>From 03dccb282ed07b1eb13bf5ef5b2c0a26613dc622 Mon Sep 17 00:00:00 2001 From: Shawn Wells <[email protected]> Date: Fri, 29 Mar 2013 19:03:13 -0400 Subject: [PATCH 07/21] Updated OVAL in partition_for_var_log_audit - Renamed OVAL rule to match XCCDF rule
--- .../checks/mount_var_log_audit_own_partition.xml | 23 -------------------- RHEL6/input/checks/partition_for_var_log_audit.xml | 23 ++++++++++++++++++++ RHEL6/input/system/software/disk_partitioning.xml | 2 +- 3 files changed, 24 insertions(+), 24 deletions(-) delete mode 100644 RHEL6/input/checks/mount_var_log_audit_own_partition.xml create mode 100644 RHEL6/input/checks/partition_for_var_log_audit.xml diff --git a/RHEL6/input/checks/mount_var_log_audit_own_partition.xml b/RHEL6/input/checks/mount_var_log_audit_own_partition.xml deleted file mode 100644 index 8407b11..0000000 --- a/RHEL6/input/checks/mount_var_log_audit_own_partition.xml +++ /dev/null @@ -1,23 +0,0 @@ -<def-group> - <definition class="compliance" id="mount_var_log_audit_own_partition" version="1"> - <metadata> - <title>Ensure /var/log/audit Located On Separate Partition</title> - <affected family="unix"> - <platform>Red Hat Enterprise Linux 6</platform> - </affected> - <description>Audit logs are stored in the /var/log/audit directory. - Ensure that it has its own partition or logical volume. Make - absolutely certain that it is large enough to store all audit logs - that will be created by the auditing daemon.</description> - </metadata> - <criteria> - <criterion test_ref="test_var_log_audit_partition" comment="/var/log/audit on own partition" /> - </criteria> - </definition> - <linux:partition_test check="all" check_existence="all_exist" id="test_var_log_audit_partition" version="1" comment="check for /var/log/audit partition"> - <linux:object object_ref="object_mount_var_log_audit_own_partition" /> - </linux:partition_test> - <linux:partition_object id="object_mount_var_log_audit_own_partition" version="1"> - <linux:mount_point>/var/log/audit</linux:mount_point> - </linux:partition_object> -</def-group> diff --git a/RHEL6/input/checks/partition_for_var_log_audit.xml b/RHEL6/input/checks/partition_for_var_log_audit.xml new file mode 100644 index 0000000..8407b11 --- /dev/null +++ b/RHEL6/input/checks/partition_for_var_log_audit.xml @@ -0,0 +1,23 @@ +<def-group> + <definition class="compliance" id="mount_var_log_audit_own_partition" version="1"> + <metadata> + <title>Ensure /var/log/audit Located On Separate Partition</title> + <affected family="unix"> + <platform>Red Hat Enterprise Linux 6</platform> + </affected> + <description>Audit logs are stored in the /var/log/audit directory. + Ensure that it has its own partition or logical volume. Make + absolutely certain that it is large enough to store all audit logs + that will be created by the auditing daemon.</description> + </metadata> + <criteria> + <criterion test_ref="test_var_log_audit_partition" comment="/var/log/audit on own partition" /> + </criteria> + </definition> + <linux:partition_test check="all" check_existence="all_exist" id="test_var_log_audit_partition" version="1" comment="check for /var/log/audit partition"> + <linux:object object_ref="object_mount_var_log_audit_own_partition" /> + </linux:partition_test> + <linux:partition_object id="object_mount_var_log_audit_own_partition" version="1"> + <linux:mount_point>/var/log/audit</linux:mount_point> + </linux:partition_object> +</def-group> diff --git a/RHEL6/input/system/software/disk_partitioning.xml b/RHEL6/input/system/software/disk_partitioning.xml index 50ae62c..15ae942 100644 --- a/RHEL6/input/system/software/disk_partitioning.xml +++ b/RHEL6/input/system/software/disk_partitioning.xml @@ -99,7 +99,7 @@ auditing cannot be halted due to the partition running out of space. </rationale> <ident cce="26436-6" /> -<oval id="mount_var_log_audit_own_partition" /> +<oval id="partition_for_var_log_audit" /> <ref nist="AU-9" disa="137,138,1208"/> <tested by="MM" on="20120928"/> </Rule> -- 1.7.1
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
