Changes in the 1-2.0.2.0 Final Release [since version 1-2.0.2.0-rc1 - 02/10/2013]
Release date: 03/11/2013
1. [Issue #232] The Linux partition test does not support /dev/vda devices
Fix: updated oval:nist.validation.linuxPartition:tst:35 to support /dev/vda devices.
2. [Issue #238] The spreadsheet expect results for the following commented rules xccdf_gov.nist_rule_user_test-38 to 43.
Fix: Changed the expected result in spreadsheet to N/A.
3. [Issue #245] Incorrect value for oval:nist.validation.winProcess58:ste:58 and ste:64
The property current_dir is defined as “The current_dir entity represents the current path to the executable file for the process.”. The path to smss.exe is c:\Windows\System32.
Fix for oval:nist.validation.winProcess58:ste:58:
replaced: "c:\wInDoWs\"
with: "c:\wInDoWs"
Fix for oval:nist.validation.winProcess58:ste:64:
replaced: "c:\wInDoWs\"
with: "c:\wInDoWs\SyStEm32"
4. [Issue #246] The xccdf_gov.nist_rule_serelabelprivilege-with-equals-operation-111 is missing xccdf:platform element
The following rule needs the "#platform_not_winxp" platform check added since this user right doesn't exist on Windows XP: xccdf_gov.nist_rule_serelabelprivilege-with-equals-operation-111
The platform was available in the discrete data stream (win_access_token_test-datastream.xml), but not in the consolidated DS for Windows.
Fix: added "#platform_not_winxp" to the affected rule in the consolidated DS for Windows.
5. [Issue #247] Configuration guidance for xccdf_gov.nist_rule_xccdf_gov.nist.validation.winUserSid_rule_15
If more than one user account is disabled, then this rule will fail (and not match the expect result). It passes if only one user account is disabled.
Fix: Updated configuration section from “Validation Content - User SID Test.xls” to specify that only one account must be disabled.
6. [Issue #248] Possible side effects when "Bypass Traverse Checking" does not include "Everyone"
This might have bad implications on XP (causes WMI and DCOM issues, "Network Connections" becomes blank, etc.).
Fix: added the "Everyone" group to the user right SeChangeNotifyPrivilege for: user_rightspolicy_config_1.inf, user_rightspolicy_config_2.inf, and user_rightspolicy_config_3.inf
7. [Issue #167] HKCU\System is not available as default on Windows XP.
According to Microsoft article http://support.microsoft.com/kb/310595, the HKCU\System is not available as default on Windows XP systems.
Affected tests: win_regkey_effective_rights_53_test and win_regkey_effective_rights_test (oval:nist.validation.winRegistryEffectiveRights53:tst:21 and oval:nist.validation.winRegistryEffectiveRights:tst:21)
Fix: updated the OVAL objects: oval:nist.validation.winRegistryEffectiveRights53:obj:4 and oval:nist.validation.winRegistryEffectiveRights:obj:4
to use "HKEY_CURRENT_USER\Software" instead "HKEY_CURRENT_USER\System"
8. [Issue #243] Case sensitivity issues with win_file_auditedpermissons test
The collections for this content is done using a path with a lower-case
path component, but state comparisons for expect the path to be treated
as a case-sensitive string and match with an upper-case path component.
Fix: updated objects oval:nist.validation.winFileAuditPermission:obj:1 through 5 to use an upper-case letter "C" for the path.
9. [Issue #243] Case sensitivity issues with win_file_test
The documentation (Validation Content - File Test.xls) for this test specifies a lower-case letter "c" for the paths, but the content uses an upper-case letter "C".
Fix: updated the documentation to match the content.
10. Improved installation instructions for the cmdlet test (win_cmdlet_test\docs\README.txt).
11. [Issue #251] Inconsistent result for winCmdlet_test def:120
Fix: updated the oval:nist.validation.winCmdlet:obj:6 to select the 'length' object.
12. [Issue #217] The space_left entity should record the free blocks in fs (f_bfree) instead free blocks avail to non-superuser (f_bavail)
Fix: updated the following OVAL tests to support both values (f_bfree and f_bavail):
- oval:nist.validation.linuxPartition:tst:95
- oval:nist.validation.linuxPartition:tst:99
- oval:nist.validation.linuxPartition:tst:102
13. Updated "Validation Content - Ind Environment Variable 58 Test.xls" and catalog.xml (discrete version) to include the expected results for a remote scanner.
