From shawn at redhat.com Thu Aug 20 11:35:59 2015
Content-Type: multipart/mixed; boundary="===============1232937890449861315=="
MIME-Version: 1.0
From: Shawn Wells <shawn at redhat.com>
To: scap-security-guide at lists.fedorahosted.org
Subject: Re: [PATCH] Rewrote various GConf checks to standardize on
 xmlfilecontent tests and ensured they were actually checking the correct
 location (gconf.xml.mandatory, not gconf.xml.defaults).
Date: Mon, 16 Dec 2013 11:59:41 -0500
Message-ID: <52AF317D.3040103@redhat.com>
In-Reply-To: 52AF2DBA.7030001@eclipse.ncsc.mil

--===============1232937890449861315==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

On 12/16/13, 11:43 AM, Maura Dailey wrote:
> I've been out sick, but I noticed that no one seems to have looked at =

> this one. Let me know if I can push this or if I need to change =

> something.
>
> Thanks,
> Maura Dailey
>
> On 11/25/2013 04:02 PM, Maura Dailey wrote:
>> Signed-off-by: Maura Dailey <maura(a)eclipse.ncsc.mil>
>> ---
>>   .../input/checks/gconf_gnome_disable_automount.xml |   59 =

>> +++++++++++---------
>>   .../checks/gconf_gnome_disable_thumbnailers.xml    |   34 ++++++-----
>>   ...f_gnome_screensaver_idle_activation_enabled.xml |   19 ++++--
>>   .../checks/gconf_gnome_screensaver_idle_delay.xml  |   24 +++++---
>>   .../gconf_gnome_screensaver_lock_enabled.xml       |   14 +++--
>>   .../checks/gconf_gnome_screensaver_mode_blank.xml  |   12 +++-
>>   RHEL6/input/checks/package_GConf2_installed.xml    |   26 +++++++++
>>   .../input/checks/templates/packages_installed.csv  |    1 +
>>   RHEL6/input/fixes/bash/package_GConf2_installed.sh |    1 +
>>   9 files changed, 124 insertions(+), 66 deletions(-)
>>   create mode 100644 RHEL6/input/checks/package_GConf2_installed.xml
>>   create mode 100644 RHEL6/input/fixes/bash/package_GConf2_installed.sh
>>
>> diff --git a/RHEL6/input/checks/gconf_gnome_disable_automount.xml =

>> b/RHEL6/input/checks/gconf_gnome_disable_automount.xml
>> index e2e7efc..f78fc89 100644
>> --- a/RHEL6/input/checks/gconf_gnome_disable_automount.xml
>> +++ b/RHEL6/input/checks/gconf_gnome_disable_automount.xml
>> @@ -1,41 +1,46 @@
>>   <def-group>
>> -  <definition class=3D"compliance"
>> -  id=3D"gconf_gnome_disable_automount" version=3D"1">
>> +  <definition class=3D"compliance" id=3D"gconf_gnome_disable_automount" =

>> version=3D"1">
>>       <metadata>
>>         <title>Disable GNOME Automounting</title>
>>         <affected family=3D"unix">
>>           <platform>Red Hat Enterprise Linux 6</platform>
>>         </affected>
>> -      <description>The system's default desktop environment, GNOME, =

>> will mount devices and removable media (such as DVDs, CDs and USB =

>> flash drives) whenever they are inserted into the system.  Disable =

>> automount and autorun within GNOME.</description>
>> +      <description>The system's default desktop environment, GNOME, =

>> will mount
>> +      devices and removable media (such as DVDs, CDs and USB flash =

>> drives)
>> +      whenever they are inserted into the system. Disable automount =

>> and autorun
>> +      within GNOME.</description>
>> +      <reference source=3D"MED" ref_id=3D"20131125" =

>> ref_url=3D"test_attestation" />
>>       </metadata>
>> -    <criteria operator=3D"AND">
>> +    <criteria operator=3D"OR">
>> +      <extend_definition comment=3D"GConf2 installed" =

>> definition_ref=3D"package_GConf2_installed" negate=3D"true" />
>>         <criterion comment=3D"Disable automount in GNOME" =

>> test_ref=3D"test_gconf_gnome_disable_automount" />
>> -      <criterion comment=3D"Disable autorun in GNOME" =

