Hello David, ----- Original Message ----- > From: "David Smith" <[email protected]> > To: "SCAP Security Guide" <[email protected]> > Sent: Friday, June 27, 2014 8:21:20 PM > Subject: Re: [PATCH] Added vsftpd OVAL check and modified > packages_installed.csv file > > Jan, > > I may be missing something, then. The 'install_vsftpd' rule was flagged by > 'make validate', and I was unable to locate the OVAL referenced in the XCCDF > - in either the RHEL/6 or shared/oval directories. Here's my > verification/sanity check of this from just a second ago: > > [root@localhost checks]# git pull > Already up-to-date. > [root@localhost checks]# ls | grep package_vsftpd ; file > package_vsftpd_installed.xml > package_vsftpd_installed.xml > package_vsftpd_removed.xml > package_vsftpd_installed.xml: ASCII HTML document text > [root@localhost checks]# ls ../../../../shared/oval/package_ > package_aide_installed.xml package_ntp_installed.xml > package_openssh-server_removed.xml > [root@localhost checks]# ls ../../../../shared/oval/package_
There needs to be something rusty with that repository then. 'install_vsftpd' rule has been updated more than a month ago: https://git.fedorahosted.org/cgit/scap-security-guide.git/log/RHEL/6/input/checks/package_vsftpd_installed.xml https://git.fedorahosted.org/cgit/scap-security-guide.git/commit/?id=d08eb51149b0330b66582c3ec57d9ac05373283d What has 'git log' on that repository to say wrt to when the most recent change happened? Either issuing just plain 'git pull' (due to custom local config) isn't automatically pulling content of master branch (is there any difference when issuing: 'git pull origin master' on that repo?), or the remote end is wrong (git remote -v), or git pull failed to merge changes & returned without error message (but I consider this scenario very unlikely / almost impossible). You can ensure to start up each time with the fresh / most recent copy of the repo via: $ rm -rf scap_security_guide_folder $ git clone ssh://git.fedorahosted.org/git/scap-security-guide.git IOW completely erasing the content & cloning the latest one each time (might be more aggressive wrt to network traffic vs git pull case, but should ensure this won't happen in the future again) at least till the issue with the configuration is fixed (based on the provided information hard to say why git pull claimed the repository being 'up2date' even when it obviously wasn't the case). Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Technologies Team > > > Dave > > > On Fri, Jun 27, 2014 at 1:06 PM, Jan Lieskovsky < [email protected] > > wrote: > > > Hello David, > > ----- Original Message ----- > > From: "David Smith" < [email protected] > > > To: [email protected] > > Sent: Friday, June 27, 2014 6:37:14 PM > > Subject: [PATCH] Added vsftpd OVAL check and modified > > packages_installed.csv file > > Just wondering, what's the motivation behind adding this check? If I am not > wrong, > the package_vsftpd_installed.xml in RHEL/6 is used from shared/oval > directory: > > scap-security-guide]$ file RHEL/6/input/checks/package_vsftpd_installed.xml > RHEL/6/input/checks/package_vsftpd_installed.xml: symbolic link to > `../../../../shared/oval/package_vsftpd_installed.xml' > > So the corresponding XCCDF definition should work without issues. If not, the > problem > should be fixed (but the rules which can be shared we would like to keep in > the /shared > directory). > > Thank you && Regards, Jan. > -- > Jan iankko Lieskovsky / Red Hat Security Technologies Team > > > > > > > Signed-off-by: David Smith < [email protected] > > > --- > > RHEL/6/input/checks/package_vsftpd_installed.xml | 26 > > ++++++++++++++++++++ > > .../input/checks/templates/packages_installed.csv | 1 + > > 2 files changed, 27 insertions(+), 0 deletions(-) > > create mode 100644 RHEL/6/input/checks/package_vsftpd_installed.xml > > > > diff --git a/RHEL/6/input/checks/package_vsftpd_installed.xml > > b/RHEL/6/input/checks/package_vsftpd_installed.xml > > new file mode 100644 > > index 0000000..e4153a1 > > --- /dev/null > > +++ b/RHEL/6/input/checks/package_vsftpd_installed.xml > > @@ -0,0 +1,26 @@ > > +<def-group> > > + <!-- THIS FILE IS GENERATED by create_package_installed.py. DO NOT EDIT. > > --> > > + <definition class="compliance" id="package_vsftpd_installed" > > + version="1"> > > + <metadata> > > + <title>Package vsftpd Installed</title> > > + <affected family="unix"> > > + <platform>Red Hat Enterprise Linux 6</platform> > > + </affected> > > + <description>The RPM package vsftpd should be installed.</description> > > + <reference source="swells" ref_id="20130829" > > ref_url="test_attestation"/> > > + </metadata> > > + <criteria> > > + <criterion comment="package vsftpd is installed" > > + test_ref="test_package_vsftpd_installed" /> > > + </criteria> > > + </definition> > > + <linux:rpminfo_test check="all" check_existence="all_exist" > > + id="test_package_vsftpd_installed" version="1" > > + comment="package vsftpd is installed"> > > + <linux:object object_ref="obj_package_vsftpd_installed" /> > > + </linux:rpminfo_test> > > + <linux:rpminfo_object id="obj_package_vsftpd_installed" version="1"> > > + <linux:name>vsftpd</linux:name> > > + </linux:rpminfo_object> > > +</def-group> > > diff --git a/RHEL/6/input/checks/templates/packages_installed.csv > > b/RHEL/6/input/checks/templates/packages_installed.csv > > index ef6e737..dc0ae21 100644 > > --- a/RHEL/6/input/checks/templates/packages_installed.csv > > +++ b/RHEL/6/input/checks/templates/packages_installed.csv > > @@ -13,3 +13,4 @@ postfix > > psacct > > rsyslog > > screen > > +vsftpd > > -- > > 1.7.1 > > > > -- > > SCAP Security Guide mailing list > > [email protected] > > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide > > https://github.com/OpenSCAP/scap-security-guide/ > -- > SCAP Security Guide mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide > https://github.com/OpenSCAP/scap-security-guide/ > > > > > -- > SCAP Security Guide mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide > https://github.com/OpenSCAP/scap-security-guide/ -- SCAP Security Guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
