[PATCH] Updated results transformation.
by Jason Dana
Updated formatting and content.
---
src/share/transforms/media/js/custom.js | 4 ++++
src/share/transforms/results2html.xsl | 11 ++++-------
2 files changed, 8 insertions(+), 7 deletions(-)
diff --git a/src/share/transforms/media/js/custom.js b/src/share/transforms/media/js/custom.js
index 2ce1c86..9341204 100644
--- a/src/share/transforms/media/js/custom.js
+++ b/src/share/transforms/media/js/custom.js
@@ -14,11 +14,15 @@ $(document).ready( function() {
if( $('a#index').hasClass('current') ) {
$('#tree')
+ .addClass('expanded')
.find('.toggle')
.css({backgroundPosition: "0 -10px"})
.nextAll('.hidden')
.removeClass('hidden')
.addClass('shown');
+ $('#toggle')
+ .addClass('expanded')
+ .html('Collapse All');
}
else
$(".hidden").hide();
diff --git a/src/share/transforms/results2html.xsl b/src/share/transforms/results2html.xsl
index 1d91d2b..7e6a9da 100644
--- a/src/share/transforms/results2html.xsl
+++ b/src/share/transforms/results2html.xsl
@@ -59,7 +59,6 @@
System Security Compliance & Audit Tool
</div>
<div id="description">
-
</div>
<div id="nav">
<!--<div id="logo"></div>-->
@@ -68,7 +67,7 @@
<a id="toggle" href="#">Expand All</a>
<xsl:choose>
<xsl:when test="*[local-name(.)='Index']">
- <a id="index" class="current" style="color: #C00000" href="index.html">Audit Index</a>
+ <a id="index" class="current" style="color: #C00000" href="index.html"></a>
</xsl:when>
<xsl:otherwise>
<a id="index" href="index.html">Audit Index</a>
@@ -134,6 +133,7 @@
<a href="{$htmlFile}">
<span class="title"><xsl:value-of select="$docFile//*[local-name(.)='Benchmark']/@id"/></span>
</a>
+ <span> : Benchmark</span>
<ul class="hidden">
<li>
<dl class="interface">
@@ -177,6 +177,7 @@
<a href="{$htmlFile}">
<span class="title"><xsl:value-of select="$file"/></span>
</a>
+ <span> : OVAL</span>
<ul class="hidden">
<li>
<dl class="interface">
@@ -475,14 +476,10 @@
<xsl:variable name="authBy" select="$override/*[local-name(.)='authority']"/>
<table class="details">
<tr>
- <td>Old Result: </td>
+ <td>Actual Result: </td>
<td class="title"><xsl:value-of select="$override/*[local-name(.)='old-result']"/></td>
</tr>
<tr>
- <td>New Result: </td>
- <td class="title"><xsl:value-of select="$override/*[local-name(.)='new-result']"/></td>
- </tr>
- <tr>
<td>Authority: </td>
<xsl:choose>
<xsl:when test="not($authBy)">
--
1.7.2.2
13 years, 8 months
[PATCH] Export puppet content with benchmark
by Josh Adams
Fixes bug #7896
---
src/secstate/main.py | 6 ++++++
1 files changed, 6 insertions(+), 0 deletions(-)
diff --git a/src/secstate/main.py b/src/secstate/main.py
index 9bd0579..b73ceec 100644
--- a/src/secstate/main.py
+++ b/src/secstate/main.py
@@ -457,6 +457,12 @@ class Secstate:
file_type = mimetypes.guess_type(os.path.join(bench_dir, content))
if (file_type[0] == "text/xml") and (not is_benchmark(os.path.join(bench_dir, content))):
archive.write(os.path.join(bench_dir, content), content)
+
+ cfg = load_config(self.content_configs[benchmark_id])
+ if cfg.has_option(benchmark_id, 'puppet'):
+ puppet_files = json.loads(cfg.get(benchmark_id, 'puppet'))
+ for puppet in puppet_files:
+ archive.write(os.path.join(self.config.get('secstate', 'puppet_dir'), puppet), puppet)
archive.close()
return True
--
1.7.2.2
13 years, 8 months
[PATCH] Fixed issue showing deselected content when listing
by Josh Adams
Fixes bug #7891
---
src/secstate/main.py | 9 ++++++---
1 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/src/secstate/main.py b/src/secstate/main.py
index 9bd0579..33abb3f 100644
--- a/src/secstate/main.py
+++ b/src/secstate/main.py
@@ -849,21 +849,24 @@ class Secstate:
selected = ""
profile = ""
+ is_selected = False
if not content.__dict__.has_key('oval'):
if self.content.has_key(arg):
if content.config.getboolean(arg, 'selected'):
+ is_selected = True
if show_all:
selected = "[X]"
else:
selected = "[ ]"
- print "%(indent)s%(sel)sOVAL File - ID: %(id)s" % {'indent':tabstr, 'sel':selected, 'id':arg}
+
+ if is_selected or show_all:
+ print "%(indent)s%(sel)sOVAL File - ID: %(id)s" % {'indent':tabstr, 'sel':selected, 'id':arg}
else:
defn = content.get_definition(arg)
if defn != None:
print "%(indent)sDefinition - ID: %(id)s, Title: '%(title)s'" % {'indent':tabstr, 'id':arg,
'title':defn.title}
else:
- is_selected = False
item = None
if arg == content.id:
item = content.to_item()
@@ -892,7 +895,7 @@ class Secstate:
if not recurse or (tabs == 0):
selected = "[ ]"
- if show_all or is_selected or not recurse:
+ if show_all or is_selected:
print "%(indent)s%(sel)s%(type)s - ID: %(id)s, Title: '%(title)s'%(prof)s" % {'indent':tabstr, 'sel':selected,
'type':item_get_type_str(item), 'id':arg,
'title':title.text,
--
1.7.2.2
13 years, 8 months
[PATCH] Fixed issue deselecting OVAL content
by Josh Adams
Fixes bug #7890
---
src/secstate/main.py | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/secstate/main.py b/src/secstate/main.py
index 9bd0579..ae2bcd2 100644
--- a/src/secstate/main.py
+++ b/src/secstate/main.py
@@ -515,7 +515,7 @@ class Secstate:
return False
if not benchmark.__dict__.has_key('oval'):
- oval.config.set(benchmark_id, 'selected', selected)
+ benchmark.config.set(benchmark_id, 'selected', selected)
self.log.debug("Set Oval file %(file)s to %(sel)s" % {'file':benchmark_id,
'sel':selected})
else:
--
1.7.2.2
13 years, 8 months
[PATCH] Updated results transformation.
by Jason Dana
Updated variable support.
Updated design and layout.
