[PATCH] Fixed issue when running multiple benchmarks
by Josh Adams
Running multiple benchmarks with different profiles now works. Also
fixed a typo and added the active profile to the results printed out
during an audit.
Fixes bug #7557
---
src/secstate/main.py | 10 +++++-----
src/secstate/util.py | 2 +-
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/src/secstate/main.py b/src/secstate/main.py
index 86da593..66fcb1c 100644
--- a/src/secstate/main.py
+++ b/src/secstate/main.py
@@ -497,8 +497,8 @@ class Secstate:
if selected:
parent = item.parent
while parent.id != benchmark_id:
- benchmark.config.set(active_profile, parent_id, json.dumps(sel_dict))
- self.log.debug("Setting %(id)s to %(val)s" % {'id':parent_id,
+ benchmark.config.set(active_profile, parent.id, json.dumps(sel_dict))
+ self.log.debug("Setting %(id)s to %(val)s" % {'id':parent.id,
'val':selected})
parent = parent.parent
@@ -584,16 +584,16 @@ class Secstate:
# Set profile to default found in scanned_content.config.file
if (profile == None) and (scanned_content.__dict__.has_key('config')):
if scanned_content.config.has_option(arg, 'profile'):
- profile = scanned_content.config.get(arg, 'profile')
+ audit_profile = scanned_content.config.get(arg, 'profile')
else:
- profile = NONE_PROFILE
+ audit_profile = NONE_PROFILE
if profile!= None:
if scanned_content.get_item(profile) == None:
self.log.error("Profile '%(prof)s' does not exist." % {'prof':profile})
return False
- (res_benchmark, res_models) = evaluate_xccdf(scanned_content, scanned_content.id, s_profile=profile, verbose=verbose)
+ (res_benchmark, res_models) = evaluate_xccdf(scanned_content, scanned_content.id, s_profile=audit_profile, verbose=verbose)
else:
sess = oscap.oval.agent_new_session(scanned_content, scanned_content.id)
diff --git a/src/secstate/util.py b/src/secstate/util.py
index de3d811..5def7f4 100644
--- a/src/secstate/util.py
+++ b/src/secstate/util.py
@@ -129,7 +129,7 @@ def evaluate_xccdf(benchmark, url_XCCDF, s_profile=None, all=False, verbose=Fals
ritem.end_time = time.time()
- print "--Results for '%(id)s'--" % {'id':benchmark.id}
+ print "--Results for '%(id)s' (Profile: '%(prof)s')--" % {'id':benchmark.id, 'prof':s_profile}
print "Passed:\t\t%(pass)s\n" \
"Failed:\t\t%(fail)s\n" \
"Fixed:\t\t%(fixed)s\n" \
--
1.7.2.1
13 years, 8 months
[PATCH] Fixed a typo and added error check
by Josh Adams
Forgot to add an error check when importing a benchmark's associated
OVAL content.
---
src/secstate/main.py | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/src/secstate/main.py b/src/secstate/main.py
index 86da593..bbed27b 100644
--- a/src/secstate/main.py
+++ b/src/secstate/main.py
@@ -155,7 +155,7 @@ class Secstate:
def import_oval(self, oval_file, store_path=None):
def_model = oscap.oval.definition_model_import(oval_file)
if def_model == None:
- self.log.error("Error importing OVAL content: %('file')s" % {'file':oval_file})
+ self.log.error("Error importing OVAL content: %(file)s" % {'file':oval_file})
return None
if not def_model.is_valid():
@@ -224,6 +224,8 @@ class Secstate:
for oval in list(set(oval_files)):
oval_file = os.path.join(oval_path, oval)
def_model = self.import_oval(oval_file)
+ if def_model == None:
+ return None
benchmark.__dict__['oval'][oval] = def_model
profile = oscap.xccdf.profile_new()
--
1.7.2.1
13 years, 8 months
[PATCH] Added 'help' subcommand
by Josh Adams
Can now run 'secstate help <subcommand>' and it will be equivalient to
'secstate <subcommand> -h'.
