コード例 #1
0
def main():
    global definitions
    global tests
    global objects
    global states
    global variables
    global silent_mode

    args = parse_options()
    silent_mode = args.silent_mode
    oval_version = args.oval_version

    testfile = args.xmlfile
    header = ssgcommon.oval_generated_header("testoval.py", oval_version,
                                             "0.0.1")
    testfile = find_testfile(testfile)
    body = read_ovaldefgroup_file(testfile)
    defname = add_oval_elements(body, header)
    ovaltree = ET.fromstring(header + footer)

    # append each major element type, if it has subelements
    for element in [definitions, tests, objects, states, variables]:
        if element.getchildren():
            ovaltree.append(element)
    # re-map all the element ids from meaningful names to meaningless
    # numbers
    testtranslator = idtranslate.IDTranslator("scap-security-guide.testing")
    ovaltree = testtranslator.translate(ovaltree)
    (ovalfile, fname) = tempfile.mkstemp(prefix=defname, suffix=".xml")
    os.write(ovalfile, ET.tostring(ovaltree))
    os.close(ovalfile)
    if not silent_mode:
        print("Evaluating with OVAL tempfile: " + fname)
        print("OVAL Schema Version: %s" % oval_version)
        print("Writing results to: " + fname + "-results")
    cmd = "oscap oval eval --results " + fname + "-results " + fname
    oscap_child = subprocess.Popen(cmd, stdout=subprocess.PIPE, shell=True)
    cmd_out = oscap_child.communicate()[0]
    if not silent_mode:
        print cmd_out
    if oscap_child.returncode != 0:
        if not silent_mode:
            print("Error launching 'oscap' command: \n\t" + cmd)
        sys.exit(2)
    if 'false' in cmd_out:
        # at least one from the evaluated OVAL definitions evaluated to
        # 'false' result, exit with '1' to indicate OVAL scan FAIL result
        sys.exit(1)
    # perhaps delete tempfile?
    definitions = ET.Element("definitions")
    tests = ET.Element("tests")
    objects = ET.Element("objects")
    states = ET.Element("states")
    variables = ET.Element("variables")

    # 'false' keyword wasn't found in oscap's command output
    # exit with '0' to indicate OVAL scan TRUE result
    sys.exit(0)
コード例 #2
0
def main():
    global definitions
    global tests
    global objects
    global states
    global variables
    global silent_mode

    args = parse_options()
    silent_mode = args.silent_mode
    oval_version = args.oval_version

    testfile = args.xmlfile
    header = ssgcommon.oval_generated_header("testoval.py", oval_version, "0.0.1")
    testfile = find_testfile(testfile)
    body = read_ovaldefgroup_file(testfile)
    defname = add_oval_elements(body, header)
    ovaltree = ET.fromstring(header + footer)

    # append each major element type, if it has subelements
    for element in [definitions, tests, objects, states, variables]:
        if element.getchildren():
            ovaltree.append(element)
    # re-map all the element ids from meaningful names to meaningless
    # numbers
    testtranslator = idtranslate.IDTranslator("scap-security-guide.testing")
    ovaltree = testtranslator.translate(ovaltree)
    (ovalfile, fname) = tempfile.mkstemp(prefix=defname, suffix=".xml")
    os.write(ovalfile, ET.tostring(ovaltree))
    os.close(ovalfile)
    if not silent_mode:
        print ("Evaluating with OVAL tempfile: " + fname)
        print ("OVAL Schema Version: %s" % oval_version)
        print ("Writing results to: " + fname + "-results")
    cmd = "oscap oval eval --results " + fname + "-results " + fname
    oscap_child = subprocess.Popen(cmd, stdout=subprocess.PIPE, shell=True)
    cmd_out = oscap_child.communicate()[0]
    if not silent_mode:
        print cmd_out
    if oscap_child.returncode != 0:
        if not silent_mode:
            print ("Error launching 'oscap' command: \n\t" + cmd)
        sys.exit(2)
    if 'false' in cmd_out:
        # at least one from the evaluated OVAL definitions evaluated to
        # 'false' result, exit with '1' to indicate OVAL scan FAIL result
        sys.exit(1)
    # perhaps delete tempfile?
    definitions = ET.Element("definitions")
    tests = ET.Element("tests")
    objects = ET.Element("objects")
    states = ET.Element("states")
    variables = ET.Element("variables")