14. [Issue #252] The expected result included in metadata section of oval:nist.validation.winFile:def:7 is incorrect.
Fix: corrected the expected result for oval:nist.validation.winFile:def:7 (OVAL metadata section only).
Note: the expected result from the catalog.xml and spreadsheet was correct.
15. [Issue #252] Some of the expected results from metadata section of the OVAL definitions for access_token_test don't match the spreadsheet.
Fix: updated the results from OVAL definitions to match the spreadsheet.
16. [Issue #183] Duplicate IDs used in multiple data streams: r500-datastream.xml,r700-datastream.xml, and r800-datastream.xml - runlevel_object
Fix: updated the R500 and R700 data streams to use unique IDs.
17. [Issue #233] The expected results for R1100 SCAP 1.0 data stream don't match the actual results.
Fix:- updated the XCCDF and OVAL content to match the expected results from the spreadsheet and catalog.xml.
- created a new catalog.xml file
- updated the spreadsheet
###############################################################################
###############################################################################
###############################################################################
Changes in the 1-2.0.2.0-rc1 release [since version 1-2.0.1.0 - 08/07/2013]
Release date: 02/10/2013
1. [Issue #118] Incorrect pattern match in OVAL state oval:nist.validation.xmlFileContent:ste:23
The oval:nist.validation.xmlFileContent:ste:23 uses “\i” (XML shorthand character classes) which is not supported by Perl regular expressions.
Fix: corrected the pattern match for oval:nist.validation.xmlFileContent:ste:23
replaced "C:\scap_validation_content\ind_xml\\e" with "C:\scap_validation_content\\ind_xml\\e"
2. [Issue #119] Incorrect pattern match in OVAL state oval:nist.validation.linux_xmlFileContent:ste:23
The oval:nist.validation.linux_xmlFileContent:ste:23 uses “\i” (XML shorthand character classes) which is not supported by Perl regular expressions.
Fix: corrected the pattern match for oval:nist.validation.xmlFileContent:ste:23:
replaced "/\scap_validation_content/\ind_xml/e" with "/\scap_validation_content/\\ind_xml/e"
3. [Issue #120] Incorrect pattern match in OVAL state oval:nist.validation.xmlFileContent:ste:14
The oval:nist.validation.xmlFileContent:ste:14 uses “\i” (XML shorthand character classes) which is not supported by Perl regular expressions.
Fix: corrected oval:nist.validation.xmlFileContent:ste:14 regex:
replaced "C:\scap_validation_content\ind_xml\\e\\\d\.xml" with "C:\scap_validation_content\\ind_xml\\e\\\d\.xml"
4. [Issue #121] Incorrect pattern match in OVAL state oval:nist.validation.linux_xmlFileContent:ste:14
The oval:nist.validation.linux_xmlFileContent:ste:14 uses “\i” (XML shorthand character classes) which is not supported by Perl regular expressions.
Fix: corrected oval:nist.validation.xmlFileContent:ste:23 regex:
replaced "/\scap_validation_content/\ind_xml/e/\d\.xml" with "/\scap_validation_content/\\ind_xml/e/\d\.xml"
5. [Issue #122] Unknown result for xccdf_gov.nist.validation.winCmdlet_rule_13 and xccdf_gov.nist.validation.winCmdlet_rule_18
Fix: unselected the following rules: xccdf_gov.nist.validation.winCmdlet_rule_13 and xccdf_gov.nist.validation.winCmdlet_rule_18
The OVAL specification does not clearly specify how to process the entity_check="none exist".
Please see: http://making-security-measurable.1364806.n2.nabble.com/OVAL-state-evaluation-with-entity-check-quot-none-exist-quot-tc7580011.html
6. [Issue #123] The xccdf_gov.nist.validation.winWmi_rule_4 is not selected
The xccdf_gov.nist.validation.winWmi_rule_4 tests the check_existance="NONE_EXIST" and it should be selected.
Known issues: ovaldi 5.10.1.5 does not support the tst:4
Please see:
http://sourceforge.net/p/ovaldi/bugs/237/
http://making-security-measurable.1364806.n2.nabble.com/Possible-ovaldi-bug-in-check-check-existence-evaluation-tc7579424.html
Fix: selected the rule ccdf_gov.nist.validation.winWmi_rule_4
7. [Issue #124] Unknown result for xccdf_gov.nist.validation.winWmi_rule_18
Fix: unselected the following rule: xccdf_gov.nist.validation.winWmi_rule_18
The OVAL specification does not clearly specify how to process the entity_check="none exist".
