openscap 0.5.0 → 0.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (44) hide show
  1. checksums.yaml +4 -4
  2. data/lib/openscap/version.rb +1 -1
  3. data/lib/openscap/xccdf/benchmark.rb +10 -10
  4. data/lib/openscap/xccdf/fix.rb +7 -14
  5. data/lib/openscap/xccdf/fixtext.rb +19 -0
  6. data/lib/openscap/xccdf/group.rb +6 -12
  7. data/lib/openscap/xccdf/ident.rb +4 -10
  8. data/lib/openscap/xccdf/item.rb +6 -6
  9. data/lib/openscap/xccdf/item_common.rb +1 -1
  10. data/lib/openscap/xccdf/policy.rb +3 -4
  11. data/lib/openscap/xccdf/policy_model.rb +6 -14
  12. data/lib/openscap/xccdf/profile.rb +2 -2
  13. data/lib/openscap/xccdf/reference.rb +5 -21
  14. data/lib/openscap/xccdf/rule.rb +32 -8
  15. data/lib/openscap/xccdf/ruleresult.rb +5 -7
  16. data/lib/openscap/xccdf/session.rb +11 -11
  17. data/lib/openscap/xccdf/status.rb +1 -2
  18. data/lib/openscap/xccdf/tailoring.rb +6 -12
  19. data/lib/openscap/xccdf/testresult.rb +12 -16
  20. data/lib/openscap/xccdf/value.rb +1 -2
  21. metadata +5 -27
  22. data/test/common/testcase.rb +0 -38
  23. data/test/data/arf.xml +0 -275156
  24. data/test/data/invalid.xml +0 -20
  25. data/test/data/sds-complex.xml +0 -132
  26. data/test/data/tailoring.xml +0 -31
  27. data/test/data/testresult.xml +0 -225
  28. data/test/data/xccdf.xml +0 -3047
  29. data/test/ds/arf_test.rb +0 -96
  30. data/test/ds/sds_test.rb +0 -89
  31. data/test/integration/arf_waiver_test.rb +0 -91
  32. data/test/openscap_test.rb +0 -21
  33. data/test/source_test.rb +0 -78
  34. data/test/text_test.rb +0 -19
  35. data/test/xccdf/arf_test.rb +0 -43
  36. data/test/xccdf/benchmark_test.rb +0 -201
  37. data/test/xccdf/item_test.rb +0 -82
  38. data/test/xccdf/policy_test.rb +0 -48
  39. data/test/xccdf/profile_test.rb +0 -62
  40. data/test/xccdf/session_ds_test.rb +0 -116
  41. data/test/xccdf/session_test.rb +0 -33
  42. data/test/xccdf/tailoring_test.rb +0 -30
  43. data/test/xccdf/testresult_test.rb +0 -99
  44. data/test/xccdf/value_test.rb +0 -67
data/test/ds/arf_test.rb DELETED
@@ -1,96 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require 'openscap'
4
- require 'openscap/ds/arf'
5
- require 'common/testcase'
6
-
7
- class TestArf < OpenSCAP::TestCase
8
- REPORT = 'report.rds.xml'
9
-
10
- def test_arf_new_nil
11
- msg = nil
12
- begin
13
- OpenSCAP::DS::Arf.new(nil)
14
- assert false
15
- rescue OpenSCAP::OpenSCAPError => e
16
- msg = e.to_s
17
- end
18
- assert msg.start_with?("Cannot initialize OpenSCAP::DS::Arf with ''"), "Message was: #{msg}"
19
- end
20
-
21
- def test_arf_new_wrong_format
22
- msg = nil
23
- begin
24
- OpenSCAP::DS::Arf.new('../data/xccdf.xml')
25
- assert false
26
- rescue OpenSCAP::OpenSCAPError => e
27
- msg = e.to_s
28
- end
29
- assert msg.include?('Could not create Result DataStream session: File is not Result DataStream.'),
30
- "Message was: #{msg}"
31
- end
32
-
33
- def test_create_arf_and_get_html
34
- arf = new_arf
35
- html = arf.html
36
- arf.destroy
37
- assert html.start_with?('<!DOCTYPE html><html'), 'DOCTYPE missing.'
38
- assert html.include?('OpenSCAP')
39
- assert html.include?('Compliance and Scoring')
40
- end
41
-
42
- def test_create_arf_and_get_profile
43
- arf = new_arf
44
- tr = arf.test_result
45
- assert tr.profile == 'xccdf_moc.elpmaxe.www_profile_1',
46
- "TestResult.profile was '#{tr.profile}'"
47
- tr.destroy
48
- arf.destroy
49
- end
50
-
51
- def test_new_memory
52
- create_arf
53
- raw_data = File.read(REPORT)
54
- refute raw_data.empty?
55
- arf = OpenSCAP::DS::Arf.new content: raw_data, path: REPORT
56
- arf.destroy
57
- end
58
-
59
- def test_new_bz_memory
60
- bziped_file = new_arf_bz
61
- raw_data = File.binread(bziped_file)
62
- assert !raw_data.empty?
63
- len = File.size(bziped_file)
64
- FileUtils.rm bziped_file
65
- arf = OpenSCAP::DS::Arf.new content: raw_data, path: bziped_file, length: len
66
- arf.destroy
67
- end
68
-
69
- def test_new_bz_file
70
- bziped_file = new_arf_bz
71
- arf = OpenSCAP::DS::Arf.new(bziped_file)
72
- arf.destroy
73
- FileUtils.rm bziped_file
74
- end
75
-
76
- private
77
-
78
- def new_arf_bz
79
- create_arf
80
- system("/usr/bin/bzip2 #{REPORT}")
81
- "#{REPORT}.bz2"
82
- end
83
-
84
- def new_arf
85
- create_arf
86
- OpenSCAP::DS::Arf.new(REPORT)
87
- end
88
-
89
- def create_arf
90
- @s = OpenSCAP::Xccdf::Session.new('../data/sds-complex.xml')
91
- @s.load(component_id: 'scap_org.open-scap_cref_second-xccdf.xml')
92
- @s.profile = 'xccdf_moc.elpmaxe.www_profile_1'
93
- @s.evaluate
94
- @s.export_results(rds_file: 'report.rds.xml')
95
- end
96
- end
data/test/ds/sds_test.rb DELETED
@@ -1,89 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require 'openscap'
4
- require 'openscap/source'
5
- require 'openscap/ds/sds'
6
- require 'common/testcase'
7
-
8
- class TestSds < OpenSCAP::TestCase
9
- DS_FILE = '../data/sds-complex.xml'
10
-
11
- def test_new
12
- new_sds.destroy
13
- end
14
-
15
- def test_new_non_sds
16
- filename = '../data/xccdf.xml'
17
- @s = OpenSCAP::Source.new filename
18
- assert !@s.nil?
19
- msg = nil
20
- begin
21
- OpenSCAP::DS::Sds.new source: @s
22
- assert false
23
- rescue OpenSCAP::OpenSCAPError => e
24
- msg = e.to_s
25
- end
26
- assert msg.start_with?('Could not create Source DataStream session: File is not Source DataStream.'), msg
27
- end
28
-
29
- def test_select_checklist
30
- sds = new_sds
31
- benchmark = sds.select_checklist!
32
- assert !benchmark.nil?
33
- sds.destroy
34
- end
35
-
36
- def test_show_guides
37
- sds = new_sds
38
- benchmark_source = sds.select_checklist!
39
- benchmark = OpenSCAP::Xccdf::Benchmark.new benchmark_source
40
- benchmark.profiles.each_key do |id|
41
- guide = sds.html_guide id
42
- assert !guide.nil?
