Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:GA
openscap.2375
scap-yast2sec-oval.xml
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File scap-yast2sec-oval.xml of Package openscap.2375
<?xml version="1.0"?> <oval_definitions xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:ind-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" xmlns:lin-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" xmlns:unix-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix"> <generator> <oval:product_name>vim</oval:product_name> <oval:schema_version>5.9</oval:schema_version> <oval:timestamp>2011-10-31T12:00:00-04:00</oval:timestamp> </generator> <definitions> <!-- @@GENOVAL START DEFINITIONS --> <definition class="compliance" id="oval:de.suse.suse121:def:2" version="1"> <metadata> <title>sysctl net.ipv4.ip_forward must be 0</title> <description>sysctl net.ipv4.ip_forward must be 0</description> </metadata> <criteria> <criterion test_ref="oval:de.suse.suse121:tst:2" comment="sysctl net.ipv4.ip_forward must be 0" /> </criteria> </definition> <definition class="compliance" id="oval:de.suse.suse121:def:3" version="1"> <metadata> <title>sysctl net.ipv4.tcp_syncookies must be 1</title> <description>sysctl net.ipv4.tcp_syncookies must be 1</description> </metadata> <criteria> <criterion test_ref="oval:de.suse.suse121:tst:3" comment="sysctl net.ipv4.tcp_syncookies must be 1" /> </criteria> </definition> <definition class="compliance" id="oval:de.suse.suse121:def:4" version="1"> <metadata> <title>sysctl net.ipv6.conf.all.forwarding must be 0</title> <description>sysctl net.ipv6.conf.all.forwarding must be 0</description> </metadata> <criteria> <criterion test_ref="oval:de.suse.suse121:tst:4" comment="sysctl net.ipv6.conf.all.forwarding must be 0" /> </criteria> </definition> <definition class="compliance" id="oval:de.suse.suse121:def:5" version="1"> <metadata> <title>sysctl net.ipv6.conf.default.forwarding must be 0</title> <description>sysctl net.ipv6.conf.default.forwarding must be 0</description> </metadata> <criteria> <criterion test_ref="oval:de.suse.suse121:tst:5" comment="sysctl net.ipv6.conf.default.forwarding must be 0" /> </criteria> </definition> <definition class="compliance" id="oval:de.suse.suse121:def:6" version="1"> <metadata> <title>kernel config CONFIG_SYN_COOKIES must be y</title> <description>kernel config CONFIG_SYN_COOKIES must be y</description> </metadata> <criteria> <criterion test_ref="oval:de.suse.suse121:tst:6" comment="kernel config CONFIG_SYN_COOKIES must be y" /> </criteria> </definition> <definition class="compliance" id="oval:de.suse.suse121:def:9" version="1"> <metadata> <title>file /etc/login.defs must have a line that matches ^PASS_MAX_DAYS.*99999</title> <description>file /etc/login.defs must have a line that matches ^PASS_MAX_DAYS.*99999</description> </metadata> <criteria> <criterion test_ref="oval:de.suse.suse121:tst:9" comment="file /etc/login.defs must have a line that matches ^PASS_MAX_DAYS.*99999" /> </criteria> </definition> <definition class="compliance" id="oval:de.suse.suse121:def:10" version="1"> <metadata> <title>file /etc/login.defs must have a line that matches ^PASS_MIN_DAYS.*0</title> <description>file /etc/login.defs must have a line that matches ^PASS_MIN_DAYS.*0</description> </metadata> <criteria> <criterion test_ref="oval:de.suse.suse121:tst:10" comment="file /etc/login.defs must have a line that matches ^PASS_MIN_DAYS.*0" /> </criteria> </definition> <definition class="compliance" id="oval:de.suse.suse121:def:11" version="1"> <metadata> <title>file /etc/login.defs must have a line that matches ^PASS_WARN_AGE.*7</title> <description>file /etc/login.defs must have a line that matches ^PASS_WARN_AGE.*7</description> </metadata> <criteria> <criterion test_ref="oval:de.suse.suse121:tst:11" comment="file /etc/login.defs must have a line that matches ^PASS_WARN_AGE.*7" /> </criteria> </definition> <definition class="compliance" id="oval:de.suse.suse121:def:12" version="1"> <metadata> <title>file /etc/pam.d/common-password must have a line that matches minlen=6</title> <description>file /etc/pam.d/common-password must have a line that matches minlen=6</description> </metadata> <criteria> <criterion test_ref="oval:de.suse.suse121:tst:12" comment="file /etc/pam.d/common-password must have a line that matches minlen=6" /> </criteria> </definition> <definition class="compliance" id="oval:de.suse.suse121:def:13" version="1"> <metadata> <title>file /etc/pam.d/common-password must have a line that matches remember=</title> <description>file /etc/pam.d/common-password must have a line that matches remember=</description> </metadata> <criteria> <criterion test_ref="oval:de.suse.suse121:tst:13" comment="file /etc/pam.d/common-password must have a line that matches remember=" /> </criteria> </definition> <definition class="compliance" id="oval:de.suse.suse121:def:16" version="1"> <metadata> <title>file /etc/login.defs may not have a line that matches ^FAIL_DELAY.