>> test_ref=3D"test_gconf_gnome_disable_automount_autorun" />
>> +      <criterion comment=3D"Disable autorun in GNOME" =

>> test_ref=3D"test_gconf_gnome_disable_automount_autorun" />
>>       </criteria>
>>     </definition>
>> -
>> -  <ind:textfilecontent54_test check=3D"all" check_existence=3D"all_exis=
t"
>> -  comment=3D"Disable automount in GNOME"
>> -  id=3D"test_gconf_gnome_disable_automount" version=3D"1">
>> +  <ind:xmlfilecontent_test check=3D"all" check_existence=3D"all_exist"
>> +  comment=3D"Disable automount in GNOME" =

>> id=3D"test_gconf_gnome_disable_automount"
>> +  version=3D"1">
>>       <ind:object object_ref=3D"obj_gconf_gnome_disable_automount" />
>> -  </ind:textfilecontent54_test>
>> -  <ind:textfilecontent54_object =

>> id=3D"obj_gconf_gnome_disable_automount" version=3D"1">
>> - =

>> <ind:path>/etc/gconf/gconf.xml.mandatory/apps/nautilus/preferences</ind:=
path>
>> -    <ind:filename>%gconf.xml</ind:filename>
>> -    <ind:pattern operation=3D"pattern =

>> match">^\s*.entry\s+name=3D"media_automount"\s+mtime=3D"\d+"\s+type=3D"b=
ool"\s+value=3D"false"\/.$</ind:pattern>
>> -    <ind:instance datatype=3D"int">1</ind:instance>
>> -  </ind:textfilecontent54_object>
>> -
>> -  <ind:textfilecontent54_test check=3D"all" check_existence=3D"all_exis=
t"
>> -  comment=3D"Disable autorun in GNOME"
>> +    <ind:state state_ref=3D"state_gconf_gnome_disable_automount" />
>> +  </ind:xmlfilecontent_test>
>> +  <ind:xmlfilecontent_state id=3D"state_gconf_gnome_disable_automount" =

>> version=3D"1">
>> +    <ind:value_of datatype=3D"string">false</ind:value_of>
>> +  </ind:xmlfilecontent_state>
>> +  <ind:xmlfilecontent_object id=3D"obj_gconf_gnome_disable_automount" =

>> version=3D"1">
>> + =

>> <ind:filepath>/etc/gconf/gconf.xml.mandatory/apps/nautilus/preferences/%=
gconf.xml</ind:filepath>
>> + <ind:xpath>/gconf/entry[@name=3D'media_automount']/@value</ind:xpath>
>> +  </ind:xmlfilecontent_object>
>> +  <ind:xmlfilecontent_test check=3D"all" check_existence=3D"all_exist"
>> +  comment=3D"Disable autorun in GNOME"
>>     id=3D"test_gconf_gnome_disable_automount_autorun" version=3D"1">
>>       <ind:object =

>> object_ref=3D"obj_gconf_gnome_disable_automount_autorun" />
>> -  </ind:textfilecontent54_test>
>> -  <ind:textfilecontent54_object =

>> id=3D"obj_gconf_gnome_disable_automount_autorun" version=3D"1">
>> - =

>> <ind:path>/etc/gconf/gconf.xml.mandatory/apps/nautilus/preferences</ind:=
path>
>> -    <ind:filename>%gconf.xml</ind:filename>
>> -    <ind:pattern operation=3D"pattern =

>> match">^\s*.entry\s+name=3D"media_autorun_never"\s+mtime=3D"\d+"\s+type=
=3D"bool"\s+value=3D"true"\/.$</ind:pattern>
>> -    <ind:instance datatype=3D"int">1</ind:instance>
>> -  </ind:textfilecontent54_object>
>> -
>> +    <ind:state =

>> state_ref=3D"state_gconf_gnome_disable_automount_autorun" />
>> +  </ind:xmlfilecontent_test>
>> +  <ind:xmlfilecontent_state =

>> id=3D"state_gconf_gnome_disable_automount_autorun" version=3D"1">
>> +    <ind:value_of datatype=3D"string">true</ind:value_of>
>> +  </ind:xmlfilecontent_state>
>> +  <ind:xmlfilecontent_object =

