Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
path: root/xml/SCAP/gentoo-oval.xml
diff options
context:
space:
mode:
Diffstat (limited to 'xml/SCAP/gentoo-oval.xml')
-rw-r--r--xml/SCAP/gentoo-oval.xml35
1 files changed, 33 insertions, 2 deletions
diff --git a/xml/SCAP/gentoo-oval.xml b/xml/SCAP/gentoo-oval.xml
index d2ece23..b520353 100644
--- a/xml/SCAP/gentoo-oval.xml
+++ b/xml/SCAP/gentoo-oval.xml
@@ -53,6 +53,24 @@
<criterion test_ref="oval:org.gentoo.dev.swift:tst:2" comment="The /home location is on a separate partition" />
</criteria>
</definition>
+
+ <definition id="oval:org.gentoo.dev.swift:def:3" version="1" class="compliance">
+ <metadata>
+ <title>The /home file system is mounted with the nosuid option</title>
+ <affected family="unix">
+ <platform>Gentoo Linux</platform>
+ </affected>
+ <description>
+ This definition tests whether the /home partition is mounted with the nosuid
+ mount option.
+ </description>
+ </metadata>
+ <criteria operator="AND">
+ <criterion test_ref="oval:org.gentoo.dev.swift:tst:2" comment="The /home location is on a separate partition" />
+ <criterion test_ref="oval:org.gentoo.dev.swift:tst:3" comment="The /home partition is mounted with nosuid mount option" />
+ </criteria>
+ </definition>
+
</definitions>
<tests>
@@ -70,6 +88,15 @@
<!-- /home partition -->
<lin-def:object object_ref="oval:org.gentoo.dev.swift:obj:2" />
</lin-def:partition_test>
+
+ <lin-def:partition_test id="oval:org.gentoo.dev.swift:tst:3"
+ version="1" check="all" check_existence="all_exist"
+ comment="Tests that /home is mounted with nosuid option">
+ <!-- /home partition -->
+ <lin-def:object object_ref="oval:org.gentoo.dev.swift:obj:2" />
+ <!-- "nosuid" mount option -->
+ <lin-def:state state_ref="oval:org.gentoo.dev.swift:ste:1" />
+ </lin-def:partition_test>
</tests>
<objects>
@@ -85,10 +112,14 @@
</lin-def:partition_object>
</objects>
-<!--
<states>
+
+ <lin-def:partition_state id="oval:org.gentoo.dev.swift:ste:1"
+ version="1" comment="The file system is mounted with the nosuid mount option">
+ <lin-def:mount_options entity_check="at least one">nosuid</lin-def:mount_options>
+ </lin-def:partition_state>
+
</states>
--->
<!--
<variables>