---
src/share/transforms/media/css/main.css | 3 +-
src/share/transforms/media/js/custom.js | 31 +++-
src/share/transforms/results2html.xsl | 327 +++++++++++++++----------------
3 files changed, 185 insertions(+), 176 deletions(-)
diff --git a/src/share/transforms/media/css/main.css b/src/share/transforms/media/css/main.css
index 8ffc678..c0f0276 100644
--- a/src/share/transforms/media/css/main.css
+++ b/src/share/transforms/media/css/main.css
@@ -106,7 +106,7 @@ dl dd dl dd {
}
.details dl dd {
- padding-left: 20px;
+ padding-left: 40px;
}
.details td {
@@ -194,6 +194,7 @@ dl dd dl dd {
.ovalid {
font-weight: normal;
color: #666666;
+ font-size: 11px;
}
.test {
diff --git a/src/share/transforms/media/js/custom.js b/src/share/transforms/media/js/custom.js
index 256467c..2ce1c86 100644
--- a/src/share/transforms/media/js/custom.js
+++ b/src/share/transforms/media/js/custom.js
@@ -11,8 +11,23 @@ $(document).ready( function() {
window.print();
return;
}
+
+ if( $('a#index').hasClass('current') ) {
+ $('#tree')
+ .find('.toggle')
+ .css({backgroundPosition: "0 -10px"})
+ .nextAll('.hidden')
+ .removeClass('hidden')
+ .addClass('shown');
+ }
+ else
+ $(".hidden").hide();
+
+ $('.count').each( function() {
+ if($(this).html() == 0)
+ $(this).prev('.toggle').removeClass('toggle').css({background: "none"});
+ });
- $(".hidden").hide();
$(".toggle").click( function() {
$list = $(this).nextAll('.hidden, .shown'); // Element that is shown/hidden
$list.toggle();
@@ -31,16 +46,21 @@ $(document).ready( function() {
$(this).css({backgroundPosition: "0 3px"});
}
});
+
$("#toggle").click( function() {
$tree = $("#tree")
- if( $tree.hasClass('expanded') ) {
- $tree.removeClass('expanded')
- .find('.shown')
+ if( $(this).hasClass('expanded') ) {
+ if( $tree.hasClass('expanded') ) {
+ $tree.removeClass('expanded')
+ .find('.shown')
.removeClass('shown')
.addClass('hidden')
.hide()
.parent().children('.toggle')
.css({backgroundPosition: "0 3px"});
+ }
+ $(this).removeClass('expanded');
+ $(this).html('Expand All');
}
else {
$tree.addClass('expanded')
@@ -50,8 +70,11 @@ $(document).ready( function() {
.addClass('shown')
.parent().children('.toggle')
.css({backgroundPosition: "0 -10px"});
+ $(this).addClass('expanded');
+ $(this).html('Collapse All');
}
});
+
$("#print").click( function() {
var path = window.location.pathname;
var left = (screen.width)/2;
diff --git a/src/share/transforms/results2html.xsl b/src/share/transforms/results2html.xsl
index c76886b..f8afef5 100644
--- a/src/share/transforms/results2html.xsl
+++ b/src/share/transforms/results2html.xsl
@@ -65,10 +65,10 @@
<!--<div id="logo"></div>-->
<a id="about" href="#">About SecState</a>
<a id="print" href="#">Print Report</a>
- <a id="toggle" href="#">Expand/Collapse All</a>
+ <a id="toggle" href="#">Expand All</a>
<xsl:choose>
<xsl:when test="*[local-name(.)='Index']">
- <a id="index" style="color: #C00000" href="index.html">Audit Index</a>
+ <a id="index" class="current" style="color: #C00000" href="index.html">Audit Index</a>
</xsl:when>
<xsl:otherwise>
<a id="index" href="index.html">Audit Index</a>
@@ -155,8 +155,10 @@
<dd><xsl:value-of select="$numBenchNotSelected"/></dd>
<dt>Fixed: </dt>
<dd><xsl:value-of select="$numBenchFixed"/></dd>
- <dt>Timestamp: </dt>
- <dd><xsl:value-of select="$docFile//*[local-name(.)='TestResult']/@end-time"/></dd>
+ <dt>Timestamp: </dt>
+ <xsl:variable name="date" select="substring-before($docFile//*[local-name(.)='TestResult']/@end-time, 'T')"/>
+ <xsl:variable name="time" select="substring-after($docFile//*[local-name(.)='TestResult']/@end-time, 'T')"/>
+ <dd><xsl:value-of select="$date"/> ( <xsl:value-of select="$time"/> ) </dd>
</dl>
</li>
</ul>
@@ -191,7 +193,9 @@
<dt>Not Applicable: </dt>
<dd><xsl:value-of select="$numOvalNotApp"/></dd>
<dt>Timestamp: </dt>
- <dd><xsl:value-of select="$docFile//*[local-name(.)='timestamp']"/></dd>
+ <xsl:variable name="date" select="substring-before($docFile//*[local-name(.)='timestamp'], 'T')"/>
+ <xsl:variable name="time" select="substring-after($docFile//*[local-name(.)='timestamp'], 'T')"/>
+ <dd><xsl:value-of select="$date"/> ( <xsl:value-of select="$time"/> ) </dd>
</dl>
</li>
</ul>
@@ -201,7 +205,7 @@
<xsl:template match="*[local-name(.)='interfaces']">
<li>
- <span class="toggle"></span><span class="title">Interfaces</span>
+ <span class="toggle title">Interfaces</span>
<ul class="hidden">
<li>
<xsl:for-each select="*[local-name(.)='interface']">
@@ -225,8 +229,10 @@
<dt class="title">Audit Summary</dt>
<dd>
<dl>
+ <xsl:variable name="date" select="substring-before(//*[local-name(.)='TestResult']/@end-time, 'T')"/>
+ <xsl:variable name="time" select="substring-after(//*[local-name(.)='TestResult']/@end-time, 'T')"/>
<dt>Benchmark ID: </dt>
- <dd><xsl:value-of select="@id"/> : <xsl:value-of select="//*[local-name(.)='TestResult']/@end-time"/></dd>
+ <dd><xsl:value-of select="@id"/> : <xsl:value-of select="$date"/> ( <xsl:value-of select="$time"/> ) </dd>
<dt>Failures: </dt>
<dd><xsl:value-of select="$numBenchFail"/></dd>
<dt>Mitigations: </dt>
@@ -253,120 +259,75 @@
<xsl:template match="*[local-name(.)='TestResult']">
<li>
- <span class="title toggle">Failures</span>
+ <span class="title toggle">Failures : </span><span class="count"><xsl:value-of select="$numBenchFail"/></span>
<ul class="hidden">
- <xsl:choose>
- <xsl:when test="$numBenchFail > 0">
+ <xsl:if test="$numBenchFail > 0">
<xsl:apply-templates select="//*[local-name(.)='rule-result']/*[local-name(.)='result'][.='fail']/.."/>
- </xsl:when>
- <xsl:otherwise>
- None
- </xsl:otherwise>
- </xsl:choose>
+ </xsl:if>
</ul>
</li>
<li>
- <span class="title toggle">Mitigations</span>
+ <span class="title toggle">Mitigations : </span><span class="count"><xsl:value-of select="$numBenchMitd"/></span>
<ul class="hidden">
- <xsl:choose>
- <xsl:when test="$numBenchMitd > 0">
+ <xsl:if test="$numBenchMitd > 0">
<xsl:apply-templates select="//*[local-name(.)='rule-result']/*[local-name(.)='result'][.='informational']/.."/>
- </xsl:when>
- <xsl:otherwise>
- None
- </xsl:otherwise>
- </xsl:choose>
+ </xsl:if>
</ul>
</li>
<li>
- <span class="title toggle">Passes</span>
+ <span class="title toggle">Passes : </span><span class="count"><xsl:value-of select="$numBenchPass"/></span>
<ul class="hidden">
- <xsl:choose>
- <xsl:when test="$numBenchPass > 0">
+ <xsl:if test="$numBenchPass > 0">
<xsl:apply-templates select="//*[local-name(.)='rule-result']/*[local-name(.)='result'][.='pass']/.."/>
