[PATCH] [RHEL/6] Start using package_rsh_removed OVAL check [RHEL/7] Define new XCCDF rule package_rsh_removed [shared] Move the RHEL-6 specific check to be shared one
6:16 a.m.
Proposed patch adds (previously missing) package_rsh_removed XCCDF reference to
already existing OVAL check with same name. Also defines the same XCCDF rule for
RHEL-7. Yet moves the original RHEL-6 specific package_rsh_removed OVAL check to
be shared one.
Change has been tested on RHEL/6 & RHEL/7, rpms build correctly, underlying rule
seems to work as expected (on both products).
Please review.
Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Technologies Team
9:15 p.m.
On 5/30/14, 7:16 AM, Jan Lieskovsky wrote:
Proposed patch adds (previously missing) package_rsh_removed XCCDF
reference to
already existing OVAL check with same name. Also defines the same XCCDF rule for
RHEL-7. Yet moves the original RHEL-6 specific package_rsh_removed OVAL check to
be shared one.
Change has been tested on RHEL/6 & RHEL/7, rpms build correctly, underlying rule
seems to work as expected (on both products).
Please review.
Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Technologies Team
0001-RHEL-6-Start-using-package_rsh_removed-OVAL-check.patch
From d83bf8ee28da32bdf93af66cb2a9e578ddcbd889 Mon Sep 17 00:00:00 2001
From: Jan Lieskovsky<jlieskov(a)redhat.com>
Date: Fri, 30 May 2014 13:07:42 +0200
Subject: [PATCH] [RHEL/6] Start using package_rsh_removed OVAL check [RHEL/7]
Define new XCCDF rule package_rsh_removed [shared] Move the RHEL-6 specific
check to be shared one
Signed-off-by: Jan Lieskovsky<jlieskov(a)redhat.com>
---
RHEL/6/input/checks/package_rsh_removed.xml | 27 +--------------------------
RHEL/6/input/services/obsolete.xml | 4 +++-
RHEL/7/input/checks/package_rsh_removed.xml | 1 +
RHEL/7/input/services/obsolete.xml | 17 +++++++++++++++++
shared/oval/package_rsh_removed.xml | 27 +++++++++++++++++++++++++++
5 files changed, 49 insertions(+), 27 deletions(-)
mode change 100644 => 120000 RHEL/6/input/checks/package_rsh_removed.xml
create mode 120000 RHEL/7/input/checks/package_rsh_removed.xml
create mode 100644 shared/oval/package_rsh_removed.xml
diff --git a/RHEL/6/input/checks/package_rsh_removed.xml
b/RHEL/6/input/checks/package_rsh_removed.xml
deleted file mode 100644
index 11ae275..0000000
--- a/RHEL/6/input/checks/package_rsh_removed.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<def-group>
- <!-- THIS FILE IS GENERATED by create_package_removed.py. DO NOT EDIT. -->
- <definition class="compliance" id="package_rsh_removed"
- version="1">
- <metadata>
- <title>Package rsh Removed</title>
- <affected family="unix">
- <platform>Red Hat Enterprise Linux 6</platform>
- </affected>
- <description>The RPM package rsh should be removed.</description>
- <reference source="swells" ref_id="20130829"
ref_url="test_attestation"/>
- </metadata>
- <criteria>
- <criterion comment="package rsh is removed"
- test_ref="test_package_rsh_removed" />
- </criteria>
- </definition>
- <linux:rpminfo_test check="all" check_existence="none_exist"
- id="test_package_rsh_removed" version="1"
- comment="package rsh is removed">
- <linux:object object_ref="obj_package_rsh_removed" />
- </linux:rpminfo_test>
- <linux:rpminfo_object id="obj_package_rsh_removed"
version="1">
- <linux:name>rsh</linux:name>
- </linux:rpminfo_object>
-</def-group>
diff --git a/RHEL/6/input/checks/package_rsh_removed.xml
b/RHEL/6/input/checks/package_rsh_removed.xml
new file mode 120000
index 0000000..3b94a20
--- /dev/null
+++ b/RHEL/6/input/checks/package_rsh_removed.xml
@@ -0,0 +1 @@
+../../../../shared/oval/package_rsh_removed.xml
\ No newline at end of file
diff --git a/RHEL/6/input/services/obsolete.xml b/RHEL/6/input/services/obsolete.xml
index ee980d4..c2e5b15 100644
--- a/RHEL/6/input/services/obsolete.xml
+++ b/RHEL/6/input/services/obsolete.xml
@@ -186,7 +186,7 @@ stolen by eavesdroppers on the network.
</Rule>
<Rule id="package_rsh_removed">
-<title>Remove rsh</title>
+<title>Uninstal rsh Package</title>
<description>The <tt>rsh</tt> package contains the client commands
for the rsh services</description>
<ocil><package-remove-macro package="rsh"/></ocil>
@@ -198,6 +198,8 @@ their credentials. Note that removing the <tt>rsh</tt>
package removes
the clients for <tt>rsh</tt>,<tt>rcp</tt>, and
<tt>rlogin</tt>.
</rationale>
<ident cce="" />
+<oval id="package_rsh_removed" />
+<tested by="JL" on="20140530"/>
</Rule>
<Rule id="disable_rlogin" severity="high">
diff --git a/RHEL/7/input/checks/package_rsh_removed.xml
b/RHEL/7/input/checks/package_rsh_removed.xml
new file mode 120000
index 0000000..3b94a20
--- /dev/null
+++ b/RHEL/7/input/checks/package_rsh_removed.xml
@@ -0,0 +1 @@
+../../../../shared/oval/package_rsh_removed.xml
\ No newline at end of file
diff --git a/RHEL/7/input/services/obsolete.xml b/RHEL/7/input/services/obsolete.xml
index 84ced10..888162d 100644
--- a/RHEL/7/input/services/obsolete.xml
+++ b/RHEL/7/input/services/obsolete.xml
@@ -170,6 +170,23 @@ stolen by eavesdroppers on the network.
<tested by="DS" on="20121026"/>
</Rule>
+<Rule id="package_rsh_removed">
+<title>Uninstal rsh Package</title>
+<description>The <tt>rsh</tt> package contains the client commands
+for the rsh services</description>
+<ocil><package-remove-macro package="rsh"/></ocil>
+<rationale>These legacy clients contain numerous security exposures and have
+been replaced with the more secure SSH package. Even if the server is removed,
+it is best to ensure the clients are also removed to prevent users from
+inadvertently attempting to use these commands and therefore exposing
+their credentials. Note that removing the <tt>rsh</tt> package removes
+the clients for <tt>rsh</tt>,<tt>rcp</tt>, and
<tt>rlogin</tt>.
+</rationale>
+<ident cce="" />
+<oval id="package_rsh_removed" />
+<tested by="JL" on="20140530"/>
+</Rule>
+
<Rule id="disable_rlogin" severity="high">
<title>Disable rlogin Service</title>
<description>The <tt>rlogin</tt> service, which is available with
diff --git a/shared/oval/package_rsh_removed.xml b/shared/oval/package_rsh_removed.xml
new file mode 100644
index 0000000..9f739ef
--- /dev/null
+++ b/shared/oval/package_rsh_removed.xml
@@ -0,0 +1,27 @@
+<def-group>
+ <!-- THIS FILE IS GENERATED by create_package_removed.py. DO NOT EDIT. -->
+ <definition class="compliance" id="package_rsh_removed"
+ version="1">
+ <metadata>
+ <title>Package rsh Removed</title>
+ <affected family="unix">
+ <platform>Red Hat Enterprise Linux 6</platform>
+ <platform>Red Hat Enterprise Linux 7</platform>
+ </affected>
+ <description>The RPM package rsh should be removed.</description>
+ <reference source="JL" ref_id="20140530"
ref_url="test_attestation"/>
+ </metadata>
+ <criteria>
+ <criterion comment="package rsh is removed"
+ test_ref="test_package_rsh_removed" />
+ </criteria>
+ </definition>
+ <linux:rpminfo_test check="all" check_existence="none_exist"
+ id="test_package_rsh_removed" version="1"
+ comment="package rsh is removed">
+ <linux:object object_ref="obj_package_rsh_removed" />
+ </linux:rpminfo_test>
+ <linux:rpminfo_object id="obj_package_rsh_removed"
version="1">
+ <linux:name>rsh</linux:name>
+ </linux:rpminfo_object>
+</def-group>
-- 1.8.3.1
ack
3:54 a.m.
