skyler / rpms / scap-security-guide

Forked from rpms/scap-security-guide 3 years ago
Clone
Source Code
GIT

Files

  1.   0d5c1071ad2a95875eb936dc89d01b07d25105ff
  2.   SOURCES
  3.   scap-security-guide-0.1.44-cpe-gdm.patch
Blob Blame History Raw 
From 2e3cd7e8930b2456cbc6e182aa9a9f700ea9fa69 Mon Sep 17 00:00:00 2001
From: Watson Sato <wsato@redhat.com>
Date: Wed, 10 Apr 2019 15:41:56 +0200
Subject: [PATCH] Add GDM CPE and mark GNOME group

---
 .../gui_login_banner/group.yml                |  2 +
 .../guide/system/software/gnome/group.yml     |  2 +
 rhel7/cpe/rhel7-cpe-dictionary.xml            |  5 +++
 .../oval/installed_env_has_gdm_package.xml    | 37 +++++++++++++++++++
 ssg/constants.py                              |  1 +
 5 files changed, 47 insertions(+)
 create mode 100644 shared/checks/oval/installed_env_has_gdm_package.xml

diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/group.yml b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/group.yml
index 3ee83be305..006177b16e 100644
--- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/group.yml
+++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/group.yml
@@ -9,3 +9,5 @@ description: |-
     displayed in this graphical environment for these users.
     The following sections describe how to configure the GDM login
     banner.
+
+platform: gdm
diff --git a/linux_os/guide/system/software/gnome/group.yml b/linux_os/guide/system/software/gnome/group.yml
index 914431adb1..54d9dc547a 100644
--- a/linux_os/guide/system/software/gnome/group.yml
+++ b/linux_os/guide/system/software/gnome/group.yml
@@ -12,3 +12,5 @@ description: |-
     Red Hat Graphical environment.
     <br /><br />
     For more information on GNOME and the GNOME Project, see <b>{{{ weblink(link="https://www.gnome.org") }}}</b>.
+
+platform: gdm
diff --git a/rhel7/cpe/rhel7-cpe-dictionary.xml b/rhel7/cpe/rhel7-cpe-dictionary.xml
index d64c18e846..b6bc8b4e53 100644
--- a/rhel7/cpe/rhel7-cpe-dictionary.xml
+++ b/rhel7/cpe/rhel7-cpe-dictionary.xml
@@ -47,6 +47,11 @@
             <!-- the check references an OVAL file that contains an inventory definition -->
             <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_is_a_machine</check>
       </cpe-item>
+      <cpe-item name="cpe:/a:gdm">
+            <title xml:lang="en-us">Package gdm is installed</title>
+            <!-- the check references an OVAL file that contains an inventory definition -->
+            <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_gdm_package</check>
+      </cpe-item>
       <cpe-item name="cpe:/a:libuser">
             <title xml:lang="en-us">Package libuser is installed</title>
             <!-- the check references an OVAL file that contains an inventory definition -->
diff --git a/shared/checks/oval/installed_env_has_gdm_package.xml b/shared/checks/oval/installed_env_has_gdm_package.xml
new file mode 100644
index 0000000000..57fb7a655c
--- /dev/null
+++ b/shared/checks/oval/installed_env_has_gdm_package.xml
@@ -0,0 +1,37 @@
+<def-group>
+  <definition class="inventory"
+  id="installed_env_has_gdm_package" version="1">
+    <metadata>
+      <title>Package gdm is installed</title>
+      <affected family="unix">
+        <platform>multi_platform_all</platform>
+      </affected>
+      <description>Checks if package gdm is installed.</description>
+      <reference ref_id="cpe:/a:gdm" source="CPE" />
+    </metadata>
+    <criteria>
+      <criterion comment="Package gdm is installed" test_ref="test_env_has_gdm_installed" />
+    </criteria>
+  </definition>
+
+{{% if pkg_system == "rpm" %}}
+  <linux:rpminfo_test check="all" check_existence="at_least_one_exists"
+  id="test_env_has_gdm_installed" version="1"
+  comment="system has package gdm installed">
+    <linux:object object_ref="obj_env_has_gdm_installed" />
+  </linux:rpminfo_test>
+  <linux:rpminfo_object id="obj_env_has_gdm_installed" version="1">
+    <linux:name>gdm</linux:name>
+  </linux:rpminfo_object>
+{{% elif pkg_system == "dpkg" %}}
+  <linux:dpkginfo_test check="all" check_existence="all_exist"
+  id="test_env_has_gdm_installed" version="1"
+  comment="system has package gdm installed">
+    <linux:object object_ref="obj_env_has_gdm_installed" />
+  </linux:dpkginfo_test>
+  <linux:dpkginfo_object id="obj_env_has_gdm_installed" version="1">
+    <linux:name>gdm</linux:name>
+  </linux:dpkginfo_object>
+{{% endif %}}
+
+</def-group>
diff --git a/ssg/constants.py b/ssg/constants.py
index 94d9d8c180..6e4fd3c741 100644
--- a/ssg/constants.py
+++ b/ssg/constants.py
@@ -376,6 +376,7 @@
 XCCDF_PLATFORM_TO_CPE = {
     "machine": "cpe:/a:machine",
     "container": "cpe:/a:container",
+    "gdm": "cpe:/a:gdm",
     "libuser": "cpe:/a:libuser",
     "nss-pam-ldapd": "cpe:/a:nss-pam-ldapd",
     "pam": "cpe:/a:pam",

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation