August 2010 - SecState-devel - Fedora Mailing-Lists

by Jason Dana

Updated formatting and content. --- src/share/transforms/media/js/custom.js | 4 ++++ src/share/transforms/results2html.xsl | 11 ++++------- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/src/share/transforms/media/js/custom.js b/src/share/transforms/media/js/custom.js index 2ce1c86..9341204 100644 --- a/src/share/transforms/media/js/custom.js +++ b/src/share/transforms/media/js/custom.js @@ -14,11 +14,15 @@ $(document).ready( function() { if( $('a#index').hasClass('current') ) { $('#tree') + .addClass('expanded') .find('.toggle') .css({backgroundPosition: "0 -10px"}) .nextAll('.hidden') .removeClass('hidden') .addClass('shown'); + $('#toggle') + .addClass('expanded') + .html('Collapse All'); } else $(".hidden").hide(); diff --git a/src/share/transforms/results2html.xsl b/src/share/transforms/results2html.xsl index 1d91d2b..7e6a9da 100644 --- a/src/share/transforms/results2html.xsl +++ b/src/share/transforms/results2html.xsl @@ -59,7 +59,6 @@ System Security Compliance & Audit Tool </div> <div id="description"> - </div> <div id="nav">  @@ -68,7 +67,7 @@ <a id="toggle" href="#">Expand All</a> <xsl:choose> <xsl:when test="*[local-name(.)='Index']"> - <a id="index" class="current" style="color: #C00000" href="index.html">Audit Index</a> + <a id="index" class="current" style="color: #C00000" href="index.html"></a> </xsl:when> <xsl:otherwise> <a id="index" href="index.html">Audit Index</a> @@ -134,6 +133,7 @@ <a href="{$htmlFile}"> <span class="title"><xsl:value-of select="$docFile//*[local-name(.)='Benchmark']/@id"/></span> </a> + <span> : Benchmark</span> <ul class="hidden"> <li> <dl class="interface"> @@ -177,6 +177,7 @@ <a href="{$htmlFile}"> <span class="title"><xsl:value-of select="$file"/></span> </a> + <span> : OVAL</span> <ul class="hidden"> <li> <dl class="interface"> @@ -475,14 +476,10 @@ <xsl:variable name="authBy" select="$override/*[local-name(.)='authority']"/> <table class="details"> <tr> - <td>Old Result: </td> + <td>Actual Result: </td> <td class="title"><xsl:value-of select="$override/*[local-name(.)='old-result']"/></td> </tr> <tr> - <td>New Result: </td> - <td class="title"><xsl:value-of select="$override/*[local-name(.)='new-result']"/></td> - </tr> - <tr> <td>Authority: </td> <xsl:choose> <xsl:when test="not($authBy)"> -- 1.7.2.2

13 years, 8 months

1
0
0 / 0

[PATCH] Export puppet content with benchmark

by Josh Adams

Fixes bug #7896 --- src/secstate/main.py | 6 ++++++ 1 files changed, 6 insertions(+), 0 deletions(-) diff --git a/src/secstate/main.py b/src/secstate/main.py index 9bd0579..b73ceec 100644 --- a/src/secstate/main.py +++ b/src/secstate/main.py @@ -457,6 +457,12 @@ class Secstate: file_type = mimetypes.guess_type(os.path.join(bench_dir, content)) if (file_type[0] == "text/xml") and (not is_benchmark(os.path.join(bench_dir, content))): archive.write(os.path.join(bench_dir, content), content) + + cfg = load_config(self.content_configs[benchmark_id]) + if cfg.has_option(benchmark_id, 'puppet'): + puppet_files = json.loads(cfg.get(benchmark_id, 'puppet')) + for puppet in puppet_files: + archive.write(os.path.join(self.config.get('secstate', 'puppet_dir'), puppet), puppet) archive.close() return True -- 1.7.2.2

13 years, 8 months

1
0
0 / 0

[PATCH] Fixed issue showing deselected content when listing

by Josh Adams

Fixes bug #7891 --- src/secstate/main.py | 9 ++++++--- 1 files changed, 6 insertions(+), 3 deletions(-) diff --git a/src/secstate/main.py b/src/secstate/main.py index 9bd0579..33abb3f 100644 --- a/src/secstate/main.py +++ b/src/secstate/main.py @@ -849,21 +849,24 @@ class Secstate: selected = "" profile = "" + is_selected = False if not content.__dict__.has_key('oval'): if self.content.has_key(arg): if content.config.getboolean(arg, 'selected'): + is_selected = True if show_all: selected = "[X]" else: selected = "[ ]" - print "%(indent)s%(sel)sOVAL File - ID: %(id)s" % {'indent':tabstr, 'sel':selected, 'id':arg} + + if is_selected or show_all: + print "%(indent)s%(sel)sOVAL File - ID: %(id)s" % {'indent':tabstr, 'sel':selected, 'id':arg} else: defn = content.get_definition(arg) if defn != None: print "%(indent)sDefinition - ID: %(id)s, Title: '%(title)s'" % {'indent':tabstr, 'id':arg, 'title':defn.title} else: - is_selected = False item = None if arg == content.id: item = content.to_item() @@ -892,7 +895,7 @@ class Secstate: if not recurse or (tabs == 0): selected = "[ ]" - if show_all or is_selected or not recurse: + if show_all or is_selected: print "%(indent)s%(sel)s%(type)s - ID: %(id)s, Title: '%(title)s'%(prof)s" % {'indent':tabstr, 'sel':selected, 'type':item_get_type_str(item), 'id':arg, 'title':title.text, -- 1.7.2.2

13 years, 8 months

1
0
0 / 0

[PATCH] Fixed issue deselecting OVAL content

by Josh Adams

Fixes bug #7890 --- src/secstate/main.py | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/src/secstate/main.py b/src/secstate/main.py index 9bd0579..ae2bcd2 100644 --- a/src/secstate/main.py +++ b/src/secstate/main.py @@ -515,7 +515,7 @@ class Secstate: return False if not benchmark.__dict__.has_key('oval'): - oval.config.set(benchmark_id, 'selected', selected) + benchmark.config.set(benchmark_id, 'selected', selected) self.log.debug("Set Oval file %(file)s to %(sel)s" % {'file':benchmark_id, 'sel':selected}) else: -- 1.7.2.2

13 years, 8 months

1
0
0 / 0

[PATCH] Updated results transformation.

