[PATCH 01/15] Added --rules-without-fix to RHEL6 verify-references.py

Thu, 17 Apr 2014 20:27:06 -0700 

>From f885bf2710f4a2549d833e833d225a97e3dc182d Mon Sep 17 00:00:00 2001
From: Shawn Wells <[email protected]>
Date: Thu, 17 Apr 2014 19:19:59 -0400
Subject: [PATCH 01/15] Added --rules-without-fix to RHEL6 verify-references.py

Now gives pretty output on which XCCDF rules need remediation scripts
.... specifically made to nudge Tony James and Frank into committing some of 
their bash scripts ;)

Sample output:
$ ../utils/verify-references.py --rules-without-fix ssg-rhel6-xccdf.xml | grep 
package
No reference to fix in XCCDF Rule: no_unpackaged_sgid_files
No reference to fix in XCCDF Rule: no_unpackaged_suid_files
No reference to fix in XCCDF Rule: package_setroubleshoot_removed
No reference to fix in XCCDF Rule: package_mcstrans_removed
No reference to fix in XCCDF Rule: package_telnet_removed
No reference to fix in XCCDF Rule: package_rsh_removed
No reference to fix in XCCDF Rule: package_ypbind_removed
No reference to fix in XCCDF Rule: package_tftp_removed
No reference to fix in XCCDF Rule: packagegroup_xwindows_remove
No reference to fix in XCCDF Rule: package_sendmail_removed
No reference to fix in XCCDF Rule: package_openldap-servers_removed
---
 RHEL/6/utils/verify-references.py |    8 ++++++++
 1 files changed, 8 insertions(+), 0 deletions(-)

diff --git a/RHEL/6/utils/verify-references.py 
b/RHEL/6/utils/verify-references.py
index bac9723..e657043 100755
--- a/RHEL/6/utils/verify-references.py
+++ b/RHEL/6/utils/verify-references.py
@@ -28,6 +28,8 @@ def parse_options():
                                          help="print XCCDF Rules that 
reference an invalid/nonexistent check")
        parser.add_option("--rules-without-checks", default=False, 
action="store_true", dest="rules_without_checks",
                                          help="print XCCDF Rules that do not 
include a check")
+       parser.add_option("--rules-without-fix", default=False, 
action="store_true", dest="rules_without_fix",
+                                         help="print XCCDF Rules that do not 
include a fix")
        parser.add_option("--rules-without-severity", default=False, 
action="store_true", dest="rules_without_severity",
                                          help="print XCCDF Rules that do not 
include a severity")
        parser.add_option("--rules-without-nistrefs", default=False, 
action="store_true", dest="rules_without_nistrefs",
@@ -125,6 +127,12 @@ def main():
                        if check is None:
                                print "No reference to OVAL definition in XCCDF 
Rule: " + rule.get("id")
 
+       if options.rules_without_fix or options.all_checks:
+               for rule in rules:
+                       fix = rule.find("./{%s}fix" % xccdf_ns)
+                       if fix is None:
+                               print "No reference to fix in XCCDF Rule: " + 
rule.get("id")    
+
        if options.rules_without_severity or options.all_checks:
                for rule in rules:
                        if rule.get("severity") is None:
-- 
1.7.1


_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide














    











					Reply via email to