>> id=3D"obj_gconf_gnome_disable_automount_autorun" version=3D"1">
>> + =

>> <ind:filepath>/etc/gconf/gconf.xml.mandatory/apps/nautilus/preferences/%=
gconf.xml</ind:filepath>
>> + <ind:xpath>/gconf/entry[@name=3D'media_autorun_never']/@value</ind:xpa=
th>
>> +  </ind:xmlfilecontent_object>
>>   </def-group>
>> diff --git a/RHEL6/input/checks/gconf_gnome_disable_thumbnailers.xml =

>> b/RHEL6/input/checks/gconf_gnome_disable_thumbnailers.xml
>> index 72bf086..80045a3 100644
>> --- a/RHEL6/input/checks/gconf_gnome_disable_thumbnailers.xml
>> +++ b/RHEL6/input/checks/gconf_gnome_disable_thumbnailers.xml
>> @@ -1,28 +1,32 @@
>>   <def-group>
>> -  <definition class=3D"compliance"
>> -  id=3D"gconf_gnome_disable_thumbnailers" version=3D"1">
>> +  <definition class=3D"compliance" =

>> id=3D"gconf_gnome_disable_thumbnailers" version=3D"1">
>>       <metadata>
>>         <title>Disable All GNOME Thumbnailers</title>
>>         <affected family=3D"unix">
>>           <platform>Red Hat Enterprise Linux 6</platform>
>>         </affected>
>> -      <description>The system's default desktop environment, GNOME, =

>> uses a number of different thumbnailer programs to generate =

>> thumbnails for any new or modified content in an opened folder. =

>> Disable the execution of these thumbnail applications within =

>> GNOME.</description>
>> +      <description>The system's default desktop environment, GNOME, =

>> uses a
>> +      number of different thumbnailer programs to generate =

>> thumbnails for any
>> +      new or modified content in an opened folder. Disable the =

>> execution of
>> +      these thumbnail applications within GNOME.</description>
>> +      <reference source=3D"MED" ref_id=3D"20131125" =

>> ref_url=3D"test_attestation" />
>>       </metadata>
>> -    <criteria>
>> +    <criteria operator=3D"OR">
>> +      <extend_definition comment=3D"GConf2 installed" =

>> definition_ref=3D"package_GConf2_installed" negate=3D"true" />
>>         <criterion comment=3D"Disable thumbnailers in GNOME" =

>> test_ref=3D"test_gconf_gnome_disable_thumbnailers" />
>>       </criteria>
>>     </definition>
>> -
>> -  <ind:textfilecontent54_test check=3D"all" check_existence=3D"none_exi=
st"
>> -  comment=3D"Disable thumbnailers in GNOME"
>> +  <ind:xmlfilecontent_test check=3D"all" check_existence=3D"all_exist"
>> +  comment=3D"Disable thumbnailers in GNOME"
>>     id=3D"test_gconf_gnome_disable_thumbnailers" version=3D"1">
>>       <ind:object object_ref=3D"obj_gconf_gnome_disable_thumbnailers" />
>> -  </ind:textfilecontent54_test>
>> -  <ind:textfilecontent54_object =

>> id=3D"obj_gconf_gnome_disable_thumbnailers" version=3D"1">
>> - =

>> <ind:path>/etc/gconf/gconf.xml.mandatory/desktop/gnome/thumbnailers</ind=
:path>
>> -    <ind:filename>%gconf.xml</ind:filename>
>> -    <ind:pattern operation=3D"pattern =

>> match">^\s*.entry\s+name=3D"disable_all"\s+mtime=3D"\d+"\s+type=3D"bool"=
\s+value=3D"true"\/.$</ind:pattern>
>> -    <ind:instance datatype=3D"int">1</ind:instance>
>> -  </ind:textfilecontent54_object>
>> -
>> +    <ind:state state_ref=3D"state_gconf_gnome_disable_thumbnailers" />
>> +  </ind:xmlfilecontent_test>
>> +  <ind:xmlfilecontent_state =

>> id=3D"state_gconf_gnome_disable_thumbnailers" version=3D"1">
>> +    <ind:value_of datatype=3D"string">true</ind:value_of>
>> +  </ind:xmlfilecontent_state>
>> +  <ind:xmlfilecontent_object =

