv
+++ b/RHEL/6/input/checks/templates/packages_installed.csv
@@ -13,3 +13,4 @@ postfix
psacct
rsyslog
screen
+vsftpd
--
1.7.1
--
SCAP Security Guide mailing list
scap-security-guide(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
https://github.com/OpenSCAP/scap-security-guide/
1:21 p.m.
Jan,
I may be missing something, then. The 'install_vsftpd' rule was flagged by
'make validate', and I was unable to locate the OVAL referenced in the
XCCDF - in either the RHEL/6 or shared/oval directories. Here's my
verification/sanity check of this from just a second ago:
*[root@localhost checks]# git pull*
*Already up-to-date.*
*[root@localhost checks]# ls | grep package_vsftpd ; file
package_vsftpd_installed.xml *
*package_vsftpd_installed.xml*
*package_vsftpd_removed.xml*
*package_vsftpd_installed.xml: ASCII HTML document text*
*[root@localhost checks]# ls ../../../../shared/oval/package_*
*package_aide_installed.xml package_ntp_installed.xml
package_openssh-server_removed.xml *
*[root@localhost checks]# ls ../../../../shared/oval/package_*
Dave
On Fri, Jun 27, 2014 at 1:06 PM, Jan Lieskovsky <jlieskov(a)redhat.com> wrote:
Hello David,
----- Original Message -----
> From: "David Smith" <dsmith(a)secure-innovations.net>
> To: scap-security-guide(a)lists.fedorahosted.org
> Sent: Friday, June 27, 2014 6:37:14 PM
> Subject: [PATCH] Added vsftpd OVAL check and modified
packages_installed.csv file
Just wondering, what's the motivation behind adding this check? If I am
not wrong,
the package_vsftpd_installed.xml in RHEL/6 is used from shared/oval
directory:
scap-security-guide]$ file
RHEL/6/input/checks/package_vsftpd_installed.xml
RHEL/6/input/checks/package_vsftpd_installed.xml: symbolic link to
`../../../../shared/oval/package_vsftpd_installed.xml'
So the corresponding XCCDF definition should work without issues. If not,
the problem
should be fixed (but the rules which can be shared we would like to keep
in the /shared
directory).
Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Technologies Team
>
>
> Signed-off-by: David Smith <dsmith(a)secure-innovations.net>
> ---
> RHEL/6/input/checks/package_vsftpd_installed.xml | 26
> ++++++++++++++++++++
> .../input/checks/templates/packages_installed.csv | 1 +
> 2 files changed, 27 insertions(+), 0 deletions(-)
> create mode 100644 RHEL/6/input/checks/package_vsftpd_installed.xml
>
> diff --git a/RHEL/6/input/checks/package_vsftpd_installed.xml
> b/RHEL/6/input/checks/package_vsftpd_installed.xml
> new file mode 100644
> index 0000000..e4153a1
> --- /dev/null
> +++ b/RHEL/6/input/checks/package_vsftpd_installed.xml
> @@ -0,0 +1,26 @@
> +<def-group>
> + <!-- THIS FILE IS GENERATED by create_package_installed.py. DO NOT
EDIT.
> -->
> + <definition class="compliance"
id="package_vsftpd_installed"
> + version="1">
> + <metadata>
> + <title>Package vsftpd Installed</title>
> + <affected family="unix">
> + <platform>Red Hat Enterprise Linux 6</platform>
> + </affected>
> + <description>The RPM package vsftpd should be
installed.</description>
> + <reference source="swells" ref_id="20130829"
> ref_url="test_attestation"/>
> + </metadata>
> + <criteria>
> + <criterion comment="package vsftpd is installed"
> + test_ref="test_package_vsftpd_installed" />
> + </criteria>
> + </definition>
> + <linux:rpminfo_test check="all"
check_existence="all_exist"
> + id="test_package_vsftpd_installed" version="1"
> + comment="package vsftpd is installed">
> + <linux:object object_ref="obj_package_vsftpd_installed" />
> + </linux:rpminfo_test>
> + <linux:rpminfo_object id="obj_package_vsftpd_installed"
version="1">
> + <linux:name>vsftpd</linux:name>
> + </linux:rpminfo_object>
> +</def-group>
> diff --git a/RHEL/6/input/checks/templates/packages_installed.csv
> b/RHEL/6/input/checks/templates/packages_installed.csv
> index ef6e737..dc0ae21 100644
> --- a/RHEL/6/input/checks/templates/packages_installed.csv
> +++ b/RHEL/6/input/checks/templates/packages_installed.csv
> @@ -13,3 +13,4 @@ postfix
> psacct
> rsyslog
> screen
> +vsftpd
> --
> 1.7.1
>
> --
> SCAP Security Guide mailing list
> scap-security-guide(a)lists.fedorahosted.org
> https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
> https://github.com/OpenSCAP/scap-security-guide/
--
SCAP Security Guide mailing list
scap-security-guide(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
https://github.com/OpenSCAP/scap-security-guide/
3:53 a.m.