*0</title> <description>file /etc/login.defs may not have a line that matches ^FAIL_DELAY.*0</description> </metadata> <criteria> <criterion test_ref="oval:de.suse.suse121:tst:16" comment="file /etc/login.defs may not have a line that matches ^FAIL_DELAY.*0" /> </criteria> </definition> <definition class="compliance" id="oval:de.suse.suse121:def:17" version="1"> <metadata> <title>file /etc/login.defs must have a line that matches ^FAIL_DELAY</title> <description>file /etc/login.defs must have a line that matches ^FAIL_DELAY</description> </metadata> <criteria> <criterion test_ref="oval:de.suse.suse121:tst:17" comment="file /etc/login.defs must have a line that matches ^FAIL_DELAY" /> </criteria> </definition> <definition class="compliance" id="oval:de.suse.suse121:def:18" version="1"> <metadata> <title>file /etc/sysconfig/displaymanager must have a line that matches ^DISPLAYMANAGER_REMOTE_ACCESS.*no</title> <description>file /etc/sysconfig/displaymanager must have a line that matches ^DISPLAYMANAGER_REMOTE_ACCESS.*no</description> </metadata> <criteria> <criterion test_ref="oval:de.suse.suse121:tst:18" comment="file /etc/sysconfig/displaymanager must have a line that matches ^DISPLAYMANAGER_REMOTE_ACCESS.*no" /> </criteria> </definition> <definition class="compliance" id="oval:de.suse.suse121:def:19" version="1"> <metadata> <title>file /etc/sysconfig/displaymanager must have a line that matches ^DISPLAYMANAGER_ROOT_LOGIN_REMOTE.*no</title> <description>file /etc/sysconfig/displaymanager must have a line that matches ^DISPLAYMANAGER_ROOT_LOGIN_REMOTE.*no</description> </metadata> <criteria> <criterion test_ref="oval:de.suse.suse121:tst:19" comment="file /etc/sysconfig/displaymanager must have a line that matches ^DISPLAYMANAGER_ROOT_LOGIN_REMOTE.*no" /> </criteria> </definition> <definition class="compliance" id="oval:de.suse.suse121:def:22" version="1"> <metadata> <title>file /etc/login.defs must have a line that matches ^UID_MIN.*1000</title> <description>file /etc/login.defs must have a line that matches ^UID_MIN.*1000</description> </metadata> <criteria> <criterion test_ref="oval:de.suse.suse121:tst:22" comment="file /etc/login.defs must have a line that matches ^UID_MIN.*1000" /> </criteria> </definition> <definition class="compliance" id="oval:de.suse.suse121:def:23" version="1"> <metadata> <title>file /etc/login.defs must have a line that matches ^UID_MAX.*60000</title> <description>file /etc/login.defs must have a line that matches ^UID_MAX.*60000</description> </metadata> <criteria> <criterion test_ref="oval:de.suse.suse121:tst:23" comment="file /etc/login.defs must have a line that matches ^UID_MAX.*60000" /> </criteria> </definition> <definition class="compliance" id="oval:de.suse.suse121:def:24" version="1"> <metadata> <title>file /etc/login.defs must have a line that matches ^GID_MIN.*1000</title> <description>file /etc/login.defs must have a line that matches ^GID_MIN.*1000</description> </metadata> <criteria> <criterion test_ref="oval:de.suse.suse121:tst:24" comment="file /etc/login.defs must have a line that matches ^GID_MIN.*1000" /> </criteria> </definition> <definition class="compliance" id="oval:de.suse.suse121:def:25" version="1"> <metadata> <title>file /etc/login.defs must have a line that matches ^GID_MAX.*60000</title> <description>file /etc/login.defs must have a line that matches ^GID_MAX.*60000</description> </metadata> <criteria> <criterion test_ref="oval:de.suse.suse121:tst:25" comment="file /etc/login.defs must have a line that matches ^GID_MAX.*60000" /> </criteria> </definition> <definition class="compliance" id="oval:de.suse.suse121:def:29" version="1"> <metadata> <title>sysctl kernel.sysrq must be 0</title> <description>sysctl kernel.sysrq must be 0</description> </metadata> <criteria> <criterion test_ref="oval:de.suse.suse121:tst:29" comment="sysctl kernel.sysrq must be 0" /> </criteria> </definition> <definition class="compliance" id="oval:de.suse.suse121:def:30" version="1"> <metadata> <title>file /etc/default/passwd may not have a line that matches ^CRYPT_FILES=md5</title> <description>file /etc/default/passwd may not have a line that matches ^CRYPT_FILES=md5</description> </metadata> <criteria> <criterion test_ref="oval:de.suse.suse121:tst:30" comment="file /etc/default/passwd may not have a line that matches ^CRYPT_FILES=md5" /> </criteria> </definition> <definition class="compliance" id="oval:de.suse.suse121:def:31" version="1"> <metadata> <title>file /etc/default/passwd may not have a line that matches ^CRYPT_FILES=des</title> <description>file /etc/default/passwd may not have a line that matches ^CRYPT_FILES=des</description> </metadata> <criteria> <criterion test_ref="oval:de.suse.suse121:tst:31" comment="file /etc/default/passwd may not have a line that matches ^CRYPT_FILES=des" /> </criteria> </definition> <definition class="compliance" id="oval:de.suse.suse121:def:32" version="1"> <metadata> <title>file /etc/sysconfig/security must have a line that matches ^CHECK_PERMISSIONS.