Fixes bug #7381
---
src/bin/secstate | 34 ++++++++++++++++++++++++++++++++++
1 files changed, 34 insertions(+), 0 deletions(-)
diff --git a/src/bin/secstate b/src/bin/secstate
index 6435c20..5b5b7c3 100644
--- a/src/bin/secstate
+++ b/src/bin/secstate
@@ -70,6 +70,9 @@ def main():
usage()
return -1
+ if subcommand == 'help':
+ return help(sys.argv[arg_num:])
+
if subcommand == 'import':
return import_content(sys.argv[arg_num:])
@@ -108,6 +111,37 @@ def main():
usage()
return -1
+def help(arg):
+ if arg == []:
+ usage()
+ elif arg[0] == 'import':
+ import_content(['-h'])
+ elif arg[0] == 'export':
+ export(['-h'])
+ elif arg[0] == 'remove':
+ remove(['-h'])
+ elif arg[0] == 'select':
+ select(['-h'])
+ elif arg[0] == 'deselect':
+ select(['-h'])
+ elif arg[0] == 'audit':
+ audit(['-h'])
+ elif arg[0] == 'search':
+ search(['-h'])
+ elif arg[0] == 'list':
+ list_content(['-h'])
+ elif arg[0] == 'show':
+ show(['-h'])
+ elif arg[0] == 'remediate':
+ remediate(['-h'])
+ elif arg[0] == 'save':
+ save_profile(['-h'])
+ else:
+ sys.stderr.write("Unknown subcommand '%(command)s'\n" % {'command':arg[0]})
+ usage()
+
+ return 0
+
def import_content(arguments):
parser = OptionParser(usage="secstate import [options] <content>")
parser.add_option('-c', '--cpe', action='store_true', dest='cpe', default=False,
--
1.7.2.1
13 years, 8 months
[PATCH] Added the ability to audit a single rule
by Josh Adams
Creates a temporary profile that has only the specified rule selected
and audits based on that profile.
Fixes bug #7149
---
src/bin/secstate | 4 +++-
src/secstate/main.py | 23 ++++++++++++++++++++++-
2 files changed, 25 insertions(+), 2 deletions(-)
diff --git a/src/bin/secstate b/src/bin/secstate
index 6435c20..a2ec96b 100644
--- a/src/bin/secstate
+++ b/src/bin/secstate
@@ -169,8 +169,10 @@ def audit(arguments):
help="Prints out extra information during the audit process")
parser.add_option('-a', '--all', action='store_true', dest='all', default=False,
help="Audit everything regardless of selection status")
+ parser.add_option('-r', '--rule', action='store', type='string', dest='rule', default=None,
+ help="Audit everything regardless of selection status")
(options, args) = parser.parse_args(arguments)
- if (not (sec_instance.audit(options.interpreter, args, all=options.all, verbose=options.verbose, profile=options.profile, xml=options.xml, html=options.html))):
+ if (not (sec_instance.audit(options.interpreter, args, all=options.all, verbose=options.verbose, profile=options.profile, xml=options.xml, html=options.html, rule=options.rule))):
return -1
def remediate(arguments):
diff --git a/src/secstate/main.py b/src/secstate/main.py
index a9a54a3..9a2c459 100644
--- a/src/secstate/main.py
+++ b/src/secstate/main.py
@@ -551,7 +551,7 @@ class Secstate:
return True
- def audit(self, interpreter, args, profile=None, verbose=False, all=False, xml=None, html=None):
+ def audit(self, interpreter, args, profile=None, verbose=False, all=False, xml=None, html=None, rule=None):
"""
Function: Run an audit on the system agains the given definition model
Input: Interpreter to use, args for interpreter, schema to use, specific definition or template
@@ -580,7 +580,28 @@ class Secstate:
continue
if interpreter == "openscap":
+ # If benchmark
if scanned_content.__dict__.has_key('oval'):
+ if rule != None:
+ if scanned_content.get_item(rule) == None:
+ self.log.error("Benchmark '%(bench)s' does not contain rule '%(id)s'" % {'bench':scanned_content.id,
+ 'id':rule})
+ return False
+
+ tmp_prof = oscap.xccdf.profile_new()
+ tmp_prof.id = '__tmp__'
+ for item in scanned_content.selections.keys():
+ sel = oscap.xccdf.select_new()
+ sel.item = item
+ if item == rule:
+ sel.selected = True
+ else:
+ sel.selected = False
+ tmp_prof.add_select(sel)
+
+ scanned_content.add_profile(tmp_prof)
+ profile = '__tmp__'
+
# Set profile to default found in scanned_content.config.file
if (profile == None) and (scanned_content.__dict__.has_key('config')):
if scanned_content.config.has_option(arg, 'profile'):
--
1.7.2.1
13 years, 8 months
[PATCH] Added root check
by Josh Adams
Fixes bug #6867
---
src/bin/secstate | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/src/bin/secstate b/src/bin/secstate
index 6435c20..5a47fac 100644
--- a/src/bin/secstate
+++ b/src/bin/secstate
@@ -52,6 +52,10 @@ Sub-commands:
sec_instance = secstate.Secstate(CONFIG_FILE)
def main():
+ if os.geteuid() != 0:
+ sys.stderr.write("secstate must be run as root!\n")
+ return -1
+
try:
subcommand = sys.argv[1]
except IndexError, e:
--
1.7.2.1
13 years, 8 months
[PATCH] Added function to compare config files
by Josh Adams
Ignore the first patch, had a small mistake in it.
