----- Original Message ----- > From: "Shawn Wells" <[email protected]> > To: [email protected] > Sent: Thursday, June 26, 2014 8:30:39 PM > Subject: Re: [PATCH] [RHEL/6, RHEL/7, shared] Implement OVAL check & XCCDF > definition for package_talk_removed rule > > > On 6/25/14, 10:51 AM, Jan Lieskovsky wrote: > > > > The proposed patch adds OVAL check & corresponding XCCDF definition for > RHEL-6 & RHEL-7 for "package talk removed" rule. Tested on both of RHEL-6 & > RHEL-7 > (definition works as expected on both products & is displayed properly also > in the > HTML version[s] of the guide[s]), updated test attestations & moved the OVAL > to shared. > > Please review. > > Thank you && Regards, Jan. > -- > Jan iankko Lieskovsky / Red Hat Security Technologies Team > > 0001-RHEL-6-RHEL-7-shared-Implement-OVAL-check-XCCDF-defi.patch > From bddba46840a6d3c296241efbf9c3a10cd753897c Mon Sep 17 00:00:00 2001 > From: Jan Lieskovsky <[email protected]> Date: Wed, 25 Jun 2014 16:44:23 > +0200 > Subject: [PATCH] [RHEL/6, RHEL/7, shared] Implement OVAL check & XCCDF > definition for package_talk_removed rule > > Signed-off-by: Jan Lieskovsky <[email protected]> --- > RHEL/6/input/checks/package_talk_removed.xml | 1 + > RHEL/6/input/checks/templates/packages_removed.csv | 1 + > RHEL/6/input/services/obsolete.xml | 18 +++++++++++++++ > RHEL/7/input/checks/package_talk_removed.xml | 1 + > RHEL/7/input/services/obsolete.xml | 18 +++++++++++++++ > shared/oval/package_talk_removed.xml | 26 > ++++++++++++++++++++++ > 6 files changed, 65 insertions(+) > create mode 120000 RHEL/6/input/checks/package_talk_removed.xml > create mode 120000 RHEL/7/input/checks/package_talk_removed.xml > create mode 100644 shared/oval/package_talk_removed.xml > > diff --git a/RHEL/6/input/checks/package_talk_removed.xml > b/RHEL/6/input/checks/package_talk_removed.xml > new file mode 120000 > index 0000000..6147e81 > --- /dev/null > +++ b/RHEL/6/input/checks/package_talk_removed.xml > @@ -0,0 +1 @@ > +../../../../shared/oval/package_talk_removed.xml > \ No newline at end of file > diff --git a/RHEL/6/input/checks/templates/packages_removed.csv > b/RHEL/6/input/checks/templates/packages_removed.csv > index 790b74d..a6c8e2a 100644 > --- a/RHEL/6/input/checks/templates/packages_removed.csv > +++ b/RHEL/6/input/checks/templates/packages_removed.csv > @@ -35,6 +35,7 @@ squid > subscription-manager > sysstat > talk-server > +talk > telnet > telnet-server > tftp > diff --git a/RHEL/6/input/services/obsolete.xml > b/RHEL/6/input/services/obsolete.xml > index b46a912..457d342 100644 > --- a/RHEL/6/input/services/obsolete.xml > +++ b/RHEL/6/input/services/obsolete.xml > @@ -422,5 +422,23 @@ risk of the accidental (or intentional) activation of > talk services. > <tested by="JL" on="20140625"/> > </Rule> > > +<Rule id="package_talk_removed"> > +<title>Uninstal talk Package</title> > +<description>The <tt>talk</tt> package contains the client program for the > +Internet talk protocol, which allows the user to chat with other users on > +different systems. Talk is a communication program which copies lines from > one > +terminal to the terminal of another user. > +</description> > +<ocil><package-remove-macro package="talk"/></ocil> > +<rationale> > +The talk software presents a security risk as it uses unencrypted protocols > +for communications. Removing the <tt>talk</tt> package decreases the > +risk of the accidental (or intentional) activation of talk client program. > +</rationale> > +<ident cce="" /> > +<oval id="package_talk_removed" /> > +<tested by="JL" on="20140625"/> > +</Rule> > + > </Group> > </Group> > diff --git a/RHEL/7/input/checks/package_talk_removed.xml > b/RHEL/7/input/checks/package_talk_removed.xml > new file mode 120000 > index 0000000..6147e81 > --- /dev/null > +++ b/RHEL/7/input/checks/package_talk_removed.xml > @@ -0,0 +1 @@ > +../../../../shared/oval/package_talk_removed.xml > \ No newline at end of file > diff --git a/RHEL/7/input/services/obsolete.xml > b/RHEL/7/input/services/obsolete.xml > index 4fd80a0..76f808c 100644 > --- a/RHEL/7/input/services/obsolete.xml > +++ b/RHEL/7/input/services/obsolete.xml > @@ -376,5 +376,23 @@ risk of the accidental (or intentional) activation of > talk services. > <tested by="JL" on="20140625"/> > </Rule> > > +<Rule id="package_talk_removed"> > +<title>Uninstal talk Package</title> > +<description>The <tt>talk</tt> package contains the client program for the > +Internet talk protocol, which allows the user to chat with other users on > +different systems. Talk is a communication program which copies lines from > one > +terminal to the terminal of another user. > +</description> > +<ocil><package-remove-macro package="talk"/></ocil> > +<rationale> > +The talk software presents a security risk as it uses unencrypted protocols > +for communications. Removing the <tt>talk</tt> package decreases the > +risk of the accidental (or intentional) activation of talk client program. > +</rationale> > +<ident cce="" /> > +<oval id="package_talk_removed" /> > +<tested by="JL" on="20140625"/> > +</Rule> > + > </Group> > </Group> > diff --git a/shared/oval/package_talk_removed.xml > b/shared/oval/package_talk_removed.xml > new file mode 100644 > index 0000000..122902a > --- /dev/null > +++ b/shared/oval/package_talk_removed.xml > @@ -0,0 +1,26 @@ > +<def-group> > + <definition class="compliance" id="package_talk_removed" version="2"> > + <metadata> > + <title>Package talk Removed</title> > + <affected family="unix"> > + <platform>Red Hat Enterprise Linux 6</platform> > + <platform>Red Hat Enterprise Linux 7</platform> > + </affected> > + <description>The RPM package talk should be removed.</description> > + <reference source="JL" ref_id="RHEL6_20140625" > ref_url="test_attestation"/> > + <reference source="JL" ref_id="RHEL7_20140625" > ref_url="test_attestation"/> > + </metadata> > + <criteria> > + <criterion comment="package talk is removed" > + test_ref="test_package_talk_removed" /> > + </criteria> > + </definition> > + <linux:rpminfo_test check="all" check_existence="none_exist" > + id="test_package_talk_removed" version="1" > + comment="package talk is removed"> > + <linux:object object_ref="obj_package_talk_removed" /> > + </linux:rpminfo_test> > + <linux:rpminfo_object id="obj_package_talk_removed" version="1"> > + <linux:name>talk</linux:name> > + </linux:rpminfo_object> > +</def-group> > -- > 1.8.3.1 > > s/Uninstal/Uninstall/g && ack
Thank you. Replaced & pushed. Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Technologies Team > > > > _______________________________________________ > scap-security-guide mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide > -- SCAP Security Guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
