From Fedora Project Wiki

Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 29: Line 29:
** This must be a real installation, live CDs are unfortunately not suitable for this test day.
** This must be a real installation, live CDs are unfortunately not suitable for this test day.
** We are interested in different software setups, so if possible please use your real workstation, rather than clean install of F13 or F14. You don't have to be afraid, this software is not destructive in any way.
** We are interested in different software setups, so if possible please use your real workstation, rather than clean install of F13 or F14. You don't have to be afraid, this software is not destructive in any way.
* At least 2 GB of RAM is recommended for the system, otherwise the tool may work very slow.


== How to test? ==
== How to test? ==
Line 35: Line 34:
<ol>
<ol>
<li>Fully update your '''Fedora 13''' or '''Fedora 14'''.</li>
<li>Fully update your '''Fedora 13''' or '''Fedora 14'''.</li>
<li>Install '''openscap, openscap-utils''' and '''openscap-python''' packages version '''0.6.1-testday5'''. Download them from: http://people.redhat.com/pvrabec/openscap/  
<li>Install '''openscap, openscap-utils''' and '''openscap-python''' packages version '''0.6.1-1'''. Download them from: http://people.redhat.com/pvrabec/openscap/  
{{admon/important|Packages updated|Packages have been updated to fix numerous errors. Please update if you've downloaded the old ones.}}
{{admon/important|Packages updated|Packages have been updated to fix 'buffer overflow' error. Please update if you've downloaded the old ones.}}
</li>
</li>
<li>Download required SCAP content: http://people.redhat.com/pvrabec/openscap/content
<li>Download required SCAP content: http://people.redhat.com/pvrabec/openscap/content
Line 51: Line 50:
* [[QA:TestCase OpenSCAP Fedora adjusted settings|Fedora adjusted settings]]
* [[QA:TestCase OpenSCAP Fedora adjusted settings|Fedora adjusted settings]]
* [[QA:TestCase OpenSCAP secstate|secstate tool]]
* [[QA:TestCase OpenSCAP secstate|secstate tool]]
* [[QA:TestCase_OpenSCAP_Fedora_FirstAidKit|FirstAidKit plugin for OpenSCAP]]