- </xsl:when>
- <xsl:otherwise>
- None
- </xsl:otherwise>
- </xsl:choose>
+ </xsl:if>
</ul>
</li>
<li>
- <span class="title toggle">Error</span>
+ <span class="title toggle">Error : </span><span class="count"><xsl:value-of select="$numBenchError"/></span>
<ul class="hidden">
- <xsl:choose>
- <xsl:when test="$numBenchError > 0">
+ <xsl:if test="$numBenchError > 0">
<xsl:apply-templates select="//*[local-name(.)='rule-result']/*[local-name(.)='result'][.='error']/.."/>
- </xsl:when>
- <xsl:otherwise>
- None
- </xsl:otherwise>
- </xsl:choose>
+ </xsl:if>
</ul>
</li>
<li>
- <span class="title toggle">Unknown</span>
+ <span class="title toggle">Unknown : </span><span class="count"><xsl:value-of select="$numBenchUnknown"/></span>
<ul class="hidden">
- <xsl:choose>
- <xsl:when test="$numBenchUnknown > 0">
+ <xsl:if test="$numBenchUnknown > 0">
<xsl:apply-templates select="//*[local-name(.)='rule-result']/*[local-name(.)='result'][.='unknown']/.."/>
- </xsl:when>
- <xsl:otherwise>
- None
- </xsl:otherwise>
- </xsl:choose>
+ </xsl:if>
</ul>
</li>
<li>
- <span class="title toggle">Not Checked</span>
+ <span class="title toggle">Not Checked : </span><span class="count"><xsl:value-of select="$numBenchNotChecked"/></span>
<ul class="hidden">
- <xsl:choose>
- <xsl:when test="$numBenchNotChecked > 0">
+ <xsl:if test="$numBenchNotChecked > 0">
<xsl:apply-templates select="//*[local-name(.)='rule-result']/*[local-name(.)='result'][.='notchecked']/.."/>
- </xsl:when>
- <xsl:otherwise>
- None
- </xsl:otherwise>
- </xsl:choose>
+ </xsl:if>
</ul>
</li>
<li>
- <span class="title toggle">Not Applicable</span>
+ <span class="title toggle">Not Applicable : </span><span class="count"><xsl:value-of select="$numBenchNotApp"/></span>
<ul class="hidden">
- <xsl:choose>
- <xsl:when test="$numBenchNotApp > 0">
+ <xsl:if test="$numBenchNotApp > 0">
<xsl:apply-templates select="//*[local-name(.)='rule-result']/*[local-name(.)='result'][.='notapplicable']/.."/>
- </xsl:when>
- <xsl:otherwise>
- None
- </xsl:otherwise>
- </xsl:choose>
+ </xsl:if>
</ul>
</li>
<li>
- <span class="title toggle">Not Selected</span>
+ <span class="title toggle">Not Selected : </span><span class="count"><xsl:value-of select="$numBenchNotSelected"/></span>
<ul class="hidden">
- <xsl:choose>
- <xsl:when test="$numBenchNotSelected > 0">
+ <xsl:if test="$numBenchNotSelected > 0">
<xsl:apply-templates select="//*[local-name(.)='rule-result']/*[local-name(.)='result'][.='notselected']/.."/>
- </xsl:when>
- <xsl:otherwise>
- None
- </xsl:otherwise>
- </xsl:choose>
+ </xsl:if>
</ul>
</li>
<li>
- <span class="title toggle">Fixed</span>
+ <span class="title toggle">Fixed : </span><span class="count"><xsl:value-of select="$numBenchFixed"/></span>
<ul class="hidden">
- <xsl:choose>
- <xsl:when test="$numBenchFixed > 0">
+ <xsl:if test="$numBenchFixed > 0">
<xsl:apply-templates select="//*[local-name(.)='rule-result']/*[local-name(.)='result'][.='fixed']/.."/>
- </xsl:when>
- <xsl:otherwise>
- None
- </xsl:otherwise>
- </xsl:choose>
+ </xsl:if>
</ul>
</li>
</xsl:template>
@@ -375,10 +336,9 @@
<xsl:variable name="resultDefs" select="//*[local-name(.)='results']//*[local-name(.)='definition']"/>
<xsl:variable name="ovalDefs" select="//*[local-name(.)='oval_definitions']//*[local-name(.)='definition']"/>
<li>
- <span class="title toggle">Failures</span>
+ <span class="title toggle">Failuresi : </span><span class="count"><xsl:value-of select="$numOvalFalse"/></span>
<ul class="hidden">
- <xsl:choose>
- <xsl:when test="$numOvalFalse > 0">
+ <xsl:if test="$numOvalFalse > 0">
<xsl:for-each select="$resultDefs[@result='false']">
<xsl:variable name="defID" select="@definition_id"/>
<li>
@@ -392,18 +352,13 @@
</ol>
</li>
</xsl:for-each>
- </xsl:when>
- <xsl:otherwise>
- None
- </xsl:otherwise>
- </xsl:choose>
+ </xsl:if>
</ul>
</li>
<li>
- <span class="title toggle">Passes</span>
+ <span class="title toggle">Passes : </span><span class="count"><xsl:value-of select="$numOvalTrue"/></span>
<ul class="hidden">
- <xsl:choose>
- <xsl:when test="$numOvalTrue > 0">
+ <xsl:if test="$numOvalTrue > 0">
<xsl:for-each select="$resultDefs[@result='true']">
<xsl:variable name="defID" select="@definition_id"/>
<li>
@@ -417,18 +372,13 @@
</ol>
</li>
</xsl:for-each>
- </xsl:when>
- <xsl:otherwise>
- None
- </xsl:otherwise>
- </xsl:choose>
+ </xsl:if>
</ul>
</li>
<li>
- <span class="title toggle">Unknown</span>
+ <span class="title toggle">Unknown : </span><span class="count"><xsl:value-of select="$numOvalUnknown"/></span>
<ul class="hidden">
- <xsl:choose>
- <xsl:when test="$numOvalUnknown > 0">
+ <xsl:if test="$numOvalUnknown > 0">
<xsl:for-each select="$resultDefs[@result='unknown']">
<xsl:variable name="defID" select="@definition_id"/>
<li>
@@ -442,18 +392,13 @@
</ol>
</li>
</xsl:for-each>
- </xsl:when>
- <xsl:otherwise>
- None
- </xsl:otherwise>
- </xsl:choose>
+ </xsl:if>
</ul>
</li>
<li>
- <span class="title toggle">Not Evaluated</span>
+ <span class="title toggle">Not Evaluated : </span><span class="count"><xsl:value-of select="$numOvalNotEval"/></span>
<ul class="hidden">
- <xsl:choose>
- <xsl:when test="$numOvalNotEval > 0">
+ <xsl:if test="$numOvalNotEval > 0">
<xsl:for-each select="$resultDefs[@result='not evaluated']">
<xsl:variable name="defID" select="@definition_id"/>
<li>
@@ -467,18 +412,13 @@
</ol>
</li>
</xsl:for-each>
- </xsl:when>
- <xsl:otherwise>
- None
- </xsl:otherwise>
- </xsl:choose>
+ </xsl:if>
</ul>
</li>
<li>
- <span class="title toggle">Not Applicable</span>
+ <span class="title toggle">Not Applicable : </span><span class="count"><xsl:value-of select="$numOvalNotApp"/></span>
<ul class="hidden">
- <xsl:choose>
- <xsl:when test="$numOvalNotApp > 0">
+ <xsl:if test="$numOvalNotApp > 0">
<xsl:for-each select="$resultDefs[@result='not applicable']">
<xsl:variable name="defID" select="@definition_id"/>
<li>
@@ -492,11 +432,7 @@
</ol>
</li>
</xsl:for-each>
- </xsl:when>
- <xsl:otherwise>
- None
- </xsl:otherwise>
- </xsl:choose>
+ </xsl:if>
</ul>
</li>
</xsl:template>
@@ -529,38 +465,42 @@
<xsl:variable name="idref" select="@idref"/>
<xsl:variable name="rule" select="//*[local-name(.)='Rule'][@id=$idref]"/>
<li>
- <span class="title toggle"><xsl:value-of select="$idref"/></span>
- <ul class="hidden">
+ <span class="title toggle"><xsl:value-of select="$idref"/> : </span>
+ <span><xsl:value-of select="$rule/*[local-name(.)='description']"/></span>