Please see: http://making-security-measurable.1364806.n2.nabble.com/OVAL-state-evaluation-with-entity-check-quot-none-exist-quot-tc7580011.html
8. [Issue #125] Incorrect state value for rule_15 listed in "Validation Content - WMI 57Test.xls"
The "Validation Content - WMI 57Test.xls" has the following state value for tst:15: "Workstation, Client"
This is just a text issue, it does not affect the result of the test since the state has the correct value of "Workstation, Workstation".
Fix: corrected the state value in the worksheet to "Workstation, Workstation".
9. [Issue #126] The xccdf_gov.nist.validation.winWmi_rule_13\tst:13 does not return the expected result
The xccdf_gov.nist.validation.winWmi_rule_13\tst:13 is being evaluated to FALSE instead PASS because check_existance="AT_LEAST_ONE_EXIST" and check="all".
Fix: changed the check="all" to check="none exist"
10.[Issue #127] Possible issue with oval:nist.validation.winProcess58:obj:6 (operation="equals")
The obj:6 uses SYSTEMROOT that might be a problem if the environmentvariable SystemRoot is not all upper case.
Fix: changed operation to "pattern match" for oval:nist.validation.winProcess58:obj:6 because the OVAL 5.3 : environmentvariable_object does not support 'case insensitive equals' operation for the 'name' property.
11.[Issue #128] Incorrect expected result for rule_61 listed in "Validation Content -Unix_Xinetd Test.xls"
The tst:61 lists an expected value of "PASS" instead "FAIL".
The expected value in the catalog.xml is correct.
Fix: changed the expected value for rule_61 to FAIL in the "Validation Content -Unix_Xinetd Test.xls"
12.[Issue #129] Incorrect file name ..\consolidated\RHEL\documents\Validation Content - Linux_File_Hash_Test.xls
The correct name is "Validation Content - Linux Ind File Hash Test.xls"
Fix: renamed "Validation Content - Linux_File_Hash_Test.xls" to "Validation Content - Linux Ind File Hash Test.xls"
13.[Issue #130] The file paths from "Validation Content - Linux Ind File Hash Test.xls" don't match the actual test.
The spreadsheet lists the path "/scap_validation_content/e/" instead "/scap_validation_content/ind_file_hash/..".
Fix:
- replaced /scap_validation_content/e with /scap_validation_content/ind_file_hash/e
- replaced /scap_validation_content/1e with /scap_validation_content/ind_file_hash/1e
14.[Issue #131] Incorrect configuration settings for "Validation Content -Ind XML Test.xls" and "Validation Content - Linux Ind XML Test.xls"
The configuration settings for "Validation Content -Ind XML Test.xls" and "Validation Content - Linux Ind XML Test.xls" do not match the tests.
This is an informational issue only affecting the configuration worksheet from the spreadsheet.
The configuration scripts should automatically create the required files, and the test results are not affected.
Fix: updated configuration worksheet to match the tests.
15.[Issue #132] Incorrect "signature_keyid" for the rpm package "readahead" listed in "Validation Content - Rpminfo_Test.xls"
The "signature_keyid" for the rpm package "readahead" is incorrect in the spreadsheet and it will be corrected in the next version.
This is an informational issue only affecting the configuration worksheet from the spreadsheet.
Fix: changed "signature_keyid" to "5326810137017186"
16.[Issue #133] Incorrect group_id and user_id for Skeleton2 and Skeleton3 listed in "Validation Content -Unix_File Test.xls"
The Skeleton2.sh & Skeleton3.sh had a user ID & group ID of 0 instead of the config spreadsheet specified 5000 and 500.
This is an informational issue only affecting the configuration worksheet from the spreadsheet.
Fix: changed the group_id and user_id to n/a
17.[Issue #133:Incorrect value for oval:nist.validation.winProcess58:ste:58 and oval:nist.validation.winProcess58:ste:64
- The value for oval:nist.validation.winProcess58:ste:58 is incorrect because:
- ste value is resolved to "C:\Windows\SyStEm32"
- and the current_dir entity to "C:\Windows\"
- Related to the issue above: The actual result pass does not match the expected result of fail for item:xccdf_gov.nist_rule_xccdf_gov.nist.validation.winProcess58_rule_83
Fix: changed the value for ste:58 and ste:64 to c:\wInDoWs
18.[Issue #28] r2200-datastream.xml fails schema validation with Oxygen (Schematron errors for ocil_test)
Fix: changed the OVAL schema from 5.3 to 5.10.
