On 7/30/15 5:57 PM, Bond Masuda wrote:
Ok. I guess I will need to learn how to write OVAL and XCCDF
content....
Writing SCAP isn't the only way to contribute :)
If you can create guidance (just text) for a tool, people here can help
convert to XCCDF. On the OVAL side, if you can help us understand what
regex/files/system attributes need to be examined for a pass/fail,
that's a huge jumping off point too.
Besides that, my coworker and I just noticed that although we fail
the
AIDE test, we are passing the aide_periodic_cron_checking test. This
might be a bug??? Can anyone replicate?
Skimming the code, likely a bug. Do you mind opening a ticket? The OVAL
code checks to see if aide is installed:
<criteria operator="AND">
<extend_definition comment="Aide is installed"
definition_ref="package_aide_installed" />
<criteria operator="OR">
<criterion comment="run aide daily with cron"
test_ref="test_aide_periodic_cron_checking" />
<criterion comment="run aide daily with cron"
test_ref="test_aide_crond_checking" />
<criterion comment="run aide daily with cron"
test_ref="test_aide_var_cron_checking" />
</criteria>
</criteria>