[RHEL/7] Create package_iptables-services_installed OVAL check

         (this is a prerequisite for RHEL/7 services_enabled check
         for iptables & ip6tables service since in RHEL7 both of
         these services has been moved to iptables-service package)

RHEL/7/input/checks/package_iptables-services_installed.xml

@@ -0,0 +1,24 @@
+<def-group>
+ <!-- THIS FILE IS GENERATED by create_package_installed.py.  DO NOT EDIT.  -->
+  <definition class="compliance" id="package_iptables-services_installed" version="1">
+    <metadata>
+      <title>Package iptables-services Installed</title>
+      <affected family="unix">
+        <platform>Red Hat Enterprise Linux 7</platform>
+      </affected>
+      <description>The RPM package iptables-services should be installed.</description>
+    </metadata>
+    <criteria>
+      <criterion comment="package iptables-services is installed" test_ref="test_package_iptables-services_installed" />
+    </criteria>
+  </definition>
+
+  <linux:rpminfo_test id="test_package_iptables-services_installed" check="all" check_existence="all_exist" comment="package iptables-services is installed" version="1">
+    <linux:object object_ref="obj_package_iptables-services_installed" />
+  </linux:rpminfo_test>
+
+  <linux:rpminfo_object id="obj_package_iptables-services_installed" version="1">
+    <linux:name>iptables-services</linux:name>
+  </linux:rpminfo_object>
+
+</def-group>

RHEL/7/input/checks/templates/Makefile

@@ -7,6 +7,7 @@ services:
 	${SHARED_DIR}/create_services_disabled.py services_disabled.csv
 
 packages:
+	./create_package_installed.py packages_installed.csv
 	${SHARED_DIR}/create_package_removed.py packages_removed.csv
 
 compare:

RHEL/7/input/checks/templates/create_package_installed.py

@@ -0,0 +1,46 @@
+#!/usr/bin/python
+
+#
+# create_package_installed.py
+#   automatically generate checks for installed packages
+#
+# NOTE: The file 'template_package_installed' should be located in the same working directory as this script. The
+# template contains the following tags that *must* be replaced successfully in order for the checks to work.
+#
+# PKGNAME - the name of the package that should be installed
+#
+
+import sys, csv, re
+
+def output_check(package_info):
+    pkgname = package_info[0]
+    if pkgname:
+        with open("./template_OVAL_package_installed", 'r') as OVALtemplatefile:
+            filestring = OVALtemplatefile.read()
+            filestring = filestring.replace("PKGNAME", pkgname)
+            with open("./output/package_" + pkgname + "_installed.xml", 'wb+') as OVALoutputfile:
+                OVALoutputfile.write(filestring)
+                OVALoutputfile.close()
+	with open("./template_BASH_package_installed", 'r') as BASHtemplatefile:
+		filestring = BASHtemplatefile.read()
+		filestring = filestring.replace("PKGNAME", pkgname)
+		with open("./output/package_" + pkgname + "_installed.sh", 'wb+') as BASHoutputfile:
+			BASHoutputfile.write(filestring)
+			BASHoutputfile.close()
+    else:
+        print "ERROR: input violation: the package name must be defined"
+
+def main():
+    if len(sys.argv) < 2:
+        print("usage: %s <CSV_FILE_PATH>" % sys.argv[0])
+        print("   the csv file should contain lines of the format:")
+        print("   PACKAGE_NAME")
+        sys.exit(1)
+    with open(sys.argv[1], 'r') as csv_file:
+        csv_lines = csv.reader(csv_file)
+        for line in csv_lines:
+            output_check(line)
+    sys.exit(0)
+
+if __name__ == "__main__":
+    main()

RHEL/7/input/checks/templates/packages_installed.csv

@@ -1,15 +1,4 @@
 aide
-audit
-cronie
-GConf2
-iptables
-iptables-ipv6
-irqbalance
+iptables-services
 ntp
-openswan
-policycoreutils
-postfix
-psacct
-rsyslog
-screen
 vsftpd

RHEL/7/input/checks/templates/template_BASH_package_installed

@@ -0,0 +1 @@
+yum -y install PKGNAME

RHEL/7/input/checks/templates/template_OVAL_package_installed

@@ -0,0 +1,24 @@
+<def-group>
+ <!-- THIS FILE IS GENERATED by create_package_installed.py.  DO NOT EDIT.  -->
+  <definition class="compliance" id="package_PKGNAME_installed" version="1">
+    <metadata>
+      <title>Package PKGNAME Installed</title>
+      <affected family="unix">
+        <platform>Red Hat Enterprise Linux 7</platform>
+      </affected>
+      <description>The RPM package PKGNAME should be installed.</description>
+    </metadata>
+    <criteria>
+      <criterion comment="package PKGNAME is installed" test_ref="test_package_PKGNAME_installed" />
+    </criteria>
+  </definition>
+
+  <linux:rpminfo_test id="test_package_PKGNAME_installed" check="all" check_existence="all_exist" comment="package PKGNAME is installed" version="1">
+    <linux:object object_ref="obj_package_PKGNAME_installed" />
+  </linux:rpminfo_test>
+
+  <linux:rpminfo_object id="obj_package_PKGNAME_installed" version="1">
+    <linux:name>PKGNAME</linux:name>
+  </linux:rpminfo_object>
+
+</def-group>