1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
|
<def-group>
{{%- set package_installed_test_id = "test_service_" + SERVICENAME + "_package_" + PACKAGENAME + "_installed" -%}}
{{% if target_oval_version >= [5, 11] %}}
<definition class="compliance" id="{{{ _RULE_ID }}}" version="1">
{{{ oval_metadata("The " + SERVICENAME + " service should be enabled if possible.") }}}
<criteria comment="package {{{ PACKAGENAME }}} installed and service {{{ SERVICENAME }}} is configured to start" operator="AND">
<criterion comment="{{{ PACKAGENAME }}} installed" test_ref="{{{ package_installed_test_id }}}" />
<criteria comment="service {{{ SERVICENAME }}} is configured to start and is running" operator="AND">
<criterion comment="{{{ SERVICENAME }}} is running" test_ref="test_service_running_{{{ SERVICENAME }}}" />
<criteria operator="OR" comment="service {{{ SERVICENAME }}} is configured to start">
<criterion comment="multi-user.target wants {{{ SERVICENAME }}}" test_ref="test_multi_user_wants_{{{ SERVICENAME }}}" />
<criterion comment="multi-user.target wants {{{ SERVICENAME }}} socket" test_ref="test_multi_user_wants_{{{ SERVICENAME }}}_socket" />
</criteria>
</criteria>
</criteria>
</definition>
<linux:systemdunitdependency_test check="all" check_existence="any_exist" comment="systemd test" id="test_multi_user_wants_{{{ SERVICENAME }}}" version="1">
<linux:object object_ref="object_multi_user_target_for_{{{ SERVICENAME }}}_enabled" />
<linux:state state_ref="state_systemd_{{{ SERVICENAME }}}_on"/>
</linux:systemdunitdependency_test>
<linux:systemdunitdependency_object id="object_multi_user_target_for_{{{ SERVICENAME }}}_enabled" comment="list of dependencies of multi-user.target" version="1">
<linux:unit>multi-user.target</linux:unit>
</linux:systemdunitdependency_object>
<linux:systemdunitdependency_state id="state_systemd_{{{ SERVICENAME }}}_on" comment="{{{ SERVICENAME }}} listed at least once in the dependencies" version="1">
<linux:dependency entity_check="at least one">{{{ SERVICENAME }}}.service</linux:dependency>
</linux:systemdunitdependency_state>
<linux:systemdunitdependency_test check="all" check_existence="any_exist" comment="systemd test" id="test_multi_user_wants_{{{ SERVICENAME }}}_socket" version="1">
<linux:object object_ref="object_multi_user_target_for_{{{ SERVICENAME }}}_socket_enabled" />
<linux:state state_ref="state_systemd_{{{ SERVICENAME }}}_socket_on"/>
</linux:systemdunitdependency_test>
<linux:systemdunitdependency_object id="object_multi_user_target_for_{{{ SERVICENAME }}}_socket_enabled" comment="list of dependencies of multi-user.target" version="1">
<linux:unit>multi-user.target</linux:unit>
</linux:systemdunitdependency_object>
<linux:systemdunitdependency_state id="state_systemd_{{{ SERVICENAME }}}_socket_on" comment="{{{ SERVICENAME }}} listed at least once in the dependencies" version="1">
<linux:dependency entity_check="at least one">{{{ SERVICENAME }}}.socket</linux:dependency>
</linux:systemdunitdependency_state>
<linux:systemdunitproperty_test id="test_service_running_{{{ SERVICENAME }}}" check="at least one" check_existence="at_least_one_exists" comment="Test that the {{{ SERVICENAME }}} service is running" version="1">
<linux:object object_ref="obj_service_running_{{{ SERVICENAME }}}"/>
<linux:state state_ref="state_service_running_{{{ SERVICENAME }}}"/>
</linux:systemdunitproperty_test>
<linux:systemdunitproperty_object id="obj_service_running_{{{ SERVICENAME }}}" comment="Retrieve the ActiveState property of {{{ SERVICENAME }}}" version="1">
<linux:unit operation="pattern match">^{{{ SERVICENAME }}}\.(socket|service)$</linux:unit>
<linux:property>ActiveState</linux:property>
</linux:systemdunitproperty_object>
<linux:systemdunitproperty_state id="state_service_running_{{{ SERVICENAME }}}" version="1" comment="{{{ SERVICENAME }}} is running">
<linux:value>active</linux:value>
</linux:systemdunitproperty_state>
{{% else %}}
<definition class="compliance" id="{{{ _RULE_ID }}}"
version="1">
{{{ oval_metadata("The " + SERVICENAME + " service should be enabled if possible.") }}}
<criteria comment="package {{{ PACKAGENAME }}} installed and service {{{ SERVICENAME }}} is configured to start" operator="AND">
<criterion comment="{{{ PACKAGENAME }}} installed" test_ref="{{{ package_installed_test_id }}}" />
<criteria operator="OR" comment="service {{{ SERVICENAME }}} is configured to start">
<criterion comment="{{{ SERVICENAME }}} runlevel 0" test_ref="test_runlevel0_{{{ SERVICENAME }}}_on" />
