Accepting request 107462 from home:mcalmer:branches:security

- Update to 0.8.1 - introduce Script Check Engine - Added an OVAL Directives schema to allow for a tool to supply a set of directives to more easily specify desired results content. - Enhanced OVAL Results directives to allow for more flexibility in allowed results content - added new OVAL objects(all OVAL 5.8 objects are covered now) - update dpkgprobe - all issues reported by coverity are fixed - add capability to export OVAL Variables from XCCDF - added cvss score calculator from vector OBS-URL: https://build.opensuse.org/request/show/107462 OBS-URL: https://build.opensuse.org/package/show/security/openscap?expand=0&rev=21
2012-02-28 22:36:15 +00:00
parent dbf1cb368a
commit 1c3e9a59b1
7 changed files with 261 additions and 44 deletions
--- a/oscap-scan.init
+++ b/oscap-scan.init
@@ -0,0 +1,106 @@
+#!/bin/sh
+#
+# oscap-scan:		OpenSCAP security scanner
+#
+# chkconfig: - 96 99
+# description:  This service runs OpenSCAP security scanner to check the \
+#		system settings. The program does not stay resident, \
+#		but rather runs once. The results of security audit are 
+#		stored in /var/log/oscap-scan.xml.log
+#
+# processname: /usr/bin/oscap
+# config: /etc/sysconfig/oscap-scan
+#
+# Return values according to LSB for all commands but status:
+# 0 - success
+# 1 - generic or unspecified error
+# 2 - invalid or excess argument(s)
+# 3 - unimplemented feature (e.g. "reload")
+# 4 - insufficient privilege
+# 5 - program is not installed
+# 6 - program is not configured
+# 7 - program is not running
+### BEGIN INIT INFO
+# Provides: oscap-scan
+# Required-Start: $syslog $local_fs $network $remote_fs
+# Required-Stop: $syslog $local_fs $network $remote_fs
+# Should-Start:
+# Should-Stop:
+# Default-Start:  3 5
+# Default-Stop: 0 1 6
+# Short-Description: OpenSCAP security scanner
+# Description:       This service runs OpenSCAP security scanner to check the
+#	system settings. The program does not stay resident,
+#	but rather runs once. The results of security audit are
+#	stored in /var/log/oscap-scan.xml.log
+### END INIT INFO
+
+PATH=/sbin:/bin:/usr/sbin:/usr/bin
+prog="oscap"
+
+# Source function library.
+. /etc/rc.status
+
+# Allow anyone to run status
+if [ "$1" = "status" ] ; then
+	exit 3
+fi
+
+# Check that we are root ... so non-root users stop here
+test $EUID = 0  ||  exit 4
+
+# Check config
+test -f /etc/sysconfig/oscap-scan && . /etc/sysconfig/oscap-scan
+
+RETVAL=0
+
+start() {
+	test -x /usr/bin/oscap  || exit 5
+	# Now check that the sysconfig is found and has important things
+	# configured
+	test -f /etc/sysconfig/oscap-scan || exit 6
+	test x"$OPTIONS" != "x" || exit 6
+	echo  -n $"Starting $prog: "
+	$prog $OPTIONS
+	rc_status -v
+	ERR=$?
+	if [ $ERR -eq 0 ] ; then
+		sleep 1
+		logger "OpenSCAP security scan: PASS"
+	elif [ $ERR -eq 1 ] ; then
+		sleep 1
+		logger "OpenSCAP security scan: ERROR. Run oscap scan from command line."
+	else
+		sleep 1
+		logger "OpenSCAP security scan: FAILED. See results in /var/log/oscap-scan.xml.log"
+	fi
+}
+
+
+# See how we were called.
+case "$1" in
+    start)
+	start
+	;;
+    restart)
+	start
+	;;
+    stop)
+	RETVAL=0;
+	;;
+    condrestart)
+	RETVAL=0;
+	;;
+    try-restart)
+	RETVAL=0;
+	;;
+    reload)
+	RETVAL=0;
+	;;
+    *)
+	echo $"Usage: $0 {start}"
+	RETVAL=2
+	;;
+esac
+exit $RETVAL
+