def main():
global definitions
global tests
global objects
global states
global variables
global silent_mode
args = parse_options()
silent_mode = args.silent_mode
oval_version = args.oval_version
testfile = args.xmlfile
header = ssgcommon.oval_generated_header("testoval.py", oval_version,
"0.0.1")
testfile = find_testfile(testfile)
body = read_ovaldefgroup_file(testfile)
defname = add_oval_elements(body, header)
ovaltree = ET.fromstring(header + footer)
# append each major element type, if it has subelements
for element in [definitions, tests, objects, states, variables]:
if element.getchildren():
ovaltree.append(element)
# re-map all the element ids from meaningful names to meaningless
# numbers
testtranslator = idtranslate.IDTranslator("scap-security-guide.testing")
ovaltree = testtranslator.translate(ovaltree)
(ovalfile, fname) = tempfile.mkstemp(prefix=defname, suffix=".xml")
os.write(ovalfile, ET.tostring(ovaltree))
os.close(ovalfile)
if not silent_mode:
print("Evaluating with OVAL tempfile: " + fname)
print("OVAL Schema Version: %s" % oval_version)
print("Writing results to: " + fname + "-results")
cmd = "oscap oval eval --results " + fname + "-results " + fname
oscap_child = subprocess.Popen(cmd, stdout=subprocess.PIPE, shell=True)
cmd_out = oscap_child.communicate()[0]
if not silent_mode:
print cmd_out
if oscap_child.returncode != 0:
if not silent_mode:
print("Error launching 'oscap' command: \n\t" + cmd)
sys.exit(2)
if 'false' in cmd_out:
# at least one from the evaluated OVAL definitions evaluated to
# 'false' result, exit with '1' to indicate OVAL scan FAIL result
sys.exit(1)
# perhaps delete tempfile?
definitions = ET.Element("definitions")
tests = ET.Element("tests")
objects = ET.Element("objects")
states = ET.Element("states")
variables = ET.Element("variables")
# 'false' keyword wasn't found in oscap's command output
# exit with '0' to indicate OVAL scan TRUE result
sys.exit(0)
def main():
global definitions
global tests
global objects
global states
global variables
global silent_mode
args = parse_options()
silent_mode = args.silent_mode
oval_version = args.oval_version
testfile = args.xmlfile
header = ssgcommon.oval_generated_header("testoval.py", oval_version, "0.0.1")
testfile = find_testfile(testfile)
body = read_ovaldefgroup_file(testfile)
defname = add_oval_elements(body, header)
ovaltree = ET.fromstring(header + footer)
# append each major element type, if it has subelements
for element in [definitions, tests, objects, states, variables]:
if element.getchildren():
ovaltree.append(element)
# re-map all the element ids from meaningful names to meaningless
# numbers
testtranslator = idtranslate.IDTranslator("scap-security-guide.testing")
ovaltree = testtranslator.translate(ovaltree)
(ovalfile, fname) = tempfile.mkstemp(prefix=defname, suffix=".xml")
os.write(ovalfile, ET.tostring(ovaltree))
os.close(ovalfile)
if not silent_mode:
print ("Evaluating with OVAL tempfile: " + fname)
print ("OVAL Schema Version: %s" % oval_version)
print ("Writing results to: " + fname + "-results")
cmd = "oscap oval eval --results " + fname + "-results " + fname
oscap_child = subprocess.Popen(cmd, stdout=subprocess.PIPE, shell=True)
cmd_out = oscap_child.communicate()[0]
if not silent_mode:
print cmd_out
if oscap_child.returncode != 0:
if not silent_mode:
print ("Error launching 'oscap' command: \n\t" + cmd)
sys.exit(2)
if 'false' in cmd_out:
# at least one from the evaluated OVAL definitions evaluated to
# 'false' result, exit with '1' to indicate OVAL scan FAIL result
sys.exit(1)
# perhaps delete tempfile?
definitions = ET.Element("definitions")
tests = ET.Element("tests")
objects = ET.Element("objects")
states = ET.Element("states")
variables = ET.Element("variables")
# 'false' keyword wasn't found in oscap's command output
# exit with '0' to indicate OVAL scan TRUE result
sys.exit(0)
def main():
p = argparse.ArgumentParser()
p.add_argument("--ssg_version",
default="unknown",
help="SSG version for reporting purposes. example: 0.1.34")
p.add_argument(
"--product-yaml",
required=True,
dest="product_yaml",
help="YAML file with information about the product we are building. "
"e.g.: ~/scap-security-guide/rhel7/product.yml")
p.add_argument("--oval_config",
required=True,
help="Location of the oval.config file.")
p.add_argument("--oval_version",
required=True,
help="OVAL version to use. Example: 5.11, 5.10, ...")
p.add_argument("--output", type=argparse.FileType("wb"), required=True)
p.add_argument("ovaldirs",
metavar="OVAL_DIR",
nargs="+",
help="Directory(ies) from which we will collect "
"OVAL definitions to combine. Order matters, latter "
"directories override former.")