by Jason Dana

Updated variable support. Updated design and layout. --- src/share/transforms/media/css/main.css | 3 +- src/share/transforms/media/js/custom.js | 31 +++- src/share/transforms/results2html.xsl | 327 +++++++++++++++---------------- 3 files changed, 185 insertions(+), 176 deletions(-) diff --git a/src/share/transforms/media/css/main.css b/src/share/transforms/media/css/main.css index 8ffc678..c0f0276 100644 --- a/src/share/transforms/media/css/main.css +++ b/src/share/transforms/media/css/main.css @@ -106,7 +106,7 @@ dl dd dl dd { } .details dl dd { - padding-left: 20px; + padding-left: 40px; } .details td { @@ -194,6 +194,7 @@ dl dd dl dd { .ovalid { font-weight: normal; color: #666666; + font-size: 11px; } .test { diff --git a/src/share/transforms/media/js/custom.js b/src/share/transforms/media/js/custom.js index 256467c..2ce1c86 100644 --- a/src/share/transforms/media/js/custom.js +++ b/src/share/transforms/media/js/custom.js @@ -11,8 +11,23 @@ $(document).ready( function() { window.print(); return; } + + if( $('a#index').hasClass('current') ) { + $('#tree') + .find('.toggle') + .css({backgroundPosition: "0 -10px"}) + .nextAll('.hidden') + .removeClass('hidden') + .addClass('shown'); + } + else + $(".hidden").hide(); + + $('.count').each( function() { + if($(this).html() == 0) + $(this).prev('.toggle').removeClass('toggle').css({background: "none"}); + }); - $(".hidden").hide(); $(".toggle").click( function() { $list = $(this).nextAll('.hidden, .shown'); // Element that is shown/hidden $list.toggle(); @@ -31,16 +46,21 @@ $(document).ready( function() { $(this).css({backgroundPosition: "0 3px"}); } }); + $("#toggle").click( function() { $tree = $("#tree") - if( $tree.hasClass('expanded') ) { - $tree.removeClass('expanded') - .find('.shown') + if( $(this).hasClass('expanded') ) { + if( $tree.hasClass('expanded') ) { + $tree.removeClass('expanded') + .find('.shown') .removeClass('shown') .addClass('hidden') .hide() .parent().children('.toggle') .css({backgroundPosition: "0 3px"}); + } + $(this).removeClass('expanded'); + $(this).html('Expand All'); } else { $tree.addClass('expanded') @@ -50,8 +70,11 @@ $(document).ready( function() { .addClass('shown') .parent().children('.toggle') .css({backgroundPosition: "0 -10px"}); + $(this).addClass('expanded'); + $(this).html('Collapse All'); } }); + $("#print").click( function() { var path = window.location.pathname; var left = (screen.width)/2; diff --git a/src/share/transforms/results2html.xsl b/src/share/transforms/results2html.xsl index c76886b..f8afef5 100644 --- a/src/share/transforms/results2html.xsl +++ b/src/share/transforms/results2html.xsl @@ -65,10 +65,10 @@  <a id="about" href="#">About SecState</a> <a id="print" href="#">Print Report</a> - <a id="toggle" href="#">Expand/Collapse All</a> + <a id="toggle" href="#">Expand All</a> <xsl:choose> <xsl:when test="*[local-name(.)='Index']"> - <a id="index" style="color: #C00000" href="index.html">Audit Index</a> + <a id="index" class="current" style="color: #C00000" href="index.html">Audit Index</a> </xsl:when> <xsl:otherwise> <a id="index" href="index.html">Audit Index</a> @@ -155,8 +155,10 @@ <dd><xsl:value-of select="$numBenchNotSelected"/></dd> <dt>Fixed: </dt> <dd><xsl:value-of select="$numBenchFixed"/></dd> - <dt>Timestamp: </dt> - <dd><xsl:value-of select="$docFile//*[local-name(.)='TestResult']/@end-time"/></dd> + <dt>Timestamp: </dt> + <xsl:variable name="date" select="substring-before($docFile//*[local-name(.)='TestResult']/@end-time, 'T')"/> + <xsl:variable name="time" select="substring-after($docFile//*[local-name(.)='TestResult']/@end-time, 'T')"/> + <dd><xsl:value-of select="$date"/> ( <xsl:value-of select="$time"/> ) </dd> </dl> </li> </ul> @@ -191,7 +193,9 @@ <dt>Not Applicable: </dt> <dd><xsl:value-of select="$numOvalNotApp"/></dd> <dt>Timestamp: </dt> - <dd><xsl:value-of select="$docFile//*[local-name(.)='timestamp']"/></dd> + <xsl:variable name="date" select="substring-before($docFile//*[local-name(.)='timestamp'], 'T')"/> + <xsl:variable name="time" select="substring-after($docFile//*[local-name(.)='timestamp'], 'T')"/> + <dd><xsl:value-of select="$date"/> ( <xsl:value-of select="$time"/> ) </dd> </dl> </li> </ul> @@ -201,7 +205,7 @@ <xsl:template match="*[local-name(.)='interfaces']"> <li> - <span class="toggle"></span><span class="title">Interfaces</span> + <span class="toggle title">Interfaces</span> <ul class="hidden"> <li> <xsl:for-each select="*[local-name(.)='interface']"> @@ -225,8 +229,10 @@ <dt class="title">Audit Summary</dt> <dd> <dl> + <xsl:variable name="date" select="substring-before(//*[local-name(.)='TestResult']/@end-time, 'T')"/> + <xsl:variable name="time" select="substring-after(//*[local-name(.)='TestResult']/@end-time, 'T')"/> <dt>Benchmark ID: </dt> - <dd><xsl:value-of select="@id"/> : <xsl:value-of select="//*[local-name(.)='TestResult']/@end-time"/></dd> + <dd><xsl:value-of select="@id"/> : <xsl:value-of select="$date"/> ( <xsl:value-of select="$time"/> ) </dd> <dt>Failures: </dt> <dd><xsl:value-of select="$numBenchFail"/></dd> <dt>Mitigations: </dt> @@ -253,120 +259,75 @@ <xsl:template match="*[local-name(.)='TestResult']"> <li> - <span class="title toggle">Failures</span> + <span class="title toggle">Failures : </span><span class="count"><xsl:value-of select="$numBenchFail"/></span> <ul class="hidden"> - <xsl:choose> - <xsl:when test="$numBenchFail > 0"> + <xsl:if test="$numBenchFail > 0"> <xsl:apply-templates select="//*[local-name(.)='rule-result']/*[local-name(.)='result'][.='fail']/.."/> - </xsl:when> - <xsl:otherwise> - None - </xsl:otherwise> - </xsl:choose> + </xsl:if> </ul> </li> <li> - <span class="title toggle">Mitigations</span> + <span class="title toggle">Mitigations : </span><span class="count"><xsl:value-of select="$numBenchMitd"/></span> <ul class="hidden"> - <xsl:choose> - <xsl:when test="$numBenchMitd > 0"> + <xsl:if test="$numBenchMitd > 0"> <xsl:apply-templates select="//*[local-name(.)='rule-result']/*[local-name(.)='result'][.='informational']/.."