== Test Results ==
== Test Results ==
Line 62: Line 60:
! [[QA:TestCase OpenSCAP Fedora adjusted settings|Fedora adjusted settings]]
! [[QA:TestCase OpenSCAP Fedora adjusted settings|Fedora adjusted settings]]
! [[QA:TestCase OpenSCAP secstate|secstate tool]]
! [[QA:TestCase OpenSCAP secstate|secstate tool]]
! [[QA:TestCase_OpenSCAP_Fedora_FirstAidKit|FAK plugin]]
! References
! References
|-
|-
Line 69: Line 66:
| {{result|warn}} <ref>Test pass, but also encountered {{bz|54321}}</ref>
| {{result|warn}} <ref>Test pass, but also encountered {{bz|54321}}</ref>
| {{result|fail}} <ref>{{bz|12345}}</ref>
| {{result|fail}} <ref>{{bz|12345}}</ref>
| {{result|none}}
| <references/>
| <references/>
|-
|-
Line 75: Line 71:
| {{result|fail|newgle1}}<ref name=bug />
| {{result|fail|newgle1}}<ref name=bug />
| {{result|fail|newgle1}} <ref name=bug>err:*** buffer overflow detected ***: oscap terminated</ref>
| {{result|fail|newgle1}} <ref name=bug>err:*** buffer overflow detected ***: oscap terminated</ref>
| {{result|none}}
| {{result|none}}
| {{result|none}}
| <references/>
| <references/>
Line 81: Line 76:
| [[User:Rhe|He Rui]]
| [[User:Rhe|He Rui]]
| {{result|fail|rhe}}<ref>buffer overflowed and some rules failed: http://fpaste.org/wSvq/</ref>
| {{result|fail|rhe}}<ref>buffer overflowed and some rules failed: http://fpaste.org/wSvq/</ref>
| {{result|fail|rhe}}<ref group="long">tested the rule-2.2.2.3.a (Disable the Automounter if Possible), when I stopped the autofs service as the rules suggested, the result was still 'fail'.(Yum remove autofs can get a 'pass' result) </ref>
| {{result|fail|rhe}}<ref>tested the rule-2.2.2.3.a (Disable the Automounter if Possible), when I stopped the autofs service as the rules suggested, the result was still 'fail'.(Yum remove autofs can get a 'pass' result) </ref>
| {{result|none}}
| {{result|none}}
| {{result|none}}
| <references/>
| <references/>
Line 89: Line 83:
| [[User:jkaluza|Jan Kaluza]]
| [[User:jkaluza|Jan Kaluza]]
| {{result|fail|jkaluza}}<ref>buffer overflowed - {{bz|627488}}</ref>
| {{result|fail|jkaluza}}<ref>buffer overflowed - {{bz|627488}}</ref>
| {{result|none}}
| {{result|none}}
| {{result|none}}
| {{result|none}}
| {{result|none}}
Line 95: Line 88:
|-
|-
| [[User:ppisar|Petr Pisar]]
| [[User:ppisar|Petr Pisar]]
| {{result|fail|ppisar}} <ref group="long">Tests checking file permissions (rule-2.2.3.3.a, rule-2.2.3.4.a, rule-2.2.3.4.b, rule-2.2.3.5.a, rule-2.2.3.5.b, rule-2.2.3.6.a) eats all memory (4 GiB) and are terminated by kernel – {{bz|565691}}</ref>
| {{result|fail|ppisar}}<ref>buffer overflowed on x86_64 F13 - {{bz|627488}}</ref>
  {{result|fail|ppisar}} <ref group="long">Test rule-2.1.2.3.4.a (Ensure Package Signature Checking is Not Disabled For Any Repos) fails because I have defined rawhide repositories with disabled signature checking and disabled for installation. I think disabled repositories should not be considered in this test.</ref>
  {{result|fail|ppisar}} <ref group="long">Test rule-2.5.1.2.b (Set net.ipv4.conf.all.accept_redirects for Hosts and Routers) fails. This is default value for F13. F13 should be fixed (/etc/sysctl.conf) or the test removed as far as it can be useful in some scenarios (link with more routers, link with more IP networks).</ref>
  {{result|pass|ppisar}} <ref>Other tests passed</ref>
| {{result|fail|ppisar}} <ref group="long">Test rule-3.6.1.1.a (Disable X Windows at System Boot) fails if enabled despite my inittab has default runlevel 3. Test is defined as equality to number 5 in oval file. More ever `X Windows' is nonsense. Correct name is `X Window' without the `s' suffix. See X(7) manual page. You are breaking trade mark ;)</ref>
  {{result|fail|ppisar}} <ref>Test rule-3.7.1.1.a (Disable Avahi Server Software) fails even if avahi-deamon is disabled in all runlevels and none is running</ref>
| {{result|none}}
| {{result|none}}
| {{result|none}}
| {{result|none}}
Line 107: Line 95:
| [[User:jgorig|Jan Gorig]]
| [[User:jgorig|Jan Gorig]]
| {{result|fail|jgorig}}<ref>same problem - buffer overflowed on x86_64 F13 - {{bz|627488}}</ref>
| {{result|fail|jgorig}}<ref>same problem - buffer overflowed on x86_64 F13 - {{bz|627488}}</ref>
  {{result|pass|jgorig}}<ref>bug fixed</ref>
| {{result|none}}
| {{result|none}}
| {{result|none}}
| {{result|none}}
| {{result|none}}
Line 115: Line 101:
| [[User:kushal|Kushal Das]]
| [[User:kushal|Kushal Das]]
| {{result|fail|kushal}}<ref>same problem - buffer overflowed on x86 F13 - {{bz|627488}}</ref>
| {{result|fail|kushal}}<ref>same problem - buffer overflowed on x86 F13 - {{bz|627488}}</ref>
| {{result|none}}
| {{result|none}}
| {{result|none}}
| <references/>
|-
| [[User:dramsey|David Ramsey]]
| {{result|fail}}<ref>Same problem with buffer overflowed on x86 F14</ref>
| {{result|none}}
| {{result|none}}
| {{result|none}}
| {{result|none}}
| {{result|none}}
Line 128: Line 106:
|-
|-
| [[User:mgrepl|Miroslav Grepl]]
| [[User:mgrepl|Miroslav Grepl]]
| {{result|pass|mgrepl}}<ref>Test finished (fixed pkgs from koji)</ref>
| {{result|fail|mgrepl}}<ref>same problem - buffer overflowed on x86 F13 - {{bz|627488}}</ref>
| {{result|none}}
| {{result|none}}
| {{result|none}}
| {{result|none}}
| {{result|none}}
Line 136: Line 113:
| [[User:omoris|Ondrej Moriš]]
| [[User:omoris|Ondrej Moriš]]
| {{result|fail|omoris}}<ref>test finished (fixed pkgs from koji) with several fails: http://fpaste.org/Sgys/</ref>
| {{result|fail|omoris}}<ref>test finished (fixed pkgs from koji) with several fails: http://fpaste.org/Sgys/</ref>
| {{result|none}}
| {{result|none}}
| {{result|warn|omoris}}<ref>getting error while changing some variable values (HTTP reply/request), gui is mostly not updated during evaluation</ref>
| <references/>
|-
| [[User:masami|Masami Ichikawa]]
| {{result|fail|masami}}<ref>same problem - buffer overflowed on x86 F14 - {{bz|627488}}</ref> {{result|fail|masami}}<ref>testday5 fails rule-2.5.1.2.b (Set net.ipv4.conf.all.accept_redirects for Hosts and Routers). same as {{bz|627600}}</ref>
| {{result|none}}
| {{result|none}}
| {{result|none}}
| <references/>
|-
| [[User:kparal|Kamil Páral]]
| {{result|warn|kparal}}<ref>''Set net.ipv4.conf.all.accept_redirects for Hosts and Routers'' fails {{bz|627600}}</ref> {{result|fail|kparal||627674}}
| {{result|none}}
| {{result|fail|kparal}}<ref>''Not Selected:  0'' in http://fpaste.org/4Okv/</ref> {{result|pass|kparal}}<ref>openscap-0.6.1-testday4.fc14</ref>
| {{result|fail|kparal||627633}}<ref>Values in test and policy selection allows "0.5" and "enforcingaaa"</ref>
| <references/>
|-
| [[User:David.Paige|David Paige]]
| {{result|pass|David.Paige}}<ref>'No errors, five failed individual tests.</ref>
| {{result|none}}
| {{result|none}}
| {{result|none}}
| {{result|none}}
| {{result|none}}
Line 164: Line 119:
|}
|}


== Long comments ==
[[Category:Test Days]]
<references group="long" />
 
[[Category:Fedora 14 Test Days]]
Please note that all contributions to Fedora Project Wiki are considered to be released under the Attribution-Share Alike 4.0 International (see Fedora Project Wiki:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To edit this page, please solve the following task below and enter the answer in the box (more info):

Cancel Editing help (opens in new window)