43
- assert guide.include?(id)
44
- end
45
- benchmark.destroy
46
- sds.destroy
47
- end
48
-
49
- def tests_select_checklist_wrong
50
- sds = new_sds
51
- msg = nil
52
- begin
53
- benchmark = sds.select_checklist! datastream_id: 'wrong'
54
- assert false
55
- rescue OpenSCAP::OpenSCAPError => e
56
- msg = e.to_s
57
- end
58
- assert msg.start_with?('Failed to locate a datastream with ID matching'), msg
59
- assert benchmark.nil?
60
- sds.destroy
61
- end
62
-
63
- def tests_use_through_yields
64
- OpenSCAP::Source.new DS_FILE do |source|
65
- assert_equal 'SCAP Source Datastream', source.type
66
- OpenSCAP::DS::Sds.new source: do |sds|
67
- benchmark_source = sds.select_checklist!
68
- html = sds.html_guide
69
- assert_include html, 'bootstrap'
70
-
71
- OpenSCAP::Xccdf::Benchmark.new benchmark_source do |benchmark|
72
- assert_empty benchmark.profiles
73
- assert benchmark.items.length == 1
74
- assert benchmark.items.keys.first == 'xccdf_moc.elpmaxe.www_rule_first'
75
- end
76
- end
77
- end
78
- end
79
-
80
- private
81
-
82
- def new_sds
83
- @s = OpenSCAP::Source.new DS_FILE
84
- assert !@s.nil?
85
- sds = OpenSCAP::DS::Sds.new source: @s
86
- assert !sds.nil?
87
- sds
88
- end
89
- end
@@ -1,91 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require 'openscap'
4
- require 'openscap/xccdf/benchmark'
5
- require 'openscap/xccdf/ruleresult'
6
- require 'openscap/xccdf/session'
7
- require 'openscap/xccdf/testresult'
8
- require 'openscap/ds/arf'
9
- require 'openscap/ds/sds'
10
- require 'common/testcase'
11
-
12
- class TestArfWaiver < OpenSCAP::TestCase
13
- def test_waiver_and_score
14
- assert_default_score tr.score, -1, 1
15
- assert_default_score tr.score!(benchmark), -1, 1
16
-
17
- rr.override!(new_result: :pass,
18
- time: 'yesterday',
19
- authority: 'John Hacker',
20
- raw_text: 'This should have passed')
21
- assert rr.result == 'pass'
22
-
23
- assert_default_score tr.score, -1, 1
24
- assert_default_score tr.score!(benchmark), 99, 101
25
-
26
- # create updated DOM (that includes the override element and new score)
27
- arf.test_result = tr
28
- arf.source.save('modified.rds.xml')
29
- tr.destroy
30
- arf.destroy
31
-
32
- arf2 = OpenSCAP::DS::Arf.new('modified.rds.xml')
33
- tr2 = arf2.test_result('xccdf1')
34
- assert_default_score tr.score, 99, 101
35
- rr2 = tr2.rr['xccdf_moc.elpmaxe.www_rule_first']
36
- assert rr2.result == 'pass'
37
- tr2.destroy
38
- arf2.destroy
39
- end
40
-
41
- private
42
-
43
- def benchmark
44
- @benchmark ||= benchmark_init
45
- end
46
-
47
- def benchmark_init
48
- sds = arf.report_request
49
- bench_source = sds.select_checklist!
