From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-651223-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id 194F21387B3
	for <garchives@archives.gentoo.org>; Fri, 20 Dec 2013 13:56:06 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 01199E0AED;
	Fri, 20 Dec 2013 13:56:05 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	(using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 36ACAE0AEC
	for <gentoo-commits@lists.gentoo.org>; Fri, 20 Dec 2013 13:56:04 +0000 (UTC)
Received: from hornbill.gentoo.org (hornbill.gentoo.org [94.100.119.163])
	(using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id D81DD33F66B
	for <gentoo-commits@lists.gentoo.org>; Fri, 20 Dec 2013 13:56:02 +0000 (UTC)
Received: from localhost.localdomain (localhost [127.0.0.1])
	by hornbill.gentoo.org (Postfix) with ESMTP id 88426E579A
	for <gentoo-commits@lists.gentoo.org>; Fri, 20 Dec 2013 13:56:01 +0000 (UTC)
From: "Sven Vermeulen" <swift@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" <swift@gentoo.org>
Message-ID: <1387546356.690de9d64b0e276bd79bc0201bd6659d63ffdf5a.swift@gentoo>
Subject: [gentoo-commits] proj/hardened-docs:master commit in: xml/SCAP/
X-VCS-Repository: proj/hardened-docs
X-VCS-Files: xml/SCAP/gentoo-oval.xml xml/SCAP/gentoo-xccdf.xml
X-VCS-Directories: xml/SCAP/
X-VCS-Committer: swift
X-VCS-Committer-Name: Sven Vermeulen
X-VCS-Revision: 690de9d64b0e276bd79bc0201bd6659d63ffdf5a
X-VCS-Branch: master
Date: Fri, 20 Dec 2013 13:56:01 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Archives-Salt: f963df2c-3a2b-4333-b959-f0ac94791174
X-Archives-Hash: a963b145906d2b3aadc83392eee3dad5

commit:     690de9d64b0e276bd79bc0201bd6659d63ffdf5a
Author:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Fri Dec 20 13:32:36 2013 +0000
Commit:     Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Fri Dec 20 13:32:36 2013 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-docs.git;a=commit;h=690de9d6

Add test for global USE flag declarations (ssl, tcpd, pam)

---
 xml/SCAP/gentoo-oval.xml  | 94 +++++++++++++++++++++++++++++++++++++++++++++++
 xml/SCAP/gentoo-xccdf.xml | 33 +++++++++++++++++
 2 files changed, 127 insertions(+)

diff --git a/xml/SCAP/gentoo-oval.xml b/xml/SCAP/gentoo-oval.xml
index 3fb4adb..8e64c26 100644
--- a/xml/SCAP/gentoo-oval.xml
+++ b/xml/SCAP/gentoo-oval.xml
@@ -457,6 +457,51 @@
     </criteria>
   </definition>
 
+  <definition id="oval:org.gentoo.dev.swift:def:27" version="1" class="compliance">
+    <metadata>
+      <title>In make.conf 'pam' is declared as a global USE flag</title>
+      <affected family="unix">
+        <platform>Gentoo Linux</platform>
+      </affected>
+      <description>
+        The USE declaration in make.conf should have 'pam' set as a global USE flag.
+      </description>
+    </metadata>
+    <criteria>
+      <criterion test_ref="oval:org.gentoo.dev.swift:tst:28" comment="'pam' is set as a global USE flag in make.conf" />
+    </criteria>
+  </definition>
+
+  <definition id="oval:org.gentoo.dev.swift:def:28" version="1" class="compliance">
+    <metadata>
+      <title>In make.conf 'tcpd' is declared as a global USE flag</title>
+      <affected family="unix">
+        <platform>Gentoo Linux</platform>
+      </affected>
+      <description>
+        The USE declaration in make.conf should have 'tcpd' set as a global USE flag.
+      </description>
+    </metadata>
+    <criteria>
+      <criterion test_ref="oval:org.gentoo.dev.swift:tst:29" comment="'tcpd' is set as a global USE flag in make.conf" />
+    </criteria>
+  </definition>
+
+  <definition id="oval:org.gentoo.dev.swift:def:29" version="1" class="compliance">
+    <metadata>
+      <title>In make.conf 'ssl' is declared as a global USE flag</title>
+      <affected family="unix">
+        <platform>Gentoo Linux</platform>
+      </affected>
+      <description>
+        The USE declaration in make.conf should have 'ssl' set as a global USE flag.
+      </description>
+    </metadata>
+    <criteria>
+      <criterion test_ref="oval:org.gentoo.dev.swift:tst:30" comment="'ssl' is set as a global USE flag in make.conf" />
+    </criteria>
+  </definition>
+
 </definitions>
 