19.[Issue #135] Incorrect object used by oval:nist.validation.winWmi57:tst:62
The oval:nist.validation.winWmi57:tst:62 supposed to test the pattern match operation for the wql entity, but it uses an object that does not exists.
Fix: changed the object to oval:nist.validation.winWmi57:obj:3 and the state to oval:nist.validation.winWmi57:ste:73.
20.[Issue #136] Incorrect object used by oval:nist.validation.winWmi:tst:62
The oval:nist.validation.winWmi:tst:62 supposed to test the pattern match operation for the wql entity, but it uses an object that does not exists.
Fix: changed the object to oval:nist.validation.winWmi:obj:3 and the state to oval:nist.validation.winWmi:ste:55.
21.Improved the following tests & states to aligned with the tested operation:
- oval:nist.validation.winWmi57:tst:55 - case insensitive equals
- oval:nist.validation.winWmi57:tst:58 - equals
- oval:nist.validation.winWmi57:tst:61 - case insensitive not equal
22.Improved the following tests & states to aligned with the tested operation:
- oval:nist.validation.winWmi:tst:55 - case insensitive equals
- oval:nist.validation.winWmi:tst:58 - equals
- oval:nist.validation.winWmi:tst:61 - case insensitive not equal
23.[Issue #137] Some winfile tests might fail if the system's time zone is not set to EST or EDT
Fix: updated the configuration instructions.
24.[Issue #138] Incorrect results for the winfile tst:53 to 57 on Windows XP
The results for the following rules don't match the expected results because the owner of the Skeleton.exe is not 'BUILTIN\Administrators':
The actual result fail does not match the expected result of pass for item:xccdf_gov.nist.validation.winFile_rule_53
The actual result pass does not match the expected result of fail for item:xccdf_gov.nist.validation.winFile_rule_56
The actual result fail does not match the expected result of pass for item:xccdf_gov.nist.validation.winFile_rule_57
The actual result pass does not match the expected result of fail for item:xccdf_gov.nist.validation.winFile_rule_54
The actual result fail does not match the expected result of pass for item:xccdf_gov.nist.validation.winFile_rule_55
Fix: updated tests 53 to 57.
25.Deleted win_file_config2.py because win_file_test requires only one configuration.
26.Removed references to Python 2.7 from the readme_lab.txt and readme_public.txt files.
27.Changed the ID od the consolidated DS from:"xccdf_gov.nist_benchmark_xccdf_gov.nist.validation.environmentvariable58_benchmark_environmentvariable58" to "xccdf_gov.nist_benchmark_SCAP-Validation-Consolidated-Benchmark"
28.[Issue #139] The following tests run only on Windows Vista or later:
- xccdf_gov.nist_rule_secreatesymboliclinkprivilege-with-equals-operation-8
- xccdf_gov.nist_rule_seincreaseworkingsetprivilege-with-equals-operation-15
- xccdf_gov.nist_rule_serelabelprivilege-with-equals-operation-21
- xccdf_gov.nist_rule_setimezoneprivilege-with-equals-operation-32
- xccdf_gov.nist_rule_setrustedcredmanaccessnameright-with-equals-operation-45
The following privileges are not defined on XP (see http://msdn.microsoft.com/en-us/library/windows/desktop/ee695867%28v=vs.85%29.aspx):
- SeCreateSymbolicLinkPrivilege
- SeIncreaseWorkingSetPrivilege
- SereLabelPrivilege
- SeTimezonePrivilege
- SeTrustedCredManAccessPrivilege (setrustedcredmanaccessnameright in OVAL)
Fix: Added cpe-lang:platform-specification for the affected rules:
- xccdf_gov.nist_rule_secreatesymboliclinkprivilege-with-equals-operation-8
- xccdf_gov.nist_rule_seincreaseworkingsetprivilege-with-equals-operation-15
- xccdf_gov.nist_rule_serelabelprivilege-with-equals-operation-21
- xccdf_gov.nist_rule_setimezoneprivilege-with-equals-operation-32
- xccdf_gov.nist_rule_setrustedcredmanaccessnameright-with-equals-operation-45
- xccdfgov.nist_rule_secreatesymboliclinkprivilege-with-equals-operation-143
- xccdfgov.nist_rule_secreatesymboliclinkprivilege-with-equals-operation-98
- xccdfgov.nist_rule_secreatesymboliclinkprivilege-with-equals-operation-53
- xccdfgov.nist_rule_seincreaseworkingsetprivilege-with-equals-operation-150
- xccdfgov.nist_rule_seincreaseworkingsetprivilege-with-equals-operation-60
- xccdfgov.nist_rule_seincreaseworkingsetprivilege-with-equals-operation-105
- xccdfgov.nist_rule_serelabelprivilege-with-equals-operation-156
- xccdfgov.nist_rule_serelabelprivilege-with-equals-operation-66
- xccdfgov.nist_rule_serelabelprivilege-with-equals-operation-111
- xccdfgov.nist_rule_setimezoneprivilege-with-equals-operation-122
- xccdfgov.nist_rule_setimezoneprivilege-with-equals-operation-77
- xccdfgov.nist_rule_setimezoneprivilege-with-equals-operation-167
- xccdfgov.nist_rule_setrustedcredmanaccessnameright-with-equals-operation-180
- xccdfgov.nist_rule_setrustedcredmanaccessnameright-with-equals-operation-135
- xccdfgov.nist_rule_setrustedcredmanaccessnameright-with-equals-operation-90
On Windows XP these rules will return: notapplicable.
