Hi All,
The missing '^' in the regexp makes oscap 0.8.0 (from the RHEL6 repo) scan the whole filesystem. Credits to Gary Gapinsky for the quick fix.
Jeffrey suggested replacing the check by a version that would advice disabling the driver in /etc/modules.conf (see the 'oscap hangs on wireless_disable_drivers.xml' thread). I'm not familiar with a robust way to determine the presence of such a NIC without using specialized utilities that might not be installed on the system. I did a `grep net/wireless /lib/modules/$(uname -r)/modules.dep` to see if all wireless drivers maybe shared a common dependency but this is not the case. Also, I queried the device using udevadm for attributes unique to wireless cards but could not see anything obvious :
udevadm info --path=/sys/class/net/wlan0 --attribute-walk
looking at device '/devices/pci0000:00/0000:00:1c.1/0000:02:00.0/bcma0:0/net/wlan0': KERNEL=="wlan0" SUBSYSTEM=="net" DRIVER=="" ATTR{addr_assign_type}=="0" ATTR{addr_len}=="6" ATTR{dev_id}=="0x0" ATTR{ifalias}=="" ATTR{iflink}=="2" ATTR{ifindex}=="2" ATTR{type}=="1" ATTR{link_mode}=="1" ATTR{address}=="b8:8d:12:08:14:ea" ATTR{broadcast}=="ff:ff:ff:ff:ff:ff" ATTR{carrier}=="1" ATTR{dormant}=="0" ATTR{operstate}=="up" ATTR{mtu}=="1500" ATTR{flags}=="0x1003" ATTR{tx_queue_len}=="1000" ATTR{netdev_group}=="0"
udevadm info --path=/sys/class/net/eth0 --attribute-walk
looking at device '/devices/pci0000:00/0000:00:15.0/0000:03:00.0/net/eth0': KERNEL=="eth0" SUBSYSTEM=="net" DRIVER=="" ATTR{addr_assign_type}=="0" ATTR{addr_len}=="6" ATTR{dev_id}=="0x0" ATTR{ifalias}=="" ATTR{iflink}=="2" ATTR{ifindex}=="2" ATTR{features}=="0x118ba9" ATTR{type}=="1" ATTR{link_mode}=="0" ATTR{address}=="00:50:56:b5:00:12" ATTR{broadcast}=="ff:ff:ff:ff:ff:ff" ATTR{carrier}=="1" ATTR{speed}=="10000" ATTR{duplex}=="full" ATTR{dormant}=="0" ATTR{operstate}=="unknown" ATTR{mtu}=="1500" ATTR{flags}=="0x1003" ATTR{tx_queue_len}=="1000"
If anyone can give me a suggestion I'd be happy to spend more time on it.
Regards, Willem.
--- RHEL6/input/checks/wireless_disable_drivers.xml | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/RHEL6/input/checks/wireless_disable_drivers.xml b/RHEL6/input/checks/wireless_disable_drivers.xml index 9760f7c..129b308 100644 --- a/RHEL6/input/checks/wireless_disable_drivers.xml +++ b/RHEL6/input/checks/wireless_disable_drivers.xml @@ -21,7 +21,7 @@ </unix:file_test> <unix:file_object comment="all local files" id="object_wireless_disable_drivers" version="1"> - <unix:path operation="pattern match">/lib/modules/.*/kernel/drivers/net/wireless</unix:path> + <unix:path operation="pattern match">^/lib/modules/.*/kernel/drivers/net/wireless</unix:path> <unix:filename operation="pattern match">.*</unix:filename> </unix:file_object> </def-group>
I just pushed this for you, sorry for the delay. This almost slipped through the cracks, please feel free to ping the list again if it seems anything has been forgotten.
That reminds me that Peter mentioned some oval-results validation problems that I still need to fix...
