From Fedora Project Wiki

(Created page with '{{QA/Test_Case |description= Security settings(Rules) in "Desktop" profile are turned off/on according to default Fedora configuration. Purpose of this test is to enable securit...')
 
No edit summary
Line 4: Line 4:


|setup=
|setup=
# The [[Test_Day:2010-08-26_OpenSCAP#How_to_test.3F|basic test day setup]]  
<ol>
# Enable security settings(rules) of your choice.
<li>Perform [[Test_Day:2010-08-26_OpenSCAP#How_to_test.3F|basic test day setup]]</li>
## Open '''scap-fedora14-xccdf.xml''' in text editor
<li>Enable security settings (rules) of your choice.</li>
## Find '''Desktop''' profile. Search for "PROFILES"
<ol>
## Look for rules. Ignore rules without '''DONE''' comment please.
<li>Open '''scap-fedora14-xccdf.xml''' in text editor</li>
## Enable rules of you favour '''selected="false" ->  selected="true"'''
<li>Find '''Desktop''' profile. Search for "PROFILES"</li>
## Example:
<li>Look for rules. Ignore rules without '''DONE''' comment please.</li>
<pre>
<li>Enable rules you like by replacing ''selected="false"'' with ''selected="true"''
<select idref="dcb-rhel5-rule-2.2.1.1.a" selected="true" />  <!-- DONE -->  <!-- Add nodev Option to Non-Root Local Partitions -->
<li>Example:
</pre>
<pre><select idref="dcb-rhel5-rule-2.2.1.1.a" selected="true" />  <!-- DONE -->  <!-- Add nodev Option to Non-Root Local Partitions --></pre>
# Change system configuration
</li>
## Search for particular rule (idref='''xxx''') in scap-fedora14-xccdf.xml
</ol>
## You will get to the "text" section where is described what need to be reconfigured to make this rule pass on your system
<li>Change system configuration</li>
## Hint: you can generate Security guide written in HTML out of scap-fedora14-xccdf.xml by running this command.  
<ol>
<pre>
<li>Search for particular rule (idref='''xxx''') in scap-fedora14-xccdf.xml</li>
oscap xccdf generate-guide --output guide.html scap-fedora14-xccdf.xml  
<li>You will get to the "text" section where is described what need to be reconfigured to make this rule pass on your system</li>
</pre>
<li>Hint: you can generate Security guide written in HTML out of scap-fedora14-xccdf.xml by running this command.
<pre>oscap xccdf generate-guide --output guide.html scap-fedora14-xccdf.xml</pre>
</li>
</ol>
</ol>
|actions=
|actions=
Run  
Run  
Line 30: Line 34:


=Unexpected Results=
=Unexpected Results=
If there are rules with '''other results''' it might be either problem of system configuration or the scanning mechanism(SCAP content + oscap tool). If in doubts, paste relevant messages to [http://fpaste.org/ fpaste] and ask us on IRC.
If there are rules with '''other results''' it might be either problem of system configuration or the scanning mechanism (SCAP content + oscap tool). If in doubts, paste relevant messages to [http://fpaste.org/ fpaste] and ask us on IRC.


If you sure you hit a bug and you are about to file a bugzilla, please include '''scap-fedora14-oval.xml.result.xml''' file that should be generated in your working directory.
If you sure you hit a bug and you are about to file a bugzilla, please include '''scap-fedora14-oval.xml.result.xml''' file that should be generated in your working directory.

Revision as of 09:12, 25 August 2010

Description

Security settings(Rules) in "Desktop" profile are turned off/on according to default Fedora configuration. Purpose of this test is to enable security settings of your choice, change system configuration and run the system scan again. You will see whether test pass of fail.

Setup

  1. Perform basic test day setup
  2. Enable security settings (rules) of your choice.
    1. Open scap-fedora14-xccdf.xml in text editor
    2. Find Desktop profile. Search for "PROFILES"
    3. Look for rules. Ignore rules without DONE comment please.
    4. Enable rules you like by replacing selected="false" with selected="true"
    5. Example: 
      <select idref="dcb-rhel5-rule-2.2.1.1.a" selected="true" />  <!-- DONE -->  <!-- Add nodev Option to Non-Root Local Partitions -->
  3. Change system configuration
    1. Search for particular rule (idref=xxx) in scap-fedora14-xccdf.xml
    2. You will get to the "text" section where is described what need to be reconfigured to make this rule pass on your system
    3. Hint: you can generate Security guide written in HTML out of scap-fedora14-xccdf.xml by running this command. 
      oscap xccdf generate-guide --output guide.html scap-fedora14-xccdf.xml

How to test

Run 

oscap xccdf eval --result-file result.xml --report-file report.html --oval-results --profile Desktop scap-fedora14-xccdf.xml scap-fedora14-oval.xml

Expected Results

Selected rules should give result: pass or not checked. Note that not checked result is OK. It means the checking mechanism is not able to handle this type of tests. (example: BIOS settings)

Unexpected Results

If there are rules with other results it might be either problem of system configuration or the scanning mechanism (SCAP content + oscap tool). If in doubts, paste relevant messages to fpaste and ask us on IRC.

If you sure you hit a bug and you are about to file a bugzilla, please include scap-fedora14-oval.xml.result.xml file that should be generated in your working directory.

Retrieved from "https://fedoraproject.org/w/index.php?title=QA:TestCase_OpenSCAP_Fedora_adjusted_settings&oldid=194150"