Also, updated the catalog.xml files and added a separate configuration section for Windows XP.
29.win_file_effective_rights_test: corrected the expected result for oval:nist.validation.winFileEffectiveRights:def:92 from UNKNOWN to FAIL on all 3 configurations.
The incorrect result was listed only in the Validation Content - File Effective Rights.xls. The catalog.xml had the correct result.
30.win_file_audit_permissions_53_test\Validation Content - File Audited Permissions 53.xls
Corrected the OVAL IDs (the IDs numbers restart at 184.)
31.win_file_audit_permissions_test\Validation Content - File Audited Permissions.xls
Corrected the OVAL IDs (the IDs numbers restart at 184.)
32.Added configuration information for the win_user_test in readme.txt and "Validation Content - User Test.xls"
computer name = TESTMACHINE
33.[Issue #161]: Corrected the expected result for (win_file_test) def:7 in the spreadsheet.
33.[Issue #162]: Incorrect result for oval:nist.validation.filehash:def:2 and oval:nist.validation.linux_filehash:def:2
- Corrected the expected results in the spreadsheet for configuration 2 and in the OVAL definition.
34. Corrected the expected results for xccdf_gov.nist.validation.winRegistryEffectiveRights_rule_21 and xccdf_gov.nist.validation.winRegistryEffectiveRights53_rule_21 on Windows XP.
35. [Issue #186]: Updated the pattern match for oval:nist.validation.winAccessToken:obj:4 and oval:nist.validation.winAccessToken:ste:94 to comply with OVAL specification.
(http://making-security-measurable.1364806.n2.nabble.com/Windows-local-vs-built-in-accounts-tt7579309.html#a7579310)
- oval:nist.validation.winAccessToken:obj:4: replaced "\\Guest$" with "[Gg][Uu][Ee][Ss][Tt]$"
- oval:nist.validation.winAccessToken:ste:94: replaced: "\\Guest" with "[Gg][Uu][Ee][Ss][Tt]$"
36. [Issue #187]: Incorrect operation for the datatype string used by SCAP.2000.5 XCCDF component
SCAP.T.2000.5. The content has a string with a “greater than or equal” to attached to it. This content is invalid.
Fix: Corrected the operation for the affected XCCDF values.
37. [Issue #192]: enhancements for unixProcess58 test related to selinux_domain_label entity
Fix:
- changed the value for oval:nist.validation.unixProcess58:ste:128 from "unconfined.*t" to "^iNiT_t$"
- changed the value for oval:nist.validation.unixProcess58:ste:124 from "unconfined_t" to "iNiT_t"
- added @entity_check='all' for the states which test the selinux_domain_label value
38. [Issue #210]: Incorrect expected result for def:38 listed in "Validation Content - Audit Event Policy.xls" for configuration 3
The tst:38 lists an expected value of "PASS" instead "FAIL".
The expected value in the catalog.xml is correct.
Fix: changed the expected value for def:38 to FAIL in the "Validation Content - Audit Event Policy.xls"
39. [Issue #214\#190]: The check_existance value from spreadsheet don't match the XML content for winRegistryEffectiveRights53:tst:7
Fix:
- changed the value for check_existance for tst:7 from "only_one_exists" to "any_exist".