On 08/31/2012 02:49 AM, Willem Bos wrote:
Hi All,
The missing '^' in the regexp makes oscap 0.8.0 (from the RHEL6 repo) scan the whole filesystem. Credits to Gary Gapinsky for the quick fix.
Jeffrey suggested replacing the check by a version that would advice disabling the driver in /etc/modules.conf (see the 'oscap hangs on wireless_disable_drivers.xml' thread). I'm not familiar with a robust way to determine the presence of such a NIC without using specialized utilities that might not be installed on the system. I did a `grep net/wireless /lib/modules/$(uname -r)/modules.dep` to see if all wireless drivers maybe shared a common dependency but this is not the case. Also, I queried the device using udevadm for attributes unique to wireless cards but could not see anything obvious :
udevadm info --path=/sys/class/net/wlan0 --attribute-walk
looking at device '/devices/pci0000:00/0000:00:1c.1/0000:02:00.0/bcma0:0/net/wlan0': KERNEL=="wlan0" SUBSYSTEM=="net" DRIVER=="" ATTR{addr_assign_type}=="0" ATTR{addr_len}=="6" ATTR{dev_id}=="0x0" ATTR{ifalias}=="" ATTR{iflink}=="2" ATTR{ifindex}=="2" ATTR{type}=="1" ATTR{link_mode}=="1" ATTR{address}=="b8:8d:12:08:14:ea" ATTR{broadcast}=="ff:ff:ff:ff:ff:ff" ATTR{carrier}=="1" ATTR{dormant}=="0" ATTR{operstate}=="up" ATTR{mtu}=="1500" ATTR{flags}=="0x1003" ATTR{tx_queue_len}=="1000" ATTR{netdev_group}=="0"
udevadm info --path=/sys/class/net/eth0 --attribute-walk
looking at device '/devices/pci0000:00/0000:00:15.0/0000:03:00.0/net/eth0': KERNEL=="eth0" SUBSYSTEM=="net" DRIVER=="" ATTR{addr_assign_type}=="0" ATTR{addr_len}=="6" ATTR{dev_id}=="0x0" ATTR{ifalias}=="" ATTR{iflink}=="2" ATTR{ifindex}=="2" ATTR{features}=="0x118ba9" ATTR{type}=="1" ATTR{link_mode}=="0" ATTR{address}=="00:50:56:b5:00:12" ATTR{broadcast}=="ff:ff:ff:ff:ff:ff" ATTR{carrier}=="1" ATTR{speed}=="10000" ATTR{duplex}=="full" ATTR{dormant}=="0" ATTR{operstate}=="unknown" ATTR{mtu}=="1500" ATTR{flags}=="0x1003" ATTR{tx_queue_len}=="1000"
If anyone can give me a suggestion I'd be happy to spend more time on it.
Regards, Willem.
RHEL6/input/checks/wireless_disable_drivers.xml | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/RHEL6/input/checks/wireless_disable_drivers.xml b/RHEL6/input/checks/wireless_disable_drivers.xml index 9760f7c..129b308 100644 --- a/RHEL6/input/checks/wireless_disable_drivers.xml +++ b/RHEL6/input/checks/wireless_disable_drivers.xml @@ -21,7 +21,7 @@ </unix:file_test> <unix:file_object comment="all local files" id="object_wireless_disable_drivers" version="1">
- <unix:path operation="pattern
match">/lib/modules/.*/kernel/drivers/net/wireless</unix:path>
- <unix:path operation="pattern
match">^/lib/modules/.*/kernel/drivers/net/wireless</unix:path> <unix:filename operation="pattern match">.*</unix:filename> </unix:file_object>
</def-group>
No problem, thanks for the push.
On Mon, Sep 10, 2012 at 8:19 PM, Jeffrey Blank blank@eclipse.ncsc.mil wrote:
I just pushed this for you, sorry for the delay. This almost slipped through the cracks, please feel free to ping the list again if it seems anything has been forgotten.
That reminds me that Peter mentioned some oval-results validation problems that I still need to fix...
