Re: [PATCH 02/21] Updated package_aide_installed

Tue, 02 Apr 2013 15:36:04 -0700 

On 3/29/13 8:28 PM, Shawn Wells wrote:


0002-Updated-package_aide_installed.patch


 From 9a74ba6b6b48354e210a7cd5ee2dfabf21a410c1 Mon Sep 17 00:00:00 2001
From: Shawn Wells<[email protected]>
Date: Fri, 29 Mar 2013 15:45:22 -0400
Subject: [PATCH 02/21] Updated package_aide_installed
  - Now includes bash remediation script
  - Updated XCCDF rule title to standardized package_PACKAGE_installed
  - Recursively changed rule title in associated profiles

---
  RHEL6/input/auxiliary/alt-titles-stig.xml        |    2 +-
  RHEL6/input/checks/templates/Makefile            |    1 +
  RHEL6/input/fixes/bash/package_aide_installed.sh |    1 +
  RHEL6/input/fixes/puppet-example.xml             |    2 +-
  RHEL6/input/profiles/common.xml                  |    2 +-
  RHEL6/input/profiles/manual_remediation.xml      |    2 +-
  RHEL6/input/profiles/nist-CL-IL-AL.xml           |    2 +-
  RHEL6/input/profiles/usgcb-rhel6-server.xml      |    2 +-
  RHEL6/input/system/software/integrity.xml        |    2 +-
  9 files changed, 9 insertions(+), 7 deletions(-)
  create mode 100644 RHEL6/input/fixes/bash/package_aide_installed.sh

diff --git a/RHEL6/input/auxiliary/alt-titles-stig.xml 
b/RHEL6/input/auxiliary/alt-titles-stig.xml
index af68f29..ca3f9ac 100644
--- a/RHEL6/input/auxiliary/alt-titles-stig.xml
+++ b/RHEL6/input/auxiliary/alt-titles-stig.xml
@@ -32,7 +32,7 @@ The system package management tool must cryptographically 
verify the authenticit
  <title rule="ensure_gpgcheck_never_disabled" shorttitle="Ensure gpgcheck Enabled For 
All Yum Package Repositories">
  The system package management tool must cryptographically verify the 
authenticity of all software packages during installation.
  </title>
-<title rule="install_aide" shorttitle="Install AIDE">
+<title rule="package_aide_installed" shorttitle="Install AIDE">
  A file integrity tool must be installed.
  </title>
  <title rule="aide_periodic_cron_checking" shorttitle="Configure Periodic Execution of 
AIDE">
diff --git a/RHEL6/input/checks/templates/Makefile 
b/RHEL6/input/checks/templates/Makefile
index da6568a..fbc0c34 100644
--- a/RHEL6/input/checks/templates/Makefile
+++ b/RHEL6/input/checks/templates/Makefile
@@ -29,3 +29,4 @@ find-untemplated: templates

  
  clean:

