def get_openscap_supported_oval_version():
try:
from openscap import oscap_get_version
if [int(x) for x in str(oscap_get_version()).split(".")] >= [1, 2, 0]:
return "5.11"
except ImportError:
pass
return "5.10"
def get_openscap_supported_oval_version():
try:
from openscap import oscap_get_version
if [int(x) for x in str(oscap_get_version()).split(".")] >= [1, 2, 0]:
return "5.11"
except ImportError:
pass
return "5.10"
def main():
global definitions
global tests
global objects
global states
global variables
global silent_mode
silent_mode = False
silent_mode_options = ['-q', '--quiet', '--silent']
if len(sys.argv) < 2 or len(sys.argv) > 3:
print("Provide the name of an XML file, which contains" +
" the definition to test.")
usage()
if len(sys.argv) == 3 and sys.argv[1] in silent_mode_options:
if sys.argv[2].rfind('.xml') != -1:
silent_mode = True
sys.argv.pop(1)
else:
usage()
if len(sys.argv) != 2 or sys.argv[1].rfind('.xml') == -1:
usage()
if not len(sys.argv) == 4:
try:
from openscap import oscap_get_version
if oscap_get_version() < 1.2:
schema = 5.10
else:
schema = 5.11
except ImportError:
schema = parse_conf_file(conf_file)
else:
# FUTURE: replace with sys arg
schema = '5.10'
testfile = sys.argv[1]
header = _header(schema)
testfile = find_testfile(testfile)
body = read_ovaldefgroup_file(testfile)
defname = add_oval_elements(body, header)
ovaltree = ET.fromstring(header + footer)
# append each major element type, if it has subelements
for element in [definitions, tests, objects, states, variables]:
if element.getchildren():
ovaltree.append(element)
# re-map all the element ids from meaningful names to meaningless
# numbers
testtranslator = idtranslate.idtranslator("scap-security-guide.testing")
ovaltree = testtranslator.translate(ovaltree)
(ovalfile, fname) = tempfile.mkstemp(prefix=defname, suffix=".xml")
os.write(ovalfile, ET.tostring(ovaltree))
os.close(ovalfile)
if not silent_mode:
print("Evaluating with OVAL tempfile : " + fname)
print("Writing results to : " + fname + "-results")
cmd = "oscap oval eval --results " + fname + "-results " + fname
oscap_child = subprocess.Popen(cmd, stdout=subprocess.PIPE, shell=True)
cmd_out = oscap_child.communicate()[0]
if not silent_mode:
print cmd_out
if oscap_child.returncode != 0:
if not silent_mode:
print("Error launching 'oscap' command: \n\t" + cmd)
sys.exit(2)
if 'false' in cmd_out:
# at least one from the evaluated OVAL definitions evaluated to
# 'false' result, exit with '1' to indicate OVAL scan FAIL result
sys.exit(1)
# perhaps delete tempfile?
definitions = ET.Element("definitions")
tests = ET.Element("tests")
objects = ET.Element("objects")
states = ET.Element("states")
variables = ET.Element("variables")
# 'false' keyword wasn't found in oscap's command output
# exit with '0' to indicate OVAL scan TRUE result
sys.exit(0)
def main():
global definitions
global tests
global objects
global states
global variables
global silent_mode
silent_mode = False
silent_mode_options = ['-q', '--quiet', '--silent']
if len(sys.argv) < 2 or len(sys.argv) > 3:
print ("Provide the name of an XML file, which contains" +
" the definition to test.")
usage()
if len(sys.argv) == 3 and sys.argv[1] in silent_mode_options:
if sys.argv[2].rfind('.xml') != -1:
silent_mode = True
sys.argv.pop(1)
else:
usage()
if len(sys.argv) != 2 or sys.argv[1].rfind('.xml') == -1:
usage()
if not len(sys.argv) == 4:
try:
from openscap import oscap_get_version
if oscap_get_version() < 1.2:
schema = 5.10
else:
schema = 5.11
except ImportError:
schema = parse_conf_file(conf_file)
else:
# FUTURE: replace with sys arg
schema = '5.10'
testfile = sys.argv[1]
header = _header(schema)
testfile = find_testfile(testfile)
body = read_ovaldefgroup_file(testfile)
defname = add_oval_elements(body, header)
ovaltree = ET.fromstring(header + footer)
# append each major element type, if it has subelements
for element in [definitions, tests, objects, states, variables]:
if element.getchildren():
ovaltree.append(element)
# re-map all the element ids from meaningful names to meaningless
# numbers
testtranslator = idtranslate.idtranslator("testids.ini",
"scap-security-guide.testing")
ovaltree = testtranslator.translate(ovaltree)
(ovalfile, fname) = tempfile.mkstemp(prefix=defname, suffix=".xml")
os.write(ovalfile, ET.tostring(ovaltree))
os.close(ovalfile)
if not silent_mode:
print ("Evaluating with OVAL tempfile : " + fname)
print ("Writing results to : " + fname + "-results")
cmd = "oscap oval eval --results " + fname + "-results " + fname
oscap_child = subprocess.Popen(cmd, stdout=subprocess.PIPE, shell=True)
cmd_out = oscap_child.communicate()[0]
if not silent_mode:
print cmd_out
if oscap_child.returncode != 0:
if not silent_mode:
print ("Error launching 'oscap' command: \n\t" + cmd)
sys.exit(2)
if 'false' in cmd_out:
# at least one from the evaluated OVAL definitions evaluated to
# 'false' result, exit with '1' to indicate OVAL scan FAIL result
sys.exit(1)
# perhaps delete tempfile?
definitions = ET.Element("definitions")
tests = ET.Element("tests")
objects = ET.Element("objects")
states = ET.Element("states")
variables = ET.Element("variables")
# 'false' keyword wasn't found in oscap's command output
# exit with '0' to indicate OVAL scan TRUE result
sys.exit(0)
import subprocess
import ssgcommon
import lxml.etree as ET
from ConfigParser import SafeConfigParser
import idtranslate_module as idtranslate
SHARED_OVAL = re.sub('shared.*', 'shared', __file__) + '/checks/oval/'
timestamp = ssgcommon.timestamp
footer = ssgcommon.oval_footer
ovalns = ssgcommon.oval_namespace
try:
from openscap import oscap_get_version
if oscap_get_version() < 1.2:
oval_version = "5.10"
else:
oval_version = "5.11"
except ImportError:
oval_version = "5.10"
# globals, to make recursion easier in case we encounter extend_definition
definitions = ET.Element("definitions")
tests = ET.Element("tests")
objects = ET.Element("objects")
states = ET.Element("states")
variables = ET.Element("variables")
# append new child ONLY if it's not a duplicate
import ssgcommon
import lxml.etree as ET
from ConfigParser import SafeConfigParser
import idtranslate_module as idtranslate
SHARED_OVAL = re.sub('shared.*', 'shared', __file__) + '/checks/oval/'
timestamp = ssgcommon.timestamp
footer = ssgcommon.oval_footer
ovalns = ssgcommon.oval_namespace
try:
from openscap import oscap_get_version
if oscap_get_version() < 1.2:
oval_version = 5.10
else:
oval_version = 5.11
except ImportError:
oval_version = 5.10
# globals, to make recursion easier in case we encounter extend_definition
definitions = ET.Element("definitions")
tests = ET.Element("tests")
objects = ET.Element("objects")
states = ET.Element("states")
variables = ET.Element("variables")
# append new child ONLY if it's not a duplicate