/> - </xsl:when> - <xsl:otherwise> - None - </xsl:otherwise> - </xsl:choose> + </xsl:if> </ul> </li> <li> - <span class="title toggle">Passes</span> + <span class="title toggle">Passes : </span><span class="count"><xsl:value-of select="$numBenchPass"/></span> <ul class="hidden"> - <xsl:choose> - <xsl:when test="$numBenchPass > 0"> + <xsl:if test="$numBenchPass > 0"> <xsl:apply-templates select="//*[local-name(.)='rule-result']/*[local-name(.)='result'][.='pass']/.."/> - </xsl:when> - <xsl:otherwise> - None - </xsl:otherwise> - </xsl:choose> + </xsl:if> </ul> </li> <li> - <span class="title toggle">Error</span> + <span class="title toggle">Error : </span><span class="count"><xsl:value-of select="$numBenchError"/></span> <ul class="hidden"> - <xsl:choose> - <xsl:when test="$numBenchError > 0"> + <xsl:if test="$numBenchError > 0"> <xsl:apply-templates select="//*[local-name(.)='rule-result']/*[local-name(.)='result'][.='error']/.."/> - </xsl:when> - <xsl:otherwise> - None - </xsl:otherwise> - </xsl:choose> + </xsl:if> </ul> </li> <li> - <span class="title toggle">Unknown</span> + <span class="title toggle">Unknown : </span><span class="count"><xsl:value-of select="$numBenchUnknown"/></span> <ul class="hidden"> - <xsl:choose> - <xsl:when test="$numBenchUnknown > 0"> + <xsl:if test="$numBenchUnknown > 0"> <xsl:apply-templates select="//*[local-name(.)='rule-result']/*[local-name(.)='result'][.='unknown']/.."/> - </xsl:when> - <xsl:otherwise> - None - </xsl:otherwise> - </xsl:choose> + </xsl:if> </ul> </li> <li> - <span class="title toggle">Not Checked</span> + <span class="title toggle">Not Checked : </span><span class="count"><xsl:value-of select="$numBenchNotChecked"/></span> <ul class="hidden"> - <xsl:choose> - <xsl:when test="$numBenchNotChecked > 0"> + <xsl:if test="$numBenchNotChecked > 0"> <xsl:apply-templates select="//*[local-name(.)='rule-result']/*[local-name(.)='result'][.='notchecked']/.."/> - </xsl:when> - <xsl:otherwise> - None - </xsl:otherwise> - </xsl:choose> + </xsl:if> </ul> </li> <li> - <span class="title toggle">Not Applicable</span> + <span class="title toggle">Not Applicable : </span><span class="count"><xsl:value-of select="$numBenchNotApp"/></span> <ul class="hidden"> - <xsl:choose> - <xsl:when test="$numBenchNotApp > 0"> + <xsl:if test="$numBenchNotApp > 0"> <xsl:apply-templates select="//*[local-name(.)='rule-result']/*[local-name(.)='result'][.='notapplicable']/.."/> - </xsl:when> - <xsl:otherwise> - None - </xsl:otherwise> - </xsl:choose> + </xsl:if> </ul> </li> <li> - <span class="title toggle">Not Selected</span> + <span class="title toggle">Not Selected : </span><span class="count"><xsl:value-of select="$numBenchNotSelected"/></span> <ul class="hidden"> - <xsl:choose> - <xsl:when test="$numBenchNotSelected > 0"> + <xsl:if test="$numBenchNotSelected > 0"> <xsl:apply-templates select="//*[local-name(.)='rule-result']/*[local-name(.)='result'][.='notselected']/.."/> - </xsl:when> - <xsl:otherwise> - None - </xsl:otherwise> - </xsl:choose> + </xsl:if> </ul> </li> <li> - <span class="title toggle">Fixed</span> + <span class="title toggle">Fixed : </span><span class="count"><xsl:value-of select="$numBenchFixed"/></span> <ul class="hidden"> - <xsl:choose> - <xsl:when test="$numBenchFixed > 0"> + <xsl:if test="$numBenchFixed > 0"> <xsl:apply-templates select="//*[local-name(.)='rule-result']/*[local-name(.)='result'][.='fixed']/.."/> - </xsl:when> - <xsl:otherwise> - None - </xsl:otherwise> - </xsl:choose> + </xsl:if> </ul> </li> </xsl:template> @@ -375,10 +336,9 @@ <xsl:variable name="resultDefs" select="//*[local-name(.)='results']//*[local-name(.)='definition']"/> <xsl:variable name="ovalDefs" select="//*[local-name(.)='oval_definitions']//*[local-name(.)='definition']"/> <li> - <span class="title toggle">Failures</span> + <span class="title toggle">Failuresi : </span><span class="count"><xsl:value-of select="$numOvalFalse"/></span> <ul class="hidden"> - <xsl:choose> - <xsl:when test="$numOvalFalse > 0"> + <xsl:if test="$numOvalFalse > 0"> <xsl:for-each select="$resultDefs[@result='false']"> <xsl:variable name="defID" select="@definition_id"/> <li> @@ -392,18 +352,13 @@ </ol> </li> </xsl:for-each> - </xsl:when> - <xsl:otherwise> - None - </xsl:otherwise> - </xsl:choose> + </xsl:if> </ul> </li> <li> - <span class="title toggle">Passes</span> + <span class="title toggle">Passes : </span><span class="count"><xsl:value-of select="$numOvalTrue"/></span> <ul class="hidden"> - <xsl:choose> - <xsl:when test="$numOvalTrue > 0"> + <xsl:if test="$numOvalTrue > 0"> <xsl:for-each select="$resultDefs[@result='true']"> <xsl:variable name="defID" select="@definition_id"/> <li> @@ -417,18 +372,13 @@ </ol> </li> </xsl:for-each> - </xsl:when> - <xsl:otherwise> - None - </xsl:otherwise> - </xsl:choose> + </xsl:if> </ul> </li> <li> - <span class="title toggle">Unknown</span> + <span class="title toggle">Unknown : </span><span class="count"><xsl:value-of select="$numOvalUnknown"/></span> <ul class="hidden"> - <xsl:choose> - <xsl:when test="$numOvalUnknown > 0"> + <xsl:if test="$numOvalUnknown > 0"> <xsl:for-each select="$resultDefs[@result='unknown']"> <xsl:variable name="defID" select="@definition_id"/> <li> @@ -442,18 +392,13 @@ </ol> </li> </xsl:for-each> - </xsl:when> - <xsl:otherwise> - None - </xsl:otherwise> - </xsl:choose> + </xsl:if> </ul> </li> <li> - <span class="title toggle">Not Evaluated</span> + <span class="title toggle">Not Evaluated : </span><span class="count"><xsl:value-of select="$numOvalNotEval"/></span> <ul class="hidden"> - <xsl:choose> - <xsl:when test="$numOvalNotEval > 0"> + <xsl:if test="$numOvalNotEval > 0"> <xsl:for-each select="$resultDefs[@result='not evaluated']"> <xsl:variable name="defID" select="@definition_id"/> <li> @@ -467,18 +412,13 @@ </ol> </li> </xsl:for-each> - </xsl:when> - <xsl:otherwise> - None - </xsl:otherwise> - </xsl:choose> + </xsl:if> </ul> </li> <li> - <span class="title toggle">Not Applicable</span> + <span class="title toggle">Not Applicable : </span><span class="count"><xsl:value-of select="$numOvalNotApp"/></span> <ul class="hidden"> - <xsl:choose> - <xsl:when test="$numOvalNotApp > 0"> + <xsl:if test="$numOvalNotApp > 0"> <xsl:for-each select="$resultDefs[@result='not applicable']"> <xsl:variable name="defID" select="@definition_id"/> <li> @@ -492,11 +432,7 @@ </ol> </li> </xsl:for-each> - </xsl:when> - <xsl:otherwise> - None - </xsl:otherwise> - </xsl:choose> + </xsl:if> </ul> </li> </xsl:template> @@ -529,38 +465,42 @@ <xsl:variable name="idref" select="@idref"/> <xsl:variable name="rule" select="//*[local-name(.)