args, unknown = p.parse_known_args()
if unknown:
sys.stderr.write("Unknown positional arguments " + ",".join(unknown) +
".\n")
sys.exit(1)
product_yaml = ssgcommon.open_product_yaml(args.product_yaml)
if os.path.isfile(args.oval_config):
multi_platform = parse_conf_file(
args.oval_config,
ssgcommon.required_yaml_key(product_yaml, "product"))
header = ssgcommon.oval_generated_header("combine-ovals.py",
args.oval_version,
args.ssg_version)
else:
sys.stderr.write("The directory specified does not contain the %s "
"file!\n" % (args.oval_config))
sys.exit(1)
body = checks(product_yaml, args.oval_version, args.ovaldirs)
# parse new file(string) as an ElementTree, so we can reorder elements
# appropriately
corrected_tree = ElementTree.fromstring(
("%s%s%s" % (header, body, footer)).encode("utf-8"))
tree = add_platforms(corrected_tree, multi_platform)
definitions = ElementTree.Element("{%s}definitions" % oval_ns)
tests = ElementTree.Element("{%s}tests" % oval_ns)
objects = ElementTree.Element("{%s}objects" % oval_ns)
states = ElementTree.Element("{%s}states" % oval_ns)
variables = ElementTree.Element("{%s}variables" % oval_ns)
for childnode in tree.findall("./{%s}def-group/*" % oval_ns):
if childnode.tag is ElementTree.Comment:
continue
elif childnode.tag.endswith("definition"):
append(definitions, childnode)
elif childnode.tag.endswith("_test"):
append(tests, childnode)
elif childnode.tag.endswith("_object"):
append(objects, childnode)
elif childnode.tag.endswith("_state"):
append(states, childnode)
elif childnode.tag.endswith("_variable"):
append(variables, childnode)
else:
sys.stderr.write("Warning: Unknown element '%s'\n" %
(childnode.tag))
root = ElementTree.fromstring(("%s%s" % (header, footer)).encode("utf-8"))
root.append(definitions)
root.append(tests)
root.append(objects)
root.append(states)
if list(variables):
root.append(variables)
ElementTree.ElementTree(root).write(args.output)
sys.exit(0)
# the python modules that we need
import os
import sys
import lxml.etree as ET
# Put shared python modules in path
sys.path.insert(
0,
os.path.join(os.path.dirname(os.path.dirname(os.path.realpath(__file__))),
"modules"))
import ssgcommon
# the "oval_header" variable must be prepended to the body of the check to form
# valid XML
oval_header = ssgcommon.oval_generated_header("verify-input-sanity.py", "5.10",
"0.0.1")
# the "oval_footer" variable must be appended to the body of the check to form
# valid XML
oval_footer = ssgcommon.oval_footer
# the namespace we are working in
oval_namespace = ssgcommon.oval_namespace
xccdf_header = ssgcommon.xccdf_header
xccdf_footer = ssgcommon.xccdf_footer
# print a blank line to keep things pretty
print
#
################################################################################
#
# the python modules that we need
import os
import sys
import lxml.etree as ET
# Put shared python modules in path
sys.path.insert(0, os.path.join(
os.path.dirname(os.path.dirname(os.path.realpath(__file__))),
"modules"))
import ssgcommon
# the "oval_header" variable must be prepended to the body of the check to form
# valid XML
oval_header = ssgcommon.oval_generated_header("verify-input-sanity.py", "5.10", "0.0.1")
# the "oval_footer" variable must be appended to the body of the check to form
# valid XML
oval_footer = ssgcommon.oval_footer
# the namespace we are working in
oval_namespace = ssgcommon.oval_namespace
xccdf_header = ssgcommon.xccdf_header
xccdf_footer = ssgcommon.xccdf_footer
# print a blank line to keep things pretty
print
#
################################################################################
def main():
p = argparse.ArgumentParser()
p.add_argument("--ssg_version", default="unknown",
help="SSG version for reporting purposes. example: 0.1.34")
p.add_argument("--product", required=True,
help="which product are we building for? example: rhel7")
p.add_argument("--oval_config", required=True,
help="Location of the oval.config file.")
p.add_argument("--oval_version", required=True,
help="OVAL version to use. Example: 5.11, 5.10, ...")
p.add_argument("--output", type=argparse.FileType('w'), required=True)
p.add_argument("ovaldirs", metavar="OVAL_DIR", nargs="+",
help="Directory(ies) from which we will collect "
"OVAL definitions to combine. Order matters, latter "
"directories override former.")
args, unknown = p.parse_known_args()
if unknown:
sys.stderr.write(
"Unknown positional arguments " + ",".join(unknown) + ".\n"
)
sys.exit(1)
if os.path.isfile(args.oval_config):
multi_platform = \
parse_conf_file(args.oval_config, args.product)
header = ssgcommon.oval_generated_header("combine-ovals.py", args.oval_version, args.ssg_version)
else:
sys.stderr.write("The directory specified does not contain the %s "
"file!\n" % (args.oval_config))
sys.exit(1)
body = checks(args.product, args.oval_version, args.ovaldirs)
# parse new file(string) as an ElementTree, so we can reorder elements
# appropriately
corrected_tree = ElementTree.fromstring(
("%s%s%s" % (header, body, footer)).encode("utf-8"))
tree = add_platforms(corrected_tree, multi_platform)
definitions = ElementTree.Element("{%s}definitions" % oval_ns)
tests = ElementTree.Element("{%s}tests" % oval_ns)
objects = ElementTree.Element("{%s}objects" % oval_ns)
states = ElementTree.Element("{%s}states" % oval_ns)
variables = ElementTree.Element("{%s}variables" % oval_ns)
for childnode in tree.findall("./{%s}def-group/*" % oval_ns):
if childnode.tag is ElementTree.Comment:
continue
elif childnode.tag.endswith("definition"):
append(definitions, childnode)
elif childnode.tag.endswith("_test"):
append(tests, childnode)
elif childnode.tag.endswith("_object"):
append(objects, childnode)
elif childnode.tag.endswith("_state"):
append(states, childnode)
elif childnode.tag.endswith("_variable"):
append(variables, childnode)
else:
sys.stderr.write("Warning: Unknown element '%s'\n"
% (childnode.tag))
root = ElementTree.fromstring(("%s%s" % (header, footer)).encode("utf-8"))
root.append(definitions)
root.append(tests)
root.append(objects)
root.append(states)
if list(variables):
root.append(variables)
ElementTree.ElementTree(root).write(args.output)
sys.exit(0)