Description
Security settings(Rules) in "Desktop" profile are turned off/on according to default Fedora configuration. Purpose of this test is to enable security settings of your choice, change system configuration and run the system scan again. You will see whether test pass of fail.
Setup
- Perform basic test day setup
- Enable security settings (rules) of your choice.
- Open scap-fedora14-xccdf.xml in text editor
- Find Desktop profile. Search for "PROFILES"
- Look for rules. Ignore rules without DONE comment please.
- Enable rules you like by replacing selected="false" with selected="true"
- Example:
<select idref="dcb-rhel5-rule-2.2.1.1.a" selected="true" /> <!-- DONE --> <!-- Add nodev Option to Non-Root Local Partitions -->
- Change system configuration
- Search for particular rule (idref=xxx) in scap-fedora14-xccdf.xml
- You will get to the "text" section where is described what need to be reconfigured to make this rule pass on your system
- Hint: you can generate Security guide written in HTML out of scap-fedora14-xccdf.xml by running this command.
oscap xccdf generate-guide --output guide.html scap-fedora14-xccdf.xml
How to test
Run
oscap xccdf eval --result-file result.xml --report-file report.html --oval-results --profile Desktop scap-fedora14-xccdf.xml scap-fedora14-oval.xml
Expected Results
Selected rules should give result: pass or not checked. Note that not checked result is OK. It means the checking mechanism is not able to handle this type of tests. (example: BIOS settings)
Unexpected Results
If there are rules with other results it might be either problem of system configuration or the scanning mechanism (SCAP content + oscap tool). If in doubts, paste relevant messages to fpaste and ask us on IRC.
If you sure you hit a bug and you are about to file a bugzilla, please include scap-fedora14-oval.xml.result.xml file that should be generated in your working directory.