As is, the check doesn't evaluate properly because linux:version is '6' and not '6.\d+'. This CPE works because it uses OpenSCAP's OVAL.
Signed-off-by: Rui Bernardino rui-p-bernardino@telecom.pt --- RHEL/6/input/checks/installed_OS_is_rhel6.xml | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/RHEL/6/input/checks/installed_OS_is_rhel6.xml b/RHEL/6/input/checks/installed_OS_is_rhel6.xml index 0c61df5..60a8ac7 100644 --- a/RHEL/6/input/checks/installed_OS_is_rhel6.xml +++ b/RHEL/6/input/checks/installed_OS_is_rhel6.xml @@ -37,7 +37,7 @@ <linux:state state_ref="state_rhel_workstation" /> </linux:rpminfo_test> <linux:rpminfo_state id="state_rhel_workstation" version="1"> - <linux:version operation="pattern match">^6.\d+$</linux:version> + <linux:version operation="pattern match">^6</linux:version> </linux:rpminfo_state> <linux:rpminfo_object id="obj_rhel_workstation" version="1"> linux:nameredhat-release-workstation</linux:name> @@ -48,7 +48,7 @@ <linux:state state_ref="state_rhel_server" /> </linux:rpminfo_test> <linux:rpminfo_state id="state_rhel_server" version="1"> - <linux:version operation="pattern match">^6.\d+$</linux:version> + <linux:version operation="pattern match">^6</linux:version> </linux:rpminfo_state> <linux:rpminfo_object id="obj_rhel_server" version="1"> linux:nameredhat-release-server</linux:name>
On 6/25/14, 6:00 AM, Rui Pedro Bernardino wrote:
As is, the check doesn't evaluate properly because linux:version is '6' and not '6.\d+'. This CPE works because it uses OpenSCAP's OVAL.
Signed-off-by: Rui Bernardinorui-p-bernardino@telecom.pt
RHEL/6/input/checks/installed_OS_is_rhel6.xml | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/RHEL/6/input/checks/installed_OS_is_rhel6.xml b/RHEL/6/input/checks/installed_OS_is_rhel6.xml index 0c61df5..60a8ac7 100644 --- a/RHEL/6/input/checks/installed_OS_is_rhel6.xml +++ b/RHEL/6/input/checks/installed_OS_is_rhel6.xml @@ -37,7 +37,7 @@ <linux:state state_ref="state_rhel_workstation" /> </linux:rpminfo_test> <linux:rpminfo_state id="state_rhel_workstation" version="1">
- <linux:version operation="pattern match">^6.\d+$</linux:version>
- <linux:version operation="pattern match">^6</linux:version> </linux:rpminfo_state> <linux:rpminfo_object id="obj_rhel_workstation" version="1"> linux:nameredhat-release-workstation</linux:name>
@@ -48,7 +48,7 @@ <linux:state state_ref="state_rhel_server" /> </linux:rpminfo_test> <linux:rpminfo_state id="state_rhel_server" version="1">
- <linux:version operation="pattern match">^6.\d+$</linux:version>
- <linux:version operation="pattern match">^6</linux:version> </linux:rpminfo_state> <linux:rpminfo_object id="obj_rhel_server" version="1"> linux:nameredhat-release-server</linux:name>
-- 1.7.1
Solves the problem:
[shawnw@ssg-rhel6-devbox checks]$ ./testcheck.py installed_OS_is_rhel6.xml Evaluating with OVAL tempfile : /tmp/installed_OS_is_rhel6RRhqQG.xml Writing results to : /tmp/installed_OS_is_rhel6RRhqQG.xml-results Definition oval:scap-security-guide.testing:def:100: false Evaluation done.
[shawnw@ssg-rhel6-devbox checks]$ git apply /tmp/rui.patch
[shawnw@ssg-rhel6-devbox checks]$ ./testcheck.py installed_OS_is_rhel6.xml Evaluating with OVAL tempfile : /tmp/installed_OS_is_rhel6pR2qAX.xml Writing results to : /tmp/installed_OS_is_rhel6pR2qAX.xml-results Definition oval:scap-security-guide.testing:def:100: true Evaluation done.
Ack
scap-security-guide@lists.fedorahosted.org