*set</title> <description>file /etc/sysconfig/security must have a line that matches ^CHECK_PERMISSIONS.*set</description> </metadata> <criteria> <criterion test_ref="oval:de.suse.suse121:tst:32" comment="file /etc/sysconfig/security must have a line that matches ^CHECK_PERMISSIONS.*set" /> </criteria> </definition> <definition class="compliance" id="oval:de.suse.suse121:def:33" version="1"> <metadata> <title>file /etc/sysconfig/security must have a line that matches ^CHECK_SIGNATURES.*yes</title> <description>file /etc/sysconfig/security must have a line that matches ^CHECK_SIGNATURES.*yes</description> </metadata> <criteria> <criterion test_ref="oval:de.suse.suse121:tst:33" comment="file /etc/sysconfig/security must have a line that matches ^CHECK_SIGNATURES.*yes" /> </criteria> </definition> <definition class="compliance" id="oval:de.suse.suse121:def:38" version="1"> <metadata> <title>file /etc/sysconfig/dhcpd must have a line that matches ^DHCPD_RUN_CHROOTED.*yes</title> <description>file /etc/sysconfig/dhcpd must have a line that matches ^DHCPD_RUN_CHROOTED.*yes</description> </metadata> <criteria> <criterion test_ref="oval:de.suse.suse121:tst:38" comment="file /etc/sysconfig/dhcpd must have a line that matches ^DHCPD_RUN_CHROOTED.*yes" /> </criteria> </definition> <definition class="compliance" id="oval:de.suse.suse121:def:39" version="1"> <metadata> <title>file /etc/sysconfig/dhcpd must have a line that matches ^DHCPD_RUN_AS.*dhcpd</title> <description>file /etc/sysconfig/dhcpd must have a line that matches ^DHCPD_RUN_AS.*dhcpd</description> </metadata> <criteria> <criterion test_ref="oval:de.suse.suse121:tst:39" comment="file /etc/sysconfig/dhcpd must have a line that matches ^DHCPD_RUN_AS.*dhcpd" /> </criteria> </definition> <definition class="compliance" id="oval:de.suse.suse121:def:40" version="1"> <metadata> <title>file /etc/sysconfig/dhcpd must have a line that matches ^DHCPD6_RUN_CHROOTED.*yes</title> <description>file /etc/sysconfig/dhcpd must have a line that matches ^DHCPD6_RUN_CHROOTED.*yes</description> </metadata> <criteria> <criterion test_ref="oval:de.suse.suse121:tst:40" comment="file /etc/sysconfig/dhcpd must have a line that matches ^DHCPD6_RUN_CHROOTED.*yes" /> </criteria> </definition> <definition class="compliance" id="oval:de.suse.suse121:def:41" version="1"> <metadata> <title>file /etc/sysconfig/dhcpd must have a line that matches ^DHCPD6_RUN_AS.*dhcpd</title> <description>file /etc/sysconfig/dhcpd must have a line that matches ^DHCPD6_RUN_AS.*dhcpd</description> </metadata> <criteria> <criterion test_ref="oval:de.suse.suse121:tst:41" comment="file /etc/sysconfig/dhcpd must have a line that matches ^DHCPD6_RUN_AS.*dhcpd" /> </criteria> </definition> <definition class="compliance" id="oval:de.suse.suse121:def:42" version="1"> <metadata> <title>file /etc/sysconfig/services must have a line that matches ^DISABLE_RESTART_ON_UPDATE.*yes</title> <description>file /etc/sysconfig/services must have a line that matches ^DISABLE_RESTART_ON_UPDATE.*yes</description> </metadata> <criteria> <criterion test_ref="oval:de.suse.suse121:tst:42" comment="file /etc/sysconfig/services must have a line that matches ^DISABLE_RESTART_ON_UPDATE.*yes" /> </criteria> </definition> <definition class="compliance" id="oval:de.suse.suse121:def:43" version="1"> <metadata> <title>file /etc/sysconfig/services must have a line that matches ^DISABLE_STOP_ON_REMOVAL.*yes</title> <description>file /etc/sysconfig/services must have a line that matches ^DISABLE_STOP_ON_REMOVAL.*yes</description> </metadata> <criteria> <criterion test_ref="oval:de.suse.suse121:tst:43" comment="file /etc/sysconfig/services must have a line that matches ^DISABLE_STOP_ON_REMOVAL.*yes" /> </criteria> </definition> <!-- @@GENOVAL END DEFINITIONS --> </definitions> <tests> <!-- @@GENOVAL START TESTS --> <ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:2" version="1" check="at least one" comment="sysctl net.ipv4.ip_forward must be 0" check_existence="at_least_one_exists"> <ind-def:object object_ref="oval:de.suse.suse121:obj:1" /> <ind-def:state state_ref="oval:de.suse.suse121:ste:1" /> </ind-def:textfilecontent54_test> <ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:3" version="1" check="at least one" comment="sysctl net.ipv4.tcp_syncookies must be 1" check_existence="at_least_one_exists"> <ind-def:object object_ref="oval:de.suse.suse121:obj:2" /> <ind-def:state state_ref="oval:de.suse.suse121:ste:2" /> </ind-def:textfilecontent54_test> <ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:4" version="1" check="at least one" comment="sysctl net.ipv6.conf.all.forwarding must be 0" check_existence="at_least_one_exists"> <ind-def:object object_ref="oval:de.suse.suse121:obj:4" /> <ind-def:state state_ref="oval:de.suse.suse121:ste:1" /> </ind-def:textfilecontent54_test> <ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:5" version="1" check="at least one" comment="sysctl net.ipv6.conf.default.forwarding must be 0" check_existence="at_least_one_exists"> <ind-def:object object_ref="oval:de.suse.suse121:obj:5" /> <ind-def:state state_ref="oval:de.suse.suse121:ste:1" /> </ind-def:textfilecontent54_test> <ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:6" version="1" check="at least one" comment="kernel config CONFIG_SYN_COOKIES must be y" check_existence="at_least_one_exists"> <ind-def:object object_ref="oval:de.suse.suse121:obj:3" /> <ind-def:state state_ref="oval:de.suse.suse121:ste:3" /> </ind-def:textfilecontent54_test> <ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:9" version="1" check="at least one" comment="file /etc/login.defs must have a line that matches ^PASS_MAX_DAYS.*99999" check_existence="at_least_one_exists"> <ind-def:object object_ref="oval:de.suse.suse121:obj:7" /> <ind-def:state state_ref="oval:de.suse.suse121:ste:4" /> </ind-def:textfilecontent54_test> <ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:10" version="1" check="at least one" comment="file /etc/login.defs must have a line that matches ^PASS_MIN_DAYS.*0" check_existence="at_least_one_exists"> <ind-def:object object_ref="oval:de.suse.suse121:obj:7" /> <ind-def:state state_ref="oval:de.suse.suse121:ste:5" /> </ind-def:textfilecontent54_test> <ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:11" version="1" check="at least one" comment="file /etc/login.defs must have a line that matches ^PASS_WARN_AGE.*7" check_existence="at_least_one_exists"> <ind-def:object object_ref="oval:de.suse.suse121:obj:7" /> <ind-def:state state_ref="oval:de.suse.suse121:ste:6" /> </ind-def:textfilecontent54_test> <ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:12" version="1" check="at least one" comment="file /etc/pam.d/common-password must have a line that matches minlen=6" check_existence="at_least_one_exists"> <ind-def:object object_ref="oval:de.suse.suse121:obj:10" /> <ind-def:state state_ref="oval:de.suse.suse121:ste:17" /> </ind-def:textfilecontent54_test> <ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:13" version="1" check="at least one" comment="file /etc/pam.d/common-password must have a line that matches remember=" check_existence="at_least_one_exists"> <ind-def:object object_ref="oval:de.suse.suse121:obj:10" /> <ind-def:state state_ref="oval:de.suse.suse121:ste:18" /> </ind-def:textfilecontent54_test> <ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:16" version="1" check="none satisfy" comment="file /etc/login.defs may not have a line that matches ^FAIL_DELAY.*0" check_existence="at_least_one_exists"> <ind-def:object object_ref="oval:de.suse.suse121:obj:7" /> <ind-def:state state_ref="oval:de.suse.suse121:ste:9" /> </ind-def:textfilecontent54_test> <ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:17" version="1" check="at least one" comment="file /etc/login.defs must have a line that matches ^FAIL_DELAY" check_existence="at_least_one_exists"> <ind-def:object object_ref="oval:de.suse.suse121:obj:7" /> <ind-def:state state_ref="oval:de.suse.suse121:ste:10" /> </ind-def:textfilecontent54_test> <ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:18" version="1" check="at least one" comment="file /etc/sysconfig/displaymanager must have a line that matches ^DISPLAYMANAGER_REMOTE_ACCESS.*no" check_existence="at_least_one_exists"> <ind-def:object object_ref="oval:de.suse.suse121:obj:12" /> <ind-def:state state_ref="oval:de.suse.suse121:ste:23" /> </ind-def:textfilecontent54_test> <ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:19" version="1" check="at least one" comment="file /etc/sysconfig/displaymanager must have a line that matches ^DISPLAYMANAGER_ROOT_LOGIN_REMOTE.*no" check_existence="at_least_one_exists"> <ind-def:object object_ref="oval:de.suse.suse121:obj:12" /> <ind-def:state state_ref="oval:de.suse.suse121:ste:24" /> </ind-def:textfilecontent54_test> <ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:22" version="1" check="at least one" comment="file /etc/login.defs must have a line that matches ^UID_MIN.