ConfigParser does not write files the same way that it reads them in so
a separate function is necesarry to diff them.
---
testing/harness/secstate_harness/testcase.py | 29 ++++++++++++++++++++++++++
1 files changed, 29 insertions(+), 0 deletions(-)
diff --git a/testing/harness/secstate_harness/testcase.py b/testing/harness/secstate_harness/testcase.py
index f994622..28dbc23 100644
--- a/testing/harness/secstate_harness/testcase.py
+++ b/testing/harness/secstate_harness/testcase.py
@@ -30,6 +30,32 @@ def tab(lst, num_tabs=1):
def join(lst):
return ''.join(lst)
+def compare_configs(input, output):
+ in_config = ConfigParser.ConfigParser()
+ out_config = ConfigParser.ConfigParser()
+
+ in_config.read(input)
+ out_config.read(output)
+
+ if len(in_config.sections()) != len(out_config.sections()):
+ return False
+
+ for sec in in_config.sections():
+ if sec not in out_config.sections():
+ return False
+
+ if len(in_config.items(sec)) != len(out_config.items(sec)):
+ return False
+
+ for key,val in in_config.items(sec):
+ if not out_config.has_option(sec, key):
+ return False
+
+ if not val == out_config.get(sec, key):
+ return False
+
+ return True
+
class Command:
results_template = 'Command %(command_name)s Results:\n%(rc_results)s%(stdout_results)s%(stderr_results)sCommand Completed Successfully: %(success)s\n'
rc_results = 'Expected RC : %(expected)s, Actual RC : %(actual)s'
@@ -246,6 +272,9 @@ class TestCase:
opath = os.path.join(root, file)
dirname = re.sub(r'^%s(.*)' % re.escape(output_path), r'\1', root).lstrip(os.path.sep)
cpath = os.path.join(self.chroot, dirname, file)
+
+ if os.path.splitext(opath)[1] == '.cfg':
+ return compare_configs(opath, cpath)
ofile = open(opath)
otext = ofile.readlines()
--
1.7.2.1
13 years, 8 months
[PATCH] Added function to compare config files
by Josh Adams
ConfigParser does not write files in the same order they are read in, so
a separate function was necessary to compare config files.
---
testing/harness/secstate_harness/testcase.py | 29 ++++++++++++++++++++++++++
1 files changed, 29 insertions(+), 0 deletions(-)
diff --git a/testing/harness/secstate_harness/testcase.py b/testing/harness/secstate_harness/testcase.py
index f994622..c36d551 100644
--- a/testing/harness/secstate_harness/testcase.py
+++ b/testing/harness/secstate_harness/testcase.py
@@ -30,6 +30,32 @@ def tab(lst, num_tabs=1):
def join(lst):
return ''.join(lst)
+def compare_configs(input, output):
+ in_config = ConfigParser.ConfigParser()
+ out_config = ConfigParser.ConfigParser()
+
+ in_config.read(input)
+ out_config.read(output)
+
+ if len(in_config.sections()) != len(out_config.sections()):
+ return False
+
+ for sec in in_config.sections():
+ if sec not in out_config.sections():
+ return False
+
+ if len(in_config.items(sec)) != len(out_config.items(sec)):
+ return False
+
+ for key,val in in_config.items(sec):
+ if not out_config.has_option(sec, key):
+ return False
+
+ if not val == out_config.get(sec, key):
+ return False
+
+ return True
+
class Command:
results_template = 'Command %(command_name)s Results:\n%(rc_results)s%(stdout_results)s%(stderr_results)sCommand Completed Successfully: %(success)s\n'
rc_results = 'Expected RC : %(expected)s, Actual RC : %(actual)s'
@@ -246,6 +272,9 @@ class TestCase:
opath = os.path.join(root, file)
dirname = re.sub(r'^%s(.*)' % re.escape(output_path), r'\1', root).lstrip(os.path.sep)
cpath = os.path.join(self.chroot, dirname, file)
+
+ if os.splitext(opath)[1] == '.cfg':
+ return compare_configs(opath, cpath)
ofile = open(opath)
otext = ofile.readlines()
--
1.7.2.1
13 years, 8 months
[PATCH 1/5] Fixed results output when not in cwd
by Josh Adams
Fixes bug #7378
---
src/secstate/main.py | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/secstate/main.py b/src/secstate/main.py
index ce3c3fe..89d7147 100644
