Re: [PATCH] allow enable_gdm_login_banner to pass if gdm isn't installed

Tue, 29 Apr 2014 09:59:25 -0700 

Thanks Maura. Pushed to master.

On 4/25/14 2:11 PM, Maura Dailey wrote:
If you're run into this situation, however unusual, then your rationale makes sense to me. ACK. 

- Maura Dailey

On 04/25/2014 11:34 AM, Paul Tittle (Contractor) wrote:

Maura,


That's a good observation. However, I have run across a use-case 
where GConf2 is installed but gdm isn't: you can have vnc sessions 
that use gnome-session. The other gconf checks are needed for that 
machine, but the gdm one isn't. So I think it may be necessary to 
have a separate gdm package check.


On 4/25/14 11:17 AM, Maura Dailey wrote:

I have an open question that you and others can weigh in on. Should 
we introduce a new check, package_gdm_installed? Or is it sufficient 
to rely on the existing check GConf2, which has gdm as a dependency? 
I had this dilemma when I submitted the other more closely related 
GConf2 dependent checks, which is why I skipped the gui banner check.


- Maura Dailey

On 04/25/2014 10:47 AM, Paul Tittle wrote:

---
  RHEL/6/input/checks/banner_gui_enabled.xml         |    3 +-

  RHEL/6/input/checks/package_gdm_installed.xml      |   26 
++++++++++++++++++++

  .../input/checks/templates/packages_installed.csv  |    1 +
  RHEL/6/input/fixes/bash/package_gdm_installed.sh   |    1 +
  4 files changed, 30 insertions(+), 1 deletions(-)
  create mode 100644 RHEL/6/input/checks/package_gdm_installed.xml
  create mode 100644 RHEL/6/input/fixes/bash/package_gdm_installed.sh


diff --git a/RHEL/6/input/checks/banner_gui_enabled.xml 
b/RHEL/6/input/checks/banner_gui_enabled.xml

index a6c147c..4be3183 100644
--- a/RHEL/6/input/checks/banner_gui_enabled.xml
+++ b/RHEL/6/input/checks/banner_gui_enabled.xml
@@ -8,7 +8,8 @@
        <description>Enable the GUI warning banner.</description>

        <reference source="rmercer" ref_id="20131104" 
ref_url="test_attestation" />

      </metadata>
-    <criteria>
+    <criteria operator="OR">

+      <extend_definition comment="gdm installed" 
definition_ref="package_gdm_installed" negate="true" />
        <criterion comment="check settings" 
test_ref="test_banner_gui_enabled" />

      </criteria>
    </definition>

diff --git a/RHEL/6/input/checks/package_gdm_installed.xml 
b/RHEL/6/input/checks/package_gdm_installed.xml

new file mode 100644
index 0000000..b9ea21f
--- /dev/null
+++ b/RHEL/6/input/checks/package_gdm_installed.xml
@@ -0,0 +1,26 @@
+<def-group>

+ <!-- THIS FILE IS GENERATED by create_package_installed.py.  DO 
NOT EDIT.  -->

+  <definition class="compliance" id="package_gdm_installed"
+  version="1">
+    <metadata>
+      <title>Package gdm Installed</title>
+      <affected family="unix">
+        <platform>Red Hat Enterprise Linux 6</platform>
+      </affected>

+      <description>The RPM package gdm should be 
installed.</description>
+      <reference source="swells" ref_id="20130829" 
ref_url="test_attestation"/>

+    </metadata>
+    <criteria>
+      <criterion comment="package gdm is installed"
+      test_ref="test_package_gdm_installed" />
+    </criteria>
+  </definition>
+  <linux:rpminfo_test check="all" check_existence="all_exist"
+  id="test_package_gdm_installed" version="1"
+  comment="package gdm is installed">
+    <linux:object object_ref="obj_package_gdm_installed" />
+  </linux:rpminfo_test>
+  <linux:rpminfo_object id="obj_package_gdm_installed" version="1">
+    <linux:name>gdm</linux:name>
+  </linux:rpminfo_object>
+</def-group>

diff --git a/RHEL/6/input/checks/templates/packages_installed.csv 
b/RHEL/6/input/checks/templates/packages_installed.csv

index 6dfc406..ef6e737 100644
--- a/RHEL/6/input/checks/templates/packages_installed.csv
+++ b/RHEL/6/input/checks/templates/packages_installed.csv
@@ -2,6 +2,7 @@ aide
  audit
  cronie
  GConf2
+gdm
  iptables
  iptables-ipv6
  irqbalance

diff --git a/RHEL/6/input/fixes/bash/package_gdm_installed.sh 
b/RHEL/6/input/fixes/bash/package_gdm_installed.sh

new file mode 100644
index 0000000..b5025fa
--- /dev/null
+++ b/RHEL/6/input/fixes/bash/package_gdm_installed.sh
@@ -0,0 +1 @@
+yum -y install gdm


_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide


_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide


_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide


_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide






















					Reply via email to