On 3/29/13 8:28 PM, Shawn Wells wrote:
0001-Updated-create_package_installed-template-process.patch
From 1868e163ba098b3bc1e33301bbe5208686439c56 Mon Sep 17 00:00:00 2001 From: Shawn Wellsshawn@redhat.com Date: Fri, 29 Mar 2013 15:27:56 -0400 Subject: [PATCH 01/21] Updated create_package_installed template process
- Updated create_package_installed.py to generate bash scripts,
using template_BASH_package_installed as template
- Fixes are put into output/ with .sh extensions
- `make copy` takes the .sh scripts and places them into ../../fixes/bash
- Renamed template_package_instaled --> template_OVAL_package_installed
RHEL6/input/checks/templates/Makefile | 1 + .../checks/templates/create_package_installed.py | 16 ++++++++---- .../templates/template_BASH_package_installed | 1 + .../templates/template_OVAL_package_installed | 25 ++++++++++++++++++++ .../checks/templates/template_package_installed | 25 -------------------- 5 files changed, 38 insertions(+), 30 deletions(-) create mode 100644 RHEL6/input/checks/templates/template_BASH_package_installed create mode 100644 RHEL6/input/checks/templates/template_OVAL_package_installed delete mode 100644 RHEL6/input/checks/templates/template_package_installed
diff --git a/RHEL6/input/checks/templates/Makefile b/RHEL6/input/checks/templates/Makefile index c17bfc2..da6568a 100644 --- a/RHEL6/input/checks/templates/Makefile +++ b/RHEL6/input/checks/templates/Makefile @@ -22,6 +22,7 @@ compare:
copy: cp output/*.xml ../
cp output/*.sh ../../fixes/bash/
find-untemplated: templates ./find_untemplated.py
diff --git a/RHEL6/input/checks/templates/create_package_installed.py b/RHEL6/input/checks/templates/create_package_installed.py index e227567..b32e18c 100755 --- a/RHEL6/input/checks/templates/create_package_installed.py +++ b/RHEL6/input/checks/templates/create_package_installed.py @@ -15,12 +15,18 @@ import sys, csv, re def output_check(package_info): pkgname = package_info[0] if pkgname:
with open("./template_package_installed", 'r') as templatefile:
filestring = templatefile.read()
with open("./template_OVAL_package_installed", 'r') as OVALtemplatefile:
filestring = OVALtemplatefile.read() filestring = filestring.replace("PKGNAME", pkgname)
with open("./output/package_" + pkgname + "_installed.xml", 'wb+') as outputfile:
outputfile.write(filestring)
outputfile.close()
with open("./output/package_" + pkgname + "_installed.xml", 'wb+') as OVALoutputfile:
OVALoutputfile.write(filestring)
OVALoutputfile.close()
- with open("./template_BASH_package_installed", 'r') as BASHtemplatefile:
filestring = BASHtemplatefile.read()
filestring = filestring.replace("PKGNAME", pkgname)
with open("./output/package_" + pkgname + "_installed.sh", 'wb+') as BASHoutputfile:
BASHoutputfile.write(filestring)
else: print "ERROR: input violation: the package name must be defined"BASHoutputfile.close()
diff --git a/RHEL6/input/checks/templates/template_BASH_package_installed b/RHEL6/input/checks/templates/template_BASH_package_installed new file mode 100644 index 0000000..1ea466e --- /dev/null +++ b/RHEL6/input/checks/templates/template_BASH_package_installed @@ -0,0 +1 @@ +yum -y install PKGNAME diff --git a/RHEL6/input/checks/templates/template_OVAL_package_installed b/RHEL6/input/checks/templates/template_OVAL_package_installed new file mode 100644 index 0000000..d668705 --- /dev/null +++ b/RHEL6/input/checks/templates/template_OVAL_package_installed @@ -0,0 +1,25 @@ +<def-group>
<!-- THIS FILE IS GENERATED by create_package_installed.py. DO NOT EDIT. -->
- <definition class="compliance" id="package_PKGNAME_installed"
- version="1">
<metadata>
<title>Package PKGNAME Installed</title>
<affected family="unix">
<platform>Red Hat Enterprise Linux 6</platform>
</affected>
<description>The RPM package PKGNAME should be installed.</description>
</metadata>
<criteria>
<criterion comment="package PKGNAME is installed"
test_ref="test_package_PKGNAME_installed" />
</criteria>
</definition>
- <linux:rpminfo_test check="all" check_existence="all_exist"
- id="test_package_PKGNAME_installed" version="1"
- comment="package PKGNAME is installed">
- <linux:object object_ref="obj_package_PKGNAME" />
- </linux:rpminfo_test>
- <linux:rpminfo_object id="obj_package_PKGNAME" version="1">
- linux:namePKGNAME</linux:name>
- </linux:rpminfo_object>
+</def-group> diff --git a/RHEL6/input/checks/templates/template_package_installed b/RHEL6/input/checks/templates/template_package_installed deleted file mode 100644 index d668705..0000000 --- a/RHEL6/input/checks/templates/template_package_installed +++ /dev/null @@ -1,25 +0,0 @@ -<def-group>
<!-- THIS FILE IS GENERATED by create_package_installed.py. DO NOT EDIT. -->
- <definition class="compliance" id="package_PKGNAME_installed"
- version="1">
<metadata>
<title>Package PKGNAME Installed</title>
<affected family="unix">
<platform>Red Hat Enterprise Linux 6</platform>
</affected>
<description>The RPM package PKGNAME should be installed.</description>
</metadata>
<criteria>
<criterion comment="package PKGNAME is installed"
test_ref="test_package_PKGNAME_installed" />
</criteria>
</definition>
- <linux:rpminfo_test check="all" check_existence="all_exist"
- id="test_package_PKGNAME_installed" version="1"
- comment="package PKGNAME is installed">
- <linux:object object_ref="obj_package_PKGNAME" />
- </linux:rpminfo_test>
- <linux:rpminfo_object id="obj_package_PKGNAME" version="1">
- linux:namePKGNAME</linux:name>
- </linux:rpminfo_object>
-</def-group> -- 1.7.1
Pushed per Jeff's ack
$ git push Counting objects: 16, done. Compressing objects: 100% (8/8), done. Writing objects: 100% (9/9), 1.06 KiB, done. Total 9 (delta 7), reused 0 (delta 0) To ssh://git.fedorahosted.org/git/scap-security-guide.git bec63d7..06766fe master -> master
scap-security-guide@lists.fedorahosted.org