+ <ol class="hidden">
+ <xsl:if test="$status = 'fail'">
+ FixText : <xsl:value-of select="$rule/*[local-name(.)='fixtext']"/>
+ </xsl:if>
<xsl:if test="$status = 'informational'">
<xsl:variable name="authBy" select="$override/*[local-name(.)='authority']"/>
- <dl class="details">
- <dt>Old Result: </dt>
- <dd><xsl:value-of select="$override/*[local-name(.)='old-result']"/></dd>
- <dt>New Result: </dt>
- <dd><xsl:value-of select="$override/*[local-name(.)='new-result']"/></dd>
- <dt>Authority: </dt>
+ <table class="details">
+ <tr>
+ <td>Old Result: </td>
+ <td class="title"><xsl:value-of select="$override/*[local-name(.)='old-result']"/></td>
+ </tr>
+ <tr>
+ <td>New Result: </td>
+ <td class="title"><xsl:value-of select="$override/*[local-name(.)='new-result']"/></td>
+ </tr>
+ <tr>
+ <td>Authority: </td>
<xsl:choose>
<xsl:when test="not($authBy)">
- <dd>N/A</dd>
+ <td class="title">N/A</td>
</xsl:when>
<xsl:otherwise>
- <dd><xsl:value-of select="$authBy"/></dd>
+ <td class="title"><xsl:value-of select="$authBy"/></td>
</xsl:otherwise>
</xsl:choose>
- <dt>Remark: </dt>
- <dd><xsl:value-of select="$override/*[local-name(.)='remark']"/></dd>
- </dl>
+ </tr>
+ <tr>
+ <td>Remark: </td>
+ <td class="title"><xsl:value-of select="$override/*[local-name(.)='remark']"/></td>
+ </tr>
+ </table>
</xsl:if>
- <li>
- <span class="toggle"><xsl:value-of select="$rule/*[local-name(.)='description']"/></span>
- <ol class="hidden">
- <xsl:apply-templates select="$rule//*[local-name(.)='check-content-ref']"/>
- </ol>
- <xsl:if test="$status = 'fail'">
- <xsl:apply-templates select="$rule/*[local-name(.)='fixtext']"/>
- </xsl:if>
- </li>
- </ul>
+ <xsl:apply-templates select="$rule//*[local-name(.)='check-content-ref']"/>
+ </ol>
</li>
</xsl:template>
@@ -660,6 +600,7 @@
<xsl:variable name="item_id" select="@item_id"/>
<xsl:variable name="result" select="@result"/>
<dd><dl>
+ <!--<xsl:apply-templates select="//*[local-name(.)='system_data']//*[@id=$item_id]"/>-->
<xsl:for-each select="//*[local-name(.)='system_data']//*[@id=$item_id]">
<dt class="toggle"><xsl:value-of select="local-name(.)"/> [ <span class="title"> <xsl:value-of select="$result"/> </span> ] </dt>
<dd class="hidden">
@@ -678,22 +619,6 @@
<xsl:template match="*[local-name(.)='tested_variable']">
<li><xsl:value-of select="."/></li>
- <!-- <xsl:variable name="result" select="@result"/>
- <dd><dl>
- <xsl:for-each select="//*[local-name(.)='system_data']//*[@id=$var_id]">
- <dt class="toggle"><xsl:value-of select="local-name(.)"/> [ <span class="title"> <xsl:value-of select="$result"/> </span> ] </dt>
- <dd class="hidden">
- <table>
- <xsl:for-each select="*">
- <tr>
- <td style="font-weight: normal"><xsl:value-of select="local-name(.)"/>: </td>
- <td><xsl:value-of select="."/></td>
- </tr>
- </xsl:for-each>
- </table>
- </dd>
- </xsl:for-each>
- </dl></dd>-->
</xsl:template>
<xsl:template match="*[local-name(.)='states']/*">
@@ -703,10 +628,11 @@
<dd class="hidden">
<xsl:if test="@var_ref != ''">
<xsl:variable name="var" select="@var_ref"/>
-
+ <dl>
<xsl:apply-templates select="//*[local-name(.)='variables']/*[local-name(.)][@id=$var]">
<xsl:with-param name="var" select="$var"/>
</xsl:apply-templates>
+ </dl>
</xsl:if>
<xsl:value-of select="."/>
</dd>
@@ -717,32 +643,91 @@
<xsl:template match="*[local-name(.)='external_variable']">
<xsl:param name="var"/>
<xsl:variable name="value_id" select="$original//*[local-name(.)='check-export'][@export-name=$var]/@value-id"/>
- <dl>
<dt class="toggle"><xsl:value-of select="local-name(.)"/></dt>
<dd class="hidden"><xsl:apply-templates select="$original//*[local-name(.)='Value'][@id=$value_id]"/></dd>
- </dl>
</xsl:template>
<xsl:template match="*[local-name(.)='constant_variable']">
+ <dt class="toggle"><xsl:value-of select="local-name(.)"/></dt>
+ <dd>
<table>
- <tr>
- <xsl:for-each select="*">
- <td><xsl:value-of select="local-name(.)"/></td>
- <td><xsl:value-of select="."/></td>
- </xsl:for-each>
- </tr>
+ <tr>
+ <xsl:for-each select="*">
+ <td><xsl:value-of select="local-name(.)"/></td>
+ <td><xsl:value-of select="."/></td>
+ </xsl:for-each>
+ </tr>
</table>
+ </dd>
</xsl:template>
<xsl:template match="*[local-name(.)='local_variable']">
- <table>
- <tr>
+ <dt class="toggle"><xsl:value-of select="local-name(.)"/></dt>
+ <dd class="hidden">
+ <dl>
<xsl:for-each select="*">
- <td><xsl:value-of select="local-name(.)"/></td>
- <td><xsl:value-of select="."/></td>
+ <dt class="toggle"><xsl:value-of select="local-name(.)"/></dt>
+ <dd class="hidden"><xsl:apply-templates select="."/></dd>
</xsl:for-each>
+ </dl>
+ </dd>
+</xsl:template>
+
+<xsl:template match="*[local-name(.)='object_component']">
+ <xsl:variable name="obj_ref" select="@object_ref"/>
+ <dl>
+ <dt>
+ <table>
+ <tr>
+ <td>item_field:</td>
+ <td><xsl:value-of select="@item_field"/></td>
</tr>
+ </table>
+ </dt>
+ <dd>
+ <dl>
+ <xsl:apply-templates select="//*[local-name(.)='collected_objects']/*[local-name(.)='object'][(a)id=$obj_ref]/*[local-name(.)='reference']"/>
+ </dl>
+ </dd>
+ </dl>
+</xsl:template>
+
+<xsl:template match="*[local-name(.)='variable_component']">
+ <xsl:variable name="var" select="@var_ref"/>
+ <dl>
+ <xsl:apply-templates select="//*[local-name(.)='variables']/*[local-name(.)][@id=$var]">
+ <xsl:with-param name="var" select="$var"/>
+ </xsl:apply-templates>
+ </dl>
+</xsl:template>
+
+<xsl:template match="*[local-name(.)='literal_component']">
+ <dt class="toggle"><xsl:value-of select="local-name(.)"/></dt>
+ <dd>
+ <table>
+ <tr>
+ <td><xsl:value-of select="local-name(.)"/></td>
+ <td><xsl:value-of select="."/></td>
+ </tr>
</table>
+ </dd>
+</xsl:template>
+
+<xsl:template match="*[local-name(.)='reference']">
+ <xsl:variable name="item_id" select="@item_ref"/>
+ <xsl:for-each select="//*[local-name(.)='system_data']//*[@id=$item_id]">
+ <dt><xsl:value-of select="local-name(.)"/></dt>
+ <dd>
+ <table>
+ <xsl:for-each select="*">
+ <tr>
+ <td style="font-weight: normal"><xsl:value-of select="local-name(.)"/>: </td>
+ <td><xsl:value-of select="."/></td>
+ </tr>
+ </xsl:for-each>
+ </table>
+ </dd>
+ </xsl:for-each>
</xsl:template>
<xsl:template match="*[local-name(.)='Value']">
--
1.7.2.2
13 years, 8 months
[PATCH] Reworked handling of puppet files & remediation
by Josh Adams
Puppet files are now automatically imported when importing a benchmark
(if the files are specified in the benchmark's fix elements) and will
be used when remediating.