New subject: [PATCH] [RHEL/6] Start using package_rsh_removed OVAL check [RHEL/7] Define new XCCDF rule package_rsh_removed [shared] Move the RHEL-6 specific check to be shared one
----- Original Message -----
From: "Shawn Wells" <shawn(a)redhat.com>
To: scap-security-guide(a)lists.fedorahosted.org
Sent: Saturday, May 31, 2014 4:15:08 AM
Subject: Re: [PATCH] [RHEL/6] Start using package_rsh_removed OVAL check [RHEL/7] Define
new XCCDF rule
package_rsh_removed [shared] Move the RHEL-6 specific check to be shared one
On 5/30/14, 7:16 AM, Jan Lieskovsky wrote:
Proposed patch adds (previously missing) package_rsh_removed XCCDF reference
to
already existing OVAL check with same name. Also defines the same XCCDF rule
for
RHEL-7. Yet moves the original RHEL-6 specific package_rsh_removed OVAL check
to
be shared one.
Change has been tested on RHEL/6 & RHEL/7, rpms build correctly, underlying
rule
seems to work as expected (on both products).
Please review.
Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Technologies Team
0001-RHEL-6-Start-using-package_rsh_removed-OVAL-check.patch
From d83bf8ee28da32bdf93af66cb2a9e578ddcbd889 Mon Sep 17 00:00:00 2001
From: Jan Lieskovsky <jlieskov(a)redhat.com> Date: Fri, 30 May 2014 13:07:42
+0200
Subject: [PATCH] [RHEL/6] Start using package_rsh_removed OVAL check [RHEL/7]
Define new XCCDF rule package_rsh_removed [shared] Move the RHEL-6 specific
check to be shared one
Signed-off-by: Jan Lieskovsky <jlieskov(a)redhat.com> ---
RHEL/6/input/checks/package_rsh_removed.xml | 27 +--------------------------
RHEL/6/input/services/obsolete.xml | 4 +++-
RHEL/7/input/checks/package_rsh_removed.xml | 1 +
RHEL/7/input/services/obsolete.xml | 17 +++++++++++++++++
shared/oval/package_rsh_removed.xml | 27 +++++++++++++++++++++++++++
5 files changed, 49 insertions(+), 27 deletions(-)
mode change 100644 => 120000 RHEL/6/input/checks/package_rsh_removed.xml
create mode 120000 RHEL/7/input/checks/package_rsh_removed.xml
create mode 100644 shared/oval/package_rsh_removed.xml
diff --git a/RHEL/6/input/checks/package_rsh_removed.xml
b/RHEL/6/input/checks/package_rsh_removed.xml
deleted file mode 100644
index 11ae275..0000000
--- a/RHEL/6/input/checks/package_rsh_removed.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<def-group>
- <!-- THIS FILE IS GENERATED by create_package_removed.py. DO NOT EDIT.
-->
- <definition class="compliance" id="package_rsh_removed"
- version="1">
- <metadata>
- <title>Package rsh Removed</title>
- <affected family="unix">
- <platform>Red Hat Enterprise Linux 6</platform>
- </affected>
- <description>The RPM package rsh should be removed.</description>
- <reference source="swells" ref_id="20130829"
ref_url="test_attestation"/>
- </metadata>
- <criteria>
- <criterion comment="package rsh is removed"
- test_ref="test_package_rsh_removed" />
- </criteria>
- </definition>
- <linux:rpminfo_test check="all" check_existence="none_exist"
- id="test_package_rsh_removed" version="1"
- comment="package rsh is removed">
- <linux:object object_ref="obj_package_rsh_removed" />
- </linux:rpminfo_test>
- <linux:rpminfo_object id="obj_package_rsh_removed"
version="1">
- <linux:name>rsh</linux:name>
- </linux:rpminfo_object>
-</def-group>
diff --git a/RHEL/6/input/checks/package_rsh_removed.xml
b/RHEL/6/input/checks/package_rsh_removed.xml
new file mode 120000
index 0000000..3b94a20
--- /dev/null
+++ b/RHEL/6/input/checks/package_rsh_removed.xml
@@ -0,0 +1 @@
+../../../../shared/oval/package_rsh_removed.xml
\ No newline at end of file
diff --git a/RHEL/6/input/services/obsolete.xml
b/RHEL/6/input/services/obsolete.xml
index ee980d4..c2e5b15 100644
--- a/RHEL/6/input/services/obsolete.xml
+++ b/RHEL/6/input/services/obsolete.xml
@@ -186,7 +186,7 @@ stolen by eavesdroppers on the network.