 <tests>
@@ -680,6 +725,33 @@
     <lin-def:state state_ref="oval:org.gentoo.dev.swift:ste:7" />
   </lin-def:partition_test>
 
+  <ind-def:textfilecontent54_test id="oval:org.gentoo.dev.swift:tst:28"
+    version="1" check="at least one" check_existence="all_exist"
+    comment="Tests that 'pam' is set as a global USE flag in make.conf">
+    <!-- USE declaration in make.conf -->
+    <ind-def:object object_ref="oval:org.gentoo.dev.swift:obj:17" />
+    <!-- Match for pam -->
+    <ind-def:state state_ref="oval:org.gentoo.dev.swift:ste:8" />
+  </ind-def:textfilecontent54_test>
+
+  <ind-def:textfilecontent54_test id="oval:org.gentoo.dev.swift:tst:29"
+    version="1" check="at least one" check_existence="all_exist"
+    comment="Tests that 'tcpd' is set as a global USE flag in make.conf">
+    <!-- USE declaration in make.conf -->
+    <ind-def:object object_ref="oval:org.gentoo.dev.swift:obj:17" />
+    <!-- Match for tcpd -->
+    <ind-def:state state_ref="oval:org.gentoo.dev.swift:ste:9" />
+  </ind-def:textfilecontent54_test>
+
+  <ind-def:textfilecontent54_test id="oval:org.gentoo.dev.swift:tst:30"
+    version="1" check="at least one" check_existence="all_exist"
+    comment="Tests that 'ssl' is set as a global USE flag in make.conf">
+    <!-- USE declaration in make.conf -->
+    <ind-def:object object_ref="oval:org.gentoo.dev.swift:obj:17" />
+    <!-- Match for ssl -->
+    <ind-def:state state_ref="oval:org.gentoo.dev.swift:ste:10" />
+  </ind-def:textfilecontent54_test>
+
 </tests>
 
 <objects>
@@ -772,6 +844,13 @@
     <lin-def:mount_point>/var</lin-def:mount_point>
   </lin-def:partition_object>
 
+  <ind-def:textfilecontent54_object id="oval:org.gentoo.dev.swift:obj:17"
+    version="2" comment="Portage make.conf global USE settings">
+    <ind-def:filepath>/etc/portage/make.conf</ind-def:filepath>
+    <ind-def:pattern operation="pattern match">^USE=.*</ind-def:pattern>
+    <ind-def:instance operation="greater than or equal" datatype="int">1</ind-def:instance>
+  </ind-def:textfilecontent54_object>
+
 </objects>
 
 <states>
@@ -811,6 +890,21 @@
     <lin-def:mount_options entity_check="at least one" operation="pattern match">(usr|grp)quota</lin-def:mount_options>
   </lin-def:partition_state>
 