---
Makefile | 3 +++
dist/secstate.spec | 5 +++++
src/bin/secstate | 11 -----------
src/etc/secstate.conf | 2 ++
src/puppet/site.pp | 3 +++
src/secstate/main.py | 42 +++++++++++++++++++++++++++++++++++++-----
src/secstate/util.py | 14 +++++++++++++-
7 files changed, 63 insertions(+), 17 deletions(-)
create mode 100644 src/puppet/site.pp
diff --git a/Makefile b/Makefile
index 57ff3e3..9a7b88b 100644
--- a/Makefile
+++ b/Makefile
@@ -60,6 +60,7 @@ SYSCONFDIR := $(DESTDIR)/etc
DATADIR := $(DESTDIR)/var/lib
SHAREDIR := $(DESTDIR)/usr/share
SECSTATE_DATADIR := $(DATADIR)/secstate
+SECSTATE_PUPPETDIR := $(DATADIR)/secstate/puppet
BENCHDIR := $(SECSTATE_DATADIR)/benchmarks
BENCHCONFDIR := $(SECSTATE_DATADIR)/configs
OVALDIR := $(SECSTATE_DATADIR)/oval
@@ -128,6 +129,7 @@ install:
$(verbose)test -d $(PYTHON_LIB) || $(INSTALL) $(MODE_DIR) -d $(PYTHON_LIB)
$(verbose)test -d $(PYTHON_LIB_SECSTATE) || $(INSTALL) $(MODE_DIR) -d $(PYTHON_LIB_SECSTATE)
$(verbose)test -d $(TRANSFORMDIR) || $(INSTALL) $(MODE_DIR) -d $(TRANSFORMDIR)
+ $(verbose)test -d $(SECSTATE_PUPPETDIR) || $(INSTALL) $(MODE_DIR) -d $(SECSTATE_PUPPETDIR)
$(verbose)$(GZIP) -c docs/secstate.1 > docs/secstate.1.gz
$(verbose)$(INSTALL) $(MODE_REG) docs/secstate.1.gz $(MANDIR)/man1/secstate.1.gz
$(verbose)$(INSTALL) $(MODE_EXEC) src/bin/$(PKG) $(BINDIR)/$(PKG)
@@ -141,6 +143,7 @@ install:
$(verbose)test -d $(PUPPET_MODULEDIR) || $(INSTALL) $(MODE_DIR) -d $(PUPPET_MODULEDIR)
$(foreach module, $(MODULE_LIST), $(verbose)cp -r remediation/puppet-modules/${module} $(PUPPET_MODULEDIR);)
$(verbose)cp -a src/share/transforms/* $(TRANSFORMDIR)
+ $(verbose)cp -a src/puppet/* $(SECSTATE_PUPPETDIR)
uninstall:
rm -rf $(SYSCONFDIR)/$(PKG)
diff --git a/dist/secstate.spec b/dist/secstate.spec
index 30e188b..c3c47ae 100644
--- a/dist/secstate.spec
+++ b/dist/secstate.spec
@@ -48,6 +48,8 @@ rm -rf $RPM_BUILD_ROOT
%dir /var/lib/secstate/benchmarks/
%dir /var/lib/secstate/configs/
%dir /var/lib/secstate/oval/
+%dir /var/lib/secstate/puppet/
+/var/lib/secstate/puppet/*
%dir /usr/share/secstate/
%dir %{_libexecdir}/%{name}
%{_libexecdir}/%{name}/secstate_external_node
@@ -74,6 +76,9 @@ rm -rf $RPM_BUILD_ROOT
/usr/share/puppet/modules/ifdefined/*
%changelog
+* Wed Aug 27 2010 Joshua Adams <jadams(a)tresys.com> 0.3-12
+- Added site.pp for puppet
+
* Wed Aug 25 2010 Joshua Adams <jadams(a)tresys.com> 0.3-12
- Added custom XSL tranform
diff --git a/src/bin/secstate b/src/bin/secstate
index 1b4f985..50d05d3 100644
--- a/src/bin/secstate
+++ b/src/bin/secstate
@@ -221,8 +221,6 @@ def audit(arguments):
def remediate(arguments):
parser = OptionParser(usage="secstate remediate [options] [benchmark]")
- parser.add_option('-r', '--remediation-puppet', action='store', type='string', dest='puppet_lib', metavar='FILE',
- help='Specifies a single puppet file to import for using with the xccdf puppet fixes')
parser.add_option('-x', '--xccdf-results', action='store', type='string', dest='xccdf_results', metavar='FILE',
help='XCCDF results file to provide for selective remediation')
parser.add_option('-l', '--log-dest', action='store', type='string', dest='log_dest', metavar='FILE',
@@ -241,15 +239,6 @@ def remediate(arguments):
kwargs['verbose'] = options.verbose
kwargs['yes_all'] = options.yes
- if not options.puppet_lib:
- sys.stderr.write('Error: You must specify a puppet library to use.\n')
- return -1
- elif not os.path.exists(options.puppet_lib):
- sys.stderr.write('Error: Specified puppet library does not exist : %s\n' % options.puppet_lib)
- return -1
- else:
- kwargs['puppet_lib'] = options.puppet_lib
-
if options.log_dest and not os.path.exists(options.log_dest):
LOG_FILE = open(options.log_dest, "w")
LOG_FILE.close()
diff --git a/src/etc/secstate.conf b/src/etc/secstate.conf
index a7a1d18..33c4076 100644
--- a/src/etc/secstate.conf
+++ b/src/etc/secstate.conf
@@ -3,6 +3,8 @@ data_dir=/var/lib/secstate
benchmark_dir=/var/lib/secstate/benchmarks
oval_dir=/var/lib/secstate/oval
conf_dir=/var/lib/secstate/configs
+puppet_dir=/var/lib/secstate/puppet
+site_pp=/var/lib/secstate/puppet/site.pp
oval_schema_dir=/usr/share/ovaldi
oval_interpreter=openscap
agressivness=1
diff --git a/src/puppet/site.pp b/src/puppet/site.pp
new file mode 100644
index 0000000..ec98370
--- /dev/null
+++ b/src/puppet/site.pp
@@ -0,0 +1,3 @@
+# site.pp
+
+import "*.pp"
diff --git a/src/secstate/main.py b/src/secstate/main.py
index d2f4f74..9bd0579 100644
--- a/src/secstate/main.py
+++ b/src/secstate/main.py
@@ -272,6 +272,10 @@ class Secstate:
if not value.prohibit_changes:
benchmark.vals[refval.item] = value_instance_to_value(value.get_instance_by_selector(refval.selector))
+ puppet_files = get_puppet_files(benchmark)
+ benchmark.__dict__['puppet'] = puppet_files
+ benchmark.config.set(benchmark.id, 'puppet', json.dumps(list(puppet_files)))
+
if store_path != None:
id = get_benchmark_id(benchmark_file)
directory = os.path.join(bench_dir, id)
@@ -290,6 +294,24 @@ class Secstate:
for oval in list(set(oval_files)):
shutil.copy(os.path.join(oval_path, oval), directory)
+
+ for puppet in puppet_files:
+ new_puppet = os.path.join(os.path.dirname(benchmark_file), puppet)
+ puppet_dir = self.config.get('secstate', 'puppet_dir')
+ if not os.path.isdir(puppet_dir):
+ os.makedirs(puppet_dir)
+
+ if os.path.isfile(os.path.join(puppet_dir, puppet)):
+ old = open(os.path.join(puppet_dir, puppet))
+ new = open(new_puppet)
+ if old.read() != new.read():
+ self.log.info("A puppet file named '%(name)s' has already been imported. Moving old file to '%(name)s.old'" % {'name':puppet})
+ os.rename(os.path.join(puppet_dir, puppet), os.path.join(puppet_dir, puppet + '.old'))
+ else:
+ continue
+
+ shutil.copy(os.path.join(os.path.dirname(benchmark_file), puppet), self.config.get('secstate', 'puppet_dir'))
+
except (IOError, OSError), e:
self.log.error("Error importing content: %(error)s" % {'error':e})
shutil.rmtree(directory)
@@ -446,12 +468,25 @@ class Secstate:
elif self.content.has_key(benchmark_id):
cfg = load_config(self.content_configs[benchmark_id])
+ rem_puppet = set(json.loads(cfg.get(benchmark_id, 'puppet')))
+ in_use = set()
+ for key in self.content:
+ if key != benchmark_id:
+ key_cfg = load_config(self.content_configs[benchmark_id])
+ if key_cfg.has_option(benchmark_id, 'puppet'):
+ in_use = in_use.union(rem_puppet, set(json.loads(key_cfg.get(benchmark_id, 'puppet'))))
+
+ for puppet_file in rem_puppet:
+ if puppet_file not in in_use:
+ os.remove(os.path.join(self.config.get('secstate', 'puppet_dir'), puppet_file))
+
try:
if os.path.split(cfg.get(benchmark_id, "file"))[0] != self.config.get('secstate', 'oval_dir'):
shutil.rmtree(os.path.split(cfg.get(benchmark_id, "file"))[0])
else:
os.remove(cfg.get(benchmark_id, "file"))
os.remove(self.content_configs[benchmark_id])
+
except IOError,e:
self.log.error("Error removing content: %(error)s" % {'error':e})