='Rule'][@id=$idref]"/> <li> - <span class="title toggle"><xsl:value-of select="$idref"/></span> - <ul class="hidden"> + <span class="title toggle"><xsl:value-of select="$idref"/> : </span> + <span><xsl:value-of select="$rule/*[local-name(.)='description']"/></span> + <ol class="hidden"> + <xsl:if test="$status = 'fail'"> + FixText : <xsl:value-of select="$rule/*[local-name(.)='fixtext']"/> + </xsl:if> <xsl:if test="$status = 'informational'"> <xsl:variable name="authBy" select="$override/*[local-name(.)='authority']"/> - <dl class="details"> - <dt>Old Result: </dt> - <dd><xsl:value-of select="$override/*[local-name(.)='old-result']"/></dd> - <dt>New Result: </dt> - <dd><xsl:value-of select="$override/*[local-name(.)='new-result']"/></dd> - <dt>Authority: </dt> + <table class="details"> + <tr> + <td>Old Result: </td> + <td class="title"><xsl:value-of select="$override/*[local-name(.)='old-result']"/></td> + </tr> + <tr> + <td>New Result: </td> + <td class="title"><xsl:value-of select="$override/*[local-name(.)='new-result']"/></td> + </tr> + <tr> + <td>Authority: </td> <xsl:choose> <xsl:when test="not($authBy)"> - <dd>N/A</dd> + <td class="title">N/A</td> </xsl:when> <xsl:otherwise> - <dd><xsl:value-of select="$authBy"/></dd> + <td class="title"><xsl:value-of select="$authBy"/></td> </xsl:otherwise> </xsl:choose> - <dt>Remark: </dt> - <dd><xsl:value-of select="$override/*[local-name(.)='remark']"/></dd> - </dl> + </tr> + <tr> + <td>Remark: </td> + <td class="title"><xsl:value-of select="$override/*[local-name(.)='remark']"/></td> + </tr> + </table> </xsl:if> - <li> - <span class="toggle"><xsl:value-of select="$rule/*[local-name(.)='description']"/></span> - <ol class="hidden"> - <xsl:apply-templates select="$rule//*[local-name(.)='check-content-ref']"/> - </ol> - <xsl:if test="$status = 'fail'"> - <xsl:apply-templates select="$rule/*[local-name(.)='fixtext']"/> - </xsl:if> - </li> - </ul> + <xsl:apply-templates select="$rule//*[local-name(.)='check-content-ref']"/> + </ol> </li> </xsl:template> @@ -660,6 +600,7 @@ <xsl:variable name="item_id" select="@item_id"/> <xsl:variable name="result" select="@result"/> <dd><dl> +  <xsl:for-each select="//*[local-name(.)='system_data']//*[@id=$item_id]"> <dt class="toggle"><xsl:value-of select="local-name(.)"/> [ <span class="title"> <xsl:value-of select="$result"/> </span> ] </dt> <dd class="hidden"> @@ -678,22 +619,6 @@ <xsl:template match="*[local-name(.)='tested_variable']"> <li><xsl:value-of select="."/></li> -  </xsl:template> <xsl:template match="*[local-name(.)='states']/*"> @@ -703,10 +628,11 @@ <dd class="hidden"> <xsl:if test="@var_ref != ''"> <xsl:variable name="var" select="@var_ref"/> - + <dl> <xsl:apply-templates select="//*[local-name(.)='variables']/*[local-name(.)][@id=$var]"> <xsl:with-param name="var" select="$var"/> </xsl:apply-templates> + </dl> </xsl:if> <xsl:value-of select="."/> </dd> @@ -717,32 +643,91 @@ <xsl:template match="*[local-name(.)='external_variable']"> <xsl:param name="var"/> <xsl:variable name="value_id" select="$original//*[local-name(.)='check-export'][@export-name=$var]/@value-id"/> - <dl> <dt class="toggle"><xsl:value-of select="local-name(.)"/></dt> <dd class="hidden"><xsl:apply-templates select="$original//*[local-name(.)='Value'][@id=$value_id]"/></dd> - </dl> </xsl:template> <xsl:template match="*[local-name(.)='constant_variable']"> + <dt class="toggle"><xsl:value-of select="local-name(.)"/></dt> + <dd> <table> - <tr> - <xsl:for-each select="*"> - <td><xsl:value-of select="local-name(.)"/></td> - <td><xsl:value-of select="."/></td> - </xsl:for-each> - </tr> + <tr> + <xsl:for-each select="*"> + <td><xsl:value-of select="local-name(.)"/></td> + <td><xsl:value-of select="."/></td> + </xsl:for-each> + </tr> </table> + </dd> </xsl:template> <xsl:template match="*[local-name(.)='local_variable']"> - <table> - <tr> + <dt class="toggle"><xsl:value-of select="local-name(.)"/></dt> + <dd class="hidden"> + <dl> <xsl:for-each select="*"> - <td><xsl:value-of select="local-name(.)"/></td> - <td><xsl:value-of select="."/></td> + <dt class="toggle"><xsl:value-of select="local-name(.)"/></dt> + <dd class="hidden"><xsl:apply-templates select="."/></dd> </xsl:for-each> + </dl> + </dd> +</xsl:template> + +<xsl:template match="*[local-name(.)='object_component']"> + <xsl:variable name="obj_ref" select="@object_ref"/> + <dl> + <dt> + <table> + <tr> + <td>item_field:</td> + <td><xsl:value-of select="@item_field"/></td> </tr> + </table> + </dt> + <dd> + <dl> + <xsl:apply-templates select="//*[local-name(.)='collected_objects']/*[local-name(.)='object'][(a)id=$obj_ref]/*[local-name(.)='reference']"/> + </dl> + </dd> + </dl> +</xsl:template> + +<xsl:template match="*[local-name(.)='variable_component']"> + <xsl:variable name="var" select="@var_ref"/> + <dl> + <xsl:apply-templates select="//*[local-name(.)='variables']/*[local-name(.)][@id=$var]"> + <xsl:with-param name="var" select="$var"/> + </xsl:apply-templates> + </dl> +</xsl:template> + +<xsl:template match="*[local-name(.)='literal_component']"> + <dt class="toggle"><xsl:value-of select="local-name(.)"/></dt> + <dd> + <table> + <tr> + <td><xsl:value-of select="local-name(.)"/></td> + <td><xsl:value-of select="."/></td> + </tr> </table> + </dd> +</xsl:template> + +<xsl:template match="*[local-name(.)='reference']"> + <xsl:variable name="item_id" select="@item_ref"/> + <xsl:for-each select="//*[local-name(.)='system_data']//*[@id=$item_id]"> + <dt><xsl:value-of select="local-name(.)"/></dt> + <dd> + <table> + <xsl:for-each select="*"> + <tr> + <td style="font-weight: normal"><xsl:value-of select="local-name(.)"/>: </td> + <td><xsl:value-of select="."/></td> + </tr> + </xsl:for-each> + </table> + </dd> + </xsl:for-each> </xsl:template> <xsl:template match="*[local-name(.)='Value']"> -- 1.7.2.2

13 years, 8 months

1
0
0 / 0

[PATCH] Reworked handling of puppet files & remediation

by Josh Adams

Puppet files are now automatically imported when importing a benchmark (if the files are specified in the benchmark's fix elements) and will be used when remediating. --- Makefile | 3 +++ dist/secstate.spec | 5 +++++ src/bin/secstate | 11 ----------- src/etc/secstate.conf | 2 ++ src/puppet/site.pp | 3 +++ src/secstate/main.py | 42 +++++++++++++++++++++++++++++++++++++----- src/secstate/util.py | 14 +++++++++++++- 7 files changed, 63 insertions(+), 17 deletions(-) create mode 100644 src/puppet/site.pp diff --git a/Makefile b/Makefile index 57ff3e3..9a7b88b 100644 --- a/Makefile +++ b/Makefile @@ -60,6 +60,7 @@ SYSCONFDIR := $(DESTDIR)/etc DATADIR := $(DESTDIR)/var/lib SHAREDIR := $(DESTDIR)/usr/share SECSTATE_DATADIR := $(DATADIR)/secstate +SECSTATE_PUPPETDIR := $(DATADIR)/secstate/puppet BENCHDIR := $(SECSTATE_DATADIR)/benchmarks BENCHCONFDIR := $(SECSTATE_DATADIR)/configs OVALDIR := $(SECSTATE_DATADIR)/oval @@ -128,6 +129,7 @@ install: $(verbose)test -d $(PYTHON_LIB) || $(INSTALL) $(MODE_DIR) -d $(PYTHON_LIB) $(verbose)test -d $(PYTHON_LIB_SECSTATE) || $(INSTALL) $(MODE_DIR) -d $(PYTHON_LIB_SECSTATE) $(verbose)test -d $(TRANSFORMDIR) || $(INSTALL) $(MODE_DIR) -d $(TRANSFORMDIR) + $(verbose)test -d $(SECSTATE_PUPPETDIR) || $(INSTALL) $(MODE_DIR) -d $(SECSTATE_PUPPETDIR) $(verbose)$(GZIP) -c docs/secstate.1 > docs/secstate.1.gz $(verbose)$(INSTALL) $(MODE_REG) docs/secstate.1.gz $(MANDIR)/man1/secstate.1.gz $(verbose)$(INSTALL) $(MODE_EXEC) src/bin/$(PKG) $(BINDIR)/$(PKG) @@ -141,6 +143,7 @@ install: $(verbose)test -d $(PUPPET_MODULEDIR) || $(INSTALL) $(MODE_DIR) -d $(PUPPET_MODULEDIR) $(foreach module, $(MODULE_LIST), $(verbose)cp -r remediation/puppet-modules/${module} $(PUPPET_MODULEDIR);) $(verbose)cp -a src/share/transforms/* $(TRANSFORMDIR) + $(verbose)cp -a src/puppet/* $(SECSTATE_PUPPETDIR) uninstall: rm -rf $(SYSCONFDIR)/$(PKG) diff --git a/dist/secstate.spec b/dist/secstate.spec index 30e188b..c3c47ae 100644 --- a/dist/secstate.spec +++ b/dist/secstate.spec @@ -48,6 +48,8 @@ rm -rf $RPM_BUILD_ROOT %dir /var/lib/secstate/benchmarks/ %dir /var/lib/secstate/configs/ %dir /var/lib/secstate/oval/ +%dir /var/lib/secstate/puppet/ +/var/lib/secstate/puppet/* %dir /usr/share/secstate/ %dir %{_libexecdir}/%{name} %{_libexecdir}/%{name}/secstate_external_node @@ -74,6 +76,9 @@ rm -rf $RPM_BUILD_ROOT /usr/share/puppet/modules/ifdefined/* %changelog +* Wed Aug 27 2010 Joshua Adams <jadams(a)tresys.com> 0.3-12 +- Added site.pp for puppet + * Wed Aug 25 2010 Joshua Adams <jadams(a)tresys.com> 0.3-12 - Added custom XSL tranform diff --git a/src/bin/secstate b/src/bin/secstate index 1b4f985..50d05d3 100644 --- a/src/bin/secstate +++ b/src/bin/secstate @@ -221,8 +221,6 @@ def audit(arguments): def remediate(arguments): parser = OptionParser(usage="secstate remediate [options] [benchmark]") - parser.add_option('-r', '--remediation-puppet', action='store', type='string', dest='puppet_lib', metavar='FILE', - help='Specifies a single puppet file to import for using with the xccdf puppet fixes') parser.add_option('-x', '--xccdf-results', action='store', type='string', dest='xccdf_results', metavar='FILE', help='XCCDF results file to provide for selective remediation') parser.add_option('-l', '--log-dest', action='store', type='string', dest='log_dest', metavar='FILE', @@ -241,15 +239,6 @@ def remediate(arguments): kwargs['verbose'] = options.verbose kwargs['yes_all'] = options.yes - if not options.puppet_lib: - sys.stderr.write('Error: You must specify a puppet library to use.\n') - return -1 - elif not os.path.exists(options.puppet_lib): - sys.stderr.write('Error: Specified puppet library does not exist : %s\n' % options.puppet_lib) - return -1 - else: - kwargs['puppet_lib'] = options.puppet_lib - if options.log_dest and not os.path.exists(options.log_dest): LOG_FILE = open(options.log_dest, "w") LOG_FILE.close() diff --git a/src/etc/secstate.conf b/src/etc/secstate.conf index a7a1d18..33c4076 100644 --- a/src/etc/secstate.conf +++ b/src/etc/secstate.conf @@ -3,6 +3,8 @@ data_dir=/var/lib/secstate benchmark_dir=/var/lib/secstate/benchmarks oval_dir=/var/lib/secstate/oval conf_dir=/var/lib/secstate/configs +puppet_dir=/var/lib/secstate/puppet +site_pp=/var/lib/secstate/puppet/site.pp oval_schema_dir=/usr/share/ovaldi oval_interpreter=openscap agressivness=1 diff --git a/src/puppet/site.pp b/src/puppet/site.pp new file mode 100644 index 0000000..ec98370 --- /dev/null +++ b/src/puppet/site.pp @@ -0,0 +1,3 @@ +# site.pp + +import "*.pp" diff --git a/src/secstate/main.py b/src/secstate/main.py index d2f4f74..9bd0579 100644 --- a/src/secstate/main.py +++ b/src/secstate/main.py @@ -272,6 +272,10 @@ class Secstate: if not value.prohibit_changes: benchmark.vals[refval.item] = value_instance_to_value(value.get_instance_by_selector(refval.selector)) + puppet_files = get_puppet_files(benchmark) + benchmark.__dict__['puppet'] = puppet_files + benchmark.config.set(benchmark.id, 'puppet', json.dumps(list(puppet_files))) + if store_path != None: id = get_benchmark_id(benchmark_file) directory = os.path.join(bench_dir, id) @@ -290,6 +294,24 @@ class Secstate: for oval in list(set(oval_files)): shutil.copy(os.path.join(oval_path, oval), directory) + + for puppet in puppet_files: + new_puppet = os.path.join(os.path.dirname(benchmark_file), puppet) + puppet_dir = self.config.get('secstate', 'puppet_dir') + if not os.path.isdir(puppet_dir): + os.makedirs(puppet_dir) + + if os.path.isfile(os.path.join(puppet_dir, puppet)): + old = open(os.path.join(puppet_dir, puppet)) + new = open(new_puppet) + if old.read() != new.read(): + self.log.info("A puppet file named '%(name)s' has already been imported. Moving old file to '%(name)s.old'" % {'name':puppet}) + os.rename(os.path.join(puppet_dir, puppet), os.path.join(puppet_dir, puppet + '.old')) + else: + continue + + shutil.copy(os.path.join(os.path.dirname(benchmark_file), puppet), self.config.get('secstate', 'puppet_dir')) + except (IOError, OSError), e: self.log.error("Error importing content: %(error)s" % {'error':e}) shutil.rmtree(directory) @@ -446,12 +468,25 @@ class Secstate: elif self.content.has_key(benchmark_id): cfg = load_config(self.content_configs[benchmark_id]) + rem_puppet = set(json.loads(cfg.get(benchmark_id, 'puppet'))) + in_use = set() + for key in self.content: + if key != benchmark_id: + key_cfg = load_config(self.content_configs[benchmark_id]) + if key_cfg.has_option(benchmark_id, 'puppet'): + in_use = in_use.union(rem_puppet, set(json.loads(key_cfg.get(benchmark_id, 'puppet')))) + + for puppet_file in rem_puppet: + if puppet_file not in in_use: + os.remove(os.path.join(self.config.get('secstate', 'puppet_dir'), puppet_file)) + try: if os.path.split(cfg.get(benchmark_id, "file"))[0] != self.config.get('secstate', 'oval_dir'): shutil.rmtree(os.path.split(cfg.get(benchmark_id, "file"))[0]) else: os.remove(cfg.get(benchmark_id, "file")) os.remove(self.content_configs[benchmark_id]) + except IOError,e: self.log.error("Error removing content: %(error)s" % {'error':e}) return False @@ -931,10 +966,7 @@ class Secstate: return (result_ids, passing_ids) - def remediate_puppet(self, args, puppet_lib=None, xccdf_results=None, log_dest=None, noop=False, verbose=False, yes_all=False): - if puppet_lib == None: - self.log.error('Error: Puppet Library: %s' % puppet_lib) - return False + def remediate_puppet(self, args, xccdf_results=None, log_dest=None, noop=False, verbose=False, yes_all=False): (result_ids, passing_ids) = self.get_passed_result_ids(xccdf_results) if result_ids == None or passing_ids == None: return False @@ -978,7 +1010,7 @@ class Secstate: handle, fname = tempfile.mkstemp(suffix='.yaml') os.write(handle, template % dict_to_external(puppet_content)) os.close(handle) - puppet_args = ['/usr/bin/puppet', '--external_node', '/usr/libexec/secstate/secstate_external_node %s' % fname, '--node_terminus', 'exec', puppet_lib] + puppet_args = ['/usr/bin/puppet', '--external_node', '/usr/libexec/secstate/secstate_external_node %s' % fname, '--node_terminus', 'exec', self.config.get('secstate', 'site_pp')] if noop: puppet_args.append('--noop') if log_dest: diff --git a/src/secstate/util.py b/src/secstate/util.py index f9d73b2..200036e 100644 --- a/src/secstate/util.py +++ b/src/secstate/util.py @@ -535,4 +535,16 @@ def dereference_sub_elements(fix, benchmark): value = benchmark.vals[id] content = re.sub(replacement_re % id, re.escape(value), content) return content - + +def get_puppet_files(benchmark): + puppet_files = set() + line_reg = re.compile(r'\s*(manifest|class|environment|parameter|array)\s*:\s*((\S+)\s*:\s*(\S+)|\S+)\s*', re.IGNORECASE) + for fix in xccdf_get_fixes(benchmark): + if fix.system == 'urn:xccdf:fix:script:puppet': + content = dereference_sub_elements(fix, benchmark) + for line in content.split('\n'): + mtch = line_reg.match(line) + if mtch: + if mtch.group(1).lower() == 'manifest': + puppet_files.add(mtch.group(2)) + return puppet_files -- 1.7.2.2

