1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
|
<def-group>
{{% if target_oval_version >= [5, 11] %}}
<definition class="compliance" id="{{{ _RULE_ID }}}" version="1">
{{{ oval_metadata("The " + TIMERNAME + " timer should be enabled if possible.") }}}
<criteria comment="package {{{ PACKAGENAME }}} installed and timer {{{ TIMERNAME }}} is configured to start" operator="AND">
<extend_definition comment="{{{ PACKAGENAME }}} installed" definition_ref="package_{{{ PACKAGENAME }}}_installed" />
<criteria comment="timer {{{ TIMERNAME }}} is configured to start and is running" operator="AND">
<criterion comment="{{{ TIMERNAME }}} is running" test_ref="test_timer_running_{{{ TIMERNAME }}}" />
<criterion comment="multi-user.target wants {{{ TIMERNAME }}}" test_ref="test_multi_user_wants_{{{ TIMERNAME }}}" />
</criteria>
</criteria>
</definition>
<linux:systemdunitdependency_test check="all" check_existence="any_exist" comment="systemd test" id="test_multi_user_wants_{{{ TIMERNAME }}}" version="1">
<linux:object object_ref="object_multi_user_target_for_{{{ TIMERNAME }}}_enabled" />
<linux:state state_ref="state_systemd_{{{ TIMERNAME }}}_on"/>
</linux:systemdunitdependency_test>
<linux:systemdunitdependency_object id="object_multi_user_target_for_{{{ TIMERNAME }}}_enabled" comment="list of dependencies of multi-user.target" version="1">
<linux:unit>multi-user.target</linux:unit>
</linux:systemdunitdependency_object>
<linux:systemdunitdependency_state id="state_systemd_{{{ TIMERNAME }}}_on" comment="{{{ TIMERNAME }}} listed at least once in the dependencies" version="1">
<linux:dependency entity_check="at least one">{{{ TIMERNAME }}}.timer</linux:dependency>
</linux:systemdunitdependency_state>
<linux:systemdunitproperty_test id="test_timer_running_{{{ TIMERNAME }}}" check="at least one" check_existence="at_least_one_exists" comment="Test that the {{{ TIMERNAME }}} timer is running" version="1">
<linux:object object_ref="obj_timer_running_{{{ TIMERNAME }}}"/>
<linux:state state_ref="state_timer_running_{{{ TIMERNAME }}}"/>
</linux:systemdunitproperty_test>
<linux:systemdunitproperty_object id="obj_timer_running_{{{ TIMERNAME }}}" comment="Retrieve the ActiveState property of {{{ TIMERNAME }}}" version="1">
<linux:unit operation="pattern match">{{{ TIMERNAME }}}\.timer</linux:unit>
<linux:property>ActiveState</linux:property>
</linux:systemdunitproperty_object>
<linux:systemdunitproperty_state id="state_timer_running_{{{ TIMERNAME }}}" version="1" comment="{{{ TIMERNAME }}} is running">
<linux:value>active</linux:value>
</linux:systemdunitproperty_state>
{{% else %}}
{{# fallback if we are using systemd but can't use the new systemd features of OVAL 5.11 #}}
<definition class="compliance" id="{{{ _RULE_ID }}}" version="1">
{{{ oval_metadata("The " + TIMERNAME + " service should be enabled if possible.") }}}
<criteria comment="package {{{ PACKAGENAME }}} installed and timer {{{ TIMERNAME }}} is configured to start" operator="AND">
<extend_definition comment="{{{ PACKAGENAME }}} installed" definition_ref="package_{{{ PACKAGENAME }}}_installed" />
<criterion comment="{{{ TIMERNAME }}} enabled in multi-user.target" test_ref="test_{{{ TIMERNAME }}}_enabled_multi_user_target" />
</criteria>
</definition>
<unix:file_test check="all" check_existence="all_exist"
comment="look for {{{ TIMERNAME }}}.timer in /etc/systemd/system/multi-user.target.wants"
id="test_{{{ TIMERNAME }}}_enabled_multi_user_target" version="1">
<unix:object object_ref="object_{{{ TIMERNAME }}}_enabled_multi_user_target" />
</unix:file_test>
<unix:file_object comment="look for {{{ TIMERNAME }}}.timer in /etc/systemd/system/multi-user.target.wants"
id="object_{{{ TIMERNAME }}}_enabled_multi_user_target" version="1">
<unix:filepath>/etc/systemd/system/multi-user.target.wants/{{{ TIMERNAME }}}.timer</unix:filepath>
<filter action="include">unit_{{{ TIMERNAME }}}_state_symlink</filter>
</unix:file_object>
<unix:file_state id="unit_{{{ TIMERNAME }}}_state_symlink" version="1">
<unix:type operation="equals">symbolic link</unix:type>
</unix:file_state>
{{% endif %}}
</def-group>
|
