forked from pool/openscap
Marcus Meissner
1c3e9a59b1
- Update to 0.8.1 - introduce Script Check Engine - Added an OVAL Directives schema to allow for a tool to supply a set of directives to more easily specify desired results content. - Enhanced OVAL Results directives to allow for more flexibility in allowed results content - added new OVAL objects(all OVAL 5.8 objects are covered now) - update dpkgprobe - all issues reported by coverity are fixed - add capability to export OVAL Variables from XCCDF - added cvss score calculator from vector OBS-URL: https://build.opensuse.org/request/show/107462 OBS-URL: https://build.opensuse.org/package/show/security/openscap?expand=0&rev=21
107 lines
2.3 KiB
Bash
107 lines
2.3 KiB
Bash
#!/bin/sh
|
|
#
|
|
# oscap-scan: OpenSCAP security scanner
|
|
#
|
|
# chkconfig: - 96 99
|
|
# description: This service runs OpenSCAP security scanner to check the \
|
|
# system settings. The program does not stay resident, \
|
|
# but rather runs once. The results of security audit are
|
|
# stored in /var/log/oscap-scan.xml.log
|
|
#
|
|
# processname: /usr/bin/oscap
|
|
# config: /etc/sysconfig/oscap-scan
|
|
#
|
|
# Return values according to LSB for all commands but status:
|
|
# 0 - success
|
|
# 1 - generic or unspecified error
|
|
# 2 - invalid or excess argument(s)
|
|
# 3 - unimplemented feature (e.g. "reload")
|
|
# 4 - insufficient privilege
|
|
# 5 - program is not installed
|
|
# 6 - program is not configured
|
|
# 7 - program is not running
|
|
### BEGIN INIT INFO
|
|
# Provides: oscap-scan
|
|
# Required-Start: $syslog $local_fs $network $remote_fs
|
|
# Required-Stop: $syslog $local_fs $network $remote_fs
|
|
# Should-Start:
|
|
# Should-Stop:
|
|
# Default-Start: 3 5
|
|
# Default-Stop: 0 1 6
|
|
# Short-Description: OpenSCAP security scanner
|
|
# Description: This service runs OpenSCAP security scanner to check the
|
|
# system settings. The program does not stay resident,
|
|
# but rather runs once. The results of security audit are
|
|
# stored in /var/log/oscap-scan.xml.log
|
|
### END INIT INFO
|
|
|
|
PATH=/sbin:/bin:/usr/sbin:/usr/bin
|
|
prog="oscap"
|
|
|
|
# Source function library.
|
|
. /etc/rc.status
|
|
|
|
# Allow anyone to run status
|
|
if [ "$1" = "status" ] ; then
|
|
exit 3
|
|
fi
|
|
|
|
# Check that we are root ... so non-root users stop here
|
|
test $EUID = 0 || exit 4
|
|
|
|
# Check config
|
|
test -f /etc/sysconfig/oscap-scan && . /etc/sysconfig/oscap-scan
|
|
|
|
RETVAL=0
|
|
|
|
start() {
|
|
test -x /usr/bin/oscap || exit 5
|
|
# Now check that the sysconfig is found and has important things
|
|
# configured
|
|
test -f /etc/sysconfig/oscap-scan || exit 6
|
|
test x"$OPTIONS" != "x" || exit 6
|
|
echo -n $"Starting $prog: "
|
|
$prog $OPTIONS
|
|
rc_status -v
|
|
ERR=$?
|
|
if [ $ERR -eq 0 ] ; then
|
|
sleep 1
|
|
logger "OpenSCAP security scan: PASS"
|
|
elif [ $ERR -eq 1 ] ; then
|
|
sleep 1
|
|
logger "OpenSCAP security scan: ERROR. Run oscap scan from command line."
|
|
else
|
|
sleep 1
|
|
logger "OpenSCAP security scan: FAILED. See results in /var/log/oscap-scan.xml.log"
|
|
fi
|
|
}
|
|
|
|
|
|
# See how we were called.
|
|
case "$1" in
|
|
start)
|
|
start
|
|
;;
|
|
restart)
|
|
start
|
|
;;
|
|
stop)
|
|
RETVAL=0;
|
|
;;
|
|
condrestart)
|
|
RETVAL=0;
|
|
;;
|
|
try-restart)
|
|
RETVAL=0;
|
|
;;
|
|
reload)
|
|
RETVAL=0;
|
|
;;
|
|
*)
|
|
echo $"Usage: $0 {start}"
|
|
RETVAL=2
|
|
;;
|
|
esac
|
|
exit $RETVAL
|
|
|