Great catch, please push!
On Tue, Mar 25, 2014 at 12:56 PM, Maura Dailey <[email protected]>wrote: > This removes the package_ntpdate_removed.xml check and the reference to it > in the service disable check. > > - Maura Dailey > > Signed-off-by: Maura Dailey <[email protected]> > --- > RHEL/6/input/checks/package_ntpdate_removed.xml | 25 > ---------------------- > RHEL/6/input/checks/service_ntpdate_disabled.xml | 5 +--- > 2 files changed, 1 insertions(+), 29 deletions(-) > delete mode 100644 RHEL/6/input/checks/package_ntpdate_removed.xml > > diff --git a/RHEL/6/input/checks/package_ntpdate_removed.xml > b/RHEL/6/input/checks/package_ntpdate_removed.xml > deleted file mode 100644 > index a78fb82..0000000 > --- a/RHEL/6/input/checks/package_ntpdate_removed.xml > +++ /dev/null > @@ -1,25 +0,0 @@ > -<def-group> > - <!-- THIS FILE IS GENERATED by create_package_removed.py. DO NOT EDIT. > --> > - <definition class="compliance" id="package_ntpdate_removed" > - version="1"> > - <metadata> > - <title>Package ntpdate Removed</title> > - <affected family="unix"> > - <platform>Red Hat Enterprise Linux 6</platform> > - </affected> > - <description>The RPM package ntpdate should be > removed.</description> > - </metadata> > - <criteria> > - <criterion comment="package ntpdate is removed" > - test_ref="test_package_ntpdate_removed" /> > - </criteria> > - </definition> > - <linux:rpminfo_test check="all" check_existence="none_exist" > - id="test_package_ntpdate_removed" version="1" > - comment="package ntpdate is removed"> > - <linux:object object_ref="obj_package_ntpdate" /> > - </linux:rpminfo_test> > - <linux:rpminfo_object id="obj_package_ntpdate" version="1"> > - <linux:name>ntpdate</linux:name> > - </linux:rpminfo_object> > -</def-group> > diff --git a/RHEL/6/input/checks/service_ntpdate_disabled.xml > b/RHEL/6/input/checks/service_ntpdate_disabled.xml > index 5a9559e..1aee2d9 100644 > --- a/RHEL/6/input/checks/service_ntpdate_disabled.xml > +++ b/RHEL/6/input/checks/service_ntpdate_disabled.xml > @@ -10,9 +10,7 @@ > <description>The ntpdate service should be disabled if > possible.</description> > <reference source="DS" ref_id="20130918" ref_url="test_attestation" > /> > </metadata> > - <criteria comment="package ntpdate removed or service ntpdate is not > configured to start" operator="OR"> > - <extend_definition comment="ntpdate removed" > definition_ref="package_ntpdate_removed" /> > - <criteria operator="AND" comment="service ntpdate is not configured > to start"> > + <criteria comment="service ntpdate is not configured to start" > operator="AND"> > <criterion comment="ntpdate runlevel 0" > test_ref="test_runlevel0_ntpdate" /> > <criterion comment="ntpdate runlevel 1" > test_ref="test_runlevel1_ntpdate" /> > <criterion comment="ntpdate runlevel 2" > test_ref="test_runlevel2_ntpdate" /> > @@ -21,7 +19,6 @@ > <criterion comment="ntpdate runlevel 5" > test_ref="test_runlevel5_ntpdate" /> > <criterion comment="ntpdate runlevel 6" > test_ref="test_runlevel6_ntpdate" /> > </criteria> > - </criteria> > </definition> > <unix:runlevel_test check="all" check_existence="any_exist" > comment="Runlevel test" id="test_runlevel0_ntpdate" > -- > 1.7.1 > > _______________________________________________ > scap-security-guide mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide >
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