50
- bench = OpenSCAP::Xccdf::Benchmark.new bench_source
51
- sds.destroy
52
- bench
53
- end
54
-
55
- def rr
56
- @rr ||= rr_init
57
- end
58
-
59
- def rr_init
60
- assert tr.rr.size == 1
61
- rr = tr.rr['xccdf_moc.elpmaxe.www_rule_first']
62
- assert rr.result == 'fail'
63
- rr
64
- end
65
-
66
- def tr
67
- @tr ||= tr_init
68
- end
69
-
70
- def tr_init
71
- tr = arf.test_result
72
- assert tr.score.size == 1
73
- score = tr.score['urn:xccdf:scoring:default']
74
- assert score[:system] == 'urn:xccdf:scoring:default'
75
- assert score[:max] == 100.0
76
- assert score[:value] == 0.0
77
- tr
78
- end
79
-
80
- def arf
81
- @arf ||= arf_init
82
- end
83
-
84
- def arf_init
85
- @s = OpenSCAP::Xccdf::Session.new('../data/sds-complex.xml')
86
- @s.load
87
- @s.evaluate
88
- @s.export_results(rds_file: 'report.rds.xml')
89
- OpenSCAP::DS::Arf.new('report.rds.xml')
90
- end
91
- end
@@ -1,21 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require 'common/testcase'
4
- require 'openscap'
5
-
6
- class TestOscapVersion < OpenSCAP::TestCase
7
- def test_oscap_version
8
- OpenSCAP.oscap_init
9
- version = OpenSCAP.oscap_get_version
10
- OpenSCAP.oscap_cleanup
11
- assert version.include?('.')
12
- end
13
-
14
- def test_double_read_error
15
- assert !OpenSCAP.error?
16
- msg = OpenSCAP.full_error
17
- assert msg.nil?
18
- msg = OpenSCAP.full_error
19
- assert msg.nil?
20
- end
21
- end
data/test/source_test.rb DELETED
@@ -1,78 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require 'openscap'
4
- require 'openscap/source'
5
- require 'common/testcase'
6
-
7
- class TestSource < OpenSCAP::TestCase
8
- def test_source_new_nil
9
- msg = nil
10
- begin
11
- OpenSCAP::Source.new(nil)
12
- assert false
13
- rescue OpenSCAP::OpenSCAPError => e
14
- msg = e.to_s
15
- end
16
- assert msg.start_with?('No filename specified!'), "Message was: #{msg}"
17
- end
18
-
19
- def test_source_new_ok
20
- s = OpenSCAP::Source.new('../data/xccdf.xml')
21
- s.destroy
22
- end
23
-
24
- def test_source_new_memory
25
- raw_data = File.read('../data/xccdf.xml')
26
- refute raw_data.empty?
27
- s = OpenSCAP::Source.new(content: raw_data, path: '/mytestpath')
28
- s.destroy
29
- end
30
-
31
- def test_type_xccdf
32
- OpenSCAP::Source.new('../data/xccdf.xml') do |s|
33
- assert s.type == 'XCCDF Checklist', "Type was #{s.type}"
34
- s.validate!
35
- end
36
- end
37
-
38
- def test_type_sds
39
- OpenSCAP::Source.new('../data/sds-complex.xml') do |s|
40
- assert s.type == 'SCAP Source Datastream', "Type was #{s.type}"
41
- s.validate!
42
- end
43
- end
44
-
45
- def test_type_test_result
46
- s = OpenSCAP::Source.new('../data/testresult.xml')
47
- assert s.type == 'XCCDF Checklist', "Type was #{s.type}"
48
- s.validate!
49
- s.destroy
50
- end
51
-
52
- def test_validate_invalid
53
- s = OpenSCAP::Source.new('../data/invalid.xml')
54
- msg = nil
55
- begin
56
- s.validate!