--- a/src/secstate/main.py
+++ b/src/secstate/main.py
@@ -602,7 +602,7 @@ class Secstate:
self.log.error("Profile '%(prof)s' does not exist." % {'prof':profile})
return False
- (res_benchmark, res_model) = evaluate_xccdf(benchmark, arg, sess, s_profile=profile, verbose=verbose)
+ (res_benchmark, res_model) = evaluate_xccdf(benchmark, benchmark.id, sess, s_profile=profile, verbose=verbose)
elif def_model != None:
(res_benchmark, res_model) = evaluate_oval(sess, verbose)
@@ -612,11 +612,11 @@ class Secstate:
return False
if xml:
- export_results(xml, arg, res_benchmark, res_model)
+ export_results(xml, res_benchmark.id, res_benchmark, res_model)
if html:
xccdf_ss = self.config.get('secstate', 'xccdf_stylesheet')
oval_ss = self.config.get('secstate', 'oval_stylesheet')
- export_results(tempfile.mkdtemp(), arg, res_benchmark, res_model, xccdf_ss, oval_ss, html_dir=html)
+ export_results(tempfile.mkdtemp(), res_benchmark.id, res_benchmark, res_model, xccdf_ss, oval_ss, html_dir=html)
return True
--
1.7.2.1
13 years, 8 months
[PATCH] Added import OVAL definition test case
by Francisco Slavin
---
.../import_oval_definition/commands/import.cmd | 1 +
.../import_oval_definition/commands/import.rc | 1 +
.../import_oval_definition/commands/import.stdout | 1 +
.../root/2-19PasswordComplexity_Lowercase.xml | 49 ++++++++++++++++++++
.../oval/2-19PasswordComplexity_Lowercase.xml | 49 ++++++++++++++++++++
testing/tests/import_oval_definition/test.manifest | 7 +++
6 files changed, 108 insertions(+), 0 deletions(-)
create mode 100644 testing/tests/import_oval_definition/commands/import.cmd
create mode 100644 testing/tests/import_oval_definition/commands/import.rc
create mode 100644 testing/tests/import_oval_definition/commands/import.stderr
create mode 100644 testing/tests/import_oval_definition/commands/import.stdout
create mode 100644 testing/tests/import_oval_definition/files/input/root/2-19PasswordComplexity_Lowercase.xml
create mode 100644 testing/tests/import_oval_definition/files/output/var/lib/secstate/oval/2-19PasswordComplexity_Lowercase.xml
create mode 100644 testing/tests/import_oval_definition/test.manifest
diff --git a/testing/tests/import_oval_definition/commands/import.cmd b/testing/tests/import_oval_definition/commands/import.cmd
new file mode 100644
index 0000000..16fd016
--- /dev/null
+++ b/testing/tests/import_oval_definition/commands/import.cmd
@@ -0,0 +1 @@
+/usr/bin/secstate import /root/2-19PasswordComplexity_Lowercase.xml
diff --git a/testing/tests/import_oval_definition/commands/import.rc b/testing/tests/import_oval_definition/commands/import.rc
new file mode 100644
index 0000000..ace9d03
--- /dev/null
+++ b/testing/tests/import_oval_definition/commands/import.rc
@@ -0,0 +1 @@
+255
diff --git a/testing/tests/import_oval_definition/commands/import.stderr b/testing/tests/import_oval_definition/commands/import.stderr
new file mode 100644
index 0000000..e69de29
diff --git a/testing/tests/import_oval_definition/commands/import.stdout b/testing/tests/import_oval_definition/commands/import.stdout
new file mode 100644
index 0000000..8b13789
--- /dev/null
+++ b/testing/tests/import_oval_definition/commands/import.stdout
@@ -0,0 +1 @@
+
diff --git a/testing/tests/import_oval_definition/files/input/root/2-19PasswordComplexity_Lowercase.xml b/testing/tests/import_oval_definition/files/input/root/2-19PasswordComplexity_Lowercase.xml
new file mode 100644
index 0000000..296ecb9
--- /dev/null
+++ b/testing/tests/import_oval_definition/files/input/root/2-19PasswordComplexity_Lowercase.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0"?>
+<o:oval_definitions xmlns:o="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix unix-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#linux linux-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#independent independent-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5 oval-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-common-5 oval-common-schema.xsd">
