Merge pull request #28 from redhatrises/add_GDM_login_banner_text

[Enhancement] Add OVAL check for GDM login banner

RHEL/6/input/checks/set_gdm_login_banner_text.xml

@@ -0,0 +1,50 @@
+<def-group>
+  <definition class="compliance" id="set_gdm_login_banner_text" version="1">
+    <metadata>
+      <title>Enable GUI Warning Banner</title>
+      <affected family="unix">
+        <platform>Red Hat Enterprise Linux 6</platform>
+      </affected>
+      <description>Enable the GUI warning banner.</description>
+      <reference source="galford" ref_id="20140814" ref_url="test_attestation" />
+    </metadata>
+    <criteria operator="OR">
+      <extend_definition comment="gdm installed" definition_ref="package_gdm_installed" negate="true" />
+      <criterion comment="check var settings" test_ref="test_gdm_login_banner_text" />
+      <criterion comment="check etc settings with tree" test_ref="test_no_tree_gdm_login_banner_text" />
+      <criterion comment="check etc settings without tree" test_ref="test_tree_gdm_login_banner_text" />
+    </criteria>
+  </definition>
+
+  <ind:xmlfilecontent_test check="all" check_existence="all_exist" comment="test screensaver timeout period" id="test_gdm_login_banner_text" version="1">
+    <ind:object object_ref="object_gdm_login_banner_text" />
+    <ind:state state_ref="state_gdm_login_banner_text" />
+  </ind:xmlfilecontent_test>
+  <ind:xmlfilecontent_object id="object_gdm_login_banner_text" version="1">
+    <ind:filepath>/var/lib/gdm/.gconf/apps/gdm/simple-greeter/%gconf.xml</ind:filepath>
+    <ind:xpath>/gconf/entry[@name='banner_message_text']/stringvalue[1]/text()</ind:xpath>
+  </ind:xmlfilecontent_object>
+
+  <ind:xmlfilecontent_test check="all" check_existence="all_exist" comment="test screensaver timeout period" id="test_no_tree_gdm_login_banner_text" version="1">
+    <ind:object object_ref="object_no_tree_gdm_login_banner_text" />
+    <ind:state state_ref="state_gdm_login_banner_text" />
+  </ind:xmlfilecontent_test>
+    <ind:xmlfilecontent_object id="object_no_tree_gdm_login_banner_text" version="1">
+    <ind:filepath>/etc/gconf/gconf.xml.mandatory/apps/gdm/simple-greeter/%gconf.xml</ind:filepath>
+    <ind:xpath>/gconf/entry[@name='banner_message_text']/stringvalue[1]/text()</ind:xpath>
+  </ind:xmlfilecontent_object>
+
+  <ind:xmlfilecontent_test check="all" check_existence="all_exist" comment="test screensaver timeout period" id="test_tree_gdm_login_banner_text" version="1">
+    <ind:object object_ref="object_tree_gdm_login_banner_text" />
+    <ind:state state_ref="state_gdm_login_banner_text" />
+  </ind:xmlfilecontent_test>
+  <ind:xmlfilecontent_object id="object_tree_gdm_login_banner_text" version="1">
+    <ind:filepath>/etc/gconf/gconf.xml.mandatory/%gconf-tree.xml</ind:filepath>
+    <ind:xpath>/gconf/dir/dir/dir/entry[@name='banner_message_text']/stringvalue[1]/text()</ind:xpath>
+  </ind:xmlfilecontent_object>
+
+  <ind:xmlfilecontent_state comment="login_banner_text" id="state_gdm_login_banner_text" version="1">
+    <ind:value_of datatype="string" operation="pattern match" var_ref="login_banner_text" />
+  </ind:xmlfilecontent_state>
+  <external_variable comment="login_banner_text" datatype="string" id="login_banner_text" version="1" />
+</def-group>

RHEL/6/input/system/accounts/banners.xml

@@ -138,6 +138,7 @@ If properly configured, the proper banner text will appear within this schema.
 An appropriate warning message reinforces policy awareness during the logon
 process and facilitates possible legal action against attackers.
 </rationale>
+<oval id="set_gdm_login_banner_text" value="login_banner_text"/>
 <ident cce="27017-3" />
 <ref nist="AC-8(a),AC-8(b),AC-8(c)" disa="48,1384,1385,1386,1387,1388" />
 </Rule>