On 08/31/2012 02:49 AM, Willem Bos wrote:
Hi All,
The missing '^' in the regexp makes oscap 0.8.0 (from the RHEL6 repo) scan the whole filesystem. Credits to Gary Gapinsky for the quick fix.
Jeffrey suggested replacing the check by a version that would advice disabling the driver in /etc/modules.conf (see the 'oscap hangs on wireless_disable_drivers.xml' thread). I'm not familiar with a robust way to determine the presence of such a NIC without using specialized utilities that might not be installed on the system. I did a `grep net/wireless /lib/modules/$(uname -r)/modules.dep` to see if all wireless drivers maybe shared a common dependency but this is not the case. Also, I queried the device using udevadm for attributes unique to wireless cards but could not see anything obvious :
udevadm info --path=/sys/class/net/wlan0 --attribute-walk
looking at device '/devices/pci0000:00/0000:00:1c.1/0000:02:00.0/bcma0:0/net/wlan0': KERNEL=="wlan0" SUBSYSTEM=="net" DRIVER=="" ATTR{addr_assign_type}=="0" ATTR{addr_len}=="6" ATTR{dev_id}=="0x0" ATTR{ifalias}=="" ATTR{iflink}=="2" ATTR{ifindex}=="2" ATTR{type}=="1" ATTR{link_mode}=="1" ATTR{address}=="b8:8d:12:08:14:ea" ATTR{broadcast}=="ff:ff:ff:ff:ff:ff" ATTR{carrier}=="1" ATTR{dormant}=="0" ATTR{operstate}=="up" ATTR{mtu}=="1500" ATTR{flags}=="0x1003" ATTR{tx_queue_len}=="1000" ATTR{netdev_group}=="0"
udevadm info --path=/sys/class/net/eth0 --attribute-walk
looking at device '/devices/pci0000:00/0000:00:15.0/0000:03:00.0/net/eth0': KERNEL=="eth0" SUBSYSTEM=="net" DRIVER=="" ATTR{addr_assign_type}=="0" ATTR{addr_len}=="6" ATTR{dev_id}=="0x0" ATTR{ifalias}=="" ATTR{iflink}=="2" ATTR{ifindex}=="2" ATTR{features}=="0x118ba9" ATTR{type}=="1" ATTR{link_mode}=="0" ATTR{address}=="00:50:56:b5:00:12" ATTR{broadcast}=="ff:ff:ff:ff:ff:ff" ATTR{carrier}=="1" ATTR{speed}=="10000" ATTR{duplex}=="full" ATTR{dormant}=="0" ATTR{operstate}=="unknown" ATTR{mtu}=="1500" ATTR{flags}=="0x1003" ATTR{tx_queue_len}=="1000"
If anyone can give me a suggestion I'd be happy to spend more time on it.
Regards, Willem.
RHEL6/input/checks/wireless_disable_drivers.xml | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/RHEL6/input/checks/wireless_disable_drivers.xml b/RHEL6/input/checks/wireless_disable_drivers.xml index 9760f7c..129b308 100644 --- a/RHEL6/input/checks/wireless_disable_drivers.xml +++ b/RHEL6/input/checks/wireless_disable_drivers.xml @@ -21,7 +21,7 @@ </unix:file_test> <unix:file_object comment="all local files" id="object_wireless_disable_drivers" version="1">
- <unix:path operation="pattern
match">/lib/modules/.*/kernel/drivers/net/wireless</unix:path>
- <unix:path operation="pattern
match">^/lib/modules/.*/kernel/drivers/net/wireless</unix:path> <unix:filename operation="pattern match">.*</unix:filename> </unix:file_object>
</def-group>
-- ___________________________ Jeffrey Blank 410-854-8675 Technology and Systems Analysis / Network Components NSA Information Assurance _______________________________________________ scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
scap-security-guide@lists.fedorahosted.org
-
Jeffrey Blank -
Willem Bos