<criterion comment="{{{ SERVICENAME }}} runlevel 1" test_ref="test_runlevel1_{{{ SERVICENAME }}}_on" />
<criterion comment="{{{ SERVICENAME }}} runlevel 2" test_ref="test_runlevel2_{{{ SERVICENAME }}}_on" />
<criterion comment="{{{ SERVICENAME }}} runlevel 3" test_ref="test_runlevel3_{{{ SERVICENAME }}}_on" />
<criterion comment="{{{ SERVICENAME }}} runlevel 4" test_ref="test_runlevel4_{{{ SERVICENAME }}}_on" />
<criterion comment="{{{ SERVICENAME }}} runlevel 5" test_ref="test_runlevel5_{{{ SERVICENAME }}}_on" />
<criterion comment="{{{ SERVICENAME }}} runlevel 6" test_ref="test_runlevel6_{{{ SERVICENAME }}}_on" />
</criteria>
</criteria>
</definition>
<unix:runlevel_test check="all" check_existence="any_exist"
comment="Runlevel test" id="test_runlevel0_{{{ SERVICENAME }}}_on"
version="2">
<unix:object object_ref="obj_runlevel0_{{{ SERVICENAME }}}_on" />
<unix:state state_ref="state_service_{{{ SERVICENAME }}}_on" />
</unix:runlevel_test>
<unix:runlevel_test check="all" check_existence="any_exist"
comment="Runlevel test" id="test_runlevel1_{{{ SERVICENAME }}}_on"
version="2">
<unix:object object_ref="obj_runlevel1_{{{ SERVICENAME }}}_on" />
<unix:state state_ref="state_service_{{{ SERVICENAME }}}_on" />
</unix:runlevel_test>
<unix:runlevel_test check="all" check_existence="any_exist"
comment="Runlevel test" id="test_runlevel2_{{{ SERVICENAME }}}_on"
version="2">
<unix:object object_ref="obj_runlevel2_{{{ SERVICENAME }}}_on" />
<unix:state state_ref="state_service_{{{ SERVICENAME }}}_on" />
</unix:runlevel_test>
<unix:runlevel_test check="all" check_existence="any_exist"
comment="Runlevel test" id="test_runlevel3_{{{ SERVICENAME }}}_on"
version="2">
<unix:object object_ref="obj_runlevel3_{{{ SERVICENAME }}}_on" />
<unix:state state_ref="state_service_{{{ SERVICENAME }}}_on" />
</unix:runlevel_test>
<unix:runlevel_test check="all" check_existence="any_exist"
comment="Runlevel test" id="test_runlevel4_{{{ SERVICENAME }}}_on"
version="2">
<unix:object object_ref="obj_runlevel4_{{{ SERVICENAME }}}_on" />
<unix:state state_ref="state_service_{{{ SERVICENAME }}}_on" />
</unix:runlevel_test>
<unix:runlevel_test check="all" check_existence="any_exist"
comment="Runlevel test" id="test_runlevel5_{{{ SERVICENAME }}}_on"
version="2">
<unix:object object_ref="obj_runlevel5_{{{ SERVICENAME }}}_on" />
<unix:state state_ref="state_service_{{{ SERVICENAME }}}_on" />
</unix:runlevel_test>
<unix:runlevel_test check="all" check_existence="any_exist"
comment="Runlevel test" id="test_runlevel6_{{{ SERVICENAME }}}_on"
version="2">
<unix:object object_ref="obj_runlevel6_{{{ SERVICENAME }}}_on" />
<unix:state state_ref="state_service_{{{ SERVICENAME }}}_on" />
</unix:runlevel_test>
<unix:runlevel_object id="obj_runlevel0_{{{ SERVICENAME }}}_on" version="1">
<unix:service_name>{{{ SERVICENAME }}}</unix:service_name>
<unix:runlevel operation="equals">0</unix:runlevel>
</unix:runlevel_object>
<unix:runlevel_object id="obj_runlevel1_{{{ SERVICENAME }}}_on" version="1">
<unix:service_name>{{{ SERVICENAME }}}</unix:service_name>
<unix:runlevel operation="equals">1</unix:runlevel>
</unix:runlevel_object>
<unix:runlevel_object id="obj_runlevel2_{{{ SERVICENAME }}}_on" version="1">
<unix:service_name>{{{ SERVICENAME }}}</unix:service_name>
<unix:runlevel operation="equals">2</unix:runlevel>
</unix:runlevel_object>
<unix:runlevel_object id="obj_runlevel3_{{{ SERVICENAME }}}_on" version="1">
<unix:service_name>{{{ SERVICENAME }}}</unix:service_name>
<unix:runlevel operation="equals">3</unix:runlevel>
</unix:runlevel_object>
<unix:runlevel_object id="obj_runlevel4_{{{ SERVICENAME }}}_on" version="1">
<unix:service_name>{{{ SERVICENAME }}}</unix:service_name>
<unix:runlevel operation="equals">4</unix:runlevel>
</unix:runlevel_object>
<unix:runlevel_object id="obj_runlevel5_{{{ SERVICENAME }}}_on" version="1">
<unix:service_name>{{{ SERVICENAME }}}</unix:service_name>
<unix:runlevel operation="equals">5</unix:runlevel>
</unix:runlevel_object>
<unix:runlevel_object id="obj_runlevel6_{{{ SERVICENAME }}}_on" version="1">
<unix:service_name>{{{ SERVICENAME }}}</unix:service_name>
<unix:runlevel operation="equals">6</unix:runlevel>
</unix:runlevel_object>
<unix:runlevel_state comment="configured to start" id="state_service_{{{ SERVICENAME }}}_on" version="1">
<unix:start datatype="boolean">true</unix:start>
<unix:kill datatype="boolean">false</unix:kill>
</unix:runlevel_state>
{{% endif %}}
{{{ oval_test_package_installed(package=PACKAGENAME, evr="", test_id=package_installed_test_id) }}}
</def-group>
|
