Similar to prior patch, but applied to Fedora codebase
Signed-off-by: Shawn Wells shawn@redhat.com --- .../checks/ensure_gpgcheck_globally_activated.xml | 1 + .../checks/yum_gpgcheck_global_activation.xml | 24 -------------------- Fedora/input/system/software/updating.xml | 2 +- shared/oval/ensure_gpgcheck_globally_activated.xml | 1 + 4 files changed, 3 insertions(+), 25 deletions(-) create mode 120000 Fedora/input/checks/ensure_gpgcheck_globally_activated.xml delete mode 100644 Fedora/input/checks/yum_gpgcheck_global_activation.xml
diff --git a/Fedora/input/checks/ensure_gpgcheck_globally_activated.xml b/Fedora/input/checks/ensure_gpgcheck_globally_activated.xml new file mode 120000 index 0000000..1168283 --- /dev/null +++ b/Fedora/input/checks/ensure_gpgcheck_globally_activated.xml @@ -0,0 +1 @@ +../../../shared/oval/ensure_gpgcheck_globally_activated.xml \ No newline at end of file diff --git a/Fedora/input/checks/yum_gpgcheck_global_activation.xml b/Fedora/input/checks/yum_gpgcheck_global_activation.xml deleted file mode 100644 index a313351..0000000 --- a/Fedora/input/checks/yum_gpgcheck_global_activation.xml +++ /dev/null @@ -1,24 +0,0 @@ -<def-group> - <definition class="compliance" id="yum_gpgcheck_global_activation" version="1"> - <metadata> - <title>Ensure Yum gpgcheck Globally Activated</title> - <affected family="unix"> - <platform>Fedora 19</platform> - </affected> - <description>The gpgcheck option should be used to ensure that checking - of an RPM package's signature always occurs prior to its - installation.</description> - </metadata> - <criteria> - <criterion comment="check value of gpgcheck in /etc/yum.conf" test_ref="test_yum_gpgcheck_global_activation" /> - </criteria> - </definition> - <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="check value of gpgcheck in /etc/yum.conf" id="test_yum_gpgcheck_global_activation" version="1"> - <ind:object object_ref="object_yum_gpgcheck_global_activation" /> - </ind:textfilecontent54_test> - <ind:textfilecontent54_object id="object_yum_gpgcheck_global_activation" comment="gpgcheck set in /etc/yum.conf" version="1"> - ind:filepath/etc/yum.conf</ind:filepath> - <ind:pattern operation="pattern match">^\s*gpgcheck\s*=\s*1\s*$</ind:pattern> - <ind:instance datatype="int" operation="equals">1</ind:instance> - </ind:textfilecontent54_object> -</def-group> diff --git a/Fedora/input/system/software/updating.xml b/Fedora/input/system/software/updating.xml index 84de806..1fb7512 100644 --- a/Fedora/input/system/software/updating.xml +++ b/Fedora/input/system/software/updating.xml @@ -38,7 +38,7 @@ Ensuring the validity of packages' cryptographic signatures prior to installation ensures the provenance of the software and protects against malicious tampering. </rationale> -<oval id="yum_gpgcheck_global_activation" /> +<oval id="ensure_gpgcheck_globally_activated" /> <ref nist="SI-7,MA-1(b)" disa="352,663" /> </Rule>
diff --git a/shared/oval/ensure_gpgcheck_globally_activated.xml b/shared/oval/ensure_gpgcheck_globally_activated.xml index e397400..1e87276 100644 --- a/shared/oval/ensure_gpgcheck_globally_activated.xml +++ b/shared/oval/ensure_gpgcheck_globally_activated.xml @@ -5,6 +5,7 @@ <affected family="unix"> <platform>Red Hat Enterprise Linux 6</platform> <platform>Red Hat Enterprise Linux 7</platform> + <platform>Fedora 20</platform> </affected> <description>The gpgcheck option should be used to ensure that checking of an RPM package's signature always occurs prior to its