[Open-scap] Referencing variable in an object
Pravin Goyal
pravin.goyal at outlook.com
Wed Feb 1 08:22:08 UTC 2017
Hi All,
I have a requirement to check that all system accounts are locked. So, I need to get the username from /etc/passwd file based on UIDs (<500) and then check the /etc/shadow file that the password field has either * or !.
This is the definition:
<?xml version="1.0" encoding="UTF-8"?>
<oval_definitions xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5"
xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5"
xmlns:linux-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux"
xmlns:unix-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix"
xmlns:independent-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent"
xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-definitions-5 oval-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-common-5 oval-common-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#independent independent-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#linux linux-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#unix unix-definitions-schema.xsd">
<generator>
<oval:product_name>None</oval:product_name>
<oval:product_version>None</oval:product_version>
<oval:schema_version>5.11</oval:schema_version>
<oval:timestamp>2017-02-04T12:32:41</oval:timestamp>
</generator>
<definitions>
<definition id="oval:test.test.com:def:17"
version="1"
class="compliance">
<metadata>
<title>Ensure System Accounts are disabled</title>
<description>This rule verifies that the system accounts are disabled.</description>
</metadata>
<criteria operator="AND"
negate="false"
comment="None">
<criterion comment="None"
test_ref="oval:test.test.com:tst:17" />
</criteria>
</definition>
</definitions>
<tests>
<shadow_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix"
id="oval:test.test.com:tst:17"
version="1"
check="all"
comment="None"
check_existence="any_exist">
<object object_ref="oval:test.test.com:obj:19" />
<state state_ref="oval:test.test.com:ste:10" />
</shadow_test>
</tests>
<objects>
<shadow_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix"
id="oval:test.test.com:obj:19"
version="1"
comment="None">
<username datatype="string" operation="equals" var_check="all" var_ref="oval:test.test.com:var:6" />
</shadow_object>
<password_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix"
id="oval:test.test.com:obj:17"
version="1"
comment="None">
<username datatype="string" operation="pattern match">.*</username>
<filter xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5"
action="exclude">oval:test.test.com:ste:9</filter>
</password_object>
</objects>
<states>
<shadow_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix"
id="oval:test.test.com:ste:10"
version="1"
comment="None">
<password datatype="string" operation="pattern match">^(!?!|[\*])</password>
</shadow_state>
<password_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix"
id="oval:test.test.com:ste:9"
version="1"
comment="None">
<user_id datatype="int" operation="greater than or equal">500</user_id>
</password_state>
</states>
<variables>
<local_variable xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5"
id="oval:test.test.com:var:6"
datatype="string"
version="1"
comment="None">
<object_component item_field="username" object_ref="oval:test.test.com:obj:17"/>
</local_variable>
</variables>
</oval_definitions>
The execution goes fine. But, the result is not correct. When I check the results file, I see below:
<object id="oval:test.test.com:obj:19" version="1" flag="does not exist">
<variable_value variable_id="oval:test.test.com:var:6">root</variable_value>
<variable_value variable_id="oval:test.test.com:var:6">daemon</variable_value>
<variable_value variable_id="oval:test.test.com:var:6">bin</variable_value>
<variable_value variable_id="oval:test.test.com:var:6">sys</variable_value>
<variable_value variable_id="oval:test.test.com:var:6">sync</variable_value>
<variable_value variable_id="oval:test.test.com:var:6">games</variable_value>
<variable_value variable_id="oval:test.test.com:var:6">man</variable_value>
<variable_value variable_id="oval:test.test.com:var:6">lp</variable_value>
<variable_value variable_id="oval:test.test.com:var:6">mail</variable_value>
<variable_value variable_id="oval:test.test.com:var:6">news</variable_value>
<variable_value variable_id="oval:test.test.com:var:6">uucp</variable_value>
<variable_value variable_id="oval:test.test.com:var:6">proxy</variable_value>
<variable_value variable_id="oval:test.test.com:var:6">www-data</variable_value>
<variable_value variable_id="oval:test.test.com:var:6">backup</variable_value>
<variable_value variable_id="oval:test.test.com:var:6">list</variable_value>
<variable_value variable_id="oval:test.test.com:var:6">irc</variable_value>
<variable_value variable_id="oval:test.test.com:var:6">gnats</variable_value>
<variable_value variable_id="oval:test.test.com:var:6">libuuid</variable_value>
<variable_value variable_id="oval:test.test.com:var:6">syslog</variable_value>
<variable_value variable_id="oval:test.test.com:var:6">messagebus</variable_value>
<variable_value variable_id="oval:test.test.com:var:6">landscape</variable_value>
<variable_value variable_id="oval:test.test.com:var:6">sshd</variable_value>
<variable_value variable_id="oval:test.test.com:var:6">pollinate</variable_value>
<variable_value variable_id="oval:test.test.com:var:6">mongodb</variable_value>
<variable_value variable_id="oval:test.test.com:var:6">colord</variable_value>
<variable_value variable_id="oval:test.test.com:var:6">tomcat7</variable_value>
</object>
Now, my question is why does the flag say "does not exist" even though the variables are getting populated?
Please help.
Thanks and regards,
Pravin Goyal
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/open-scap-list/attachments/20170201/1a5b3829/attachment.htm>
More information about the Open-scap-list
mailing list