Hi all,
I have noticed new rpm_verify.xml check with following commit message:
" the "rpm_verify.xml" check now works but a word of caution:
* it creates an approximately 250M results file
* it takes a long time to execute on a reasonably powerful system"
It's true that OVAL rpmverify is not used effectively here. You collect all
rpmverify items from all packages on a system. This is not very happy
solution. ;)
I suggest changing logic of the test. Filter out items you don't need. :)
example:
(thnx. to <mitr(a)redhat.com>)
<tests>
<lin-def:rpmverify_test check_existence="none_exist" id="oval:org.open-
scap:tst:1001" version="1" check="all" comment="Files with changed
permissions">
<lin-def:object object_ref="oval:org.open-scap:obj:1001"/>
</lin-def:rpmverify_test>
</tests>
<objects>
<lin-def:rpmverify_object id="oval:org.open-scap:obj:1001" version="1"
comment="(RPM)Verify all files">
<lin-def:behaviors nodeps="true" nofiles="false" nodigest="true"
noscripts="true" nosignature="true" nomd5="true"/>
<lin-def:name operation="pattern match">.*</lin-def:name>
<lin-def:filepath operation="pattern match">.*</lin-def:filepath>
<filter action="include">oval:org.open-scap:ste:1001</filter>
</lin-def:rpmverify_object>
</objects>
<states>
<lin-def:rpmverify_state id="oval:org.open-scap:ste:1001" version="1">
<lin-def:mode_differs>fail</lin-def:mode_differs>
</lin-def:rpmverify_state>
</states>
Regards,
Peter.