*1000" check_existence="at_least_one_exists"> <ind-def:object object_ref="oval:de.suse.suse121:obj:7" /> <ind-def:state state_ref="oval:de.suse.suse121:ste:11" /> </ind-def:textfilecontent54_test> <ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:23" version="1" check="at least one" comment="file /etc/login.defs must have a line that matches ^UID_MAX.*60000" check_existence="at_least_one_exists"> <ind-def:object object_ref="oval:de.suse.suse121:obj:7" /> <ind-def:state state_ref="oval:de.suse.suse121:ste:12" /> </ind-def:textfilecontent54_test> <ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:24" version="1" check="at least one" comment="file /etc/login.defs must have a line that matches ^GID_MIN.*1000" check_existence="at_least_one_exists"> <ind-def:object object_ref="oval:de.suse.suse121:obj:7" /> <ind-def:state state_ref="oval:de.suse.suse121:ste:13" /> </ind-def:textfilecontent54_test> <ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:25" version="1" check="at least one" comment="file /etc/login.defs must have a line that matches ^GID_MAX.*60000" check_existence="at_least_one_exists"> <ind-def:object object_ref="oval:de.suse.suse121:obj:7" /> <ind-def:state state_ref="oval:de.suse.suse121:ste:14" /> </ind-def:textfilecontent54_test> <ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:29" version="1" check="at least one" comment="sysctl kernel.sysrq must be 0" check_existence="at_least_one_exists"> <ind-def:object object_ref="oval:de.suse.suse121:obj:6" /> <ind-def:state state_ref="oval:de.suse.suse121:ste:1" /> </ind-def:textfilecontent54_test> <ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:30" version="1" check="none satisfy" comment="file /etc/default/passwd may not have a line that matches ^CRYPT_FILES=md5" check_existence="at_least_one_exists"> <ind-def:object object_ref="oval:de.suse.suse121:obj:9" /> <ind-def:state state_ref="oval:de.suse.suse121:ste:15" /> </ind-def:textfilecontent54_test> <ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:31" version="1" check="none satisfy" comment="file /etc/default/passwd may not have a line that matches ^CRYPT_FILES=des" check_existence="at_least_one_exists"> <ind-def:object object_ref="oval:de.suse.suse121:obj:9" /> <ind-def:state state_ref="oval:de.suse.suse121:ste:16" /> </ind-def:textfilecontent54_test> <ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:32" version="1" check="at least one" comment="file /etc/sysconfig/security must have a line that matches ^CHECK_PERMISSIONS.*set" check_existence="at_least_one_exists"> <ind-def:object object_ref="oval:de.suse.suse121:obj:13" /> <ind-def:state state_ref="oval:de.suse.suse121:ste:25" /> </ind-def:textfilecontent54_test> <ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:33" version="1" check="at least one" comment="file /etc/sysconfig/security must have a line that matches ^CHECK_SIGNATURES.*yes" check_existence="at_least_one_exists"> <ind-def:object object_ref="oval:de.suse.suse121:obj:13" /> <ind-def:state state_ref="oval:de.suse.suse121:ste:26" /> </ind-def:textfilecontent54_test> <ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:38" version="1" check="at least one" comment="file /etc/sysconfig/dhcpd must have a line that matches ^DHCPD_RUN_CHROOTED.*yes" check_existence="at_least_one_exists"> <ind-def:object object_ref="oval:de.suse.suse121:obj:11" /> <ind-def:state state_ref="oval:de.suse.suse121:ste:19" /> </ind-def:textfilecontent54_test> <ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:39" version="1" check="at least one" comment="file /etc/sysconfig/dhcpd must have a line that matches ^DHCPD_RUN_AS.*dhcpd" check_existence="at_least_one_exists"> <ind-def:object object_ref="oval:de.suse.suse121:obj:11" /> <ind-def:state state_ref="oval:de.suse.suse121:ste:20" /> </ind-def:textfilecontent54_test> <ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:40" version="1" check="at least one" comment="file /etc/sysconfig/dhcpd must have a line that matches ^DHCPD6_RUN_CHROOTED.*yes" check_existence="at_least_one_exists"> <ind-def:object object_ref="oval:de.suse.suse121:obj:11" /> <ind-def:state state_ref="oval:de.suse.suse121:ste:21" /> </ind-def:textfilecontent54_test> <ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:41" version="1" check="at least one" comment="file /etc/sysconfig/dhcpd must have a line that matches ^DHCPD6_RUN_AS.*dhcpd" check_existence="at_least_one_exists"> <ind-def:object object_ref="oval:de.suse.suse121:obj:11" /> <ind-def:state state_ref="oval:de.suse.suse121:ste:22" /> </ind-def:textfilecontent54_test> <ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:42" version="1" check="at least one" comment="file /etc/sysconfig/services must have a line that matches ^DISABLE_RESTART_ON_UPDATE.