return False
@@ -931,10 +966,7 @@ class Secstate:
return (result_ids, passing_ids)
- def remediate_puppet(self, args, puppet_lib=None, xccdf_results=None, log_dest=None, noop=False, verbose=False, yes_all=False):
- if puppet_lib == None:
- self.log.error('Error: Puppet Library: %s' % puppet_lib)
- return False
+ def remediate_puppet(self, args, xccdf_results=None, log_dest=None, noop=False, verbose=False, yes_all=False):
(result_ids, passing_ids) = self.get_passed_result_ids(xccdf_results)
if result_ids == None or passing_ids == None:
return False
@@ -978,7 +1010,7 @@ class Secstate:
handle, fname = tempfile.mkstemp(suffix='.yaml')
os.write(handle, template % dict_to_external(puppet_content))
os.close(handle)
- puppet_args = ['/usr/bin/puppet', '--external_node', '/usr/libexec/secstate/secstate_external_node %s' % fname, '--node_terminus', 'exec', puppet_lib]
+ puppet_args = ['/usr/bin/puppet', '--external_node', '/usr/libexec/secstate/secstate_external_node %s' % fname, '--node_terminus', 'exec', self.config.get('secstate', 'site_pp')]
if noop:
puppet_args.append('--noop')
if log_dest:
diff --git a/src/secstate/util.py b/src/secstate/util.py
index f9d73b2..200036e 100644
--- a/src/secstate/util.py
+++ b/src/secstate/util.py
@@ -535,4 +535,16 @@ def dereference_sub_elements(fix, benchmark):
value = benchmark.vals[id]
content = re.sub(replacement_re % id, re.escape(value), content)
return content
-
+
+def get_puppet_files(benchmark):
+ puppet_files = set()
+ line_reg = re.compile(r'\s*(manifest|class|environment|parameter|array)\s*:\s*((\S+)\s*:\s*(\S+)|\S+)\s*', re.IGNORECASE)
+ for fix in xccdf_get_fixes(benchmark):
+ if fix.system == 'urn:xccdf:fix:script:puppet':
+ content = dereference_sub_elements(fix, benchmark)
+ for line in content.split('\n'):
+ mtch = line_reg.match(line)
+ if mtch:
+ if mtch.group(1).lower() == 'manifest':
+ puppet_files.add(mtch.group(2))
+ return puppet_files
--
1.7.2.2
13 years, 8 months
[PATCH 2/2] Resolved issue with deselecting parent groups
by Josh Adams
---
src/secstate/main.py | 3 +--
src/secstate/util.py | 9 +++++++++
2 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/src/secstate/main.py b/src/secstate/main.py
index fe9ad94..68a9421 100644
--- a/src/secstate/main.py
+++ b/src/secstate/main.py
@@ -619,8 +619,7 @@ class Secstate:
for item in scanned_content.selections.keys():
sel = oscap.xccdf.select_new()
sel.item = item
- if item == rule:
- print item
+ if item == rule or is_parent(scanned_content.get_item(item), scanned_content.get_item(rule)):
sel.selected = True
else:
sel.selected = False
diff --git a/src/secstate/util.py b/src/secstate/util.py
index f443670..f9d73b2 100644
--- a/src/secstate/util.py
+++ b/src/secstate/util.py
@@ -457,6 +457,15 @@ def value_instance_to_value(val_instance):
elif val_instance.type == oscap.xccdf.XCCDF_TYPE_BOOLEAN:
return str(val_instance.value_boolean).lower()
+def is_parent(parent, item):
+ item_parent = item.parent
+ while item_parent != None:
+ if parent.id == item_parent.id:
+ return True
+ item_parent = item_parent.parent
+
+ return False
+
def parse_puppet_fixes(benchmark, ignore_ids=[]):
fixes = xccdf_get_fixes(benchmark, ignore_ids)
all_puppet = {'classes' : set(), 'environment' : "", 'parameters' : {}}
--
1.7.2.2
13 years, 8 months
[PATCH] Updated output transformation.
by Jason Dana
Changed formatting for test information output.
Modified variable output in preparation for full support.
Fixed the path on document call for OVAL results.
---
src/share/transforms/media/css/main.css | 6 +-
src/share/transforms/results2html.xsl | 180 ++++++++++++++++++++++---------
2 files changed, 133 insertions(+), 53 deletions(-)
diff --git a/src/share/transforms/media/css/main.css b/src/share/transforms/media/css/main.css
index 63ec9cb..8ffc678 100644
--- a/src/share/transforms/media/css/main.css
+++ b/src/share/transforms/media/css/main.css
@@ -106,7 +106,11 @@ dl dd dl dd {
}
.details dl dd {
- padding-left: 40px;
+ padding-left: 20px;
+}
+
+.details td {
+ padding-left: 20px;
}
#header {
diff --git a/src/share/transforms/results2html.xsl b/src/share/transforms/results2html.xsl
index 1d21f7a..c76886b 100644
--- a/src/share/transforms/results2html.xsl
+++ b/src/share/transforms/results2html.xsl
@@ -85,9 +85,11 @@
<div id="results">
<ul id="tree">
<xsl:apply-templates select="*[local-name(.)='Index']/*[local-name(.)='file']"/>
+ <!-- Will throw warning if applied to an OVAL results XML -->
<xsl:if test="$genOval">
- <xsl:apply-templates select="document(concat($path,$genOvalRes))//*[local-name(.)='interfaces']"/>
+ <xsl:apply-templates select="document(concat($path,$genOvalRes))//*[local-name(.)='interfaces']"/>
</xsl:if>
+ <!-- -->
<xsl:apply-templates select="//*[local-name(.)='interfaces']"/>
<xsl:apply-templates select="*[local-name(.)='Benchmark']//*[local-name(.)='TestResult']"/>
<xsl:apply-templates select="*[local-name(.)='oval_results']"/>
@@ -99,12 +101,13 @@
<xsl:template match="*[local-name(.)='Index']">
<xsl:variable name="file" select="*[local-name(.)='file']"/>
+ <xsl:variable name="fileDoc" select="document(concat($path,$file))"/>
<xsl:choose>
- <xsl:when test="document(concat($path,$file))/*[local-name(.)='oval_results']">
- <xsl:apply-templates select="document($file)//*[local-name(.)='system_info']"/>
+ <xsl:when test="$fileDoc/*[local-name(.)='oval_results']">
+ <xsl:apply-templates select="$fileDoc//*[local-name(.)='system_info']"/>
</xsl:when>
<xsl:otherwise>
- <xsl:variable name="ovalFile" select="document(concat($path,$file))//*[local-name(.)='check-content-ref']/@href"/>
+ <xsl:variable name="ovalFile" select="$fileDoc//*[local-name(.)='check-content-ref']/@href"/>
<xsl:variable name="ovalRes" select="concat(substring-before($ovalFile, '.xml'), '.results.xml')"/>
<xsl:apply-templates select="document(concat($path,$ovalRes))//*[local-name(.)='system_info']"/>
</xsl:otherwise>
@@ -219,7 +222,7 @@
<xsl:template match="*[local-name(.)='Benchmark']">
<xsl:apply-templates select="document(concat($path,$genOvalRes))//*[local-name(.)='system_info']"/>
<dl id="summary">
- <dt class="title">Benchmark Summary</dt>
+ <dt class="title">Audit Summary</dt>
<dd>
<dl>
<dt>Benchmark ID: </dt>
@@ -500,7 +503,7 @@
<xsl:template match="*[local-name(.)='results']">
<dl id="summary">
- <dt class="title">Benchmark Summary</dt>
+ <dt class="title">Audit Summary</dt>
<dd>
<dl>
<dt>Failures: </dt>
@@ -581,34 +584,28 @@
<xsl:value-of select="*[local-name(.)='metadata']/*[local-name(.)='title']"/>
<span class="ovalid"> ( <xsl:value-of select="@id"/> )</span>
</span>
+ <ul>
<xsl:apply-templates select="*[local-name(.)='criteria']/*[local-name(.)='criterion']">
<xsl:with-param name="defResult" select="$defResult"/>
</xsl:apply-templates>
+ </ul>
</xsl:template>
<xsl:template match="*[local-name(.)='criterion']">
<xsl:param name="defResult"/>
