-
Notifications
You must be signed in to change notification settings - Fork 676
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[RHEL/7] Create package_iptables-services_installed OVAL check
(this is a prerequisite for RHEL/7 services_enabled check for iptables & ip6tables service since in RHEL7 both of these services has been moved to iptables-service package)
- Loading branch information
Jan Lieskovsky
committed
Sep 19, 2014
1 parent
3f6f4cb
commit 567a9b2
Showing
6 changed files
with
97 additions
and
12 deletions.
There are no files selected for viewing
24 changes: 24 additions & 0 deletions
24
RHEL/7/input/checks/package_iptables-services_installed.xml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
<def-group> | ||
<!-- THIS FILE IS GENERATED by create_package_installed.py. DO NOT EDIT. --> | ||
<definition class="compliance" id="package_iptables-services_installed" version="1"> | ||
<metadata> | ||
<title>Package iptables-services Installed</title> | ||
<affected family="unix"> | ||
<platform>Red Hat Enterprise Linux 7</platform> | ||
</affected> | ||
<description>The RPM package iptables-services should be installed.</description> | ||
</metadata> | ||
<criteria> | ||
<criterion comment="package iptables-services is installed" test_ref="test_package_iptables-services_installed" /> | ||
</criteria> | ||
</definition> | ||
|
||
<linux:rpminfo_test id="test_package_iptables-services_installed" check="all" check_existence="all_exist" comment="package iptables-services is installed" version="1"> | ||
<linux:object object_ref="obj_package_iptables-services_installed" /> | ||
</linux:rpminfo_test> | ||
|
||
<linux:rpminfo_object id="obj_package_iptables-services_installed" version="1"> | ||
<linux:name>iptables-services</linux:name> | ||
</linux:rpminfo_object> | ||
|
||
</def-group> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
#!/usr/bin/python | ||
|
||
# | ||
# create_package_installed.py | ||
# automatically generate checks for installed packages | ||
# | ||
# NOTE: The file 'template_package_installed' should be located in the same working directory as this script. The | ||
# template contains the following tags that *must* be replaced successfully in order for the checks to work. | ||
# | ||
# PKGNAME - the name of the package that should be installed | ||
# | ||
|
||
import sys, csv, re | ||
|
||
def output_check(package_info): | ||
pkgname = package_info[0] | ||
if pkgname: | ||
with open("./template_OVAL_package_installed", 'r') as OVALtemplatefile: | ||
filestring = OVALtemplatefile.read() | ||
filestring = filestring.replace("PKGNAME", pkgname) | ||
with open("./output/package_" + pkgname + "_installed.xml", 'wb+') as OVALoutputfile: | ||
OVALoutputfile.write(filestring) | ||
OVALoutputfile.close() | ||
with open("./template_BASH_package_installed", 'r') as BASHtemplatefile: | ||
filestring = BASHtemplatefile.read() | ||
filestring = filestring.replace("PKGNAME", pkgname) | ||
with open("./output/package_" + pkgname + "_installed.sh", 'wb+') as BASHoutputfile: | ||
BASHoutputfile.write(filestring) | ||
BASHoutputfile.close() | ||
else: | ||
print "ERROR: input violation: the package name must be defined" | ||
|
||
def main(): | ||
if len(sys.argv) < 2: | ||
print("usage: %s <CSV_FILE_PATH>" % sys.argv[0]) | ||
print(" the csv file should contain lines of the format:") | ||
print(" PACKAGE_NAME") | ||
sys.exit(1) | ||
with open(sys.argv[1], 'r') as csv_file: | ||
csv_lines = csv.reader(csv_file) | ||
for line in csv_lines: | ||
output_check(line) | ||
sys.exit(0) | ||
|
||
if __name__ == "__main__": | ||
main() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,15 +1,4 @@ | ||
aide | ||
audit | ||
cronie | ||
GConf2 | ||
iptables | ||
iptables-ipv6 | ||
irqbalance | ||
iptables-services | ||
ntp | ||
openswan | ||
policycoreutils | ||
postfix | ||
psacct | ||
rsyslog | ||
screen | ||
vsftpd |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
yum -y install PKGNAME |
24 changes: 24 additions & 0 deletions
24
RHEL/7/input/checks/templates/template_OVAL_package_installed
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
<def-group> | ||
<!-- THIS FILE IS GENERATED by create_package_installed.py. DO NOT EDIT. --> | ||
<definition class="compliance" id="package_PKGNAME_installed" version="1"> | ||
<metadata> | ||
<title>Package PKGNAME Installed</title> | ||
<affected family="unix"> | ||
<platform>Red Hat Enterprise Linux 7</platform> | ||
</affected> | ||
<description>The RPM package PKGNAME should be installed.</description> | ||
</metadata> | ||
<criteria> | ||
<criterion comment="package PKGNAME is installed" test_ref="test_package_PKGNAME_installed" /> | ||
</criteria> | ||
</definition> | ||
|
||
<linux:rpminfo_test id="test_package_PKGNAME_installed" check="all" check_existence="all_exist" comment="package PKGNAME is installed" version="1"> | ||
<linux:object object_ref="obj_package_PKGNAME_installed" /> | ||
</linux:rpminfo_test> | ||
|
||
<linux:rpminfo_object id="obj_package_PKGNAME_installed" version="1"> | ||
<linux:name>PKGNAME</linux:name> | ||
</linux:rpminfo_object> | ||
|
||
</def-group> |