+ <o:generator>
+ <oval:product_name xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5">squashed circle</oval:product_name>
+ <oval:product_version xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5">0.5</oval:product_version>
+ <oval:schema_version xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5">5.6</oval:schema_version>
+ <oval:timestamp xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5">2010-03-05T12:01:28</oval:timestamp>
+ </o:generator>
+ <o:definitions>
+ <o:definition class="compliance" id="oval:com.tresys.oval.rhel:def:1000" version="1">
+ <o:metadata>
+ <o:title>Password Complexity - Lower case</o:title>
+ <o:reference ref_id="GEN000600" source="UNIX STIG"/>
+ <o:reference ref_id="pam::passwordcomplexity::lowercase" source="puppet"/>
+ <o:affected family="unix">
+ <o:platform>Red Hat Enterprise Linux 5</o:platform>
+ </o:affected>
+ <o:description>Password Complexity</o:description>
+ <puppet>
+ <puppet_class>pam::passwordcomplexity</puppet_class>
+ <puppet_definition>lowercase</puppet_definition>
+ <puppet_variable var="num">2</puppet_variable>
+ </puppet>
+ </o:metadata>
+ <o:criteria operator="AND">
+ <o:criterion test_ref="oval:com.tresys.oval.rhel:tst:1001"/>
+ </o:criteria>
+ </o:definition>
+ </o:definitions>
+ <o:tests>
+ <ind:textfilecontent54_test xmlns:ind="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" check="all" comment="Password contains minimum number of lower case letters" id="oval:com.tresys.oval.rhel:tst:1001" version="1">
+ <ind:object object_ref="oval:com.tresys.oval.rhel:obj:1002"/>
+ <ind:state state_ref="oval:com.tresys.oval.rhel:ste:1001"/>
+ </ind:textfilecontent54_test>
+ </o:tests>
+ <o:objects>
+ <ind:textfilecontent54_object xmlns:ind="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" comment="Cracklib library for PAM" id="oval:com.tresys.oval.rhel:obj:1002" version="1">
+ <ind:path>/etc/pam.d</ind:path>
+ <ind:filename>system-auth</ind:filename>
+ <ind:pattern operation="pattern match">password.*(required|requisite).*pam_cracklib\.so.*</ind:pattern>
+ <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
+ </ind:textfilecontent54_object>
+ </o:objects>
+ <o:states>
+ <ind:textfilecontent54_state xmlns:ind="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:com.tresys.oval.rhel:ste:1001" version="1">
+ <ind:text operation="pattern match">.*lcredit=-[1-9].*</ind:text>
+ </ind:textfilecontent54_state>
+ </o:states>
+</o:oval_definitions>
diff --git a/testing/tests/import_oval_definition/files/output/var/lib/secstate/oval/2-19PasswordComplexity_Lowercase.xml b/testing/tests/import_oval_definition/files/output/var/lib/secstate/oval/2-19PasswordComplexity_Lowercase.xml
new file mode 100644
index 0000000..296ecb9
--- /dev/null
+++ b/testing/tests/import_oval_definition/files/output/var/lib/secstate/oval/2-19PasswordComplexity_Lowercase.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0"?>
+<o:oval_definitions xmlns:o="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix unix-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#linux linux-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#independent independent-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5 oval-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-common-5 oval-common-schema.xsd">
+ <o:generator>
+ <oval:product_name xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5">squashed circle</oval:product_name>
+ <oval:product_version xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5">0.5</oval:product_version>
+ <oval:schema_version xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5">5.6</oval:schema_version>
