forked from ComplianceAsCode/content
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtemplate_OVAL_file_owner
34 lines (34 loc) · 1.68 KB
/
template_OVAL_file_owner
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
<def-group>
<definition class="compliance" id="{{{ _RULE_ID }}}" version="1">
{{{ oval_metadata("This test makes sure that " + FILEPATH + " is owned by " + FILEUID + ".") }}}
<criteria>
<criterion comment="Check file ownership of {{{ FILEPATH }}}" test_ref="test_file_owner{{{ FILEID }}}" />
</criteria>
</definition>
{{%- if MISSING_FILE_PASS -%}}
{{# Any number of files can exist, from zero to any #}}
{{% set FILE_EXISTENCE = "any_exist" %}}
{{%- else -%}}
{{# All defined files must exist. When using regex, at least one file must match #}}
{{% set FILE_EXISTENCE = "all_exist" %}}
{{%- endif -%}}
<unix:file_test check="all" check_existence="{{{ FILE_EXISTENCE }}}" comment="Testing user ownership of {{{ FILEPATH }}}" id="test_file_owner{{{ FILEID }}}" version="1">
<unix:object object_ref="object_file_owner{{{ FILEID }}}" />
<unix:state state_ref="state_file_owner{{{ FILEID }}}_uid_{{{ FILEUID }}}" />
</unix:file_test>
<unix:file_state id="state_file_owner{{{ FILEID }}}_uid_{{{ FILEUID }}}" version="1">
<unix:user_id datatype="int">{{{ FILEUID }}}</unix:user_id>
</unix:file_state>
<unix:file_object comment="{{{ FILEPATH }}}" id="object_file_owner{{{ FILEID }}}" version="1">
{{%- if IS_DIRECTORY -%}}
<unix:path>{{{ FILEPATH }}}</unix:path>
{{%- if FILE_REGEX -%}}
<unix:filename operation="pattern match">{{{ FILE_REGEX }}}</unix:filename>
{{%- else -%}}
<unix:filename xsi:nil="true" />
{{%- endif -%}}
{{%- else -%}}
<unix:filepath{{% if FILEPATH_IS_REGEX %}} operation="pattern match"{{% endif %}}>{{{ FILEPATH }}}</unix:filepath>
{{%- endif -%}}
</unix:file_object>
</def-group>