        rm output/*.xml
+       rm output/*.sh
diff --git a/RHEL6/input/fixes/bash/package_aide_installed.sh 
b/RHEL6/input/fixes/bash/package_aide_installed.sh
new file mode 100644
index 0000000..ccca946
--- /dev/null
+++ b/RHEL6/input/fixes/bash/package_aide_installed.sh
@@ -0,0 +1 @@
+yum -y install aide
diff --git a/RHEL6/input/fixes/puppet-example.xml 
b/RHEL6/input/fixes/puppet-example.xml
index 18046b1..94e448a 100644
--- a/RHEL6/input/fixes/puppet-example.xml
+++ b/RHEL6/input/fixes/puppet-example.xml
@@ -1,4 +1,4 @@
  <fix-group id="puppet-clip" system="urn:xccdf:fix:script:puppet" 
xmlns="http://checklists.nist.gov/xccdf/1.1";>
  <fix rule="disable_vsftp">class vsftp</fix>
-<fix rule="install_aide">class aide</fix>
+<fix rule="package_aide_installed">class aide</fix>
  </fix-group>
diff --git a/RHEL6/input/profiles/common.xml b/RHEL6/input/profiles/common.xml
index d80e69a..d63a875 100644
--- a/RHEL6/input/profiles/common.xml
+++ b/RHEL6/input/profiles/common.xml
@@ -11,7 +11,7 @@
  <select idref="security_patches_up_to_date" selected="true"/>
  <select idref="ensure_gpgcheck_globally_activated" selected="true"/>
  <select idref="ensure_gpgcheck_never_disabled" selected="true"/>
-<select idref="install_aide" selected="true"/>
+<select idref="package_aide_installed" selected="true"/>
  <select idref="enable_selinux_bootloader" selected="true"/>
  <select idref="no_rsh_trust_files" selected="true"/>
  <select idref="set_selinux_state" selected="true"/>
diff --git a/RHEL6/input/profiles/manual_remediation.xml 
b/RHEL6/input/profiles/manual_remediation.xml
index ea1218d..1767082 100644
--- a/RHEL6/input/profiles/manual_remediation.xml
+++ b/RHEL6/input/profiles/manual_remediation.xml
@@ -1,7 +1,7 @@
  <Profile id="manual_audits" xmlns="http://checklists.nist.gov/xccdf/1.1";  >
  <title>Profile for Attended/Manual portion of DCID6/3 remediation</title>
  <description>This profile contains items that require user interaction during 
audit.</description>
-<select idref="install_aide" selected="true"/>
+<select idref="package_aide_installed" selected="true"/>
  <select idref="install_vsftpd" selected="true"/>
  <select idref="install_openswan" selected="true"/>
  <select idref="install_screen_package" selected="true"/>
diff --git a/RHEL6/input/profiles/nist-CL-IL-AL.xml 
b/RHEL6/input/profiles/nist-CL-IL-AL.xml
index 9bbb86b..e092650 100644
--- a/RHEL6/input/profiles/nist-CL-IL-AL.xml
+++ b/RHEL6/input/profiles/nist-CL-IL-AL.xml
@@ -293,7 +293,7 @@ assurance."</description>
        changes to relevant files -->

  
  <!-- CM-6(d) -->

-<select idref="install_aide" selected="true" \>
+<select idref="package_aide_installed" selected="true" \>
  <select idref="disable_prelink" selected="true" \>
  <select idref="aide_build_database" selected="true" \>
  <select idref="aide_periodic_cron_checking" selected="true" \>
diff --git a/RHEL6/input/profiles/usgcb-rhel6-server.xml 
b/RHEL6/input/profiles/usgcb-rhel6-server.xml
index ec280f7..af95ac2 100644
--- a/RHEL6/input/profiles/usgcb-rhel6-server.xml
+++ b/RHEL6/input/profiles/usgcb-rhel6-server.xml
@@ -12,7 +12,7 @@
  <select idref="security_patches_up_to_date" selected="true" />
  <select idref="ensure_gpgcheck_globally_activated" selected="true" />
  <select idref="ensure_gpgcheck_never_disabled" selected="true" />
-<select idref="install_aide" selected="true" />
+<select idref="package_aide_installed" selected="true" />
  <select idref="rpm_verify_permissions" selected="true" />
  <select idref="rpm_verify_hashes" selected="true" />
  <select idref="mountopt_nodev_on_nonroot_partitions" selected="true" />
diff --git a/RHEL6/input/system/software/integrity.xml 
b/RHEL6/input/system/software/integrity.xml
index ba5f595..7c67419 100644
--- a/RHEL6/input/system/software/integrity.xml
+++ b/RHEL6/input/system/software/integrity.xml
@@ -25,7 +25,7 @@ configurable, with further configuration information located 
in
  <tt>/usr/share/doc/aide-<i>VERSION</i></tt></description>

  
  
-<Rule id="install_aide" severity="medium">

+<Rule id="package_aide_installed" severity="medium">
  <title>Install AIDE</title>
  <description>
  Install the AIDE package with the command:
-- 1.7.1


Pushed per Jeff's ack

$ git push
Counting objects: 40, done.
Compressing objects: 100% (20/20), done.
Writing objects: 100% (21/21), 1.89 KiB, done.
Total 21 (delta 17), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/scap-security-guide.git
   06766fe..01fe249  master -> master



_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide






















					Reply via email to