Hello David,
----- Original Message -----
From: "David Smith" <dsmith(a)secure-innovations.net>
To: "SCAP Security Guide" <scap-security-guide(a)lists.fedorahosted.org>
Sent: Friday, June 27, 2014 8:21:20 PM
Subject: Re: [PATCH] Added vsftpd OVAL check and modified packages_installed.csv file
Jan,
I may be missing something, then. The 'install_vsftpd' rule was flagged by
'make validate', and I was unable to locate the OVAL referenced in the XCCDF
- in either the RHEL/6 or shared/oval directories. Here's my
verification/sanity check of this from just a second ago:
[root@localhost checks]# git pull
Already up-to-date.
[root@localhost checks]# ls | grep package_vsftpd ; file
package_vsftpd_installed.xml
package_vsftpd_installed.xml
package_vsftpd_removed.xml
package_vsftpd_installed.xml: ASCII HTML document text
[root@localhost checks]# ls ../../../../shared/oval/package_
package_aide_installed.xml package_ntp_installed.xml
package_openssh-server_removed.xml
[root@localhost checks]# ls ../../../../shared/oval/package_
There needs to be something rusty with that repository then. 'install_vsftpd'
rule has been updated more than a month ago:
https://git.fedorahosted.org/cgit/scap-security-guide.git/log/RHEL/6/inpu...
https://git.fedorahosted.org/cgit/scap-security-guide.git/commit/?id=d08e...
What has 'git log' on that repository to say wrt to when the most recent change
happened?
Either issuing just plain 'git pull' (due to custom local config) isn't
automatically pulling
content of master branch (is there any difference when issuing: 'git pull origin
master' on that repo?),
or the remote end is wrong (git remote -v), or git pull failed to merge changes &
returned without
error message (but I consider this scenario very unlikely / almost impossible).
You can ensure to start up each time with the fresh / most recent copy of the repo via:
$ rm -rf scap_security_guide_folder
$ git clone ssh://git.fedorahosted.org/git/scap-security-guide.git
IOW completely erasing the content & cloning the latest one each time (might be more
aggressive wrt
to network traffic vs git pull case, but should ensure this won't happen in the future
again) at least
till the issue with the configuration is fixed (based on the provided information hard to
say why
git pull claimed the repository being 'up2date' even when it obviously wasn't
the case).
Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Technologies Team
Dave
On Fri, Jun 27, 2014 at 1:06 PM, Jan Lieskovsky < jlieskov(a)redhat.com >
wrote:
Hello David,
----- Original Message -----
> From: "David Smith" < dsmith(a)secure-innovations.net >
> To: scap-security-guide(a)lists.fedorahosted.org
> Sent: Friday, June 27, 2014 6:37:14 PM
> Subject: [PATCH] Added vsftpd OVAL check and modified
> packages_installed.csv file
Just wondering, what's the motivation behind adding this check? If I am not
wrong,
the package_vsftpd_installed.xml in RHEL/6 is used from shared/oval
directory:
scap-security-guide]$ file RHEL/6/input/checks/package_vsftpd_installed.xml
RHEL/6/input/checks/package_vsftpd_installed.xml: symbolic link to
`../../../../shared/oval/package_vsftpd_installed.xml'
So the corresponding XCCDF definition should work without issues. If not, the
problem
should be fixed (but the rules which can be shared we would like to keep in
the /shared
directory).
Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Technologies Team
>
>
> Signed-off-by: David Smith < dsmith(a)secure-innovations.net >
> ---
> RHEL/6/input/checks/package_vsftpd_installed.xml | 26
> ++++++++++++++++++++
> .../input/checks/templates/packages_installed.csv | 1 +
> 2 files changed, 27 insertions(+), 0 deletions(-)
> create mode 100644 RHEL/6/input/checks/package_vsftpd_installed.xml
>
> diff --git a/RHEL/6/input/checks/package_vsftpd_installed.xml
> b/RHEL/6/input/checks/package_vsftpd_installed.xml
> new file mode 100644
> index 0000000..e4153a1
> --- /dev/null
> +++ b/RHEL/6/input/checks/package_vsftpd_installed.xml
> @@ -0,0 +1,26 @@
> +<def-group>
> + <!-- THIS FILE IS GENERATED by create_package_installed.py. DO NOT EDIT.
