diff options
Diffstat (limited to 'xml/SCAP/gentoo-oval.xml')
| -rw-r--r-- | xml/SCAP/gentoo-oval.xml | 551 |
1 files changed, 534 insertions, 17 deletions
diff --git a/xml/SCAP/gentoo-oval.xml b/xml/SCAP/gentoo-oval.xml index 9fa2c1e..4fe52b9 100644 --- a/xml/SCAP/gentoo-oval.xml +++ b/xml/SCAP/gentoo-oval.xml @@ -1,17 +1,17 @@ <?xml version="1.0" encoding="UTF-8"?> <oval_definitions xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" - xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" - xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" - xmlns:lin-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" - xmlns:unix-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" - xmlns:ind-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" - xsi:schemaLocation=" - http://oval.mitre.org/XMLSchema/oval-definitions-5 oval-definitions-schema.xsd - http://oval.mitre.org/XMLSchema/oval-definitions-5#linux linux-definitions-schema.xsd - http://oval.mitre.org/XMLSchema/oval-definitions-5#unix unix-definitions-schema.xsd - http://oval.mitre.org/XMLSchema/oval-definitions-5#independent independent-definitions-schema.xsd - http://standards.iso.org/iso/19770/-2/2009/schema.xsd schema.xsd"> + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" + xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" + xmlns:lin-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" + xmlns:unix-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" + xmlns:ind-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" + xsi:schemaLocation=" + http://oval.mitre.org/XMLSchema/oval-definitions-5 oval-definitions-schema.xsd + http://oval.mitre.org/XMLSchema/oval-definitions-5#linux linux-definitions-schema.xsd + http://oval.mitre.org/XMLSchema/oval-definitions-5#unix unix-definitions-schema.xsd + http://oval.mitre.org/XMLSchema/oval-definitions-5#independent independent-definitions-schema.xsd + http://standards.iso.org/iso/19770/-2/2009/schema.xsd schema.xsd"> <generator> <oval:product_name>OVAL Gentoo Linux</oval:product_name> @@ -46,7 +46,7 @@ <reference source="CCE" ref_url="http://nvd.nist.gov/cce/index.cfm" ref_id="CCE-14559-9"/> <description> This definition tests whether the /home location is a separate file - system. + system. </description> </metadata> <criteria operator="AND"> @@ -62,7 +62,7 @@ </affected> <description> This definition tests whether the /home partition is mounted with the nosuid - mount option. + mount option. </description> </metadata> <criteria operator="AND"> @@ -79,7 +79,7 @@ </affected> <description> This definition tests whether the /home partition is mounted with the nodev - mount option. + mount option. </description> </metadata> <criteria operator="AND"> @@ -97,7 +97,7 @@ <reference source="CCE" ref_url="http://nvd.nist.gov/cce/index.cfm" ref_id="CCE-14161-4"/> <description> This definition tests whether the /tmp location is a separate file - system. + system. </description> </metadata> <criteria operator="AND"> @@ -105,7 +105,297 @@ </criteria> </definition> + <definition id="oval:org.gentoo.dev.swift:def:6" version="1" class="compliance"> + <metadata> + <title>The /var location must be a separate file system</title> + <affected family="unix"> + <platform>Gentoo Linux</platform> + </affected> + <reference source="CCE" ref_url="http://nvd.nist.gov/cce/index.cfm" ref_id="CCE-14777-7"/> + <description> + This definition tests whether the /var location is a separate file + system. + </description> + </metadata> + <criteria operator="AND"> + <criterion test_ref="oval:org.gentoo.dev.swift:tst:6" comment="The /var location is on a separate partition" /> + </criteria> + </definition> + + <definition id="oval:org.gentoo.dev.swift:def:7" version="1" class="compliance"> + <metadata> + <title>The /var/log location must be a separate