>> id=3D"obj_gconf_gnome_disable_thumbnailers" version=3D"1">
>> + =

>> <ind:filepath>/etc/gconf/gconf.xml.mandatory/desktop/gnome/thumbnailers/=
%gconf.xml</ind:filepath>
>> + <ind:xpath>/gconf/entry[@name=3D'disable_all']/@value</ind:xpath>
>> +  </ind:xmlfilecontent_object>
>>   </def-group>
>> diff --git =

>> a/RHEL6/input/checks/gconf_gnome_screensaver_idle_activation_enabled.xml =

>> b/RHEL6/input/checks/gconf_gnome_screensaver_idle_activation_enabled.xml
>> index 5776014..0d012a7 100644
>> --- =

>> a/RHEL6/input/checks/gconf_gnome_screensaver_idle_activation_enabled.xml
>> +++ =

>> b/RHEL6/input/checks/gconf_gnome_screensaver_idle_activation_enabled.xml
>> @@ -5,21 +5,26 @@
>>         <affected family=3D"unix">
>>           <platform>Red Hat Enterprise Linux 6</platform>
>>         </affected>
>> -      <description>Idle activation of the screen saver should be =

>> enabled.</description>
>> +      <description>Idle activation of the screen saver should be
>> +      enabled.</description>
>> +      <reference source=3D"MED" ref_id=3D"20131125" =

>> ref_url=3D"test_attestation" />
>>       </metadata>
>> -    <criteria>
>> +    <criteria operator=3D"OR">
>> +      <extend_definition comment=3D"GConf2 installed" =

>> definition_ref=3D"package_GConf2_installed" negate=3D"true" />
>>         <criterion comment=3D"gnome screensaver is activated on idle" =

>> test_ref=3D"test_gnome_screensaver_idle_activated" />
>>       </criteria>
>>     </definition>
>> -  <ind:xmlfilecontent_test check=3D"all" comment=3D"gnome screensaver i=
s =

>> activated on idle" id=3D"test_gnome_screensaver_idle_activated" =

>> version=3D"1">
>> +  <ind:xmlfilecontent_test check=3D"all"
>> +  comment=3D"gnome screensaver is activated on idle"
>> +  id=3D"test_gnome_screensaver_idle_activated" version=3D"1">
>>       <ind:object =

>> object_ref=3D"object_gnome_screensaver_idle_activated" />
>> -    <ind:state state_ref=3D"state_activated_on_idle" />
>> +    <ind:state state_ref=3D"state_gnome_screensaver_idle_activated" />
>>     </ind:xmlfilecontent_test>
>> -  <ind:xmlfilecontent_state id=3D"state_activated_on_idle" version=3D"1=
">
>> +  <ind:xmlfilecontent_state =

>> id=3D"state_gnome_screensaver_idle_activated" version=3D"1">
>>       <ind:value_of datatype=3D"string">true</ind:value_of>
>>     </ind:xmlfilecontent_state>
>>     <ind:xmlfilecontent_object =

>> id=3D"object_gnome_screensaver_idle_activated" version=3D"1">
>> - =

>> <ind:filepath>/etc/gconf/gconf.xml.defaults/%gconf-tree.xml</ind:filepat=
h>
>> - =

>> <ind:xpath>/gconf/dir[@name=3D'schemas']/dir[@name=3D'apps']/dir[@name=
=3D'gnome-screensaver']/entry[@name=3D'idle_activation_enabled']/local_sche=
ma[1]/default[1]/@value</ind:xpath>
>> + =

>> <ind:filepath>/etc/gconf/gconf.xml.mandatory/apps/gnome-screensaver/%gco=
nf.xml</ind:filepath>
>> + =

>> <ind:xpath>/gconf/entry[@name=3D'idle_activation_enabled']/@value</ind:x=
path>
>>     </ind:xmlfilecontent_object>
>>   </def-group>
>> diff --git =

>> a/RHEL6/input/checks/gconf_gnome_screensaver_idle_delay.xml =

>> b/RHEL6/input/checks/gconf_gnome_screensaver_idle_delay.xml
>> index 70cc1c2..c77e608 100644
>> --- a/RHEL6/input/checks/gconf_gnome_screensaver_idle_delay.xml
>> +++ b/RHEL6/input/checks/gconf_gnome_screensaver_idle_delay.xml
>> @@ -5,22 +5,30 @@
>>         <affected family=3D"unix">
>>           <platform>Red Hat Enterprise Linux 6</platform>
>>         </affected>
>> -      <description>The allowed period of inactivity before the =

>> screensaver is activated.</description>
>> +      <description>The allowed period of inactivity before the =

>> screensaver is
>> +      activated.</description>
>> +      <reference source=3D"MED" ref_id=3D"20131125" =

>> ref_url=3D"test_attestation" />
>>       </metadata>
>> -    <criteria>
>> +    <criteria operator=3D"OR">
>> +      <extend_definition comment=3D"GConf2 installed" =

>> definition_ref=3D"package_GConf2_installed" negate=3D"true" />
>>         <criterion comment=3D"check value of idle_delay in GCONF" =

>> test_ref=3D"test_gnome_screensaver_idle_delay" />
>>       </criteria>
>>     </definition>
>> -  <ind:xmlfilecontent_test check=3D"all" comment=3D"test screensaver =

>> timeout period" id=3D"test_gnome_screensaver_idle_delay" version=3D"1">
>> +  <ind:xmlfilecontent_test check=3D"all"
>> +  comment=3D"test screensaver timeout period"
>> +  id=3D"test_gnome_screensaver_idle_delay" version=3D"1">
>>       <ind:object object_ref=3D"object_gnome_screensaver_idle_delay" />
>>       <ind:state state_ref=3D"state_gnome_screensaver_idle_delay" />
>>     </ind:xmlfilecontent_test>
>>     <ind:xmlfilecontent_object =

>> id=3D"object_gnome_screensaver_idle_delay" version=3D"1">
>> - =

>> <ind:filepath>/etc/gconf/gconf.xml.defaults/%gconf-tree.xml</ind:filepat=
h>
>> -    <ind:xpath datatype=3D"string" =

>> operation=3D"equals">/gconf/dir[@name=3D'schemas']/dir[@name=3D'apps']/d=
ir[@name=3D'gnome-screensaver']/entry[@name=3D'idle_delay']/local_schema[1]=
/default[1]/@value</ind:xpath>
>> + =

>> <ind:filepath>/etc/gconf/gconf.xml.mandatory/apps/gnome-screensaver/%gco=
nf.xml</ind:filepath>
>> + <ind:xpath>/gconf/entry[@name=3D'idle_delay']/@value</ind:xpath>
>>     </ind:xmlfilecontent_object>
>> -  <ind:xmlfilecontent_state comment=3D"idle timeout" =

>> id=3D"state_gnome_screensaver_idle_delay" version=3D"1">
>> -    <ind:value_of datatype=3D"int" operation=3D"less than or equal" =

>> var_check=3D"all" var_ref=3D"inactivity_timeout_value" />
>> +  <ind:xmlfilecontent_state comment=3D"idle timeout"
>> +  id=3D"state_gnome_screensaver_idle_delay" version=3D"1">
>> +    <ind:value_of datatype=3D"int" operation=3D"less than or equal" =

>> var_check=3D"all"
>> +    var_ref=3D"inactivity_timeout_value" />
>>     </ind:xmlfilecontent_state>
>> -  <external_variable comment=3D"inactivity timeout variable" =

>> datatype=3D"int" id=3D"inactivity_timeout_value" version=3D"1" />
>> +  <external_variable comment=3D"inactivity timeout variable" =

>> datatype=3D"int"
>> +  id=3D"inactivity_timeout_value" version=3D"1" />
>>   </def-group>
>> diff --git =

>> a/RHEL6/input/checks/gconf_gnome_screensaver_lock_enabled.xml =

>> b/RHEL6/input/checks/gconf_gnome_screensaver_lock_enabled.xml
>> index 06d3020..cc031fc 100644
>> --- a/RHEL6/input/checks/gconf_gnome_screensaver_lock_enabled.xml
>> +++ b/RHEL6/input/checks/gconf_gnome_screensaver_lock_enabled.xml
>> @@ -5,19 +5,23 @@
>>         <affected family=3D"unix">
>>           <platform>Red Hat Enterprise Linux 6</platform>
>>         </affected>
>> -      <description>Idle activation of the screen lock should be =

