File: shared.xml

package info (click to toggle)
scap-security-guide 0.1.78-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 114,600 kB
  • sloc: xml: 245,305; sh: 84,381; python: 33,093; makefile: 27
file content (67 lines) | stat: -rw-r--r-- 3,252 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
 
<def-group>
  <definition class="compliance" id="prefer_64bit_os" version="1">
    {{{ oval_metadata("Check if the system supports a 64-bit Operating System", rule_title=rule_title) }}}
    <criteria
        comment="Either the OS is 64-bit, or the CPU doesn't support 64-bit (it is 32 or 16 bit)"
        operator="OR">
      <criteria comment="Either check osrelease in procfs, or kernel package arch parameter"
                operator="OR">
        <criterion comment="Check if OS is 64-bit"
                   test_ref="test_proc_sys_kernel_osrelease_64_bit"/>
        <criterion comment="Check kernel rpm is x86_64"
                   test_ref="test_package_kernel_x64" />
      </criteria>
      <criterion comment="Check if CPU is not 64-bit" test_ref="test_proc_cpuinfo_64_bit"
                 negate="true" />
    </criteria>
  </definition>

  <linux:rpminfo_test check="all" check_existence="all_exist"
  id="test_package_kernel_x64" version="1"
  comment="Package kernel arch is x64">
    <linux:object object_ref="obj_package_kernel" />
    <linux:state state_ref="state_installed_arch_of_kernel_package" />
  </linux:rpminfo_test>

  <linux:rpminfo_state id="state_installed_arch_of_kernel_package" version="1">
    <linux:arch>x86_64</linux:arch>
  </linux:rpminfo_state>

  <linux:rpminfo_object id="obj_package_kernel" version="1">
    {{% if 'sle' in product %}}
    <linux:name>kernel-default</linux:name>
    {{% else %}}
    <linux:name>kernel</linux:name>
    {{% endif %}}
  </linux:rpminfo_object>

  <ind:textfilecontent54_test id="test_proc_cpuinfo_64_bit"
  comment="Check for CPU flag lm" check="all" version="1">
    <ind:object object_ref="object_proc_cpuinfo_64_bit" />
    <ind:state state_ref="state_proc_cpuinfo_64_bit" />
  </ind:textfilecontent54_test>
  <ind:textfilecontent54_object id="object_proc_cpuinfo_64_bit"
  version="1">
    <ind:filepath>/proc/cpuinfo</ind:filepath>
    <ind:pattern operation="pattern match">^flags\s+:\s+(.*)$</ind:pattern>
    <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
  </ind:textfilecontent54_object>
  <ind:textfilecontent54_state id="state_proc_cpuinfo_64_bit" version="1">
    <ind:subexpression operation="pattern match">\blm\b</ind:subexpression>
  </ind:textfilecontent54_state>

  <ind:textfilecontent54_test check="all" check_existence="only_one_exists"
      comment="Check if kernel nvr arch is 64-bit" id="test_proc_sys_kernel_osrelease_64_bit" version="1">
    <ind:object object_ref="object_proc_sys_kernel_osrelease_64_bit" />
    <ind:state state_ref="state_proc_sys_kernel_osrelease_64_bit" />
  </ind:textfilecontent54_test>
  <ind:textfilecontent54_object id="object_proc_sys_kernel_osrelease_64_bit" version="1">
    <ind:filepath>/proc/sys/kernel/osrelease</ind:filepath>
    <ind:pattern operation="pattern match">^.*\.(.*)$</ind:pattern>
    <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
  </ind:textfilecontent54_object>
  <ind:textfilecontent54_state id="state_proc_sys_kernel_osrelease_64_bit" version="1">
    <ind:subexpression datatype="string" operation="pattern match">^(x86_64|aarch64|ppc64le|s390x|.*-amd64)$</ind:subexpression>
  </ind:textfilecontent54_state>

</def-group>