file system</title> + <affected family="unix"> + <platform>Gentoo Linux</platform> + </affected> + <reference source="CCE" ref_url="http://nvd.nist.gov/cce/index.cfm" ref_id="CCE-14011-1"/> + <description> + This definition tests whether the /var/log location is a separate file + system. + </description> + </metadata> + <criteria operator="AND"> + <criterion test_ref="oval:org.gentoo.dev.swift:tst:7" comment="The /var/log location is on a separate partition" /> + </criteria> + </definition> + + <definition id="oval:org.gentoo.dev.swift:def:8" version="1" class="compliance"> + <metadata> + <title>The /var/log/audit location must be a separate file system</title> + <affected family="unix"> + <platform>Gentoo Linux</platform> + </affected> + <reference source="CCE" ref_url="http://nvd.nist.gov/cce/index.cfm" ref_id="CCE-14171-3"/> + <description> + This definition tests whether the /var/log/audit location is a separate file + system. + </description> + </metadata> + <criteria operator="AND"> + <criterion test_ref="oval:org.gentoo.dev.swift:tst:8" comment="The /var/log/audit location is on a separate partition" /> + </criteria> + </definition> + + <definition id="oval:org.gentoo.dev.swift:def:9" version="1" class="compliance"> + <metadata> + <title>The /var file system is mounted with the nodev option</title> + <affected family="unix"> + <platform>Gentoo Linux</platform> + </affected> + <reference source="CCE" ref_url="http://nvd.nist.gov/cce/index.cfm" ref_id="CCE-4249-9"/> + <description> + This definition tests whether the /var partition is mounted with the nodev + mount option. + </description> + </metadata> + <criteria operator="AND"> + <criterion test_ref="oval:org.gentoo.dev.swift:tst:6" comment="The /var location is on a separate partition" /> + <criterion test_ref="oval:org.gentoo.dev.swift:tst:9" comment="The /var partition is mounted with nodev mount option" /> + </criteria> + </definition> + + <definition id="oval:org.gentoo.dev.swift:def:10" version="1" class="compliance"> + <metadata> + <title>The /var/log file system is mounted with the nodev option</title> + <affected family="unix"> + <platform>Gentoo Linux</platform> + </affected> + <reference source="CCE" ref_url="http://nvd.nist.gov/cce/index.cfm" ref_id="CCE-4249-9"/> + <description> + This definition tests whether the /var/log partition is mounted with the nodev + mount option. + </description> + </metadata> + <criteria operator="AND"> + <criterion test_ref="oval:org.gentoo.dev.swift:tst:7" comment="The /var/log location is on a separate partition" /> + <criterion test_ref="oval:org.gentoo.dev.swift:tst:10" comment="The /var/log partition is mounted with nodev mount option" /> + </criteria> + </definition> + + <definition id="oval:org.gentoo.dev.swift:def:11" version="1" class="compliance"> + <metadata> + <title>The /var/log/audit file system is mounted with the nodev option</title> + <affected family="unix"> + <platform>Gentoo Linux</platform> + </affected> + <reference source="CCE" ref_url="http://nvd.nist.gov/cce/index.cfm" ref_id="CCE-4249-9"/> + <description> + This definition tests whether the /var/log/audit partition is mounted with the nodev + mount option. + </description> + </metadata> + <criteria operator="AND"> + <criterion test_ref="oval:org.gentoo.dev.swift:tst:8" comment="The /var/log/audit location is on a separate partition" /> + <criterion test_ref="oval:org.gentoo.dev.swift:tst:11" comment="The /var/log/audit partition is mounted with nodev mount option" /> + </criteria> + </definition> + + <definition id="oval:org.gentoo.dev.swift:def:12" version="1" class="compliance"> + <metadata> + <title>The /tmp file system is mounted with the nodev option</title> + <affected family="unix"> + <platform>Gentoo Linux</platform> + </affected> + <reference