>> enabled.</description>
>> +      <description>Idle activation of the screen lock should be
>> +      enabled.</description>
>> +      <reference source=3D"MED" ref_id=3D"20131125" =

>> ref_url=3D"test_attestation" />
>>       </metadata>
>> -    <criteria>
>> +    <criteria operator=3D"OR">
>> +      <extend_definition comment=3D"GConf2 installed" =

>> definition_ref=3D"package_GConf2_installed" negate=3D"true" />
>>         <criterion comment=3D"screensaver lock is enabled" =

>> test_ref=3D"test_screensaver_lock_enabled" />
>>       </criteria>
>>     </definition>
>> -  <ind:xmlfilecontent_test check=3D"all" comment=3D"screensaver lock is =

>> enabled" id=3D"test_screensaver_lock_enabled" version=3D"1">
>> +  <ind:xmlfilecontent_test check=3D"all" comment=3D"screensaver lock is =

>> enabled"
>> +  id=3D"test_screensaver_lock_enabled" version=3D"1">
>>       <ind:object object_ref=3D"object_screensaver_lock_enabled" />
>>       <ind:state state_ref=3D"state_screensaver_lock_enabled" />
>>     </ind:xmlfilecontent_test>
>>     <ind:xmlfilecontent_object id=3D"object_screensaver_lock_enabled" =

>> version=3D"1">
>> - =

>> <ind:filepath>/etc/gconf/gconf.xml.defaults/%gconf-tree.xml</ind:filepat=
h>
>> - =

>> <ind:xpath>/gconf/dir[@name=3D'schemas']/dir[@name=3D'apps']/dir[@name=
=3D'gnome-screensaver']/entry[@name=3D'lock_enabled']/local_schema[1]/defau=
lt[1]/@value</ind:xpath>
>> + =

>> <ind:filepath>/etc/gconf/gconf.xml.mandatory/apps/gnome-screensaver/%gco=
nf.xml</ind:filepath>
>> + <ind:xpath>/gconf/entry[@name=3D'lock_enabled']/@value</ind:xpath>
>>     </ind:xmlfilecontent_object>
>>     <ind:xmlfilecontent_state id=3D"state_screensaver_lock_enabled" =

>> version=3D"1">
>>       <ind:value_of datatype=3D"string">true</ind:value_of>
>> diff --git =

>> a/RHEL6/input/checks/gconf_gnome_screensaver_mode_blank.xml =

>> b/RHEL6/input/checks/gconf_gnome_screensaver_mode_blank.xml
>> index 7cad7cd..8229d71 100644
>> --- a/RHEL6/input/checks/gconf_gnome_screensaver_mode_blank.xml
>> +++ b/RHEL6/input/checks/gconf_gnome_screensaver_mode_blank.xml
>> @@ -6,12 +6,16 @@
>>           <platform>Red Hat Enterprise Linux 6</platform>
>>         </affected>
>>         <description>The screen saver should be blank.</description>
>> +      <reference source=3D"MED" ref_id=3D"20131125" =

>> ref_url=3D"test_attestation" />
>>       </metadata>
>> -    <criteria>
>> +    <criteria operator=3D"OR">
>> +      <extend_definition comment=3D"GConf2 installed" =

>> definition_ref=3D"package_GConf2_installed" negate=3D"true" />
>>         <criterion comment=3D"gnome screensaver set to blank screen" =

>> test_ref=3D"test_gnome_screensaver_mode" />
>>       </criteria>
>>     </definition>
>> -  <ind:xmlfilecontent_test check=3D"all" comment=3D"gnome screensaver =