</Rule>
<Rule id="package_rsh_removed">
-<title>Remove rsh</title>
+<title>Uninstal rsh Package</title>
<description>The <tt>rsh</tt> package contains the client commands
for the rsh services</description>
<ocil><package-remove-macro package="rsh"/></ocil>
@@ -198,6 +198,8 @@ their credentials. Note that removing the <tt>rsh</tt>
package removes
the clients for <tt>rsh</tt>,<tt>rcp</tt>, and
<tt>rlogin</tt>.
</rationale>
<ident cce="" />
+<oval id="package_rsh_removed" />
+<tested by="JL" on="20140530"/>
</Rule>
<Rule id="disable_rlogin" severity="high">
diff --git a/RHEL/7/input/checks/package_rsh_removed.xml
b/RHEL/7/input/checks/package_rsh_removed.xml
new file mode 120000
index 0000000..3b94a20
--- /dev/null
+++ b/RHEL/7/input/checks/package_rsh_removed.xml
@@ -0,0 +1 @@
+../../../../shared/oval/package_rsh_removed.xml
\ No newline at end of file
diff --git a/RHEL/7/input/services/obsolete.xml
b/RHEL/7/input/services/obsolete.xml
index 84ced10..888162d 100644
--- a/RHEL/7/input/services/obsolete.xml
+++ b/RHEL/7/input/services/obsolete.xml
@@ -170,6 +170,23 @@ stolen by eavesdroppers on the network.
<tested by="DS" on="20121026"/>
</Rule>
+<Rule id="package_rsh_removed">
+<title>Uninstal rsh Package</title>
+<description>The <tt>rsh</tt> package contains the client commands
+for the rsh services</description>
+<ocil><package-remove-macro package="rsh"/></ocil>
+<rationale>These legacy clients contain numerous security exposures and have
+been replaced with the more secure SSH package. Even if the server is
removed,
+it is best to ensure the clients are also removed to prevent users from
+inadvertently attempting to use these commands and therefore exposing
+their credentials. Note that removing the <tt>rsh</tt> package removes
+the clients for <tt>rsh</tt>,<tt>rcp</tt>, and
<tt>rlogin</tt>.
+</rationale>
+<ident cce="" />
+<oval id="package_rsh_removed" />
+<tested by="JL" on="20140530"/>
+</Rule>
+
<Rule id="disable_rlogin" severity="high">
<title>Disable rlogin Service</title>
<description>The <tt>rlogin</tt> service, which is available with
diff --git a/shared/oval/package_rsh_removed.xml
b/shared/oval/package_rsh_removed.xml
new file mode 100644
index 0000000..9f739ef
--- /dev/null
+++ b/shared/oval/package_rsh_removed.xml
@@ -0,0 +1,27 @@
+<def-group>
+ <!-- THIS FILE IS GENERATED by create_package_removed.py. DO NOT EDIT.
-->
+ <definition class="compliance" id="package_rsh_removed"
+ version="1">
+ <metadata>
+ <title>Package rsh Removed</title>
+ <affected family="unix">
+ <platform>Red Hat Enterprise Linux 6</platform>
+ <platform>Red Hat Enterprise Linux 7</platform>
+ </affected>
+ <description>The RPM package rsh should be removed.</description>
+ <reference source="JL" ref_id="20140530"
ref_url="test_attestation"/>
+ </metadata>
+ <criteria>
+ <criterion comment="package rsh is removed"
+ test_ref="test_package_rsh_removed" />
+ </criteria>
+ </definition>
+ <linux:rpminfo_test check="all" check_existence="none_exist"
+ id="test_package_rsh_removed" version="1"
+ comment="package rsh is removed">
+ <linux:object object_ref="obj_package_rsh_removed" />
+ </linux:rpminfo_test>
+ <linux:rpminfo_object id="obj_package_rsh_removed"
version="1">
+ <linux:name>rsh</linux:name>
+ </linux:rpminfo_object>
+</def-group>
--
1.8.3.1
ack
Thanks, pushed.
Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Technologies Team
_______________________________________________
scap-security-guide mailing list
scap-security-guide(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
3625
days inactive
3628
days old
scap-security-guide@lists.fedorahosted.org
2 comments
2 participants
participants (2)
-
Jan Lieskovsky -
Shawn Wells