source="CCE" ref_url="http://nvd.nist.gov/cce/index.cfm" ref_id="CCE-4249-9"/> + <description> + This definition tests whether the /tmp partition is mounted with the nodev + mount option. + </description> + </metadata> + <criteria operator="AND"> + <criterion test_ref="oval:org.gentoo.dev.swift:tst:5" comment="The /var/log/audit location is on a separate partition" /> + <criterion test_ref="oval:org.gentoo.dev.swift:tst:12" comment="The /var/log/audit partition is mounted with nodev mount option" /> + </criteria> + </definition> + + <definition id="oval:org.gentoo.dev.swift:def:13" version="1" class="compliance"> + <metadata> + <title>The /tmp file system is mounted with the nosuid option</title> + <affected family="unix"> + <platform>Gentoo Linux</platform> + </affected> + <reference source="CCE" ref_url="http://nvd.nist.gov/cce/index.cfm" ref_id="CCE-14940-1"/> + <description> + This definition tests whether the /tmp partition is mounted with the nosuid + mount option. + </description> + </metadata> + <criteria operator="AND"> + <criterion test_ref="oval:org.gentoo.dev.swift:tst:5" comment="The /tmp location is on a separate partition" /> + <criterion test_ref="oval:org.gentoo.dev.swift:tst:13" comment="The /tmp partition is mounted with nosuid mount option" /> + </criteria> + </definition> + + <definition id="oval:org.gentoo.dev.swift:def:14" version="1" class="compliance"> + <metadata> + <title>The /dev/shm file system is mounted with the nosuid option</title> + <affected family="unix"> + <platform>Gentoo Linux</platform> + </affected> + <reference source="CCE" ref_url="http://nvd.nist.gov/cce/index.cfm" ref_id="CCE-14306-5"/> + <description> + This definition tests whether the /dev/shm partition is mounted with the nosuid + mount option. + </description> + </metadata> + <criteria operator="AND"> + <criterion test_ref="oval:org.gentoo.dev.swift:tst:14" comment="The /dev/shm location is a separate file system" /> + <criterion test_ref="oval:org.gentoo.dev.swift:tst:15" comment="The /dev/shm file system is mounted with nosuid mount option" /> + </criteria> + </definition> + + <definition id="oval:org.gentoo.dev.swift:def:15" version="1" class="compliance"> + <metadata> + <title>The /tmp file system is mounted with the noexec option</title> + <affected family="unix"> + <platform>Gentoo Linux</platform> + </affected> + <reference source="CCE" ref_url="http://nvd.nist.gov/cce/index.cfm" ref_id="CCE-14927-8"/> + <description> + This definition tests whether the /tmp partition is mounted with the noexec + mount option. + </description> + </metadata> + <criteria operator="AND"> + <criterion test_ref="oval:org.gentoo.dev.swift:tst:5" comment="The /tmp location is on a separate partition" /> + <criterion test_ref="oval:org.gentoo.dev.swift:tst:16" comment="The /tmp partition is mounted with noexec mount option" /> + </criteria> + </definition> + + <definition id="oval:org.gentoo.dev.swift:def:16" version="1" class="compliance"> + <metadata> + <title>The /dev/shm file system is mounted with the noexec option</title> + <affected family="unix"> + <platform>Gentoo Linux</platform> + </affected> + <reference source="CCE" ref_url="http://nvd.nist.gov/cce/index.cfm" ref_id="CCE-14703-3"/> + <description> + This definition tests whether the /dev/shm partition is mounted with the noexec + mount option. + </description> + </metadata> + <criteria operator="AND"> + <criterion test_ref="oval:org.gentoo.dev.swift:tst:14" comment="The /dev/shm location is a separate file system" /> + <criterion test_ref="oval:org.gentoo.dev.swift:tst:17" comment="The /dev/shm file system is mounted with nosuid mount option" /> + </criteria> + </definition> + + <definition id="oval:org.gentoo.dev.swift:def:17" version="1" class="compliance"> + <metadata> + <title>The /var/tmp location