File: template_OVAL_mount_option_remote_filesystems

package info (click to toggle)
scap-security-guide 0.1.39-2
  • links: PTS, VCS
  • area: main
  • in suites: buster, sid
  • size: 31,836 kB
  • sloc: xml: 129,736; python: 7,462; sh: 3,796; makefile: 27
file content (40 lines) | stat: -rw-r--r-- 2,666 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
<def-group>
  <definition class="compliance" id="mount_option_%MOUNTOPTION%_remote_filesystems" version="1">
    <metadata>
      <title>Mount Remote Filesystems with %MOUNTOPTION%</title>
      <affected family="unix">
        <platform>multi_platform_all</platform>
      </affected>
      <description>The %MOUNTOPTION% option should be enabled for all NFS mounts in /etc/fstab.</description>
    </metadata>
    <criteria operator="XOR">
      <!-- these tests are designed to be mutually exclusive; either no nfs mounts exist in /etc/fstab -->
      <!-- or all of the nfs mounts defined in /etc/fstab have the %MOUNTOPTION% mount option specified -->
      <criterion comment="remote nfs filesystems" test_ref="test_no_nfs_defined_etc_fstab_%MOUNTOPTION%" />
      <criterion comment="remote nfs filesystems" test_ref="test_nfs_%MOUNTOPTION%_etc_fstab" />
    </criteria>
  </definition>
  <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="all nfs has %MOUNTOPTION%" id="test_nfs_%MOUNTOPTION%_etc_fstab" version="1">
    <ind:object object_ref="object_nfs_%MOUNTOPTION%_etc_fstab" />
    <ind:state state_ref="state_remote_filesystem_%MOUNTOPTION%" />
  </ind:textfilecontent54_test>
  <ind:textfilecontent54_object id="object_nfs_%MOUNTOPTION%_etc_fstab" version="1">
    <ind:filepath>/etc/fstab</ind:filepath>
    <ind:pattern operation="pattern match">^\s*\[?[\.\w-:]+\]?:[/\w-]+\s+[/\w-]+\s+nfs[4]?\s+(.*)$</ind:pattern>
    <!-- the "not equal" operation essentially means all instances of the regexp -->
    <ind:instance datatype="int" operation="not equal">0</ind:instance>
  </ind:textfilecontent54_object>
  <ind:textfilecontent54_state id="state_remote_filesystem_%MOUNTOPTION%" version="1">
    <ind:subexpression operation="pattern match">^.*%MOUNTOPTION%.*$</ind:subexpression>
  </ind:textfilecontent54_state>
  <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="no nfs" id="test_no_nfs_defined_etc_fstab_%MOUNTOPTION%" version="1">
    <!-- this test returns 'true' if /etc/fstab does not contain nfs/nfs4 mounts -->
    <ind:object object_ref="object_no_nfs_defined_etc_fstab_%MOUNTOPTION%" />
  </ind:textfilecontent54_test>
  <ind:textfilecontent54_object id="object_no_nfs_defined_etc_fstab_%MOUNTOPTION%" version="1">
    <ind:filepath>/etc/fstab</ind:filepath>
    <ind:pattern operation="pattern match">^\s*\[?[\.\w-:]+\]?:[/\w-]+\s+[/\w-]+\s+nfs[4]?\s+.*$</ind:pattern>
    <!-- the "not equal" operation below essentially means all instances of the regexp -->
    <ind:instance datatype="int" operation="not equal">0</ind:instance>
  </ind:textfilecontent54_object>
</def-group>