57
- assert false
58
- rescue OpenSCAP::OpenSCAPError => e
59
- msg = e.to_s
60
- end
61
- assert msg.start_with?('Invalid XCCDF Checklist (1.2) content in ../data/invalid.xml.'),
62
- "Message was: #{msg}"
63
- assert msg.include?("../data/invalid.xml:3: Element '{http"),
64
- "Message was: #{msg}"
65
- assert msg.include?('This element is not expected. Expected is'),
66
- "Message was: #{msg}"
67
- s.destroy
68
- end
69
-
70
- def test_save
71
- s = OpenSCAP::Source.new('../data/testresult.xml')
72
- filename = './newly_created.xml'
73
- assert !File.exist?(filename)
74
- s.save(filename)
75
- assert File.exist?(filename)
76
- FileUtils.rm_rf filename
77
- end
78
- end
data/test/text_test.rb DELETED
@@ -1,19 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require 'openscap'
4
- require 'openscap/text'
5
- require 'common/testcase'
6
-
7
- class TestText < OpenSCAP::TestCase
8
- def test_text_new
9
- t = OpenSCAP::Text.new
10
- t.destroy
11
- end
12
-
13
- def test_text_set_text
14
- t = OpenSCAP::Text.new
15
- t.text = 'blah'
16
- assert t.text == 'blah', "Text was: #{t.text}"
17
- t.destroy
18
- end
19
- end
@@ -1,43 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require 'common/testcase'
4
- require 'openscap'
5
- require 'openscap/ds/sds'
6
- require 'openscap/source'
7
- require 'openscap/xccdf/benchmark'
8
-
9
- class TestArf < OpenSCAP::TestCase
10
- def test_new_from_file
11
- b = benchmark_from_arf_file
12
- b.destroy
13
- end
14
-
15
- def test_idents
16
- b = benchmark_from_arf_file
17
- item = b.items['xccdf_com.redhat.rhsa_rule_oval-com.redhat.rhsa-def-20140675']
18
- idents = item.idents
19
- assert idents.size == 25
20
- end
21
-
22
- def test_ident_title_url
23
- b = benchmark_from_arf_file
24
- item = b.items['xccdf_com.redhat.rhsa_rule_oval-com.redhat.rhsa-def-20140678']
25
- idents = item.idents
26
- assert idents.size == 2
27
- ident = idents[0]
28
- expected_id = 'RHSA-2014-0678'
29
- expected_system = 'https://rhn.redhat.com/errata'
30
- assert_equal(expected_id, ident.id)
31
- assert_equal(expected_system, ident.system)
32
- end
33
-
34
- private
35
-
36
- def benchmark_from_arf_file
37
- arf = OpenSCAP::DS::Arf.new('../data/arf.xml')
38
- _test_results = arf.test_result
39
- source_datastream = arf.report_request
40
- bench_source = source_datastream.select_checklist!
41
- OpenSCAP::Xccdf::Benchmark.new(bench_source)
42
- end
43
- end
@@ -1,201 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require 'common/testcase'
4
- require 'openscap'
5
- require 'openscap/ds/sds'
6
- require 'openscap/source'
7
- require 'openscap/xccdf/benchmark'
8
-
9
- class TestBenchmark < OpenSCAP::TestCase
10
- def test_new_from_file
11
- b = benchmark_from_file
12
- b.destroy
13
- end
14
-
15
- def test_new_from_sds
16
- @s = OpenSCAP::Source.new '../data/sds-complex.xml'
17
- sds = OpenSCAP::DS::Sds.new @s
18
- bench_source = sds.select_checklist!
19
- assert !bench_source.nil?
20
- b = OpenSCAP::Xccdf::Benchmark.new bench_source
21
- assert !b.nil?
