[PATCH 02/21] Updated package_aide_installed

Fri, 29 Mar 2013 17:28:22 -0700 

>From 9a74ba6b6b48354e210a7cd5ee2dfabf21a410c1 Mon Sep 17 00:00:00 2001
From: Shawn Wells <[email protected]>
Date: Fri, 29 Mar 2013 15:45:22 -0400
Subject: [PATCH 02/21] Updated package_aide_installed
 - Now includes bash remediation script
 - Updated XCCDF rule title to standardized package_PACKAGE_installed
 - Recursively changed rule title in associated profiles

---
 RHEL6/input/auxiliary/alt-titles-stig.xml        |    2 +-
 RHEL6/input/checks/templates/Makefile            |    1 +
 RHEL6/input/fixes/bash/package_aide_installed.sh |    1 +
 RHEL6/input/fixes/puppet-example.xml             |    2 +-
 RHEL6/input/profiles/common.xml                  |    2 +-
 RHEL6/input/profiles/manual_remediation.xml      |    2 +-
 RHEL6/input/profiles/nist-CL-IL-AL.xml           |    2 +-
 RHEL6/input/profiles/usgcb-rhel6-server.xml      |    2 +-
 RHEL6/input/system/software/integrity.xml        |    2 +-
 9 files changed, 9 insertions(+), 7 deletions(-)
 create mode 100644 RHEL6/input/fixes/bash/package_aide_installed.sh

diff --git a/RHEL6/input/auxiliary/alt-titles-stig.xml 
b/RHEL6/input/auxiliary/alt-titles-stig.xml
index af68f29..ca3f9ac 100644
--- a/RHEL6/input/auxiliary/alt-titles-stig.xml
+++ b/RHEL6/input/auxiliary/alt-titles-stig.xml
@@ -32,7 +32,7 @@ The system package management tool must cryptographically 
verify the authenticit
 <title rule="ensure_gpgcheck_never_disabled" shorttitle="Ensure gpgcheck 
Enabled For All Yum Package Repositories">
 The system package management tool must cryptographically verify the 
authenticity of all software packages during installation.
 </title>
-<title rule="install_aide" shorttitle="Install AIDE">
+<title rule="package_aide_installed" shorttitle="Install AIDE">
 A file integrity tool must be installed.
 </title>
 <title rule="aide_periodic_cron_checking" shorttitle="Configure Periodic 
Execution of AIDE">
diff --git a/RHEL6/input/checks/templates/Makefile 
b/RHEL6/input/checks/templates/Makefile
index da6568a..fbc0c34 100644
--- a/RHEL6/input/checks/templates/Makefile
+++ b/RHEL6/input/checks/templates/Makefile
@@ -29,3 +29,4 @@ find-untemplated: templates
 