    # 'false' keyword wasn't found in oscap's command output
    # exit with '0' to indicate OVAL scan TRUE result
    sys.exit(0)
コード例 #3
0
def main():
    p = argparse.ArgumentParser()
    p.add_argument("--ssg_version",
                   default="unknown",
                   help="SSG version for reporting purposes. example: 0.1.34")
    p.add_argument(
        "--product-yaml",
        required=True,
        dest="product_yaml",
        help="YAML file with information about the product we are building. "
        "e.g.: ~/scap-security-guide/rhel7/product.yml")
    p.add_argument("--oval_config",
                   required=True,
                   help="Location of the oval.config file.")
    p.add_argument("--oval_version",
                   required=True,
                   help="OVAL version to use. Example: 5.11, 5.10, ...")
    p.add_argument("--output", type=argparse.FileType("wb"), required=True)
    p.add_argument("ovaldirs",
                   metavar="OVAL_DIR",
                   nargs="+",
                   help="Directory(ies) from which we will collect "
                   "OVAL definitions to combine. Order matters, latter "
                   "directories override former.")

    args, unknown = p.parse_known_args()
    if unknown:
        sys.stderr.write("Unknown positional arguments " + ",".join(unknown) +
                         ".\n")
        sys.exit(1)

    product_yaml = ssgcommon.open_product_yaml(args.product_yaml)

    if os.path.isfile(args.oval_config):
        multi_platform = parse_conf_file(
            args.oval_config,
            ssgcommon.required_yaml_key(product_yaml, "product"))
        header = ssgcommon.oval_generated_header("combine-ovals.py",
                                                 args.oval_version,
                                                 args.ssg_version)
    else:
        sys.stderr.write("The directory specified does not contain the %s "
                         "file!\n" % (args.oval_config))
        sys.exit(1)

    body = checks(product_yaml, args.oval_version, args.ovaldirs)

    # parse new file(string) as an ElementTree, so we can reorder elements
    # appropriately
    corrected_tree = ElementTree.fromstring(
        ("%s%s%s" % (header, body, footer)).encode("utf-8"))
    tree = add_platforms(corrected_tree, multi_platform)
    definitions = ElementTree.Element("{%s}definitions" % oval_ns)
    tests = ElementTree.Element("{%s}tests" % oval_ns)
    objects = ElementTree.Element("{%s}objects" % oval_ns)
    states = ElementTree.Element("{%s}states" % oval_ns)
    variables = ElementTree.Element("{%s}variables" % oval_ns)

    for childnode in tree.findall("./{%s}def-group/*" % oval_ns):
        if childnode.tag is ElementTree.Comment:
            continue
        elif childnode.tag.endswith("definition"):
            append(definitions, childnode)
        elif childnode.tag.endswith("_test"):
            append(tests, childnode)
        elif childnode.tag.endswith("_object"):
            append(objects, childnode)
        elif childnode.tag.endswith("_state"):
            append(states, childnode)
        elif childnode.tag.endswith("_variable"):
            append(variables, childnode)
        else:
            sys.stderr.write("Warning: Unknown element '%s'\n" %
                             (childnode.tag))

    root = ElementTree.fromstring(("%s%s" % (header, footer)).encode("utf-8"))
    root.append(definitions)
    root.append(tests)
    root.append(objects)
    root.append(states)
    if list(variables):
        root.append(variables)

    ElementTree.ElementTree(root).write(args.output)

    sys.exit(0)
# the python modules that we need
import os
import sys
import lxml.etree as ET

# Put shared python modules in path
sys.path.insert(
    0,
    os.path.join(os.path.dirname(os.path.dirname(os.path.realpath(__file__))),
                 "modules"))
import ssgcommon

# the "oval_header" variable must be prepended to the body of the check to form
# valid XML
oval_header = ssgcommon.oval_generated_header("verify-input-sanity.py", "5.10",
                                              "0.0.1")