<xsl:variable name="test_id" select="@test_ref"/>
- <xsl:variable name="testCheck" select="//*[local-name(.)='results']//*[local-name(.)='test'][@test_id=$test_id]"/>
- <xsl:if test="$testCheck">
- <xsl:variable name="defResult" select="@result"/>
- </xsl:if>
- <ul>
- <li>Test : <xsl:value-of select="$defResult"/><span class="ovalid"> ( <xsl:value-of select="$test_id"/> )</span></li>
- <li><xsl:value-of select="//*[local-name(.)][@id=$test_id]/@comment"/></li>
+ <xsl:variable name="test" select="//*[local-name(.)='results']//*[local-name(.)='test'][@test_id=$test_id]"/>
+ <xsl:if test="$test">
+ <xsl:variable name="defResult" select="@result"/>
+ </xsl:if>
<li>
- <div>Object</div>
- <xsl:choose>
- <xsl:when test="not($testCheck)">
- <dl class="details">
- <dt>None Collected</dt>
- </dl>
- </xsl:when>
- <xsl:otherwise>
- <xsl:apply-templates select="//*[local-name(.)='results']//*[local-name(.)='test'][@test_id=$test_id]"/>
- </xsl:otherwise>
- </xsl:choose>
+ <xsl:value-of select="//*[local-name(.)][@id=$test_id]/@comment"/>
+ [ <span class="title"> <xsl:value-of select="$defResult"/> </span> ]
+ <span class="ovalid"> ( <xsl:value-of select="$test_id"/> )</span>
</li>
+ <ul>
+ <li>check: <span class="title"> <xsl:value-of select="$test/@check"/> </span></li>
+ <li>check_existence: <span class="title"> <xsl:value-of select="$test/@check_existence"/> </span></li>
<li>
<div>State</div>
<xsl:for-each select="//*[local-name(.)='tests']/*[local-name(.)]">
@@ -625,47 +622,91 @@
</xsl:if>
</xsl:for-each>
</li>
+ <li>
+ <dl class="details">
+ <xsl:choose>
+ <xsl:when test="not($test)">
+ <dt class="title">Nothing Tested</dt>
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:apply-templates select="$test"/>
+ </xsl:otherwise>
+ </xsl:choose>
+ </dl>
+ </li>
</ul>
</xsl:template>
<xsl:template match="*[local-name(.)='test']">
-<dl class="details">
- <dt>Collected Items</dt>
- <xsl:for-each select="*[local-name(.)='tested_item']">
+ <xsl:if test="*[local-name(.)='tested_item']">
+ <dt>Tested Items</dt>
+ <xsl:apply-templates select="*[local-name(.)='tested_item']"/>
+ </xsl:if>
+ <xsl:if test="*[local-name(.)='tested_variable']">
+ <xsl:variable name="var_id" select="*[local-name(.)='tested_variable']/@variable_id"/>
+ <dt>Tested Variables</dt>
+ <dl>
+ <dt class="toggle"><xsl:value-of select="//*[local-name(.)='variables']//*[@id=$var_id]/@comment"/></dt>
+ <dd class="hidden">
+ <ul>
+ <xsl:apply-templates select="*[local-name(.)='tested_variable']"/>
+ </ul>
+ </dd>
+ </dl>
+ </xsl:if>
+</xsl:template>
+
+<xsl:template match="*[local-name(.)='tested_item']">
<xsl:variable name="item_id" select="@item_id"/>
+ <xsl:variable name="result" select="@result"/>
<dd><dl>
<xsl:for-each select="//*[local-name(.)='system_data']//*[@id=$item_id]">
- <dt><xsl:value-of select="local-name(.)"/> ( ID: <xsl:value-of select="$item_id"/> )</dt>
- <dd>
- <dl>
+ <dt class="toggle"><xsl:value-of select="local-name(.)"/> [ <span class="title"> <xsl:value-of select="$result"/> </span> ] </dt>
+ <dd class="hidden">
+ <table>
<xsl:for-each select="*">
- <dt><xsl:value-of select="local-name(.)"/>: </dt>
- <dd><xsl:value-of select="."/></dd>
+ <tr>
+ <td style="font-weight: normal"><xsl:value-of select="local-name(.)"/>: </td>
+ <td><xsl:value-of select="."/></td>
+ </tr>
</xsl:for-each>
- </dl>
+ </table>
</dd>
</xsl:for-each>
</dl></dd>
- </xsl:for-each>
-</dl>
+</xsl:template>
+
+<xsl:template match="*[local-name(.)='tested_variable']">
+ <li><xsl:value-of select="."/></li>
+ <!-- <xsl:variable name="result" select="@result"/>
+ <dd><dl>
+ <xsl:for-each select="//*[local-name(.)='system_data']//*[@id=$var_id]">
+ <dt class="toggle"><xsl:value-of select="local-name(.)"/> [ <span class="title"> <xsl:value-of select="$result"/> </span> ] </dt>
+ <dd class="hidden">
+ <table>
+ <xsl:for-each select="*">
+ <tr>
+ <td style="font-weight: normal"><xsl:value-of select="local-name(.)"/>: </td>
+ <td><xsl:value-of select="."/></td>
+ </tr>
+ </xsl:for-each>
+ </table>
+ </dd>
+ </xsl:for-each>
+ </dl></dd>-->
</xsl:template>
<xsl:template match="*[local-name(.)='states']/*">
<dl class="details">
<xsl:for-each select="*">
- <dt><xsl:value-of select="local-name(.)"/></dt>
- <dd>
+ <dt class="toggle"><xsl:value-of select="local-name(.)"/></dt>
+ <dd class="hidden">
<xsl:if test="@var_ref != ''">
<xsl:variable name="var" select="@var_ref"/>
- <xsl:for-each select="//*[local-name(.)='variables']/*[local-name(.)]">
- <xsl:if test="@id = $var and local-name(.) = 'external_variable'">
- <xsl:variable name="value_id" select="$original//*[local-name(.)='check-export'][@export-name=$var]/@value-id"/>
- <dl>
- <dt><xsl:value-of select="local-name(.)"/></dt>
- <dd><xsl:apply-templates select="$original//*[local-name(.)='Value'][@id=$value_id]"/></dd>
- </dl>
- </xsl:if>
- </xsl:for-each>
+
+ <xsl:apply-templates select="//*[local-name(.)='variables']/*[local-name(.)][@id=$var]">
+ <xsl:with-param name="var" select="$var"/>
+ </xsl:apply-templates>
</xsl:if>
<xsl:value-of select="."/>
</dd>
@@ -673,14 +714,49 @@
</dl>
</xsl:template>
+<xsl:template match="*[local-name(.)='external_variable']">
+ <xsl:param name="var"/>
+ <xsl:variable name="value_id" select="$original//*[local-name(.)='check-export'][@export-name=$var]/@value-id"/>
+ <dl>
+ <dt class="toggle"><xsl:value-of select="local-name(.)"/></dt>
+ <dd class="hidden"><xsl:apply-templates select="$original//*[local-name(.)='Value'][@id=$value_id]"/></dd>
+ </dl>
+</xsl:template>
+
+<xsl:template match="*[local-name(.)='constant_variable']">
+ <table>
+ <tr>
+ <xsl:for-each select="*">
+ <td><xsl:value-of select="local-name(.)"/></td>
+ <td><xsl:value-of select="."/></td>
+ </xsl:for-each>
+ </tr>
+ </table>
+</xsl:template>
+
+<xsl:template match="*[local-name(.)='local_variable']">
+ <table>
+ <tr>
+ <xsl:for-each select="*">
+ <td><xsl:value-of select="local-name(.)"/></td>
+ <td><xsl:value-of select="."/></td>
+ </xsl:for-each>
+ </tr>
+ </table>
+</xsl:template>
+
<xsl:template match="*[local-name(.)='Value']">
-<dl>
+<table>
<xsl:variable name="value_id" select="@value-id"/>
- <dt><xsl:value-of select="@id"/></dt>
- <dd><xsl:value-of select="*[local-name(.)='title']"/></dd>
- <dt>value: </dt>
- <dd><xsl:value-of select="*[local-name(.)='value']"/></dd>
-</dl>
+ <tr>
+ <td style="font-weight: normal"><xsl:value-of select="@id"/>:</td>
+ <td><xsl:value-of select="*[local-name(.)='title']"/></td>
+ </tr>
+ <tr>
+ <td style="font-weight: normal">value: </td>
+ <td><xsl:value-of select="*[local-name(.)='value']"/></td>
+ </tr>
+</table>
</xsl:template>
<xsl:template match="*[local-name(.)='system_info']">
--
1.7.2.2
13 years, 8 months
[PATCH] Implemented selective remediation
by Josh Adams
Will prompt if no results file has been specified. Can specify results
files by directory or by single file.