*yes" check_existence="at_least_one_exists"> <ind-def:object object_ref="oval:de.suse.suse121:obj:14" /> <ind-def:state state_ref="oval:de.suse.suse121:ste:27" /> </ind-def:textfilecontent54_test> <ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:43" version="1" check="at least one" comment="file /etc/sysconfig/services must have a line that matches ^DISABLE_STOP_ON_REMOVAL.*yes" check_existence="at_least_one_exists"> <ind-def:object object_ref="oval:de.suse.suse121:obj:14" /> <ind-def:state state_ref="oval:de.suse.suse121:ste:28" /> </ind-def:textfilecontent54_test> <!-- @@GENOVAL END TESTS --> </tests> <objects> <!-- @@GENOVAL START OBJECTS --> <ind-def:textfilecontent54_object id="oval:de.suse.suse121:obj:1" version="1" comment="Non-comment lines in /proc/sys/net/ipv4/ip_forward"> <ind-def:filepath>/proc/sys/net/ipv4/ip_forward</ind-def:filepath> <ind-def:pattern operation="pattern match">^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$</ind-def:pattern> <ind-def:instance datatype="int" operation="greater than or equal">1</ind-def:instance> </ind-def:textfilecontent54_object> <ind-def:textfilecontent54_object id="oval:de.suse.suse121:obj:2" version="1" comment="Non-comment lines in /proc/sys/net/ipv4/tcp_syncookies"> <ind-def:filepath>/proc/sys/net/ipv4/tcp_syncookies</ind-def:filepath> <ind-def:pattern operation="pattern match">^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$</ind-def:pattern> <ind-def:instance datatype="int" operation="greater than or equal">1</ind-def:instance> </ind-def:textfilecontent54_object> <ind-def:textfilecontent54_object id="oval:de.suse.suse121:obj:3" version="1" comment="Kernel configuration entry CONFIG_SYN_COOKIES"> <ind-def:filepath>/usr/src/linux/.config</ind-def:filepath> <ind-def:pattern operation="pattern match">(CONFIG_SYN_COOKIES.*)</ind-def:pattern> <ind-def:instance datatype="int" operation="greater than or equal">1</ind-def:instance> </ind-def:textfilecontent54_object> <ind-def:textfilecontent54_object id="oval:de.suse.suse121:obj:4" version="1" comment="Non-comment lines in /proc/sys/net/ipv6/conf/all/forwarding"> <ind-def:filepath>/proc/sys/net/ipv6/conf/all/forwarding</ind-def:filepath> <ind-def:pattern operation="pattern match">^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$</ind-def:pattern> <ind-def:instance datatype="int" operation="greater than or equal">1</ind-def:instance> </ind-def:textfilecontent54_object> <ind-def:textfilecontent54_object id="oval:de.suse.suse121:obj:5" version="1" comment="Non-comment lines in /proc/sys/net/ipv6/conf/default/forwarding"> <ind-def:filepath>/proc/sys/net/ipv6/conf/default/forwarding</ind-def:filepath> <ind-def:pattern operation="pattern match">^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$</ind-def:pattern> <ind-def:instance datatype="int" operation="greater than or equal">1</ind-def:instance> </ind-def:textfilecontent54_object> <ind-def:textfilecontent54_object id="oval:de.suse.suse121:obj:6" version="1" comment="Non-comment lines in /proc/sys/kernel/sysrq"> <ind-def:filepath>/proc/sys/kernel/sysrq</ind-def:filepath> <ind-def:pattern operation="pattern match">^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$</ind-def:pattern> <ind-def:instance datatype="int" operation="greater than or equal">1</ind-def:instance> </ind-def:textfilecontent54_object> <ind-def:textfilecontent54_object id="oval:de.suse.suse121:obj:7" version="1" comment="Non-comment lines in /etc/login.defs"> <ind-def:filepath>/etc/login.defs</ind-def:filepath> <ind-def:pattern operation="pattern match">^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$</ind-def:pattern> <ind-def:instance datatype="int" operation="greater than or equal">1</ind-def:instance> </ind-def:textfilecontent54_object> <ind-def:textfilecontent54_object id="oval:de.suse.suse121:obj:8" version="1" comment="Non-comment lines in /etc/pam.d/common-passwd"> <ind-def:filepath>/etc/pam.d/common-passwd</ind-def:filepath> <ind-def:pattern operation="pattern match">^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$</ind-def:pattern> <ind-def:instance datatype="int" operation="greater than or equal">1</ind-def:instance> </ind-def:textfilecontent54_object> <ind-def:textfilecontent54_object id="oval:de.suse.suse121:obj:9" version="1" comment="Non-comment lines in /etc/default/passwd"> <ind-def:filepath>/etc/default/passwd</ind-def:filepath> <ind-def:pattern operation="pattern match">^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$</ind-def:pattern> <ind-def:instance datatype="int" operation="greater than or equal">1</ind-def:instance> </ind-def:textfilecontent54_object> <ind-def:textfilecontent54_object