# the "oval_footer" variable must be appended to the body of the check to form
# valid XML
oval_footer = ssgcommon.oval_footer

# the namespace we are working in
oval_namespace = ssgcommon.oval_namespace
xccdf_header = ssgcommon.xccdf_header
xccdf_footer = ssgcommon.xccdf_footer

# print a blank line to keep things pretty
print

#
################################################################################
コード例 #5
0
#

# the python modules that we need
import os
import sys
import lxml.etree as ET

# Put shared python modules in path
sys.path.insert(0, os.path.join(
        os.path.dirname(os.path.dirname(os.path.realpath(__file__))),
        "modules"))
import ssgcommon

# the "oval_header" variable must be prepended to the body of the check to form
# valid XML
oval_header = ssgcommon.oval_generated_header("verify-input-sanity.py", "5.10", "0.0.1")

# the "oval_footer" variable must be appended to the body of the check to form
# valid XML
oval_footer = ssgcommon.oval_footer

# the namespace we are working in
oval_namespace = ssgcommon.oval_namespace
xccdf_header = ssgcommon.xccdf_header
xccdf_footer = ssgcommon.xccdf_footer

# print a blank line to keep things pretty
print

#
################################################################################
コード例 #6
0
def main():
    p = argparse.ArgumentParser()
    p.add_argument("--ssg_version", default="unknown",
                   help="SSG version for reporting purposes. example: 0.1.34")
    p.add_argument("--product", required=True,
                   help="which product are we building for? example: rhel7")
    p.add_argument("--oval_config", required=True,
                   help="Location of the oval.config file.")
    p.add_argument("--oval_version", required=True,
                   help="OVAL version to use. Example: 5.11, 5.10, ...")
    p.add_argument("--output", type=argparse.FileType('w'), required=True)
    p.add_argument("ovaldirs", metavar="OVAL_DIR", nargs="+",
                   help="Directory(ies) from which we will collect "
                   "OVAL definitions to combine. Order matters, latter "
                   "directories override former.")

    args, unknown = p.parse_known_args()
    if unknown:
        sys.stderr.write(
            "Unknown positional arguments " + ",".join(unknown) + ".\n"
        )
        sys.exit(1)

    if os.path.isfile(args.oval_config):
        multi_platform = \
            parse_conf_file(args.oval_config, args.product)
        header = ssgcommon.oval_generated_header("combine-ovals.py", args.oval_version, args.ssg_version)
    else:
        sys.stderr.write("The directory specified does not contain the %s "
                         "file!\n" % (args.oval_config))
        sys.exit(1)

    body = checks(args.product, args.oval_version, args.ovaldirs)

    # parse new file(string) as an ElementTree, so we can reorder elements
    # appropriately
    corrected_tree = ElementTree.fromstring(
        ("%s%s%s" % (header, body, footer)).encode("utf-8"))
    tree = add_platforms(corrected_tree, multi_platform)
    definitions = ElementTree.Element("{%s}definitions" % oval_ns)
    tests = ElementTree.Element("{%s}tests" % oval_ns)
    objects = ElementTree.Element("{%s}objects" % oval_ns)
    states = ElementTree.Element("{%s}states" % oval_ns)
    variables = ElementTree.Element("{%s}variables" % oval_ns)

    for childnode in tree.findall("./{%s}def-group/*" % oval_ns):
        if childnode.tag is ElementTree.Comment:
            continue
        elif childnode.tag.endswith("definition"):
            append(definitions, childnode)
        elif childnode.tag.endswith("_test"):
            append(tests, childnode)
        elif childnode.tag.endswith("_object"):
            append(objects, childnode)
        elif childnode.tag.endswith("_state"):
            append(states, childnode)
        elif childnode.tag.endswith("_variable"):
            append(variables, childnode)
        else:
            sys.stderr.write("Warning: Unknown element '%s'\n"
                             % (childnode.tag))

    root = ElementTree.fromstring(("%s%s" % (header, footer)).encode("utf-8"))
    root.append(definitions)
    root.append(tests)
    root.append(objects)
    root.append(states)
    if list(variables):
        root.append(variables)

    ElementTree.ElementTree(root).write(args.output)

    sys.exit(0)