[PATCH 2/2] Tested both checks and switched to using filepath instead of separate file and path tags.

Wed, 20 Nov 2013 10:26:37 -0800 

Signed-off-by: Maura Dailey <[email protected]>
---
 RHEL6/input/checks/ldap_client_start_tls.xml      |   14 ++++-------
 RHEL6/input/checks/ldap_client_tls_cacertpath.xml |   26 ++++++++-------------
 2 files changed, 15 insertions(+), 25 deletions(-)

diff --git a/RHEL6/input/checks/ldap_client_start_tls.xml 
b/RHEL6/input/checks/ldap_client_start_tls.xml
index 184b9c2..962325e 100644
--- a/RHEL6/input/checks/ldap_client_start_tls.xml
+++ b/RHEL6/input/checks/ldap_client_start_tls.xml
@@ -1,6 +1,5 @@
 <def-group>
-  <definition class="compliance"
-  id="ldap_client_start_tls" version="1">
+  <definition class="compliance" id="ldap_client_start_tls" version="1">
     <metadata>
       <title>Configure LDAP to Use TLS for All Transactions</title>
       <affected family="unix">
@@ -10,22 +9,19 @@
       <reference source="DS" ref_id="20131018" ref_url="test_attestation" />
     </metadata>
     <criteria comment="package pam_ldap is not present" operator="OR">
-      <extend_definition comment="pam_ldap not present or not in use" 
+      <extend_definition comment="pam_ldap not present or not in use"
       definition_ref="ldap_client_pam_ldap_present" negate="true" />
       <criterion comment="look for ssl start_tls in /etc/pam_ldap.conf"
       test_ref="test_ldap_client_start_tls_ssl" />
     </criteria>
   </definition>
-  <ind:textfilecontent54_test check="all"
-  check_existence="at_least_one_exists"
+  <ind:textfilecontent54_test check="all" check_existence="at_least_one_exists"
   comment="Tests the value of the ssl start_tls setting in the 
/etc/pam_ldap.conf file"
   id="test_ldap_client_start_tls_ssl" version="1">
     <ind:object object_ref="obj_ldap_client_start_tls_ssl" />
   </ind:textfilecontent54_test>
-  <ind:textfilecontent54_object id="obj_ldap_client_start_tls_ssl"
-  version="1">
-    <ind:path>/etc</ind:path>
-    <ind:filename>pam_ldap.conf</ind:filename>
+  <ind:textfilecontent54_object id="obj_ldap_client_start_tls_ssl" version="1">
+    <ind:filepath>/etc/pam_ldap.conf</ind:filepath>
     <ind:pattern operation="pattern 
match">^[\s]*ssl[\s]+start_tls[\s]*$</ind:pattern>
     <ind:instance datatype="int">1</ind:instance>
   </ind:textfilecontent54_object>
diff --git a/RHEL6/input/checks/ldap_client_tls_cacertpath.xml 
b/RHEL6/input/checks/ldap_client_tls_cacertpath.xml
index 6fe1b31..3764cc7 100644
--- a/RHEL6/input/checks/ldap_client_tls_cacertpath.xml
+++ b/RHEL6/input/checks/ldap_client_tls_cacertpath.xml
@@ -1,15 +1,15 @@
 <def-group>
-  <definition class="compliance"
-  id="ldap_client_tls_cacertpath" version="1">
+  <definition class="compliance" id="ldap_client_tls_cacertpath" version="1">
     <metadata>
       <title>Configure LDAP CA Certificate Path</title>
       <affected family="unix">
         <platform>Red Hat Enterprise Linux 6</platform>
       </affected>
       <description>Require the use of TLS for ldap clients.</description>
+      <reference source="MED" ref_id="20131120" ref_url="test_attestation" />
     </metadata>
     <criteria comment="package pam_ldap is not present" operator="OR">
-      <extend_definition comment="pam_ldap not present or in use" 
+      <extend_definition comment="pam_ldap not present or in use"
       definition_ref="ldap_client_pam_ldap_present" negate="true" />
       <criterion comment="look for tls_cacertdir in /etc/pam_ldap.conf"
       test_ref="test_ldap_client_tls_cacertdir" />
@@ -17,31 +17,25 @@
       test_ref="test_ldap_client_tls_cacertfile" />
     </criteria>
   </definition>
-  <ind:textfilecontent54_test check="all"
-  check_existence="at_least_one_exists"
+  <ind:textfilecontent54_test check="all" check_existence="at_least_one_exists"
   comment="Tests the value of the tls_cacertdir setting in the 
/etc/pam_ldap.conf file"
   id="test_ldap_client_tls_cacertdir" version="1">
     <ind:object object_ref="obj_ldap_client_tls_cacertdir" />
   </ind:textfilecontent54_test>
-  <ind:textfilecontent54_object id="obj_ldap_client_tls_cacertdir"
-  version="1">
-    <ind:path>/etc</ind:path>
-    <ind:filename>pam_ldap.conf</ind:filename>
-    <ind:pattern operation="pattern 
match">^[\s]*tls_cacertdir[\s]+.*[\s]*$</ind:pattern>
+  <ind:textfilecontent54_object id="obj_ldap_client_tls_cacertdir" version="1">
+    <ind:filepath>/etc/pam_ldap.conf</ind:filepath>
+    <ind:pattern operation="pattern 
match">^[\s]*tls_cacertdir[\s]+(.*)$</ind:pattern>
     <ind:instance datatype="int">1</ind:instance>
   </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all"
-  check_existence="at_least_one_exists"
+  <ind:textfilecontent54_test check="all" check_existence="at_least_one_exists"
   comment="Tests the value of the tls_cacertfile setting in the 
/etc/pam_ldap.conf file"
   id="test_ldap_client_tls_cacertfile" version="1">
     <ind:object object_ref="obj_ldap_client_tls_cacertfile" />
   </ind:textfilecontent54_test>
   <ind:textfilecontent54_object id="obj_ldap_client_tls_cacertfile"
   version="1">
-    <ind:path>/etc</ind:path>
-    <ind:filename>pam_ldap.conf</ind:filename>
-    <ind:pattern operation="pattern 
match">^[\s]*tls_cacertfile[\s]+.*[\s]*$</ind:pattern>
+    <ind:filepath>/etc/pam_ldap.conf</ind:filepath>
+    <ind:pattern operation="pattern 
match">^[\s]*tls_cacertfile[\s]+(.*)$</ind:pattern>
     <ind:instance datatype="int">1</ind:instance>
   </ind:textfilecontent54_object>
 </def-group>
-- 
1.7.1

_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide

Reply via email to