This patch does the following:
[RHEL/6] logwatch splithosts / hostlimit OVAL checks
* allow more than just one whitespace after start of new line and
before HostLimit / SplitHosts directives,
* allow comments to be present in logwatch config (remove trailing
$ from patterns),
* case-insensitively support all of possible values for SplitHosts
enabled (yes = true = on = 1),
* case-insensitively support all of possible values for HostLimit
disabled (no = false = off = 0),
* update versions and test attestations.
Ad points #1, #2, #3, and #4 -- from
/usr/share/logwatch/default.conf/logwatch.conf:
(logwatch defaults conf):
<quote>
# You can put comments anywhere you want to. They are effective for the
# rest of the line.
# this is in the format of <name> = <value>. Whitespace at the beginning
# and end of the lines is removed. Whitespace before and after the = sign
# is removed. Everything is case *insensitive*.
# Yes = True = On = 1
# No = False = Off = 0
</quote>
therefore - allow more than one whitespace at the beginning,
- allow comments,
- add (case-insensitive) support for all enabled / disabled value
alternatives,
- update versions & test attestations.
Change tested on RHEL-6 and it seems to be working properly (tested logwatch
runs properly with config value alternatives as detailed above on RHEL-6, and
that the checks return appropriate / expected results).
Please review.
Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Technologies Team
From f5810c142ac7410cf168722d558e4cdbf0fa80f9 Mon Sep 17 00:00:00 2001
From: Jan Lieskovsky <[email protected]>
Date: Fri, 7 Mar 2014 15:37:47 +0100
Subject: [PATCH] [RHEL/6] logwatch splithosts / hostlimit OVAL checks * allow
more than just one whitespace after start of new line and before HostLimit
/ SplitHosts directives, * allow comments to be present in logwatch config
(remove trailing $ from patterns), * case-insensitively support all of
possible values for SplitHosts enabled (yes = true = on = 1), *
case-insensitively support all of possible values for HostLimit disabled
(no = false = off = 0), * update versions and test attestations.
Signed-off-by: Jan Lieskovsky <[email protected]>
---
RHEL/6/input/checks/logwatch_configured_hostlimit.xml | 6 +++---
RHEL/6/input/checks/logwatch_configured_splithosts.xml | 6 +++---
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/RHEL/6/input/checks/logwatch_configured_hostlimit.xml b/RHEL/6/input/checks/logwatch_configured_hostlimit.xml
index 953fa59..8b83e6b 100644
--- a/RHEL/6/input/checks/logwatch_configured_hostlimit.xml
+++ b/RHEL/6/input/checks/logwatch_configured_hostlimit.xml
@@ -6,7 +6,7 @@
<platform>Red Hat Enterprise Linux 6</platform>
</affected>
<description>Test if HostLimit line in logwatch.conf is set appropriately.</description>
- <reference source="MED" ref_id="20130819" ref_url="test_attestation" />
+ <reference source="JL" ref_id="20140307" ref_url="test_attestation" />
</metadata>
<criteria operator="AND">
<criterion comment="Test value of HostLimit" test_ref="test_logwatch_configured_hostlimit" />
@@ -16,10 +16,10 @@
<ind:textfilecontent54_test check="all" check_existence="all_exist" comment="Test HostLimit" id="test_logwatch_configured_hostlimit" version="1">
<ind:object object_ref="object_logwatch_configured_hostlimit" />
</ind:textfilecontent54_test>
- <ind:textfilecontent54_object id="object_logwatch_configured_hostlimit" version="1">
+ <ind:textfilecontent54_object id="object_logwatch_configured_hostlimit" version="2">
<ind:path>/etc/logwatch/conf</ind:path>
<ind:filename>logwatch.conf</ind:filename>
- <ind:pattern operation="pattern match">^[\s]HostLimit[\s]*=[\s]*no[\s]*$</ind:pattern>
+ <ind:pattern operation="pattern match">^[\s]*HostLimit[\s]*=[\s]*(?i)(?:no|false|off|0)[\s]*</ind:pattern>
<ind:instance datatype="int">1</ind:instance>
</ind:textfilecontent54_object>
diff --git a/RHEL/6/input/checks/logwatch_configured_splithosts.xml b/RHEL/6/input/checks/logwatch_configured_splithosts.xml
index c399617..8d4c455 100644
--- a/RHEL/6/input/checks/logwatch_configured_splithosts.xml
+++ b/RHEL/6/input/checks/logwatch_configured_splithosts.xml
@@ -6,7 +6,7 @@
<platform>Red Hat Enterprise Linux 6</platform>
</affected>
<description>Check if SplitHosts line in logwatch.conf is set appropriately.</description>
- <reference source="MED" ref_id="20130819" ref_url="test_attestation" />
+ <reference source="JL" ref_id="20140307" ref_url="test_attestation" />
</metadata>
<criteria>
<criterion comment="Test value of SplitHosts" test_ref="test_logwatch_configured_splithosts" />
@@ -15,10 +15,10 @@
<ind:textfilecontent54_test check="all" check_existence="all_exist" comment="Test SplitHosts" id="test_logwatch_configured_splithosts" version="1">
<ind:object object_ref="object_logwatch_configured_splithosts" />
</ind:textfilecontent54_test>
- <ind:textfilecontent54_object id="object_logwatch_configured_splithosts" version="1">
+ <ind:textfilecontent54_object id="object_logwatch_configured_splithosts" version="2">
<ind:path>/etc/logwatch/conf</ind:path>
<ind:filename>logwatch.conf</ind:filename>
- <ind:pattern operation="pattern match">^[\s]SplitHosts[\s]*=[\s]*yes[\s]*$</ind:pattern>
+ <ind:pattern operation="pattern match">^[\s]*SplitHosts[\s]*=[\s]*(?i)(?:yes|true|on|1)[\s]*</ind:pattern>
<ind:instance datatype="int">1</ind:instance>
</ind:textfilecontent54_object>
</def-group>
--
1.8.3.1
_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
