Add checks for webrsync-gpg FEATURES setting

2 files changed, 47 insertions, 0 deletions

diff --git a/xml/SCAP/gentoo-oval.xml b/xml/SCAP/gentoo-oval.xml
index 8e64c26..73b5ec8 100644
--- a/xml/SCAP/gentoo-oval.xml
+++ b/xml/SCAP/gentoo-oval.xml
@@ -502,6 +502,21 @@
     </criteria>
   </definition>
 
+  <definition id="oval:org.gentoo.dev.swift:def:30" version="1" class="compliance">
+    <metadata>
+      <title>In make.conf 'webrsync-gpg' is set in FEATURES</title>
+      <affected family="unix">
+        <platform>Gentoo Linux</platform>
+      </affected>
+      <description>
+        The FEATURES declaration in make.conf should have 'webrsync-gpg' set.
+      </description>
+    </metadata>
+    <criteria>
+      <criterion test_ref="oval:org.gentoo.dev.swift:tst:31" comment="'webrsync-gpg' is set in make.conf FEATURES" />
+    </criteria>
+  </definition>
+
 </definitions>
 
 <tests>
@@ -752,6 +767,15 @@
     <ind-def:state state_ref="oval:org.gentoo.dev.swift:ste:10" />
   </ind-def:textfilecontent54_test>
 
+  <ind-def:textfilecontent54_test id="oval:org.gentoo.dev.swift:tst:31"
+    version="1" check="at least one" check_existence="all_exist"
+    comment="Tests that webrsync-gpg is set in make.conf FEATURES">
+    <!-- FEATURES declaration in make.conf -->
+    <ind-def:object object_ref="oval:org.gentoo.dev.swift:obj:18" />
+    <!-- Match for webrsync-gpg -->
+    <ind-def:state state_ref="oval:org.gentoo.dev.swift:ste:11" />
+  </ind-def:textfilecontent54_test>
+
 </tests>
 
 <objects>
@@ -851,6 +875,13 @@
     <ind-def:instance operation="greater than or equal" datatype="int">1</ind-def:instance>
   </ind-def:textfilecontent54_object>
 
+  <ind-def:textfilecontent54_object id="oval:org.gentoo.dev.swift:obj:18"
+    version="1" comment="Portage make.conf FEATURES settings">
+    <ind-def:filepath>/etc/portage/make.conf</ind-def:filepath>
+    <ind-def:pattern operation="pattern match">^FEATURES=.*</ind-def:pattern>
+    <ind-def:instance operation="greater than or equal" datatype="int">1</ind-def:instance>
+  </ind-def:textfilecontent54_object>
+
 </objects>
 
 <states>
@@ -905,6 +936,11 @@
     <ind-def:text datatype="string" operation="pattern match" entity_check="all">( |")ssl( |")</ind-def:text>
   </ind-def:textfilecontent54_state>
 
+  <ind-def:textfilecontent54_state id="oval:org.gentoo.dev.swift:ste:11"
+    version="1" comment="Matching webrsync-gpg">
+    <ind-def:text datatype="string" operation="pattern match" entity_check="all">( |")webrsync-gpg( |")</ind-def:text>
+  </ind-def:textfilecontent54_state>
+
 </states>
 
 <!--
diff --git a/xml/SCAP/gentoo-xccdf.xml b/xml/SCAP/gentoo-xccdf.xml
index b53b1e8..3c331eb 100644
--- a/xml/SCAP/gentoo-xccdf.xml
+++ b/xml/SCAP/gentoo-xccdf.xml
@@ -95,6 +95,8 @@
     <select idref="xccdf_org.gentoo.dev.swift_rule_USE-tcpd" selected="true" />
     <!-- Make sure USE=ssl is set -->
     <select idref="xccdf_org.gentoo.dev.swift_rule_USE-ssl" selected="true" />
+    <!-- Make sure FEATURES=webrsync-gpg is set -->
+    <select idref="xccdf_org.gentoo.dev.swift_rule_FEATURES-webrsync-gpg" selected="true" />
   </Profile>
   <Profile id="xccdf_org.gentoo.dev.swift_profile_default" extends="xccdf_org.gentoo.dev.swift_profile_default-oval">
     <title>Default server setup settings</title>
@@ -1328,6 +1330,15 @@ FEATURES="webrsync-gpg"
 PORTAGE_GPG_DIR="/etc/portage/gpg"
 SYNC=""</h:pre>
         </description>
+	<Rule id="xccdf_org.gentoo.dev.swift_rule_FEATURES-webrsync-gpg" selected="false" severity="low" weight="0.0">
+	  <title>FEATURES="webrsync-gpg" is set</title>
+	  <fixtext fixref="xccdf_org.gentoo.dev.swift_fix_FEATURES-webrsync-gpg">
+	    Edit /etc/portage/make.conf and make sure that 'webrsync-gpg' is in the FEATURES declaration.
+	  </fixtext>
+	  <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
+	    <check-content-ref name="oval:org.gentoo.dev.swift:def:30" href="gentoo-oval.xml" />
+	  </check>
+	</Rule>
       </Group>
     </Group>
     <Group id="xccdf_org.gentoo.dev.swift_group_system-kernel">