These look excellent - ack to the patch set!
On Sun, May 11, 2014 at 9:30 PM, Shawn Wells shawn@redhat.com wrote:
Updating RHEL6 check to match RHEL7 style, as submitted by Simon Lukasik on 17-MAR-2014.
Signed-off-by: Shawn Wells shawn@redhat.com
RHEL/6/input/checks/installed_OS_is_rhel6.xml | 37 ++++++++++++++++--------- 1 files changed, 24 insertions(+), 13 deletions(-)
diff --git a/RHEL/6/input/checks/installed_OS_is_rhel6.xml b/RHEL/6/input/checks/installed_OS_is_rhel6.xml index 7f77491..0c61df5 100644 --- a/RHEL/6/input/checks/installed_OS_is_rhel6.xml +++ b/RHEL/6/input/checks/installed_OS_is_rhel6.xml @@ -14,8 +14,12 @@ <criteria> <criterion comment="Installed operating system is part of the unix family" test_ref="test_unix_family" />
<criterion comment="Red Hat Enterprise Linux 6 is installed"
test_ref="test_rhel_6" />
<criteria operator="OR">
<criterion comment="Red Hat Enterprise Linux 6 Workstation is
installed"
test_ref="test_rhel_workstation" />
<criterion comment="Red Hat Enterprise Linux 6 Server is
installed"
test_ref="test_rhel_server" />
</criteria>
</criteria> </definition>
@@ -28,18 +32,25 @@ </ind:family_state> <ind:family_object id="obj_unix_family" version="1" />
- <linux:rpminfo_test check="all" check_existence="at_least_one_exists"
comment="redhat-release-* is version 6" id="test_rhel_6" version="1">
- <linux:object object_ref="obj_rhel_release" />
- <linux:state state_ref="state_rhel_6" />
- <linux:rpminfo_test check="all" check_existence="at_least_one_exists"
comment="redhat-release-workstation is version 6" id="test_rhel_workstation" version="1">
- <linux:object object_ref="obj_rhel_workstation" />
- <linux:state state_ref="state_rhel_workstation" /> </linux:rpminfo_test>
- <linux:rpminfo_state id="state_rhel_6" version="1">
- <linux:name operation="pattern match">^redhat-release</linux:name>
- <linux:version operation="pattern match">^6[^\d]</linux:version>
- <linux:rpminfo_state id="state_rhel_workstation" version="1">
- <linux:version operation="pattern match">^6.\d+$</linux:version> </linux:rpminfo_state>
- <linux:rpmverifyfile_object id="obj_rhel_release" version="1">
- <!-- Sadly, OVAL cannot do the right query (that is: rpm -q
-whatprovides system-release).
Let's check the filename instead. -->
- linux:filepath/etc/redhat-release</linux:filepath>
- </linux:rpmverifyfile_object>
<linux:rpminfo_object id="obj_rhel_workstation" version="1">
linux:nameredhat-release-workstation</linux:name>
</linux:rpminfo_object>
<linux:rpminfo_test check="all" check_existence="at_least_one_exists"
comment="redhat-release-server is version 6" id="test_rhel_server" version="1">
- <linux:object object_ref="obj_rhel_server" />
- <linux:state state_ref="state_rhel_server" />
- </linux:rpminfo_test>
- <linux:rpminfo_state id="state_rhel_server" version="1">
- <linux:version operation="pattern match">^6.\d+$</linux:version>
- </linux:rpminfo_state>
- <linux:rpminfo_object id="obj_rhel_server" version="1">
- linux:nameredhat-release-server</linux:name>
- </linux:rpminfo_object>
</def-group> -- 1.7.1
scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide