File: draft_oval.xml

package info (click to toggle)
scap-security-guide 0.1.79-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 114,704 kB
  • sloc: xml: 244,677; sh: 84,647; python: 33,203; makefile: 27
file content (37 lines) | stat: -rw-r--r-- 2,620 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
 
<?xml version="1.0"?>
<ns0:oval_definitions xmlns:ns0="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:ns2="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:ns3="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" xmlns:ns4="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" xmlns:ns5="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5 oval-common-schema.xsd         http://oval.mitre.org/XMLSchema/oval-definitions-5 oval-definitions-schema.xsd         http://oval.mitre.org/XMLSchema/oval-definitions-5#independent independent-definitions-schema.xsd         http://oval.mitre.org/XMLSchema/oval-definitions-5#unix unix-definitions-schema.xsd         http://oval.mitre.org/XMLSchema/oval-definitions-5#linux linux-definitions-schema.xsd">
  <ns0:generator>
    <ns2:product_name>Script combine_ovals.py from SCAP Security Guide</ns2:product_name>
    <ns2:product_version>ssg: [0, 1, 71], python: 3.11.6</ns2:product_version>
    <ns2:schema_version>5.11</ns2:schema_version>
    <ns2:timestamp>2023-11-20T17:39:53</ns2:timestamp>
  </ns0:generator>
  <ns0:definitions>
    <ns0:definition class="compliance" id="kerberos_disable_no_keytab" version="1">
      <ns0:metadata>
        <ns0:title>Disable Kerberos by removing host keytab</ns0:title>
        <ns0:description>description is required</ns0:description>
      </ns0:metadata>
      <ns0:criteria>
        <ns0:criterion test_ref="test_kerberos_disable_no_keytab" comment="Restrict Kerberos operation by removing keytab files"/>
      </ns0:criteria>
    </ns0:definition>
  </ns0:definitions>
  <ns0:tests>
    <ns4:file_test id="test_kerberos_disable_no_keytab" check="all" check_existence="none_exist" version="1" comment="Ensure keytab file does not exist">
      <ns4:object object_ref="obj_kerberos_disable_no_keytab"/>
    </ns4:file_test>
  </ns0:tests>
  <ns0:objects>
    <ns4:file_object id="obj_kerberos_disable_no_keytab" version="1" comment="Default Kerberos keytab file">
      <ns4:filepath operation="pattern match">^/etc/.+\.keytab$</ns4:filepath>
      <ns0:filter action="exclude">filter_ssh_key_owner_root</ns0:filter>
    </ns4:file_object>
  </ns0:objects>
  <ns0:states>
    <ns4:file_state comment="All keys in /etc/ssh groupowned by root have the right permissions" id="filter_ssh_key_owner_root" version="1">
      <ns4:path>/etc</ns4:path>
      <ns4:filename operation="pattern match">.*_key$</ns4:filename>
    </ns4:file_state>
  </ns0:states>
</ns0:oval_definitions>