22
- b.destroy
23
- sds.destroy
24
- end
25
-
26
- def test_new_from_wrong
27
- @s = OpenSCAP::Source.new '../data/testresult.xml'
28
- msg = nil
29
- begin
30
- OpenSCAP::Xccdf::Benchmark.new @s
31
- assert false
32
- rescue OpenSCAP::OpenSCAPError => e
33
- msg = e.to_s
34
- end
35
- assert msg.start_with?("Find element 'TestResult' while expecting element: 'Benchmark'"), msg
36
- end
37
-
38
- def test_items_in_benchmark
39
- b = benchmark_from_file
40
- assert b.items.size == 138
41
- rules_count = b.items.count { |_, i| i.is_a?(OpenSCAP::Xccdf::Rule) }
42
- groups_count = b.items.count { |_, i| i.is_a?(OpenSCAP::Xccdf::Group) }
43
- assert rules_count == 76, "Got #{rules_count} rules"
44
- assert groups_count == 62, "Got #{groups_count} groups"
45
- b.destroy
46
- end
47
-
48
- def test_items_title
49
- b = benchmark_from_file
50
- prelink_rule = b.items['xccdf_org.ssgproject.content_rule_disable_prelink']
51
- assert prelink_rule.title == 'Prelinking Disabled', prelink_rule.title
52
- b.destroy
53
- end
54
-
55
- def test_items_description
56
- b = benchmark_from_file
57
- install_hids_rule = b.items['xccdf_org.ssgproject.content_rule_install_hids']
58
- expected_result = "\nThe Red Hat platform includes a sophisticated auditing system\nand SELinux, which provide host-based intrusion detection capabilities.\n"
59
- assert install_hids_rule.description == expected_result, install_hids_rule.description
60
- b.destroy
61
- end
62
-
63
- def test_items_rationale
64
- b = benchmark_from_file
65
- aide_rule = b.items['xccdf_org.ssgproject.content_rule_package_aide_installed']
66
- expected_rationale = "\nThe AIDE package must be installed if it is to be available for integrity checking.\n"
67
- assert aide_rule.rationale == expected_rationale, aide_rule.rationale
68
- b.destroy
69
- end
70
-
71
- def test_items_severity
72
- b = benchmark_from_file
73
- prelink_rule = b.items['xccdf_org.ssgproject.content_rule_disable_prelink']
74
- assert prelink_rule.severity == 'Low', prelink_rule.severity
75
- b.destroy
76
- end
77
-
78
- def test_items_references
79
- b = benchmark_from_file
80
- install_hids_rule = b.items['xccdf_org.ssgproject.content_rule_install_hids']
81
- expected_references = [{ title: 'SC-7',
82
- href: 'http://csrc.nist.gov/publications/nistpubs/800-53-Rev3/sp800-53-rev3-final.pdf',
83
- html_link: "<a href='http://csrc.nist.gov/publications/nistpubs/800-53-Rev3/sp800-53-rev3-final.pdf'>SC-7</a>" },
84
- { title: '1263',
85
- href: 'http://iase.disa.mil/cci/index.html',
86
- html_link: "<a href='http://iase.disa.mil/cci/index.html'>1263</a>" }]
87
- assert_equal(expected_references, install_hids_rule.references.map(&:to_hash), 'Install hids references should be equal')
88
- b.destroy
89
- end
90
-
91
- def test_items_fixes
92
- b = benchmark_from_file
93
- login_defs_rule = b.items['xccdf_org.ssgproject.content_rule_accounts_minimum_age_login_defs']
94
- expected_content = ["var_accounts_minimum_age_login_defs=\"<sub xmlns=\"http://checklists.nist.gov/xccdf/1.2\" idref=\"xccdf_org.ssgproject.content_value_var_accounts_minimum_age_login_defs\" use=\"legacy\"/>\"\ngrep -q ^PASS_MIN_DAYS /etc/login.defs &amp;&amp; \\\nsed -i \"s/PASS_MIN_DAYS.*/PASS_MIN_DAYS\\t$var_accounts_minimum_age_login_defs/g\" /etc/login.defs\nif ! [ $? -eq 0 ]\nthen\n echo -e \"PASS_MIN_DAYS\\t$var_accounts_minimum_age_login_defs\" &gt;&gt; /etc/login.defs\nfi\n"]
95
- expected_hashes = [{
96
- id: nil,
97
- platform: nil,
98
- content: expected_content.first,
99
- system: 'urn:xccdf:fix:script:sh'
100
- }]
101
- assert_equal(expected_content, login_defs_rule.fixes.map(&:content), 'Fix content should match')