+  <ind-def:textfilecontent54_state id="oval:org.gentoo.dev.swift:ste:8"
+    version="1" comment="Matching pam">
+    <ind-def:text datatype="string" operation="pattern match" entity_check="all">( |")pam( |")</ind-def:text>
+  </ind-def:textfilecontent54_state>
+
+  <ind-def:textfilecontent54_state id="oval:org.gentoo.dev.swift:ste:9"
+    version="1" comment="Matching tcpd">
+    <ind-def:text datatype="string" operation="pattern match" entity_check="all">( |")tcpd( |")</ind-def:text>
+  </ind-def:textfilecontent54_state>
+
+  <ind-def:textfilecontent54_state id="oval:org.gentoo.dev.swift:ste:10"
+    version="1" comment="Matching ssl">
+    <ind-def:text datatype="string" operation="pattern match" entity_check="all">( |")ssl( |")</ind-def:text>
+  </ind-def:textfilecontent54_state>
+
 </states>
 
 <!--

diff --git a/xml/SCAP/gentoo-xccdf.xml b/xml/SCAP/gentoo-xccdf.xml
index 1057fb3..b53b1e8 100644
--- a/xml/SCAP/gentoo-xccdf.xml
+++ b/xml/SCAP/gentoo-xccdf.xml
@@ -89,6 +89,12 @@
     <select idref="xccdf_org.gentoo.dev.swift_rule_hostsallow-exists" selected="true" />
     <!-- Verify that /etc/at/at.allow exists -->
     <select idref="xccdf_org.gentoo.dev.swift_rule_atallow-exists" selected="true" />
+    <!-- Make sure USE=pam is set -->
+    <select idref="xccdf_org.gentoo.dev.swift_rule_USE-pam" selected="true" />
+    <!-- Make sure USE=tcpd is set -->
+    <select idref="xccdf_org.gentoo.dev.swift_rule_USE-tcpd" selected="true" />
+    <!-- Make sure USE=ssl is set -->
+    <select idref="xccdf_org.gentoo.dev.swift_rule_USE-ssl" selected="true" />
   </Profile>
   <Profile id="xccdf_org.gentoo.dev.swift_profile_default" extends="xccdf_org.gentoo.dev.swift_profile_default-oval">
     <title>Default server setup settings</title>
@@ -1271,6 +1277,33 @@ sed -i -e 's:^rc_shell=.*:rc_shell="/sbin/sulogin":g' /etc/rc.conf
           <h:pre>
 USE="... pam tcpd ssl"</h:pre>
         </description>
+        <Rule id="xccdf_org.gentoo.dev.swift_rule_USE-pam" selected="false" severity="low" weight="0.0">
+          <title>USE="pam" is set</title>
+          <fixtext fixref="xccdf_org.gentoo.dev.swift_fix_USE-pam">
+	    Edit /etc/portage/make.conf and make sure that 'pam' is in the USE declaration
+          </fixtext>
+          <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
+            <check-content-ref name="oval:org.gentoo.dev.swift:def:27" href="gentoo-oval.xml" />
+          </check>
+        </Rule>
+        <Rule id="xccdf_org.gentoo.dev.swift_rule_USE-tcpd" selected="false" severity="low" weight="0.0">
+          <title>USE="tcpd" is set</title>
+          <fixtext fixref="xccdf_org.gentoo.dev.swift_fix_USE-tcpd">
+	    Edit /etc/portage/make.conf and make sure that 'tcpd' is in the USE declaration
+          </fixtext>
+          <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
+            <check-content-ref name="oval:org.gentoo.dev.swift:def:28" href="gentoo-oval.xml" />
+          </check>
+        </Rule>
+        <Rule id="xccdf_org.gentoo.dev.swift_rule_USE-ssl" selected="false" severity="low" weight="0.0">
+          <title>USE="ssl" is set</title>
+          <fixtext fixref="xccdf_org.gentoo.dev.swift_fix_USE-ssl">
+	    Edit /etc/portage/make.conf and make sure that 'ssl' is in the USE declaration
+          </fixtext>
+          <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
+            <check-content-ref name="oval:org.gentoo.dev.swift:def:29" href="gentoo-oval.xml" />
+          </check>
+        </Rule>
       </Group>
       <Group id="xccdf_org.gentoo.dev.swift_group_system-portage-webrsync">
         <title>Fetching signed portage tree</title>