diff options
-rw-r--r-- | xml/SCAP/gentoo-oval.xml | 58 | ||||
-rw-r--r-- | xml/SCAP/gentoo-xccdf.xml | 22 |
2 files changed, 80 insertions, 0 deletions
diff --git a/xml/SCAP/gentoo-oval.xml b/xml/SCAP/gentoo-oval.xml index 693d59f..3fb4adb 100644 --- a/xml/SCAP/gentoo-oval.xml +++ b/xml/SCAP/gentoo-oval.xml @@ -427,6 +427,36 @@ </criteria> </definition> + <definition id="oval:org.gentoo.dev.swift:def:25" version="1" class="compliance"> + <metadata> + <title>/var is mounted with quota option(s)</title> + <affected family="unix"> + <platform>Gentoo Linux</platform> + </affected> + <description> + The /var mount should be mounted with usrquota or grpquota mount option. + </description> + </metadata> + <criteria> + <criterion test_ref="oval:org.gentoo.dev.swift:tst:26" comment="/var is mounted with usrquota or grpquota" /> + </criteria> + </definition> + + <definition id="oval:org.gentoo.dev.swift:def:26" version="1" class="compliance"> + <metadata> + <title>/home is mounted with quota option(s)</title> + <affected family="unix"> + <platform>Gentoo Linux</platform> + </affected> + <description> + The /home mount should be mounted with usrquota or grpquota mount option. + </description> + </metadata> + <criteria> + <criterion test_ref="oval:org.gentoo.dev.swift:tst:27" comment="/home is mounted with usrquota or grpquota" /> + </criteria> + </definition> + </definitions> <tests> @@ -632,6 +662,24 @@ <unix-def:object object_ref="oval:org.gentoo.dev.swift:obj:15" /> </unix-def:file_test> + <lin-def:partition_test id="oval:org.gentoo.dev.swift:tst:26" + version="1" check="all" check_existence="all_exist" + comment="Tests that /var is mounted with usrquota or grpquota option"> + <!-- /var file system --> + <lin-def:object object_ref="oval:org.gentoo.dev.swift:obj:16" /> + <!-- "usrquota" or "grpquota" mount option --> + <lin-def:state state_ref="oval:org.gentoo.dev.swift:ste:7" /> + </lin-def:partition_test> + + <lin-def:partition_test id="oval:org.gentoo.dev.swift:tst:27" + version="1" check="all" check_existence="all_exist" + comment="Tests that /home is mounted with usrquota or grpquota option"> + <!-- /home file system --> + <lin-def:object object_ref="oval:org.gentoo.dev.swift:obj:2" /> + <!-- "usrquota" or "grpquota" mount option --> + <lin-def:state state_ref="oval:org.gentoo.dev.swift:ste:7" /> + </lin-def:partition_test> + </tests> <objects> @@ -719,6 +767,11 @@ <unix-def:filepath>/etc/at/at.allow</unix-def:filepath> </unix-def:file_object> + <lin-def:partition_object id="oval:org.gentoo.dev.swift:obj:16" + version="1" comment="The /var file system"> + <lin-def:mount_point>/var</lin-def:mount_point> + </lin-def:partition_object> + </objects> <states> @@ -753,6 +806,11 @@ <ind-def:text datatype="string" operation="pattern match" entity_check="all">su[[:digit:]]+:S:[\S]+:(/sbin/rc single|/sbin/sulogin)</ind-def:text> </ind-def:textfilecontent54_state> + <lin-def:partition_state id="oval:org.gentoo.dev.swift:ste:7" + version="1" comment="The file system is mounted with quota support option"> + <lin-def:mount_options entity_check="at least one" operation="pattern match">(usr|grp)quota</lin-def:mount_options> + </lin-def:partition_state> + </states> <!-- diff --git a/xml/SCAP/gentoo-xccdf.xml b/xml/SCAP/gentoo-xccdf.xml index e51a0ab..1057fb3 100644 --- a/xml/SCAP/gentoo-xccdf.xml +++ b/xml/SCAP/gentoo-xccdf.xml @@ -73,6 +73,10 @@ <select idref="xccdf_org.gentoo.dev.swift_rule_partition-devshm-noexec" selected="true" /> <!-- Kernel quota support must be enabled --> <select idref="xccdf_org.gentoo.dev.swift_rule_kernel-quota" selected="true" /> + <!-- /var is mounted with usrquota or grpquota --> + <select idref="xccdf_org.gentoo.dev.swift_rule_var-quota" selected="true" /> + <!-- /home is mounted with usrquota or grpquota --> + <select idref="xccdf_org.gentoo.dev.swift_rule_home-quota" selected="true" /> <!-- No telnetd process is running --> <select idref="xccdf_org.gentoo.dev.swift_rule_telnetd-notrunning" selected="true" /> <!-- No ftpd process is running --> @@ -949,6 +953,24 @@ mount -o remount,noexec /dev/shm <check-content-ref name="oval:org.gentoo.dev.swift:def:18" href="gentoo-oval.xml" /> </check> </Rule> + <Rule id="xccdf_org.gentoo.dev.swift_rule_var-quota" selected="false" severity="low" weight="1.7"> + <title>The /var file system is mounted with usrquota or grpquota</title> + <fixtext fixref="xccdf_org.gentoo.dev.swift_fix_var-quota">Mount /var with usrquota and/or grpquota</fixtext> + <fix id="xccdf_org.gentoo.dev.swift_fix_partition-var-quota" + system="urn:xccdf:fix:system:commands" + platform="cpe:/o:gentoo:linux" complexity="low" disruption="low" reboot="false"> +mount -o remount,usrquota,grpquota /var + </fix> + </Rule> + <Rule id="xccdf_org.gentoo.dev.swift_rule_home-quota" selected="false" severity="low" weight="1.7"> + <title>The /home file system is mounted with usrquota or grpquota</title> + <fixtext fixref="xccdf_org.gentoo.dev.swift_fix_home-quota">Mount /home with usrquota and/or grpquota</fixtext> + <fix id="xccdf_org.gentoo.dev.swift_fix_partition-home-quota" + system="urn:xccdf:fix:system:commands" + platform="cpe:/o:gentoo:linux" complexity="low" disruption="low" reboot="false"> +mount -o remount,usrquota,grpquota /home + </fix> + </Rule> </Group> <!-- system-fs-quotas --> </Group> <!-- system-fs --> <Group id="xccdf_org.gentoo.dev.swift_group_system-services"> |