>> set to blank screen" id=3D"test_gnome_screensaver_mode" version=3D"1">
>> +  <ind:xmlfilecontent_test check=3D"all"
>> +  comment=3D"gnome screensaver set to blank screen"
>> +  id=3D"test_gnome_screensaver_mode" version=3D"1">
>>       <ind:object object_ref=3D"object_gnome_screensaver_mode" />
>>       <ind:state state_ref=3D"state_gnome_screensaver_mode" />
>>     </ind:xmlfilecontent_test>
>> @@ -19,7 +23,7 @@
>>       <ind:value_of datatype=3D"string">blank-only</ind:value_of>
>>     </ind:xmlfilecontent_state>
>>     <ind:xmlfilecontent_object id=3D"object_gnome_screensaver_mode" =

>> version=3D"1">
>> - =

>> <ind:filepath>/etc/gconf/gconf.xml.defaults/%gconf-tree.xml</ind:filepat=
h>
>> - =

>> <ind:xpath>/gconf/dir[@name=3D'schemas']/dir[@name=3D'apps']/dir[@name=
=3D'gnome-screensaver']/entry[@name=3D'mode']/local_schema[1]/default[1]/st=
ringvalue[1]/text()</ind:xpath>
>> + =

>> <ind:filepath>/etc/gconf/gconf.xml.mandatory/apps/gnome-screensaver/%gco=
nf.xml</ind:filepath>
>> + <ind:xpath>/gconf/entry[@name=3D'mode']/stringvalue[1]/text()</ind:xpa=
th>
>>     </ind:xmlfilecontent_object>
>>   </def-group>
>> diff --git a/RHEL6/input/checks/package_GConf2_installed.xml =

>> b/RHEL6/input/checks/package_GConf2_installed.xml
>> new file mode 100644
>> index 0000000..032d76b
>> --- /dev/null
>> +++ b/RHEL6/input/checks/package_GConf2_installed.xml
>> @@ -0,0 +1,26 @@
>> +<def-group>
>> + <!-- THIS FILE IS GENERATED by create_package_installed.py.  DO NOT =

>> EDIT.  -->
>> +  <definition class=3D"compliance" id=3D"package_GConf2_installed"
>> +  version=3D"1">
>> +    <metadata>
>> +      <title>Package GConf2 Installed</title>
>> +      <affected family=3D"unix">
>> +        <platform>Red Hat Enterprise Linux 6</platform>
>> +      </affected>
>> +      <description>The RPM package GConf2 should be =

>> installed.</description>
>> +      <reference source=3D"swells" ref_id=3D"20130829" =

>> ref_url=3D"test_attestation"/>
>> +    </metadata>
>> +    <criteria>
>> +      <criterion comment=3D"package GConf2 is installed"
>> +      test_ref=3D"test_package_GConf2_installed" />
>> +    </criteria>
>> +  </definition>
>> +  <linux:rpminfo_test check=3D"all" check_existence=3D"all_exist"
>> +  id=3D"test_package_GConf2_installed" version=3D"1"
>> +  comment=3D"package GConf2 is installed">
>> +    <linux:object object_ref=3D"obj_package_GConf2_installed" />
>> +  </linux:rpminfo_test>
>> +  <linux:rpminfo_object id=3D"obj_package_GConf2_installed" version=3D"=
1">
>> +    <linux:name>GConf2</linux:name>
>> +  </linux:rpminfo_object>
>> +</def-group>
>> diff --git a/RHEL6/input/checks/templates/packages_installed.csv =

>> b/RHEL6/input/checks/templates/packages_installed.csv
>> index 990f332..d956daa 100644
>> --- a/RHEL6/input/checks/templates/packages_installed.csv
>> +++ b/RHEL6/input/checks/templates/packages_installed.csv
>> @@ -1,6 +1,7 @@
>>   aide
>>   audit
>>   cronie
>> +GConf2
>>   iptables
>>   iptables-ipv6
>>   irqbalance
>> diff --git a/RHEL6/input/fixes/bash/package_GConf2_installed.sh =

>> b/RHEL6/input/fixes/bash/package_GConf2_installed.sh
>> new file mode 100644
>> index 0000000..02c8768
>> --- /dev/null
>> +++ b/RHEL6/input/fixes/bash/package_GConf2_installed.sh
>> @@ -0,0 +1 @@
>> +yum -y install GConf2

This is great! Ack.

This tracks back to https://bugzilla.redhat.com/show_bug.cgi?id=3D1043053. =

Give a shout after you've pushed and I'll resolve the bug.

--===============1232937890449861315==--