Fixes bug #7622
---
src/bin/secstate | 2 +
src/secstate/main.py | 67 +++++++++++++++++++++++++++++++++++++------------
2 files changed, 52 insertions(+), 17 deletions(-)
diff --git a/src/bin/secstate b/src/bin/secstate
index c2ae1be..5fd212c 100644
--- a/src/bin/secstate
+++ b/src/bin/secstate
@@ -232,12 +232,14 @@ def remediate(arguments):
parser.add_option('-p', '--profile', action='store', type='string', dest='profile',
default=None, help="Specifies the profile to use when auditing the system")
parser.add_option('-v', '--verbose', action='store_false', dest='verbose', help="Prints out extra information during the remediate process")
+ parser.add_option('-y', '--yes', action='store_true', dest='yes', help="Respond 'yes' to all prompts")
options, args = parser.parse_args(arguments)
kwargs = {}
kwargs['args'] = args
kwargs['verbose'] = options.verbose
+ kwargs['yes_all'] = options.yes
if not options.puppet_lib:
sys.stderr.write('Error: You must specify a puppet library to use.\n')
diff --git a/src/secstate/main.py b/src/secstate/main.py
index 4831a20..b4c1d7f 100644
--- a/src/secstate/main.py
+++ b/src/secstate/main.py
@@ -891,39 +891,72 @@ class Secstate:
def get_passed_result_ids(self, xccdf_results):
if xccdf_results == None:
- return set()
+ return ([], set())
+
+ result_files = []
+ if os.path.isdir(xccdf_results):
+ for res_file in os.listdir(xccdf_results):
+ if res_file.endswith(".results.xml") and is_benchmark(os.path.join(xccdf_results, res_file)):
+ result_files.append(os.path.join(xccdf_results, res_file))
+
+ elif os.path.isfile(xccdf_results):
+ result_files.append(xccdf_results)
+
+ result_ids = []
+ for result in result_files:
+ benchmark = oscap.xccdf.benchmark_import(result)
- benchmark = oscap.xccdf.benchmark_import(xccdf_results)
-
- if benchmark == None:
- self.log.error("Error importing benchmark %(file)s" % {'file':xccdf_results})
- return None
-
- passing_ids = set()
- for test_result in benchmark.results:
- for rule_result in test_result.rule_results:
- id = rule_result.idref
- result = rule_result.result
- if result != oscap.xccdf.XCCDF_RESULT_FAIL:
- passing_ids.add(id)
+ if benchmark == None:
+ self.log.error("Error importing benchmark %(file)s" % {'file':result})
+ return None, None
+
+ if not self.content.has_key(benchmark.id):
+ self.log.error("Results file does not match any imported content")
+ return None, None
+
+ imported_benchmark = self.import_content(benchmark.id)
+ if imported_benchmark == None:
+ self.log.error("Error loading imported content: %(id)s" % {'id':benchmark.id})
+ return None, None
+
+ result_ids.append(benchmark.id)
+ passing_ids = set()
+ for test_result in benchmark.results:
+ for rule_result in test_result.rule_results:
+ id = rule_result.idref
+ result = rule_result.result
+ if result != oscap.xccdf.XCCDF_RESULT_FAIL or not imported_benchmark.selections[id]:
+ passing_ids.add(id)
- return passing_ids
+ return (result_ids, passing_ids)
- def remediate_puppet(self, args, puppet_lib=None, xccdf_results=None, log_dest=None, noop=False, verbose=False):
+ def remediate_puppet(self, args, puppet_lib=None, xccdf_results=None, log_dest=None, noop=False, verbose=False, yes_all=False):
if puppet_lib == None:
self.log.error('Error: Puppet Library: %s' % puppet_lib)
return False
- passing_ids = self.get_passed_result_ids(xccdf_results)
+ (result_ids, passing_ids) = self.get_passed_result_ids(xccdf_results)
+ if result_ids == None or passing_ids == None:
+ return False
template = '%s\n'
if args == []:
args = self.content.keys()
for arg in args:
+ if arg not in result_ids and not yes_all:
+ inpt = raw_input("No results file provided for %s, remediate anyway? " % arg)
+ if inpt != 'y':
+ continue
+
benchmark = self.import_content(arg)
if benchmark == None:
self.log.error("Error importing content: %s" % arg)
return False
+ if not benchmark.__dict__.has_key('oval'):
+ # OVAL Definition Model, so skip
+ continue
+
+ self.log.info("-- Remediating %(id)s --" % {'id':arg})
try:
ignore_ids = []
for key in benchmark.selections:
--
1.7.2.2
13 years, 8 months
[PATCH] Quick fix for auditing single rule
by Josh Adams
---
src/bin/secstate | 2 +-
src/secstate/main.py | 2 ++
2 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/src/bin/secstate b/src/bin/secstate
index c2ae1be..44b8de1 100644
--- a/src/bin/secstate
+++ b/src/bin/secstate
@@ -214,7 +214,7 @@ def audit(arguments):
parser.add_option('-a', '--all', action='store_true', dest='all', default=False,
help="Audit everything regardless of selection status")
parser.add_option('-r', '--rule', action='store', type='string', dest='rule', default=None,
- help="Audit everything regardless of selection status")
+ help="Adit only the specified rule")
(options, args) = parser.parse_args(arguments)
if (not (sec_instance.audit(options.interpreter, args, all=options.all, verbose=options.verbose, profile=options.profile, results_dir=options.output, output_xml=options.xml, output_html=options.html, rule=options.rule))):
return -1
diff --git a/src/secstate/main.py b/src/secstate/main.py
index 4831a20..fe9ad94 100644
--- a/src/secstate/main.py
+++ b/src/secstate/main.py
@@ -620,6 +620,7 @@ class Secstate:
sel = oscap.xccdf.select_new()
sel.item = item
if item == rule:
+ print item
sel.selected = True
else:
sel.selected = False
@@ -639,6 +640,7 @@ class Secstate:
if scanned_content.get_item(profile) == None:
self.log.error("Profile '%(prof)s' does not exist." % {'prof':profile})
return False
+ audit_profile = profile
(res_benchmark, sessions) = evaluate_xccdf(scanned_content, scanned_content.id, s_profile=audit_profile, verbose=verbose)
--
1.7.2.2
13 years, 8 months