File: shared.xml

package info (click to toggle)
scap-security-guide 0.1.65-1
  • links: PTS, VCS
  • area: main
  • in suites: bookworm
  • size: 71,936 kB
  • sloc: xml: 179,374; sh: 69,771; python: 23,819; makefile: 23
file content (53 lines) | stat: -rw-r--r-- 2,867 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
 
<def-group>
  <definition class="compliance" id="firewalld_sshd_disabled" version="1">
    {{{ oval_metadata("If inbound SSH access is not needed, the firewall should disallow or reject access to
      the SSH port (22).") }}}
    <criteria operator="AND">
      <criterion comment="ssh service is not enabled in services" test_ref="test_firewalld_service_sshd" />
      <criterion comment="ssh port is not enabled in services" test_ref="test_firewalld_service_sshd_port" />
      <criterion comment="ssh service is not enabled in zones" test_ref="test_firewalld_zone_sshd" />
      <criterion comment="ssh port is not enabled in zones" test_ref="test_firewalld_zone_sshd_port" />
    </criteria>
  </definition>

  <ind:xmlfilecontent_test check="all" check_existence="none_exist" comment="ssh service is not enabled in services"
  id="test_firewalld_service_sshd" version="1">
    <ind:object object_ref="object_firewalld_service_sshd" />
  </ind:xmlfilecontent_test>
  <ind:xmlfilecontent_object id="object_firewalld_service_sshd" version="1">
    <ind:path>/etc/firewalld/services</ind:path>
    <ind:filename operation="pattern match">^.*\.xml$</ind:filename>
    <ind:xpath>/service/service[@name='ssh']</ind:xpath>
  </ind:xmlfilecontent_object>

  <ind:xmlfilecontent_test check="all" check_existence="none_exist" comment="ssh port is not enabled in services"
  id="test_firewalld_service_sshd_port" version="1">
    <ind:object object_ref="object_firewalld_service_sshd_port" />
  </ind:xmlfilecontent_test>
  <ind:xmlfilecontent_object id="object_firewalld_service_sshd_port" version="1">
    <ind:path>/etc/firewalld/services</ind:path>
    <ind:filename operation="pattern match">^.*\.xml$</ind:filename>
    <ind:xpath>/service/port[@port='22']</ind:xpath>
  </ind:xmlfilecontent_object>

  <ind:xmlfilecontent_test check="all" check_existence="none_exist" comment="ssh service is not enabled in zones"
  id="test_firewalld_zone_sshd" version="1">
    <ind:object object_ref="object_firewalld_zone_sshd" />
  </ind:xmlfilecontent_test>
  <ind:xmlfilecontent_object id="object_firewalld_zone_sshd" version="1">
    <ind:path>/etc/firewalld/zones</ind:path>
    <ind:filename operation="pattern match">^.*\.xml$</ind:filename>
    <ind:xpath>/zone/service[@name='ssh']</ind:xpath>
  </ind:xmlfilecontent_object>

  <ind:xmlfilecontent_test check="all" check_existence="none_exist" comment="ssh port is not enabled in zones"
  id="test_firewalld_zone_sshd_port" version="1">
    <ind:object object_ref="object_firewalld_zone_sshd_port" />
  </ind:xmlfilecontent_test>
  <ind:xmlfilecontent_object id="object_firewalld_zone_sshd_port" version="1">
    <ind:path>/etc/firewalld/zones</ind:path>
    <ind:filename operation="pattern match">^.*\.xml$</ind:filename>
    <ind:xpath>/zone/port[@port='22']</ind:xpath>
  </ind:xmlfilecontent_object>

</def-group>