is on a separate file system</title> + <affected family="unix"> + <platform>Gentoo Linux</platform> + </affected> + <reference source="CCE" ref_url="http://nvd.nist.gov/cce/index.cfm" ref_id="CCE-14584-7"/> + <description> + This definition tests whether the /var/tmp location is on its own file system. + </description> + </metadata> + <criteria operator="AND"> + <criterion test_ref="oval:org.gentoo.dev.swift:tst:18" comment="The /var/tmp location is a separate file system" /> + </criteria> + </definition> + + <definition id="oval:org.gentoo.dev.swift:def:18" version="1" class="compliance"> + <metadata> + <title>The kernel is build with quota support (CONFIG_QUOTA)</title> + <affected family="unix"> + <platform>Gentoo Linux</platform> + </affected> + <description> + This definition tests whether the Linux kernel is build with quota support (CONFIG_QUOTA). + </description> + </metadata> + <criteria> + <criterion test_ref="oval:org.gentoo.dev.swift:tst:19" comment="The Linux kernel is build with CONFIG_QUOTA" /> + </criteria> + </definition> + + <definition id="oval:org.gentoo.dev.swift:def:19" version="1" class="compliance"> + <metadata> + <title>No process matching "telnetd" is running</title> + <affected family="unix"> + <platform>Gentoo Linux</platform> + </affected> + <reference source="CCE" ref_url="http://nvd.nist.gov/cce/index.cfm" ref_id="CCE-3390-2" /> + <description> + This definition tests if no telnet daemon processes are running. + </description> + </metadata> + <criteria> + <criterion test_ref="oval:org.gentoo.dev.swift:tst:20" comment="No telnet daemons are running" /> + </criteria> + </definition> + <definition id="oval:org.gentoo.dev.swift:def:20" version="1" class="compliance"> + <metadata> + <title>No process matching "ftpd" is running</title> + <affected family="unix"> + <platform>Gentoo Linux</platform> + </affected> + <reference source="CCE" ref_url="http://nvd.nist.gov/cce/index.cfm" ref_id="CCE-4273-9" /> + <description> + This definition tests if no FTP daemon processes are running. + </description> + </metadata> + <criteria> + <criterion test_ref="oval:org.gentoo.dev.swift:tst:21" comment="No FTP daemons are running" /> + </criteria> + </definition> + + <definition id="oval:org.gentoo.dev.swift:def:21" version="1" class="compliance"> + <metadata> + <title>rc.conf's rc_shell should be set to /sbin/sulogin</title> + <affected family="unix"> + <platform>Gentoo Linux</platform> + </affected> + <reference source="CCE" ref_url="http://nvd.nist.gov/cce/index.cfm" ref_id="CCE-4241-6" /> + <description> + This definition tests if rc_shell in /etc/rc.conf is set to /sbin/sulogin, ensuring + that single user boots still require the root password to be provided. + </description> + </metadata> + <criteria> + <criterion test_ref="oval:org.gentoo.dev.swift:tst:22" comment="/etc/rc.conf rc_shell is set to /sbin/sulogin" /> + </criteria> + </definition> + + <definition id="oval:org.gentoo.dev.swift:def:22" version="1" class="compliance"> + <metadata> + <title>Single user definitions in inittab should only refer to '/sbin/rc single' or '/sbin/sulogin'</title> + <affected family="unix"> + <platform>Gentoo Linux</platform> + </affected> + <reference source="CCE" ref_url="http://nvd.nist.gov/cce/index.cfm" ref_id="CCE-4241-6" /> + <description> + This definition tests if /etc/inittab single user login settings only refers + to '/sbin/rc single' or '/sbin/sulogin'. + </description> + </metadata> + <criteria> + <criterion test_ref="oval:org.gentoo.dev.swift:tst:23" comment="/etc/inittab single user settings refers only to '/sbin/rc single' or '/sbin/sulogin'" /> + </criteria> + </definition> </definitions> <tests> @@ -145,9 +435,158 @@ <lin-def:partition_test id="oval:org.gentoo.dev.swift:tst:5" version="1" check="all" check_existence="all_exist" comment="Tests that /tmp is a separate file system"> - <!-- /home partition --> + <!-- /tmp partition --> + <lin-def:object object_ref="oval:org.gentoo.dev.swift:obj:3" /> + </lin-def:partition_test> + + <lin-def:partition_test id="oval:org.gentoo.dev.swift:tst:6" + version="1" check="all" check_existence="all_exist" + comment="Tests that /var is a separate file system"> + <!-- /var partition --> + <lin-def:object object_ref="oval:org.gentoo.dev.swift:obj:4" /> + </lin-def:partition_test> + + <lin-def:partition_test id="oval:org.gentoo.dev.swift:tst:7" + version="1" check="all" check_existence="all_exist" + comment="Tests that /var/log is a separate file system"> + <!-- /var/log partition --> + <lin-def:object object_ref="oval:org.gentoo.dev.swift:obj:5" /> + </lin-def:partition_test> + + <lin-def:partition_test id="oval:org.gentoo.dev.swift:tst:8" + version="1" check="all" check_existence="all_exist" + comment="Tests that /var/log/audit is a separate file system"> + <!-- /var/log/audit partition --> + <lin-def:object object_ref="oval:org.gentoo.dev.swift:obj:6" /> + </lin-def:partition_test> + + <lin-def:partition_test id="oval:org.gentoo.dev.swift:tst:9" + version="1" check="all" check_existence="all_exist" + comment="Tests that /var is mounted with nodev option"> + <!-- /var partition --> + <lin-def:object object_ref="oval:org.gentoo.dev.swift:obj:4" /> + <!-- "nodev" mount option --> + <lin-def:state state_ref="oval:org.gentoo.dev.swift:ste:2" /> + </lin-def:partition_test> + + <lin-def:partition_test id="oval:org.gentoo.dev.swift:tst:10" + version="1" check="all" check_existence="all_exist" + comment="Tests that /var/log is mounted with nodev option"> + <!-- /var/log partition --> + <lin-def:object object_ref="oval:org.gentoo.dev.swift:obj:5" /> + <!-- "nodev" mount option --> + <lin-def:state state_ref="oval:org.gentoo.dev.swift:ste:2" /> + </lin-def:partition_test> + + <lin-def:partition_test id="oval:org.gentoo.dev.swift:tst:11" + version="1" check="all" check_existence="all_exist" + comment="Tests that /var/log/audit is mounted with nodev option"> + <!-- /var/log/audit partition --> + <lin-def:object object_ref="oval:org.gentoo.dev.swift:obj:6" /> + <!-- "nodev" mount option --> + <lin-def:state state_ref="oval:org.gentoo.dev.swift:ste:2" /> + </lin-def:partition_test> + + <lin-def:partition_test id="oval:org.gentoo.dev.swift:tst:12" + version="1" check="all" check_existence="all_exist" + comment="Tests that /tmp is mounted with nodev option"> + <!-- /tmp partition --> + <lin-def:object object_ref="oval:org.gentoo.dev.swift:obj:2" /> + <!-- "nodev" mount option --> + <lin-def:state state_ref="oval:org.gentoo.dev.swift:ste:2" /> + </lin-def:partition_test> + + <lin-def:partition_test id="oval:org.gentoo.dev.swift:tst:13" + version="1" check="all" check_existence="all_exist" + comment="Tests that /tmp is mounted with nosuid option"> + <!-- /tmp partition --> + <lin-def:object object_ref="oval:org.gentoo.dev.swift:obj:2" /> + <!-- "nosuid" mount option --> + <lin-def:state state_ref="oval:org.gentoo.dev.swift:ste:1" /> + </lin-def:partition_test> + + <lin-def:partition_test id="oval:org.gentoo.dev.swift:tst:14" + version="1" check="all" check_existence="all_exist" + comment="Tests that /dev/shm is a separate file system"> + <!-- /dev/shm file system --> + <lin-def:object object_ref="oval:org.gentoo.dev.swift:obj:7" /> + </lin-def:partition_test> + + <lin-def:partition_test id="oval:org.gentoo.dev.swift:tst:15" + version="1" check="all" check_existence="all_exist" + comment="Tests that /dev/shm is mounted with nosuid option"> + <!-- /dev/shm file system --> + <lin-def:object object_ref="oval:org.gentoo.dev.swift:obj:7" /> + <!