13 years, 8 months

1
0
0 / 0

[PATCH 2/2] Resolved issue with deselecting parent groups

by Josh Adams

--- src/secstate/main.py | 3 +-- src/secstate/util.py | 9 +++++++++ 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/src/secstate/main.py b/src/secstate/main.py index fe9ad94..68a9421 100644 --- a/src/secstate/main.py +++ b/src/secstate/main.py @@ -619,8 +619,7 @@ class Secstate: for item in scanned_content.selections.keys(): sel = oscap.xccdf.select_new() sel.item = item - if item == rule: - print item + if item == rule or is_parent(scanned_content.get_item(item), scanned_content.get_item(rule)): sel.selected = True else: sel.selected = False diff --git a/src/secstate/util.py b/src/secstate/util.py index f443670..f9d73b2 100644 --- a/src/secstate/util.py +++ b/src/secstate/util.py @@ -457,6 +457,15 @@ def value_instance_to_value(val_instance): elif val_instance.type == oscap.xccdf.XCCDF_TYPE_BOOLEAN: return str(val_instance.value_boolean).lower() +def is_parent(parent, item): + item_parent = item.parent + while item_parent != None: + if parent.id == item_parent.id: + return True + item_parent = item_parent.parent + + return False + def parse_puppet_fixes(benchmark, ignore_ids=[]): fixes = xccdf_get_fixes(benchmark, ignore_ids) all_puppet = {'classes' : set(), 'environment' : "", 'parameters' : {}} -- 1.7.2.2

13 years, 8 months

1
0
0 / 0

[PATCH] Updated output transformation.