 clean:
        rm output/*.xml
+       rm output/*.sh
diff --git a/RHEL6/input/fixes/bash/package_aide_installed.sh 
b/RHEL6/input/fixes/bash/package_aide_installed.sh
new file mode 100644
index 0000000..ccca946
--- /dev/null
+++ b/RHEL6/input/fixes/bash/package_aide_installed.sh
@@ -0,0 +1 @@
+yum -y install aide
diff --git a/RHEL6/input/fixes/puppet-example.xml 
b/RHEL6/input/fixes/puppet-example.xml
index 18046b1..94e448a 100644
--- a/RHEL6/input/fixes/puppet-example.xml
+++ b/RHEL6/input/fixes/puppet-example.xml
@@ -1,4 +1,4 @@
 <fix-group id="puppet-clip" system="urn:xccdf:fix:script:puppet" 
xmlns="http://checklists.nist.gov/xccdf/1.1";>
 <fix rule="disable_vsftp">class vsftp</fix>
-<fix rule="install_aide">class aide</fix>
+<fix rule="package_aide_installed">class aide</fix>
 </fix-group>
diff --git a/RHEL6/input/profiles/common.xml b/RHEL6/input/profiles/common.xml
index d80e69a..d63a875 100644
--- a/RHEL6/input/profiles/common.xml
+++ b/RHEL6/input/profiles/common.xml
@@ -11,7 +11,7 @@
 <select idref="security_patches_up_to_date" selected="true"/>
 <select idref="ensure_gpgcheck_globally_activated" selected="true"/>
 <select idref="ensure_gpgcheck_never_disabled" selected="true"/>
-<select idref="install_aide" selected="true"/>
+<select idref="package_aide_installed" selected="true"/>
 <select idref="enable_selinux_bootloader" selected="true"/>
 <select idref="no_rsh_trust_files" selected="true"/>
 <select idref="set_selinux_state" selected="true"/>
diff --git a/RHEL6/input/profiles/manual_remediation.xml 
b/RHEL6/input/profiles/manual_remediation.xml
index ea1218d..1767082 100644
--- a/RHEL6/input/profiles/manual_remediation.xml
+++ b/RHEL6/input/profiles/manual_remediation.xml
@@ -1,7 +1,7 @@
 <Profile id="manual_audits" xmlns="http://checklists.nist.gov/xccdf/1.1"; >
 <title>Profile for Attended/Manual portion of DCID6/3 remediation</title>
 <description>This profile contains items that require user interaction during 
audit.</description>
-<select idref="install_aide" selected="true"/>
+<select idref="package_aide_installed" selected="true"/>
 <select idref="install_vsftpd" selected="true"/>
 <select idref="install_openswan" selected="true"/>
 <select idref="install_screen_package" selected="true"/>
diff --git a/RHEL6/input/profiles/nist-CL-IL-AL.xml 
b/RHEL6/input/profiles/nist-CL-IL-AL.xml
index 9bbb86b..e092650 100644
--- a/RHEL6/input/profiles/nist-CL-IL-AL.xml
+++ b/RHEL6/input/profiles/nist-CL-IL-AL.xml
@@ -293,7 +293,7 @@ assurance."</description>
        changes to relevant files -->
 
 <!-- CM-6(d) -->
-<select idref="install_aide" selected="true" \>
+<select idref="package_aide_installed" selected="true" \>
 <select idref="disable_prelink" selected="true" \>
 <select idref="aide_build_database" selected="true" \>
 <select idref="aide_periodic_cron_checking" selected="true" \>
diff --git a/RHEL6/input/profiles/usgcb-rhel6-server.xml 
b/RHEL6/input/profiles/usgcb-rhel6-server.xml
index ec280f7..af95ac2 100644
--- a/RHEL6/input/profiles/usgcb-rhel6-server.xml
+++ b/RHEL6/input/profiles/usgcb-rhel6-server.xml
@@ -12,7 +12,7 @@
 <select idref="security_patches_up_to_date" selected="true" />
 <select idref="ensure_gpgcheck_globally_activated" selected="true" />
 <select idref="ensure_gpgcheck_never_disabled" selected="true" />
-<select idref="install_aide" selected="true" />
+<select idref="package_aide_installed" selected="true" />
 <select idref="rpm_verify_permissions" selected="true" />
 <select idref="rpm_verify_hashes" selected="true" />
 <select idref="mountopt_nodev_on_nonroot_partitions" selected="true" />
diff --git a/RHEL6/input/system/software/integrity.xml 
b/RHEL6/input/system/software/integrity.xml
index ba5f595..7c67419 100644
--- a/RHEL6/input/system/software/integrity.xml
+++ b/RHEL6/input/system/software/integrity.xml
@@ -25,7 +25,7 @@ configurable, with further configuration information located 
in
 <tt>/usr/share/doc/aide-<i>VERSION</i></tt></description>
 
 
-<Rule id="install_aide" severity="medium">
+<Rule id="package_aide_installed" severity="medium">
 <title>Install AIDE</title>
 <description>
 Install the AIDE package with the command:
-- 
1.7.1


_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide






















					Reply via email to