> -->
> + <definition class="compliance"
id="package_vsftpd_installed"
> + version="1">
> + <metadata>
> + <title>Package vsftpd Installed</title>
> + <affected family="unix">
> + <platform>Red Hat Enterprise Linux 6</platform>
> + </affected>
> + <description>The RPM package vsftpd should be
installed.</description>
> + <reference source="swells" ref_id="20130829"
> ref_url="test_attestation"/>
> + </metadata>
> + <criteria>
> + <criterion comment="package vsftpd is installed"
> + test_ref="test_package_vsftpd_installed" />
> + </criteria>
> + </definition>
> + <linux:rpminfo_test check="all"
check_existence="all_exist"
> + id="test_package_vsftpd_installed" version="1"
> + comment="package vsftpd is installed">
> + <linux:object object_ref="obj_package_vsftpd_installed" />
> + </linux:rpminfo_test>
> + <linux:rpminfo_object id="obj_package_vsftpd_installed"
version="1">
> + <linux:name>vsftpd</linux:name>
> + </linux:rpminfo_object>
> +</def-group>
> diff --git a/RHEL/6/input/checks/templates/packages_installed.csv
> b/RHEL/6/input/checks/templates/packages_installed.csv
> index ef6e737..dc0ae21 100644
> --- a/RHEL/6/input/checks/templates/packages_installed.csv
> +++ b/RHEL/6/input/checks/templates/packages_installed.csv
> @@ -13,3 +13,4 @@ postfix
> psacct
> rsyslog
> screen
> +vsftpd
> --
> 1.7.1
>
> --
> SCAP Security Guide mailing list
> scap-security-guide(a)lists.fedorahosted.org
> https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
> https://github.com/OpenSCAP/scap-security-guide/
--
SCAP Security Guide mailing list
scap-security-guide(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
https://github.com/OpenSCAP/scap-security-guide/
--
SCAP Security Guide mailing list
scap-security-guide(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
https://github.com/OpenSCAP/scap-security-guide/
12:01 p.m.
On 6/30/14, 4:53 AM, Jan Lieskovsky wrote:
Hello David,
----- Original Message -----
> >From: "David Smith"<dsmith(a)secure-innovations.net>
> >To: "SCAP Security
Guide"<scap-security-guide(a)lists.fedorahosted.org>
> >Sent: Friday, June 27, 2014 8:21:20 PM
> >Subject: Re: [PATCH] Added vsftpd OVAL check and modified packages_installed.csv
file
> >
> >Jan,
> >
> >I may be missing something, then. The 'install_vsftpd' rule was flagged
by
> >'make validate', and I was unable to locate the OVAL referenced in the
XCCDF
> >- in either the RHEL/6 or shared/oval directories. Here's my
> >verification/sanity check of this from just a second ago:
> >
> >[root@localhost checks]# git pull
> >Already up-to-date.
> >[root@localhost checks]# ls | grep package_vsftpd ; file
> >package_vsftpd_installed.xml
> >package_vsftpd_installed.xml
> >package_vsftpd_removed.xml
> >package_vsftpd_installed.xml: ASCII HTML document text
> >[root@localhost checks]# ls ../../../../shared/oval/package_
> >package_aide_installed.xml package_ntp_installed.xml
> >package_openssh-server_removed.xml
> >[root@localhost checks]# ls ../../../../shared/oval/package_
There needs to be something rusty with that repository then. 'install_vsftpd'
rule has been updated more than a month ago:
https://git.fedorahosted.org/cgit/scap-security-guide.git/log/RHEL/6/inpu...
https://git.fedorahosted.org/cgit/scap-security-guide.git/commit/?id=d08e...
What has 'git log' on that repository to say wrt to when the most recent change
happened?
Either issuing just plain 'git pull' (due to custom local config) isn't
automatically pulling
content of master branch (is there any difference when issuing: 'git pull origin
master' on that repo?),
or the remote end is wrong (git remote -v), or git pull failed to merge changes &
returned without
error message (but I consider this scenario very unlikely / almost impossible).
You can ensure to start up each time with the fresh / most recent copy of the repo via:
$ rm -rf scap_security_guide_folder
$ git clonessh://git.fedorahosted.org/git/scap-security-guide.git
IOW completely erasing the content & cloning the latest one each time (might be more
aggressive wrt
to network traffic vs git pull case, but should ensure this won't happen in the
future again) at least
till the issue with the configuration is fixed (based on the provided information hard to
say why
git pull claimed the repository being 'up2date' even when it obviously wasn't
the case).
Something seems up with Dave's repo.
On my box:
## check to see if templates for vsftp installed && removed exist:
$ cd /var/www/html/scap-security-guide/RHEL/6/input/
$ grep vsftp checks/templates/packages_*
checks/templates/packages_installed.csv:vsftpd
checks/templates/packages_removed.csv:vsftpd
## double check existence in RHEL6/input/checks:
$ ll checks/package_vsftpd_*
lrwxrwxrwx. 1 shawnw shawnw 52 May 24 10:08
checks/package_vsftpd_installed.xml ->
../../../../shared/oval/package_vsftpd_installed.xml
-rw-rw-r--. 1 shawnw shawnw 1027 May 24 10:08
checks/package_vsftpd_removed.xml
3586
days inactive
3589
days old
scap-security-guide@lists.fedorahosted.org
4 comments
3 participants
participants (3)
-
David Smith -
Jan Lieskovsky -
Shawn Wells