-- "nosuid" mount option --> + <lin-def:state state_ref="oval:org.gentoo.dev.swift:ste:1" /> + </lin-def:partition_test> + + <lin-def:partition_test id="oval:org.gentoo.dev.swift:tst:16" + version="1" check="all" check_existence="all_exist" + comment="Tests that /tmp is mounted with noexec option"> + <!-- /tmp file system --> <lin-def:object object_ref="oval:org.gentoo.dev.swift:obj:3" /> + <!-- "noexec" mount option --> + <lin-def:state state_ref="oval:org.gentoo.dev.swift:ste:3" /> </lin-def:partition_test> + + <lin-def:partition_test id="oval:org.gentoo.dev.swift:tst:17" + version="1" check="all" check_existence="all_exist" + comment="Tests that /dev/shm is mounted with noexec option"> + <!-- /dev/shm file system --> + <lin-def:object object_ref="oval:org.gentoo.dev.swift:obj:7" /> + <!-- "noexec" mount option --> + <lin-def:state state_ref="oval:org.gentoo.dev.swift:ste:3" /> + </lin-def:partition_test> + + <lin-def:partition_test id="oval:org.gentoo.dev.swift:tst:18" + version="1" check="all" check_existence="all_exist" + comment="Tests that /var/tmp is on its own file system"> + <!-- /var/tmp file system --> + <lin-def:object object_ref="oval:org.gentoo.dev.swift:obj:8" /> + </lin-def:partition_test> + + <ind-def:textfilecontent54_test id="oval:org.gentoo.dev.swift:tst:19" + version="1" check="at least one" check_existence="at_least_one_exists" + comment="Tests that CONFIG_QUOTA is in the kernel configuration"> + <!-- The file containing kernel configuration --> + <ind-def:object object_ref="oval:org.gentoo.dev.swift:obj:9" /> + <!-- Match for "^CONFIG_QUOTA=[ym]" --> + <ind-def:state state_ref="oval:org.gentoo.dev.swift:ste:4" /> + </ind-def:textfilecontent54_test> + + <unix-def:process58_test id="oval:org.gentoo.dev.swift:tst:20" + version="1" check="all" check_existence="none_exist" + comment="Tests that no telnet daemons are running"> + <!-- Process matching "telnetd" --> + <unix-def:object object_ref="oval:org.gentoo.dev.swift:obj:10" /> + </unix-def:process58_test> + + <unix-def:process58_test id="oval:org.gentoo.dev.swift:tst:21" + version="1" check="all" check_existence="none_exist" + comment="Tests that no FTP daemons are running"> + <!-- Process matching "ftpd" --> + <unix-def:object object_ref="oval:org.gentoo.dev.swift:obj:11" /> + </unix-def:process58_test> + + <ind-def:textfilecontent54_test id="oval:org.gentoo.dev.swift:tst:22" + version="1" check="at least one" check_existence="all_exist" + comment="Tests that rc_shell in /etc/rc.conf is set to /sbin/sulogin"> + <!-- The variable settings in /etc/rc.conf --> + <ind-def:object object_ref="oval:org.gentoo.dev.swift:obj:12" /> + <!-- Match for rc_shell=/sbin/sulogin --> + <ind-def:state state_ref="oval:org.gentoo.dev.swift:ste:5" /> + </ind-def:textfilecontent54_test> + + <ind-def:textfilecontent54_test id="oval:org.gentoo.dev.swift:tst:23" + version="1" check="all" check_existence="at_least_one_exists" + comment="Tests that single-user boot only triggers '/sbin/rc single' or '/sbin/sulogin'"> + <!-- The single-user boot rules in /etc/inittab --> + <ind-def:object object_ref="oval:org.gentoo.dev.swift:obj:13" /> + <!-- The '/sbin/rc single' or '/sbin/sulogin' matches --> + <ind-def:state state_ref="oval:org.gentoo.dev.swift:ste:6" /> + </ind-def:textfilecontent54_test> + </tests> <objects> @@ -167,6 +606,64 @@ <lin-def:mount_point>/tmp</lin-def:mount_point> </lin-def:partition_object> + <lin-def:partition_object id="oval:org.gentoo.dev.swift:obj:4" + version="1" comment="The /var partition"> + <lin-def:mount_point>/var</lin-def:mount_point> + </lin-def:partition_object> + + <lin-def:partition_object id="oval:org.gentoo.dev.swift:obj:5" + version="1" comment="The /var/log partition"> + <lin-def:mount_point>/var/log</lin-def:mount_point> + </lin-def:partition_object> + + <lin-def:partition_object id="oval:org.gentoo.dev.swift:obj:6" + version="1" comment="The /var/log/audit partition"> + <lin-def:mount_point>/var/log/audit</lin-def:mount_point> + </lin-def:partition_object> + + <lin-def:partition_object id="oval:org.gentoo.dev.swift:obj:7" + version="1" comment="The /dev/shm file system"> + <lin-def:mount_point>/dev/shm</lin-def:mount_point> + </lin-def:partition_object> + + <lin-def:partition_object id="oval:org.gentoo.dev.swift:obj:8" + version="1" comment="The /var/tmp file system"> + <lin-def:mount_point>/var/tmp</lin-def:mount_point> + </lin-def:partition_object> + + <ind-def:textfilecontent54_object id="oval:org.gentoo.dev.swift:obj:9" + version="1" comment="The file containing kernel configuration"> + <ind-def:filepath>/usr/src/linux/.config</ind-def:filepath> + <ind-def:pattern operation="pattern match">^CONFIG_.*</ind-def:pattern> + <ind-def:instance operation="greater than or equal" datatype="int">1</ind-def:instance> + </ind-def:textfilecontent54_object> + + <unix-def:process58_object id="oval:org.gentoo.dev.swift:obj:10" + version="1" comment="Process matching telnetd in its command name"> + <unix-def:command_line operation="pattern match">.*[Tt][Ee][Ll][Nn][Ee][Tt][Dd].*</unix-def:command_line> + <unix-def:pid datatype="int" operation="greater than">0</unix-def:pid> + </unix-def:process58_object> + + <unix-def:process58_object id="oval:org.gentoo.dev.swift:obj:11" + version="1" comment="Process matching ftpd in its command name"> + <unix-def:command_line operation="pattern match">.*[Ff][Tt][Pp][Dd].*</unix-def:command_line> + <unix-def:pid datatype="int" operation="greater than">0</unix-def:pid> + </unix-def:process58_object> + + <ind-def:textfilecontent54_object id="oval:org.gentoo.dev.swift:obj:12" + version="1" comment="The /etc/rc.conf variable declarations"> + <ind-def:filepath>/etc/rc.conf</ind-def:filepath> + <ind-def:pattern operation="pattern match">^[[:space:]]*[\S]+[[:space:]]*=[[:space:]]*[\S]+</ind-def:pattern> + <ind-def:instance operation="greater than or equal" datatype="int">1</ind-def:instance> + </ind-def:textfilecontent54_object> + + <ind-def:textfilecontent54_object id="oval:org.gentoo.dev.swift:obj:13" + version="1" comment="The /etc/inittab contents"> + <ind-def:filepath>/etc/inittab</ind-def:filepath> + <ind-def:pattern operation="pattern match">^[\S]+:S:[\S]+:.*</ind-def:pattern> + <ind-def:instance operation="greater than or equal" datatype="int">1</ind-def:instance> + </ind-def:textfilecontent54_object> + </objects> <states> @@ -181,6 +678,26 @@ <lin-def:mount_options entity_check="at least one">nodev</lin-def:mount_options> </lin-def:partition_state> + <lin-def:partition_state id="oval:org.gentoo.dev.swift:ste:3" + version="1" comment="The file system is mounted with the noexec mount option"> + <lin-def:mount_options entity_check="at least one">noexec</lin-def:mount_options> + </lin-def:partition_state> + + <ind-def:textfilecontent54_state id="oval:org.gentoo.dev.swift:ste:4" + version="1" comment="Matching ^CONFIG_QUOTA=[ym]"> + <ind-def:text datatype="string" operation="pattern match" entity_check="all">^CONFIG_QUOTA=[ym]</ind-def:text> + </ind-def:textfilecontent54_state> + + <ind-def:textfilecontent54_state id="oval:org.gentoo.dev.swift:ste:5" + version="1" comment="Matching rc_shell=/sbin/sulogin"> + <ind-def:text datatype="string" operation="pattern match" entity_check="all">rc_shell[[:space:]]*=[[:space:]]*["]?/sbin/sulogin["]?</ind-def:text> + </ind-def:textfilecontent54_state> + + <ind-def:textfilecontent54_state id="oval:org.gentoo.dev.swift:ste:6" + version="1" comment="Single user boot lines may only match '/sbin/rc single' or '/sbin/sulogin'"> + <ind-def:text datatype="string" operation="pattern match" entity_check="all">su[[:digit:]]+:S:[\S]+:(/sbin/rc single|/sbin/sulogin)</ind-def:text> + </ind-def:textfilecontent54_state> + </states> <!-- |