by Jason Dana

Changed formatting for test information output. Modified variable output in preparation for full support. Fixed the path on document call for OVAL results. --- src/share/transforms/media/css/main.css | 6 +- src/share/transforms/results2html.xsl | 180 ++++++++++++++++++++++--------- 2 files changed, 133 insertions(+), 53 deletions(-) diff --git a/src/share/transforms/media/css/main.css b/src/share/transforms/media/css/main.css index 63ec9cb..8ffc678 100644 --- a/src/share/transforms/media/css/main.css +++ b/src/share/transforms/media/css/main.css @@ -106,7 +106,11 @@ dl dd dl dd { } .details dl dd { - padding-left: 40px; + padding-left: 20px; +} + +.details td { + padding-left: 20px; } #header { diff --git a/src/share/transforms/results2html.xsl b/src/share/transforms/results2html.xsl index 1d21f7a..c76886b 100644 --- a/src/share/transforms/results2html.xsl +++ b/src/share/transforms/results2html.xsl @@ -85,9 +85,11 @@ <div id="results"> <ul id="tree"> <xsl:apply-templates select="*[local-name(.)='Index']/*[local-name(.)='file']"/> +  <xsl:if test="$genOval"> - <xsl:apply-templates select="document(concat($path,$genOvalRes))//*[local-name(.)='interfaces']"/> + <xsl:apply-templates select="document(concat($path,$genOvalRes))//*[local-name(.)='interfaces']"/> </xsl:if> +  <xsl:apply-templates select="//*[local-name(.)='interfaces']"/> <xsl:apply-templates select="*[local-name(.)='Benchmark']//*[local-name(.)='TestResult']"/> <xsl:apply-templates select="*[local-name(.)='oval_results']"/> @@ -99,12 +101,13 @@ <xsl:template match="*[local-name(.)='Index']"> <xsl:variable name="file" select="*[local-name(.)='file']"/> + <xsl:variable name="fileDoc" select="document(concat($path,$file))"/> <xsl:choose> - <xsl:when test="document(concat($path,$file))/*[local-name(.)='oval_results']"> - <xsl:apply-templates select="document($file)//*[local-name(.)='system_info']"/> + <xsl:when test="$fileDoc/*[local-name(.)='oval_results']"> + <xsl:apply-templates select="$fileDoc//*[local-name(.)='system_info']"/> </xsl:when> <xsl:otherwise> - <xsl:variable name="ovalFile" select="document(concat($path,$file))//*[local-name(.)='check-content-ref']/@href"/> + <xsl:variable name="ovalFile" select="$fileDoc//*[local-name(.)='check-content-ref']/@href"/> <xsl:variable name="ovalRes" select="concat(substring-before($ovalFile, '.xml'), '.results.xml')"/> <xsl:apply-templates select="document(concat($path,$ovalRes))//*[local-name(.)='system_info']"/> </xsl:otherwise> @@ -219,7 +222,7 @@ <xsl:template match="*[local-name(.)='Benchmark']"> <xsl:apply-templates select="document(concat($path,$genOvalRes))//*[local-name(.)='system_info']"/> <dl id="summary"> - <dt class="title">Benchmark Summary</dt> + <dt class="title">Audit Summary</dt> <dd> <dl> <dt>Benchmark ID: </dt> @@ -500,7 +503,7 @@ <xsl:template match="*[local-name(.)='results']"> <dl id="summary"> - <dt class="title">Benchmark Summary</dt> + <dt class="title">Audit Summary</dt> <dd> <dl> <dt>Failures: </dt> @@ -581,34 +584,28 @@ <xsl:value-of select="*[local-name(.)='metadata']/*[local-name(.)='title']"/> <span class="ovalid"> ( <xsl:value-of select="@id"/> )</span> </span> + <ul> <xsl:apply-templates select="*[local-name(.)='criteria']/*[local-name(.)='criterion']"> <xsl:with-param name="defResult" select="$defResult"/> </xsl:apply-templates> + </ul> </xsl:template> <xsl:template match="*[local-name(.)='criterion']"> <xsl:param name="defResult"/> <xsl:variable name="test_id" select="@test_ref"/> - <xsl:variable name="testCheck" select="//*[local-name(.)='results']//*[local-name(.)='test'][@test_id=$test_id]"/> - <xsl:if test="$testCheck"> - <xsl:variable name="defResult" select="@result"/> - </xsl:if> - <ul> - <li>Test : <xsl:value-of select="$defResult"/><span class="ovalid"> ( <xsl:value-of select="$test_id"/> )</span></li> - <li><xsl:value-of select="//*[local-name(.)][@id=$test_id]/@comment"/></li> + <xsl:variable name="test" select="//*[local-name(.)='results']//*[local-name(.)='test'][@test_id=$test_id]"/> + <xsl:if test="$test"> + <xsl:variable name="defResult" select="@result"/> + </xsl:if> <li> - <div>Object</div> - <xsl:choose> - <xsl:when test="not($testCheck)"> - <dl class="details"> - <dt>None Collected</dt> - </dl> - </xsl:when> - <xsl:otherwise> - <xsl:apply-templates select="//*[local-name(.)='results']//*[local-name(.)='test'][@test_id=$test_id]"/> - </xsl:otherwise> - </xsl:choose> + <xsl:value-of select="//*[local-name(.)][@id=$test_id]/@comment"/> + [ <span class="title"> <xsl:value-of select="$defResult"/> </span> ] + <span class="ovalid"> ( <xsl:value-of select="$test_id"/> )</span> </li> + <ul> + <li>check: <span class="title"> <xsl:value-of select="$test/@check"/> </span></li> + <li>check_existence: <span class="title"> <xsl:value-of select="$test/@check_existence"/> </span></li> <li> <div>State</div> <xsl:for-each select="//*[local-name(.)='tests']/*[local-name(.)]"> @@ -625,47 +622,91 @@ </xsl:if> </xsl:for-each> </li> + <li> + <dl class="details"> + <xsl:choose> + <xsl:when test="not($test)"> + <dt class="title">Nothing Tested</dt> + </xsl:when> + <xsl:otherwise> + <xsl:apply-templates select="$test"/> + </xsl:otherwise> + </xsl:choose> + </dl> + </li> </ul> </xsl:template> <xsl:template match="*[local-name(.)='test']"> -<dl class="details"> - <dt>Collected Items</dt> - <xsl:for-each select="*[local-name(.)='tested_item']"> + <xsl:if test="*[local-name(.)='tested_item']"> + <dt>Tested Items</dt> + <xsl:apply-templates select="*[local-name(.)='tested_item']"/> + </xsl:if> + <xsl:if test="*[local-name(.)='tested_variable']"> + <xsl:variable name="var_id" select="*[local-name(.)='tested_variable']/@variable_id"/> + <dt>Tested Variables</dt> + <dl> + <dt class="toggle"><xsl:value-of select="//*[local-name(.)='variables']//*[@id=$var_id]/@comment"/></dt> + <dd class="hidden"> + <ul> + <xsl:apply-templates select="*[local-name(.)='tested_variable']"/> + </ul> + </dd> + </dl> + </xsl:if> +</xsl:template> + +<xsl:template match="*[local-name(.)='tested_item']"> <xsl:variable name="item_id" select="@item_id"/> + <xsl:variable name="result" select="@result"/> <dd><dl> <xsl:for-each select="//*[local-name(.)='system_data']//*[@id=$item_id]"> - <dt><xsl:value-of select="local-name(.)"/> ( ID: <xsl:value-of select="$item_id"/> )</dt> - <dd> - <dl> + <dt class="toggle"><xsl:value-of select="local-name(.)"/> [ <span class="title"> <xsl:value-of select="$result"/> </span> ] </dt> + <dd class="hidden"> + <table> <xsl:for-each select="*"> - <dt><xsl:value-of select="local-name(.)"/>: </dt> - <dd><xsl:value-of select="."/></dd> + <tr> + <td style="font-weight: normal"><xsl:value-of select="local-name(.)"/>: </td> + <td><xsl:value-of select="."/></td> + </tr> </xsl:for-each> - </dl> + </table> </dd> </xsl:for-each> </dl></dd> - </xsl:for-each> -</dl> +</xsl:template> + +<xsl:template match="*[local-name(.)='tested_variable']"> + <li><xsl:value-of select="."/></li> +  </xsl:template> <xsl:template match="*[local-name(.)='states']/*"> <dl class="details"> <xsl:for-each select="*"> - <dt><xsl:value-of select="local-name(.)"/></dt> - <dd> + <dt class="toggle"><xsl:value-of select="local-name(.)"/></dt> + <dd class="hidden"> <xsl:if test="@var_ref != ''"> <xsl:variable name="var" select="@var_ref"/> - <xsl:for-each select="//*[local-name(.)='variables']/*[local-name(.)]"> - <xsl:if test="@id = $var and local-name(.) = 'external_variable'"> - <xsl:variable name="value_id" select="$original//*[local-name(.)='check-export'][@export-name=$var]/@value-id"/> - <dl> - <dt><xsl:value-of select="local-name(.)"/></dt> - <dd><xsl:apply-templates select="$original//*[local-name(.)='Value'][@id=$value_id]"/></dd> - </dl> - </xsl:if> - </xsl:for-each> + + <xsl:apply-templates select="//*[local-name(.)='variables']/*[local-name(.)][@id=$var]"> + <xsl:with-param name="var" select="$var"/> + </xsl:apply-templates> </xsl:if> <xsl:value-of select="."/> </dd> @@ -673,14 +714,49 @@ </dl> </xsl:template> +<xsl:template match="*[local-name(.)='external_variable']"> + <xsl:param name="var"/> + <xsl:variable name="value_id" select="$original//*[local-name(.)='check-export'][@export-name=$var]/@value-id"/> + <dl> + <dt class="toggle"><xsl:value-of select="local-name(.)"/></dt> + <dd class="hidden"><xsl:apply-templates select="$original//*[local-name(.)='Value'][@id=$value_id]"/></dd> + </dl> +</xsl:template> + +<xsl:template match="*[local-name(.)='constant_variable']"> + <table> + <tr> + <xsl:for-each select="*"> + <td><xsl:value-of select="local-name(.)"/></td> + <td><xsl:value-of select="."/></td> + </xsl:for-each> + </tr> + </table> +</xsl:template> + +<xsl:template match="*[local-name(.)='local_variable']"> + <table> + <tr> + <xsl:for-each select="*"> + <td><xsl:value-of select="local-name(.)"/></td> + <td><xsl:value-of select="."/></td> + </xsl:for-each> + </tr> + </table> +</xsl:template> + <xsl:template match="*[local-name(.)='Value']"> -<dl> +<table> <xsl:variable name="value_id" select="@value-id"/> - <dt><xsl:value-of select="@id"/></dt> - <dd><xsl:value-of select="*[local-name(.)='title']"/></dd> - <dt>value: </dt> - <dd><xsl:value-of select="*[local-name(.)='value']"/></dd> -</dl> + <tr> + <td style="font-weight: normal"><xsl:value-of select="@id"/>:</td> + <td><xsl:value-of select="*[local-name(.)='title']"/></td> + </tr> + <tr> + <td style="font-weight: normal">value: </td> + <td><xsl:value-of select="*[local-name(.)='value']"/></td> + </tr> +</table> </xsl:template> <xsl:template match="*[local-name(.)='system_info']"> -- 1.7.2.2