+ <oval:timestamp xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5">2010-03-05T12:01:28</oval:timestamp>
+ </o:generator>
+ <o:definitions>
+ <o:definition class="compliance" id="oval:com.tresys.oval.rhel:def:1000" version="1">
+ <o:metadata>
+ <o:title>Password Complexity - Lower case</o:title>
+ <o:reference ref_id="GEN000600" source="UNIX STIG"/>
+ <o:reference ref_id="pam::passwordcomplexity::lowercase" source="puppet"/>
+ <o:affected family="unix">
+ <o:platform>Red Hat Enterprise Linux 5</o:platform>
+ </o:affected>
+ <o:description>Password Complexity</o:description>
+ <puppet>
+ <puppet_class>pam::passwordcomplexity</puppet_class>
+ <puppet_definition>lowercase</puppet_definition>
+ <puppet_variable var="num">2</puppet_variable>
+ </puppet>
+ </o:metadata>
+ <o:criteria operator="AND">
+ <o:criterion test_ref="oval:com.tresys.oval.rhel:tst:1001"/>
+ </o:criteria>
+ </o:definition>
+ </o:definitions>
+ <o:tests>
+ <ind:textfilecontent54_test xmlns:ind="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" check="all" comment="Password contains minimum number of lower case letters" id="oval:com.tresys.oval.rhel:tst:1001" version="1">
+ <ind:object object_ref="oval:com.tresys.oval.rhel:obj:1002"/>
+ <ind:state state_ref="oval:com.tresys.oval.rhel:ste:1001"/>
+ </ind:textfilecontent54_test>
+ </o:tests>
+ <o:objects>
+ <ind:textfilecontent54_object xmlns:ind="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" comment="Cracklib library for PAM" id="oval:com.tresys.oval.rhel:obj:1002" version="1">
+ <ind:path>/etc/pam.d</ind:path>
+ <ind:filename>system-auth</ind:filename>
+ <ind:pattern operation="pattern match">password.*(required|requisite).*pam_cracklib\.so.*</ind:pattern>
+ <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
+ </ind:textfilecontent54_object>
+ </o:objects>
+ <o:states>
+ <ind:textfilecontent54_state xmlns:ind="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:com.tresys.oval.rhel:ste:1001" version="1">
+ <ind:text operation="pattern match">.*lcredit=-[1-9].*</ind:text>
+ </ind:textfilecontent54_state>
+ </o:states>
+</o:oval_definitions>
diff --git a/testing/tests/import_oval_definition/test.manifest b/testing/tests/import_oval_definition/test.manifest
new file mode 100644
index 0000000..566cd6f
--- /dev/null
+++ b/testing/tests/import_oval_definition/test.manifest
@@ -0,0 +1,7 @@
+[requires]
+
+[test]
+import
+
+[verify]
+
--
1.7.2
13 years, 9 months
[PATCH] Updated import tgz test to match current output
by Francisco Slavin
---
.../tests/import_xccdf_tgz/commands/import.stdout | 6 +++---
.../output/var/lib/secstate/configs/PassComp.cfg | 1 +
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/testing/tests/import_xccdf_tgz/commands/import.stdout b/testing/tests/import_xccdf_tgz/commands/import.stdout
index 8151aeb..6e55a38 100644
--- a/testing/tests/import_xccdf_tgz/commands/import.stdout
+++ b/testing/tests/import_xccdf_tgz/commands/import.stdout
@@ -1,7 +1,7 @@
-2-19PasswordComplexity_Lowercase.xml
-2-20PasswordComplexity_MinLen.xml
2-21PasswordComplexity_Numeric.xml
+PassComp.xccdf.xml
2-23PasswordComplexity_Uppercase.xml
+2-20PasswordComplexity_MinLen.xml
+2-19PasswordComplexity_Lowercase.xml
2-22PasswordComplexity_Special.xml
-PassComp.xccdf.xml
diff --git a/testing/tests/import_xccdf_tgz/files/output/var/lib/secstate/configs/PassComp.cfg b/testing/tests/import_xccdf_tgz/files/output/var/lib/secstate/configs/PassComp.cfg
index e589a45..f68289f 100644
--- a/testing/tests/import_xccdf_tgz/files/output/var/lib/secstate/configs/PassComp.cfg
+++ b/testing/tests/import_xccdf_tgz/files/output/var/lib/secstate/configs/PassComp.cfg
@@ -1,4 +1,5 @@
[PassComp]
+profile = None
selected = True
file = /var/lib/secstate/benchmarks/PassComp/PassComp.xccdf.xml
--
1.7.2
13 years, 9 months