I write you to comment a question about a test that I am creating now. I am trying to check if a system with SUSE 11 installed has the sshd service disable using TCP protocol. To do this, my test contains the following xinetd_object and xinetd_state:
<unix-def:xinetd_object id="oval:suse:obj:5" version="1" comment="sshd service">
<unix-def:xinetd_state id="oval:suse:ste:5" version="1" comment="Disabled service">
When I evaluate the OVAL definition with ovaldi (OVAL interpreter), the result is always true, that is, the sshd service is disable or not running. But I can verify with the command "netstat -tulpn" that sshd service is running and listening in port 22 (TCP).
Can someone throw some light on this issue? Is my OVAL definition written incorrectly?
Can you please attach your OVAL Results document?
I think you may not be judging ovaldi's correctness correctly. The xinetd test checks the configuration of xinetd, which is done via config files. You can start up any service you want, directly or in some way other than xinetd, and the 'netstat' tool will pick it up, but that has no bearing on its configuration in xinetd.
To tell whether ovaldi is doing the right thing on your system, check the xinetd config files: /etc/xinetd.conf and /etc/xinetd.d/*. You can also run 'man xinetd.conf' to get more info about xinetd config files. If it's not doing the right thing, let us know.
If you aren't interested in xinetd specifically, you might try the runlevel test, which tests service configuration at particular runlevels. There's also a inetlisteningservers test in the linux schema, which checks existing network connections/server sockets.
You might think about what it means for a service to be "disabled" on your system, and use that to decide which test is most suited to the purpose. If none are, you're welcome to suggest new tests on the OVAL developer list .
Thank you very much for your help. Xinetd was not really what I needed to check if a service is enabled. Finally, I have used the inetlisteningservers test. The content of my OVAL definition file is the following:
<?xml version="1.0" encoding="UTF-8"?>
<oval:product_name>Enhanced SCAP Content Editor (eSCAPe)</oval:product_name>
<definition id="oval:suse:def:5" version="1" class="compliance">
<title>Telnet service should be disabled</title>
<platform>SUSE Linux 10.0</platform>
<platform>SUSE Linux 10.1</platform>
<platform>SUSE Linux Desktop 1.0</platform>
<platform>SUSE Linux Enterprise Desktop 10</platform>
<platform>SUSE Linux Enterprise Server 10</platform>
<platform>SUSE Linux Enterprise Server 9</platform>
<platform>SUSE Linux Professional 9.3</platform>
<description>Check if telnet service is disabled</description>
<criterion test_ref="oval:suse:tst:5" comment="Check if telnet service is stopped" />
<unix-def:runlevel_test id="oval:suse:tst:5" version="1" check_existence="none_exist" check="all" comment="Is telnet service stopped?">
<unix-def:object object_ref="oval:suse:obj:5" />
<unix-def:runlevel_object id="oval:suse:obj:5" version="1" comment="Telnet service">
Log in to post a comment.
Sign up for the SourceForge newsletter:
You seem to have CSS turned off.
Please don't fill out this field.