13 years, 8 months

1
0
0 / 0

[PATCH] Implemented selective remediation

by Josh Adams

Will prompt if no results file has been specified. Can specify results files by directory or by single file. Fixes bug #7622 --- src/bin/secstate | 2 + src/secstate/main.py | 67 +++++++++++++++++++++++++++++++++++++------------ 2 files changed, 52 insertions(+), 17 deletions(-) diff --git a/src/bin/secstate b/src/bin/secstate index c2ae1be..5fd212c 100644 --- a/src/bin/secstate +++ b/src/bin/secstate @@ -232,12 +232,14 @@ def remediate(arguments): parser.add_option('-p', '--profile', action='store', type='string', dest='profile', default=None, help="Specifies the profile to use when auditing the system") parser.add_option('-v', '--verbose', action='store_false', dest='verbose', help="Prints out extra information during the remediate process") + parser.add_option('-y', '--yes', action='store_true', dest='yes', help="Respond 'yes' to all prompts") options, args = parser.parse_args(arguments) kwargs = {} kwargs['args'] = args kwargs['verbose'] = options.verbose + kwargs['yes_all'] = options.yes if not options.puppet_lib: sys.stderr.write('Error: You must specify a puppet library to use.\n') diff --git a/src/secstate/main.py b/src/secstate/main.py index 4831a20..b4c1d7f 100644 --- a/src/secstate/main.py +++ b/src/secstate/main.py @@ -891,39 +891,72 @@ class Secstate: def get_passed_result_ids(self, xccdf_results): if xccdf_results == None: - return set() + return ([], set()) + + result_files = [] + if os.path.isdir(xccdf_results): + for res_file in os.listdir(xccdf_results): + if res_file.endswith(".results.xml") and is_benchmark(os.path.join(xccdf_results, res_file)): + result_files.append(os.path.join(xccdf_results, res_file)) + + elif os.path.isfile(xccdf_results): + result_files.append(xccdf_results) + + result_ids = [] + for result in result_files: + benchmark = oscap.xccdf.benchmark_import(result) - benchmark = oscap.xccdf.benchmark_import(xccdf_results) - - if benchmark == None: - self.log.error("Error importing benchmark %(file)s" % {'file':xccdf_results}) - return None - - passing_ids = set() - for test_result in benchmark.results: - for rule_result in test_result.rule_results: - id = rule_result.idref - result = rule_result.result - if result != oscap.xccdf.XCCDF_RESULT_FAIL: - passing_ids.add(id) + if benchmark == None: + self.log.error("Error importing benchmark %(file)s" % {'file':result}) + return None, None + + if not self.content.has_key(benchmark.id): + self.log.error("Results file does not match any imported content") + return None, None + + imported_benchmark = self.import_content(benchmark.id) + if imported_benchmark == None: + self.log.error("Error loading imported content: %(id)s" % {'id':benchmark.id}) + return None, None + + result_ids.append(benchmark.id) + passing_ids = set() + for test_result in benchmark.results: + for rule_result in test_result.rule_results: + id = rule_result.idref + result = rule_result.result + if result != oscap.xccdf.XCCDF_RESULT_FAIL or not imported_benchmark.selections[id]: + passing_ids.add(id) - return passing_ids + return (result_ids, passing_ids) - def remediate_puppet(self, args, puppet_lib=None, xccdf_results=None, log_dest=None, noop=False, verbose=False): + def remediate_puppet(self, args, puppet_lib=None, xccdf_results=None, log_dest=None, noop=False, verbose=False, yes_all=False): if puppet_lib == None: self.log.error('Error: Puppet Library: %s' % puppet_lib) return False - passing_ids = self.get_passed_result_ids(xccdf_results) + (result_ids, passing_ids) = self.get_passed_result_ids(xccdf_results) + if result_ids == None or passing_ids == None: + return False template = '%s\n' if args == []: args = self.content.keys() for arg in args: + if arg not in result_ids and not yes_all: + inpt = raw_input("No results file provided for %s, remediate anyway? " % arg) + if inpt != 'y': + continue + benchmark = self.import_content(arg) if benchmark == None: self.log.error("Error importing content: %s" % arg) return False + if not benchmark.__dict__.has_key('oval'): + # OVAL Definition Model, so skip + continue + + self.log.info("-- Remediating %(id)s --" % {'id':arg}) try: ignore_ids = [] for key in benchmark.selections: -- 1.7.2.2

13 years, 8 months

1
0
0 / 0

[PATCH] Quick fix for auditing single rule

by Josh Adams

--- src/bin/secstate | 2 +- src/secstate/main.py | 2 ++ 2 files changed, 3 insertions(+), 1 deletions(-) diff --git a/src/bin/secstate b/src/bin/secstate index c2ae1be..44b8de1 100644 --- a/src/bin/secstate +++ b/src/bin/secstate @@ -214,7 +214,7 @@ def audit(arguments): parser.add_option('-a', '--all', action='store_true', dest='all', default=False, help="Audit everything regardless of selection status") parser.add_option('-r', '--rule', action='store', type='string', dest='rule', default=None, - help="Audit everything regardless of selection status") + help="Adit only the specified rule") (options, args) = parser.parse_args(arguments) if (not (sec_instance.audit(options.interpreter, args, all=options.all, verbose=options.verbose, profile=options.profile, results_dir=options.output, output_xml=options.xml, output_html=options.html, rule=options.rule))): return -1 diff --git a/src/secstate/main.py b/src/secstate/main.py index 4831a20..fe9ad94 100644 --- a/src/secstate/main.py +++ b/src/secstate/main.py @@ -620,6 +620,7 @@ class Secstate: sel = oscap.xccdf.select_new() sel.item = item if item == rule: + print item sel.selected = True else: sel.selected = False @@ -639,6 +640,7 @@ class Secstate: if scanned_content.get_item(profile) == None: self.log.error("Profile '%(prof)s' does not exist." % {'prof':profile}) return False + audit_profile = profile (res_benchmark, sessions) = evaluate_xccdf(scanned_content, scanned_content.id, s_profile=audit_profile, verbose=verbose) -- 1.7.2.2

13 years, 8 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

SecState-devel August 2010