102
- assert_equal(expected_hashes, login_defs_rule.fixes.map(&:to_hash), 'Fix hash should match')
103
- b.destroy
104
- end
105
-
106
- def test_benchamrk_id
107
- with_benchmark do |b|
108
- assert_equal b.id, 'xccdf_org.ssgproject.content_benchmark_FEDORA'
109
- end
110
- end
111
-
112
- def test_status_current
113
- with_benchmark do |b|
114
- status = b.status_current
115
- assert_equal status.status, :draft
116
- release_date = status.date
117
- assert_equal release_date.year, 2014
118
- assert_equal release_date.month, 10
119
- assert_equal release_date.day, 2
120
- end
121
- end
122
-
123
- def test_title
124
- with_benchmark do |b|
125
- assert_equal b.title, 'Guide to the Secure Configuration of Fedora'
126
- end
127
- end
128
-
129
- def test_description
130
- with_benchmark do |b|
131
- assert_equal b.description, DESCRIPTION
132
- end
133
- end
134
-
135
- def test_version
136
- with_benchmark do |b|
137
- assert_equal b.version, '0.0.4'
138
- end
139
- end
140
-
141
- def test_references
142
- with_benchmark do |b|
143
- assert_equal b.references, []
144
- end
145
- end
146
-
147
- def test_resolved
148
- with_benchmark do |b|
149
- assert b.resolved?
150
- end
151
- end
152
-
153
- def test_policy_model
154
- with_benchmark do |b|
155
- assert b.policy_model.policies.keys == ['xccdf_org.ssgproject.content_profile_common']
156
- end
157
- end
158
-
159
- def test_schema_version
160
- with_benchmark do |b|
161
- assert_equal b.schema_version, '1.2'
162
- end
163
- end
164
-
165
- private
166
-
167
- def benchmark_from_file
168
- source = OpenSCAP::Source.new '../data/xccdf.xml'
169
- b = OpenSCAP::Xccdf::Benchmark.new source
170
- source.destroy
171
- assert !b.nil?
172
- b
173
- end
174
-
175
- def with_benchmark(&)
176
- OpenSCAP::Source.new '../data/xccdf.xml' do |source|
177
- OpenSCAP::Xccdf::Benchmark.new(source, &)
178
- end
179
- end
180
-
181
- DESCRIPTION = "This guide presents a catalog of security-relevant configuration\n" \
182
- "settings for Fedora operating system formatted in the eXtensible Configuration\n" \
183
- "Checklist Description Format (XCCDF).\n" \
184
- "<br xmlns=\"http://www.w3.org/1999/xhtml\"/>\n" \
185
- "<br xmlns=\"http://www.w3.org/1999/xhtml\"/>\n" \
186
- "Providing system administrators with such guidance informs them how to securely\n" \
187
- "configure systems under their control in a variety of network roles. Policy\n" \
188
- "makers and baseline creators can use this catalog of settings, with its\n" \
189
- "associated references to higher-level security control catalogs, in order to\n" \
190
- "assist them in security baseline creation. This guide is a <i xmlns=\"http://www.w3.org/1999/xhtml\">catalog, not a\n" \
191
- "checklist,</i> and satisfaction of every item is not likely to be possible or\n" \
192
- "sensible in many operational scenarios. However, the XCCDF format enables\n" \
193
- "granular selection and adjustment of settings, and their association with OVAL\n" \
194
- "and OCIL content provides an automated checking capability. Transformations of\n" \
195
- "this document, and its associated automated checking content, are capable of\n" \
196
- "providing baselines that meet a diverse set of policy objectives. Some example\n" \
197
- "XCCDF <i xmlns=\"http://www.w3.org/1999/xhtml\">Profiles</i>, which are selections of items that form checklists and\n" \
198
- "can be used as baselines, are available with this guide. They can be\n" \
199
- "processed, in an automated fashion, with tools that support the Security\n" \
200
- "Content Automation Protocol (SCAP).\n"
201
- end