>From 92887af0ea7d4abe2a2be8eba01e1e46e058029f Mon Sep 17 00:00:00 2001 From: Shawn Wells <[email protected]> Date: Fri, 29 Mar 2013 19:58:49 -0400 Subject: [PATCH 13/21] Updated OVAL name of enable_selinux_bootloader - Updated OVAL rule name to match XCCDF of enable_selinux_bootloader
--- RHEL6/input/checks/enable_selinux_bootloader.xml | 23 ++++++++++++++++++++ .../checks/selinux_bootloader_notdisabled.xml | 23 -------------------- RHEL6/input/system/selinux.xml | 2 +- 3 files changed, 24 insertions(+), 24 deletions(-) create mode 100644 RHEL6/input/checks/enable_selinux_bootloader.xml delete mode 100644 RHEL6/input/checks/selinux_bootloader_notdisabled.xml diff --git a/RHEL6/input/checks/enable_selinux_bootloader.xml b/RHEL6/input/checks/enable_selinux_bootloader.xml new file mode 100644 index 0000000..a064052 --- /dev/null +++ b/RHEL6/input/checks/enable_selinux_bootloader.xml @@ -0,0 +1,23 @@ +<def-group> + <definition class="compliance" + id="selinux_bootloader_notdisabled" version="1"> + <metadata> + <title>Enable SELinux</title> + <affected family="unix"> + <platform>Red Hat Enterprise Linux 6</platform> + </affected> + <description>SELinux should be enabled</description> + </metadata> + <criteria> + <criterion test_ref="test_20104" /> + </criteria> + </definition> + <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="do it" id="test_20104" version="1"> + <ind:object object_ref="obj_20104" /> + </ind:textfilecontent54_test> + <ind:textfilecontent54_object id="obj_20104" version="1"> + <ind:filepath>/boot/grub/grub.conf</ind:filepath> + <ind:pattern operation="pattern match">^\s*kernel\s+.*(selinux|enforcing)=0.*$</ind:pattern> + <ind:instance datatype="int">1</ind:instance> + </ind:textfilecontent54_object> +</def-group> diff --git a/RHEL6/input/checks/selinux_bootloader_notdisabled.xml b/RHEL6/input/checks/selinux_bootloader_notdisabled.xml deleted file mode 100644 index a064052..0000000 --- a/RHEL6/input/checks/selinux_bootloader_notdisabled.xml +++ /dev/null @@ -1,23 +0,0 @@ -<def-group> - <definition class="compliance" - id="selinux_bootloader_notdisabled" version="1"> - <metadata> - <title>Enable SELinux</title> - <affected family="unix"> - <platform>Red Hat Enterprise Linux 6</platform> - </affected> - <description>SELinux should be enabled</description> - </metadata> - <criteria> - <criterion test_ref="test_20104" /> - </criteria> - </definition> - <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="do it" id="test_20104" version="1"> - <ind:object object_ref="obj_20104" /> - </ind:textfilecontent54_test> - <ind:textfilecontent54_object id="obj_20104" version="1"> - <ind:filepath>/boot/grub/grub.conf</ind:filepath> - <ind:pattern operation="pattern match">^\s*kernel\s+.*(selinux|enforcing)=0.*$</ind:pattern> - <ind:instance datatype="int">1</ind:instance> - </ind:textfilecontent54_object> -</def-group> diff --git a/RHEL6/input/system/selinux.xml b/RHEL6/input/system/selinux.xml index 3678784..0659a37 100644 --- a/RHEL6/input/system/selinux.xml +++ b/RHEL6/input/system/selinux.xml @@ -98,7 +98,7 @@ it from confining system services at boot time. Further, it increases the chances that it will remain off during system operation. </rationale> <ident cce="26956-3" /> -<oval id="selinux_bootloader_notdisabled" /> +<oval id="enable_selinux_bootloader" /> <ref nist="AC-3,AC-6,AU-9" disa="22,32"/> <tested by="DS" on="20121024"/> </Rule> -- 1.7.1
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