id="oval:de.suse.suse121:obj:10" version="1" comment="Non-comment lines in /etc/pam.d/common-password"> <ind-def:filepath>/etc/pam.d/common-password</ind-def:filepath> <ind-def:pattern operation="pattern match">^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$</ind-def:pattern> <ind-def:instance datatype="int" operation="greater than or equal">1</ind-def:instance> </ind-def:textfilecontent54_object> <ind-def:textfilecontent54_object id="oval:de.suse.suse121:obj:11" version="1" comment="Non-comment lines in /etc/sysconfig/dhcpd"> <ind-def:filepath>/etc/sysconfig/dhcpd</ind-def:filepath> <ind-def:pattern operation="pattern match">^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$</ind-def:pattern> <ind-def:instance datatype="int" operation="greater than or equal">1</ind-def:instance> </ind-def:textfilecontent54_object> <ind-def:textfilecontent54_object id="oval:de.suse.suse121:obj:12" version="1" comment="Non-comment lines in /etc/sysconfig/displaymanager"> <ind-def:filepath>/etc/sysconfig/displaymanager</ind-def:filepath> <ind-def:pattern operation="pattern match">^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$</ind-def:pattern> <ind-def:instance datatype="int" operation="greater than or equal">1</ind-def:instance> </ind-def:textfilecontent54_object> <ind-def:textfilecontent54_object id="oval:de.suse.suse121:obj:13" version="1" comment="Non-comment lines in /etc/sysconfig/security"> <ind-def:filepath>/etc/sysconfig/security</ind-def:filepath> <ind-def:pattern operation="pattern match">^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$</ind-def:pattern> <ind-def:instance datatype="int" operation="greater than or equal">1</ind-def:instance> </ind-def:textfilecontent54_object> <ind-def:textfilecontent54_object id="oval:de.suse.suse121:obj:14" version="1" comment="Non-comment lines in /etc/sysconfig/services"> <ind-def:filepath>/etc/sysconfig/services</ind-def:filepath> <ind-def:pattern operation="pattern match">^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$</ind-def:pattern> <ind-def:instance datatype="int" operation="greater than or equal">1</ind-def:instance> </ind-def:textfilecontent54_object> <!-- @@GENOVAL END OBJECTS --> </objects> <states> <!-- @@GENOVAL START STATES --> <ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:1" version="1" comment="The match of 0"> <ind-def:subexpression operation="pattern match">0</ind-def:subexpression> </ind-def:textfilecontent54_state> <ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:2" version="1" comment="The match of 1"> <ind-def:subexpression operation="pattern match">1</ind-def:subexpression> </ind-def:textfilecontent54_state> <ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:3" version="1" comment="The match of CONFIG_SYN_COOKIES=y"> <ind-def:subexpression operation="pattern match">CONFIG_SYN_COOKIES=y</ind-def:subexpression> </ind-def:textfilecontent54_state> <ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:4" version="1" comment="The match of ^PASS_MAX_DAYS.*99999"> <ind-def:subexpression operation="pattern match">^PASS_MAX_DAYS.*99999</ind-def:subexpression> </ind-def:textfilecontent54_state> <ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:5" version="1" comment="The match of ^PASS_MIN_DAYS.*0"> <ind-def:subexpression operation="pattern match">^PASS_MIN_DAYS.*0</ind-def:subexpression> </ind-def:textfilecontent54_state> <ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:6" version="1" comment="The match of ^PASS_WARN_AGE.*7"> <ind-def:subexpression operation="pattern match">^PASS_WARN_AGE.*7</ind-def:subexpression> </ind-def:textfilecontent54_state> <ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:7" version="1" comment="The match of ^minlen=6"> <ind-def:subexpression operation="pattern match">^minlen=6</ind-def:subexpression> </ind-def:textfilecontent54_state> <ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:8" version="1" comment="The match of ^remember="> <ind-def:subexpression operation="pattern match">^remember=</ind-def:subexpression> </ind-def:textfilecontent54_state> <ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:9" version="1" comment="The match of ^FAIL_DELAY.*0"> <ind-def:subexpression operation="pattern match">^FAIL_DELAY.*0</ind-def:subexpression> </ind-def:textfilecontent54_state> <ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:10" version="1" comment="The match of ^FAIL_DELAY"> <ind-def:subexpression operation="pattern match">^FAIL_DELAY</ind-def:subexpression> </ind-def:textfilecontent54_state> <ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:11" version="1" comment="The match of ^UID_MIN.*1000"> <ind-def:subexpression operation="pattern match">^UID_MIN.