Hello David,
----- Original Message -----
From: "David Smith" <dsmith(a)secure-innovations.net>
To: "SCAP Security Guide" <scap-security-guide(a)lists.fedorahosted.org>
Sent: Friday, June 27, 2014 8:21:20 PM
Subject: Re: [PATCH] Added vsftpd OVAL check and modified packages_installed.csv file
Jan,
I may be missing something, then. The 'install_vsftpd' rule was flagged by
'make validate', and I was unable to locate the OVAL referenced in the XCCDF
- in either the RHEL/6 or shared/oval directories. Here's my
verification/sanity check of this from just a second ago:
[root@localhost checks]# git pull
Already up-to-date.
[root@localhost checks]# ls | grep package_vsftpd ; file
package_vsftpd_installed.xml
package_vsftpd_installed.xml
package_vsftpd_removed.xml
package_vsftpd_installed.xml: ASCII HTML document text
[root@localhost checks]# ls ../../../../shared/oval/package_
package_aide_installed.xml package_ntp_installed.xml
package_openssh-server_removed.xml
[root@localhost checks]# ls ../../../../shared/oval/package_
There needs to be something rusty with that repository then. 'install_vsftpd'
rule has been updated more than a month ago:
https://git.fedorahosted.org/cgit/scap-security-guide.git/log/RHEL/6/inpu...
https://git.fedorahosted.org/cgit/scap-security-guide.git/commit/?id=d08e...
What has 'git log' on that repository to say wrt to when the most recent change
happened?
Either issuing just plain 'git pull' (due to custom local config) isn't
automatically pulling
content of master branch (is there any difference when issuing: 'git pull origin
master' on that repo?),
or the remote end is wrong (git remote -v), or git pull failed to merge changes &
returned without
error message (but I consider this scenario very unlikely / almost impossible).
You can ensure to start up each time with the fresh / most recent copy of the repo via:
$ rm -rf scap_security_guide_folder
$ git clone
ssh://git.fedorahosted.org/git/scap-security-guide.git
IOW completely erasing the content & cloning the latest one each time (might be more
aggressive wrt
to network traffic vs git pull case, but should ensure this won't happen in the future
again) at least
till the issue with the configuration is fixed (based on the provided information hard to
say why
git pull claimed the repository being 'up2date' even when it obviously wasn't
the case).
Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Technologies Team
Dave
On Fri, Jun 27, 2014 at 1:06 PM, Jan Lieskovsky < jlieskov(a)redhat.com >
wrote:
Hello David,
----- Original Message -----
> From: "David Smith" < dsmith(a)secure-innovations.net >
> To: scap-security-guide(a)lists.fedorahosted.org
> Sent: Friday, June 27, 2014 6:37:14 PM
> Subject: [PATCH] Added vsftpd OVAL check and modified
> packages_installed.csv file
Just wondering, what's the motivation behind adding this check? If I am not
wrong,
the package_vsftpd_installed.xml in RHEL/6 is used from shared/oval
directory:
scap-security-guide]$ file RHEL/6/input/checks/package_vsftpd_installed.xml
RHEL/6/input/checks/package_vsftpd_installed.xml: symbolic link to
`../../../../shared/oval/package_vsftpd_installed.xml'
So the corresponding XCCDF definition should work without issues. If not, the
problem
should be fixed (but the rules which can be shared we would like to keep in
the /shared
directory).
Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Technologies Team
>
>
> Signed-off-by: David Smith < dsmith(a)secure-innovations.net >
> ---
> RHEL/6/input/checks/package_vsftpd_installed.xml | 26
> ++++++++++++++++++++
> .../input/checks/templates/packages_installed.csv | 1 +
> 2 files changed, 27 insertions(+), 0 deletions(-)
> create mode 100644 RHEL/6/input/checks/package_vsftpd_installed.xml
>
> diff --git a/RHEL/6/input/checks/package_vsftpd_installed.xml
> b/RHEL/6/input/checks/package_vsftpd_installed.xml
> new file mode 100644
> index 0000000..e4153a1
> --- /dev/null
> +++ b/RHEL/6/input/checks/package_vsftpd_installed.xml
> @@ -0,0 +1,26 @@
> +<def-group>
> + <!-- THIS FILE IS GENERATED by create_package_installed.py. DO NOT EDIT.
> -->
> + <definition class="compliance"
id="package_vsftpd_installed"
> + version="1">
> + <metadata>
> + <title>Package vsftpd Installed</title>
> + <affected family="unix">
> + <platform>Red Hat Enterprise Linux 6</platform>
> + </affected>
> + <description>The RPM package vsftpd should be
installed.</description>
> + <reference source="swells" ref_id="20130829"
> ref_url="test_attestation"/>
> + </metadata>
> + <criteria>
> + <criterion comment="package vsftpd is installed"
> + test_ref="test_package_vsftpd_installed" />
> + </criteria>
> + </definition>
> + <linux:rpminfo_test check="all"
check_existence="all_exist"
> + id="test_package_vsftpd_installed" version="1"
> + comment="package vsftpd is installed">
> + <linux:object object_ref="obj_package_vsftpd_installed" />
> + </linux:rpminfo_test>
> + <linux:rpminfo_object id="obj_package_vsftpd_installed"
version="1">
> + <linux:name>vsftpd</linux:name>
> + </linux:rpminfo_object>
> +</def-group>
> diff --git a/RHEL/6/input/checks/templates/packages_installed.csv
> b/RHEL/6/input/checks/templates/packages_installed.csv
> index ef6e737..dc0ae21 100644
> --- a/RHEL/6/input/checks/templates/packages_installed.csv
> +++ b/RHEL/6/input/checks/templates/packages_installed.csv
> @@ -13,3 +13,4 @@ postfix
> psacct
> rsyslog
> screen
> +vsftpd
> --
> 1.7.1
>
> --
> SCAP Security Guide mailing list
> scap-security-guide(a)lists.fedorahosted.org
>
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
>
https://github.com/OpenSCAP/scap-security-guide/
--
SCAP Security Guide mailing list
scap-security-guide(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
https://github.com/OpenSCAP/scap-security-guide/
--
SCAP Security Guide mailing list
scap-security-guide(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
https://github.com/OpenSCAP/scap-security-guide/