Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
path: root/xml/SCAP/gentoo-oval.xml
diff options
context:
space:
mode:
Diffstat (limited to 'xml/SCAP/gentoo-oval.xml')
-rw-r--r--xml/SCAP/gentoo-oval.xml35
1 files changed, 35 insertions, 0 deletions
diff --git a/xml/SCAP/gentoo-oval.xml b/xml/SCAP/gentoo-oval.xml
index a031348..7f6e674 100644
--- a/xml/SCAP/gentoo-oval.xml
+++ b/xml/SCAP/gentoo-oval.xml
@@ -547,6 +547,21 @@
</criteria>
</definition>
+ <definition id="oval:org.gentoo.dev.swift:def:33" version="1" class="compliance">
+ <metadata>
+ <title>/proc is mounted with hidepid=1 or hidepid=2</title>
+ <affected family="unix">
+ <platform>Gentoo Linux</platform>
+ </affected>
+ <description>
+ The /proc file system should be mounted with hidepid=1 or 2 so that other users' processes are not visible to non-authorized accounts.
+ </description>
+ </metadata>
+ <criteria>
+ <criterion test_ref="oval:org.gentoo.dev.swift:tst:34" comment="/proc is mounted with hidepid=1 or hidepid=2" />
+ </criteria>
+ </definition>
+
</definitions>
<tests>
@@ -824,6 +839,16 @@
<ind-def:state state_ref="oval:org.gentoo.dev.swift:ste:13" />
</ind-def:textfilecontent54_test>
+ <lin-def:partition_test id="oval:org.gentoo.dev.swift:tst:34"
+ version="1" check="all" check_existence="all_exist"
+ comment="Tests that /proc is mounted with hidepid=1 or hidepid=2 option">
+ <!-- /proc partition -->
+ <lin-def:object object_ref="oval:org.gentoo.dev.swift:obj:21" />
+ <!-- "hidepid=[12]" mount option -->
+ <lin-def:state state_ref="oval:org.gentoo.dev.swift:ste:14" />
+ </lin-def:partition_test>
+
+
</tests>
<objects>
@@ -944,6 +969,11 @@
<ind-def:instance operation="greater than or equal" datatype="int">1</ind-def:instance>
</ind-def:textfilecontent54_object>
+ <lin-def:partition_object id="oval:org.gentoo.dev.swift:obj:21"
+ version="1" comment="The /proc file system">
+ <lin-def:mount_point>/proc</lin-def:mount_point>
+ </lin-def:partition_object>
+
</objects>
<states>
@@ -1013,6 +1043,11 @@
<ind-def:text datatype="string" operation="pattern match" entity_check="all">(console|tty[[:digit:]]+)</ind-def:text>
</ind-def:textfilecontent54_state>
+ <lin-def:partition_state id="oval:org.gentoo.dev.swift:ste:14"
+ version="1" comment="hidepid=1 or hidepid=2 mount option">
+ <lin-def:mount_options entity_check="at least one" operation="pattern match">hidepid=[12]</lin-def:mount_options>
+ </lin-def:partition_state>
+
</states>
<variables>