*1000</ind-def:subexpression> </ind-def:textfilecontent54_state> <ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:12" version="1" comment="The match of ^UID_MAX.*60000"> <ind-def:subexpression operation="pattern match">^UID_MAX.*60000</ind-def:subexpression> </ind-def:textfilecontent54_state> <ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:13" version="1" comment="The match of ^GID_MIN.*1000"> <ind-def:subexpression operation="pattern match">^GID_MIN.*1000</ind-def:subexpression> </ind-def:textfilecontent54_state> <ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:14" version="1" comment="The match of ^GID_MAX.*60000"> <ind-def:subexpression operation="pattern match">^GID_MAX.*60000</ind-def:subexpression> </ind-def:textfilecontent54_state> <ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:15" version="1" comment="The match of ^CRYPT_FILES=md5"> <ind-def:subexpression operation="pattern match">^CRYPT_FILES=md5</ind-def:subexpression> </ind-def:textfilecontent54_state> <ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:16" version="1" comment="The match of ^CRYPT_FILES=des"> <ind-def:subexpression operation="pattern match">^CRYPT_FILES=des</ind-def:subexpression> </ind-def:textfilecontent54_state> <ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:17" version="1" comment="The match of minlen=6"> <ind-def:subexpression operation="pattern match">minlen=6</ind-def:subexpression> </ind-def:textfilecontent54_state> <ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:18" version="1" comment="The match of remember="> <ind-def:subexpression operation="pattern match">remember=</ind-def:subexpression> </ind-def:textfilecontent54_state> <ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:19" version="1" comment="The match of ^DHCPD_RUN_CHROOTED.*yes"> <ind-def:subexpression operation="pattern match">^DHCPD_RUN_CHROOTED.*yes</ind-def:subexpression> </ind-def:textfilecontent54_state> <ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:20" version="1" comment="The match of ^DHCPD_RUN_AS.*dhcpd"> <ind-def:subexpression operation="pattern match">^DHCPD_RUN_AS.*dhcpd</ind-def:subexpression> </ind-def:textfilecontent54_state> <ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:21" version="1" comment="The match of ^DHCPD6_RUN_CHROOTED.*yes"> <ind-def:subexpression operation="pattern match">^DHCPD6_RUN_CHROOTED.*yes</ind-def:subexpression> </ind-def:textfilecontent54_state> <ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:22" version="1" comment="The match of ^DHCPD6_RUN_AS.*dhcpd"> <ind-def:subexpression operation="pattern match">^DHCPD6_RUN_AS.*dhcpd</ind-def:subexpression> </ind-def:textfilecontent54_state> <ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:23" version="1" comment="The match of ^DISPLAYMANAGER_REMOTE_ACCESS.*no"> <ind-def:subexpression operation="pattern match">^DISPLAYMANAGER_REMOTE_ACCESS.*no</ind-def:subexpression> </ind-def:textfilecontent54_state> <ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:24" version="1" comment="The match of ^DISPLAYMANAGER_ROOT_LOGIN_REMOTE.*no"> <ind-def:subexpression operation="pattern match">^DISPLAYMANAGER_ROOT_LOGIN_REMOTE.*no</ind-def:subexpression> </ind-def:textfilecontent54_state> <ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:25" version="1" comment="The match of ^CHECK_PERMISSIONS.*set"> <ind-def:subexpression operation="pattern match">^CHECK_PERMISSIONS.*set</ind-def:subexpression> </ind-def:textfilecontent54_state> <ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:26" version="1" comment="The match of ^CHECK_SIGNATURES.*yes"> <ind-def:subexpression operation="pattern match">^CHECK_SIGNATURES.*yes</ind-def:subexpression> </ind-def:textfilecontent54_state> <ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:27" version="1" comment="The match of ^DISABLE_RESTART_ON_UPDATE.*yes"> <ind-def:subexpression operation="pattern match">^DISABLE_RESTART_ON_UPDATE.*yes</ind-def:subexpression> </ind-def:textfilecontent54_state> <ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:28" version="1" comment="The match of ^DISABLE_STOP_ON_REMOVAL.*yes"> <ind-def:subexpression operation="pattern match">^DISABLE_STOP_ON_REMOVAL.*yes</ind-def:subexpression> </ind-def:textfilecontent54_state> <!-- @@GENOVAL END STATES --> </states> <!-- <variables> --> <!-- @@GENOVAL START VARIABLES --> <!-- @@GENOVAL END VARIABLES --> <!-- <local_variable id="oval:de.suse.suse121.genoval:var:1" version="1" datatype="string" comment="Location where the helper scripts output is stored"> <object_component item_field="value" object_ref="oval:de.suse.suse121.genoval:obj:1"/> </local_variable> </variables> --> </oval_definitions>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
