File: oval.template

package info (click to toggle)
scap-security-guide 0.1.76-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 110,644 kB
  • sloc: xml: 241,883; sh: 73,777; python: 32,527; makefile: 27
file content (34 lines) | stat: -rw-r--r-- 2,354 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
<def-group>

  <definition class="compliance" id="{{{ _RULE_ID }}}" version="1">
    {{{ oval_metadata("The " + MOUNTNAME + " mount should be enabled if possible.") }}}
    <criteria comment="mount {{{ MOUNTNAME }}} is configured to start and is running" operator="AND">
      <criterion comment="{{{ MOUNTNAME }}} is running" test_ref="test_mount_running_{{{ MOUNTNAME }}}" />
      <criterion comment="multi-user.target wants {{{ MOUNTNAME }}}" test_ref="test_multi_user_wants_{{{ MOUNTNAME }}}" />
    </criteria>
  </definition>

  <linux:systemdunitdependency_test check="all" check_existence="any_exist" comment="systemd test" id="test_multi_user_wants_{{{ MOUNTNAME }}}" version="1">
    <linux:object object_ref="object_multi_user_target_for_{{{ MOUNTNAME }}}_enabled" />
    <linux:state state_ref="state_systemd_{{{ MOUNTNAME }}}_on"/>
  </linux:systemdunitdependency_test>
  <linux:systemdunitdependency_object id="object_multi_user_target_for_{{{ MOUNTNAME }}}_enabled" comment="list of dependencies of multi-user.target" version="1">
    <linux:unit>multi-user.target</linux:unit>
  </linux:systemdunitdependency_object>
  <linux:systemdunitdependency_state id="state_systemd_{{{ MOUNTNAME }}}_on" comment="{{{ MOUNTNAME }}} mount is listed at least once in the dependencies" version="1">
    <linux:dependency entity_check="at least one">{{{ MOUNTNAME }}}.mount</linux:dependency>
  </linux:systemdunitdependency_state>

  <linux:systemdunitproperty_test id="test_mount_running_{{{ MOUNTNAME }}}" check="at least one" check_existence="at_least_one_exists" comment="Test that the {{{ MOUNTNAME }}} mount is running" version="1">
    <linux:object object_ref="obj_mount_running_{{{ MOUNTNAME }}}"/>
    <linux:state state_ref="state_mount_running_{{{ MOUNTNAME }}}"/>
  </linux:systemdunitproperty_test>
  <linux:systemdunitproperty_object id="obj_mount_running_{{{ MOUNTNAME }}}" comment="Retrieve the ActiveState property of {{{ MOUNTNAME }}}" version="1">
    <linux:unit operation="equals">{{{ MOUNTNAME }}}.mount</linux:unit>
    <linux:property>ActiveState</linux:property>
  </linux:systemdunitproperty_object>
  <linux:systemdunitproperty_state id="state_mount_running_{{{ MOUNTNAME }}}" version="1" comment="{{{ MOUNTNAME }}} mount is active">
    <linux:value>active</linux:value>
  </linux:systemdunitproperty_state>

</def-group>