- updated the expected result value from catalog.xml (from FAIL to PASS).
40. [Issue #213]: The audit subcategory "Detailed File Share" is not available on Windows Vista
Fix: Added cpe-lang:platform-specification for the affected rules:
- xccdf_gov.nist_rule_detailed-file-share-with-equals-operation-101
- xccdf_gov.nist_rule_detailed-file-share-with-equals-operation-102
- xccdf_gov.nist_rule_detailed-file-share-with-equals-operation-103
- xccdf_gov.nist_rule_detailed-file-share-with-equals-operation-104
41. [Issue #169]: Incorrect comment for oval:nist.validation.winRegistry:tst:20
Fix: Corrected the comment.
42. [Issue #215] Improve configuration scripts to eliminate manual steps.
There are commands specific for each Windows platform that needs to be executed.
For instance: lockout_policy_set.exe does not work on all the platforms.
Fix: improved config[1-8].bat to minimize manual configuration steps.
43. [Issue #170] win_wua_update_searcher_test does not cover Windows XP and Vista
Fix: updated the content to support Windows XP and Vista 32-bit platforms
The following tests were updated:
- oval:nist.validation.winWuaUpdateSearcher:tst:12
- oval:nist.validation.winWuaUpdateSearcher:tst:15
- oval:nist.validation.winWuaUpdateSearcher:tst:19
- oval:nist.validation.winWuaUpdateSearcher:tst:31
- oval:nist.validation.winWuaUpdateSearcher:tst:32
- oval:nist.validation.winWuaUpdateSearcher:tst:33
- oval:nist.validation.winWuaUpdateSearcher:tst:34
- oval:nist.validation.winWuaUpdateSearcher:tst:37
- oval:nist.validation.winWuaUpdateSearcher:tst:39
44. [Issue #150] The inetd_test is not applicable to RHEL 5
De-selected rules in the profile for the inetd_test and and inetd_test-datastream.
45. [Issue #149] Updated the OVAL schema version to 5.10 for linux_partition_test-datastream.xml and RHEL-datastream.xml
46. [Issue #150] Updated the uname_test to work with any release of RHEL 5
The following tests were updated:
- oval:nist.validation.unixUname:tst:31
- oval:nist.validation.unixUname:tst:32
- oval:nist.validation.unixUname:tst:33
- oval:nist.validation.unixUname:tst:34
- oval:nist.validation.unixUname:tst:41
- oval:nist.validation.unixUname:tst:42
- oval:nist.validation.unixUname:tst:43
- oval:nist.validation.unixUname:tst:44
47. Documentation update for Unix file test: correct path for Skeleton.sh in Validation Content -Unix_File Test.xls
48. Removed duplicate *.xls files for RHEL consolidated data stream.
These files are still available in the "docs" folder for discrete data streams.
49. [Issue #220] Corrected possible false negative due to mount_options entity for oval:nist.validation.linuxPartition:def:61 and def:63
50. Multiple content enhancements for linuxPartition:def:61 through def:70 related to case sensitive and insensitive operations.
51. [Issue #188] compare.py updates to support missing "notselected" results from ARF reports.
52. Corrected the expected result for oval:nist.validation.linuxPartition:def:13 in "Validation Content - Partition Test.xls"
The expected result for def:13 is "PASS".
53. [Issue #217] The space_left entity should record the free blocks in fs (f_bfree) instead free blocks avail to non-superuser (f_bavail)
Updated the following OVAL tests:
- oval:nist.validation.linuxPartition:tst:95
- oval:nist.validation.linuxPartition:tst:99
- oval:nist.validation.linuxPartition:tst:98
- oval:nist.validation.linuxPartition:tst:100
- oval:nist.validation.linuxPartition:tst:102
54. [Issue #221] Windows configuration scripts for win_user and win_group tests: unable to create user
Some of the configuration commands fails because the password does not meet the complexity requirements.
Fix: Improved the python scripts for win_group and win_user test to generate complex passwords.
55. [Issue #140] The Validation Test Content requires to be tested on a machine named "TESTMACHINE". This is not suitable for testing multiple products in the same time or having multiple configurations that run simultaneous.
Fix: Improved win_user and win_group tests to support the following computer names: TESTMACHINE, TESTMACHINE01 to TESTMACHINE99.
56. [Issue #225] Incorrect result for oval:nist.validation.winWuaUpdateSearcher:tst:40 on XP
Fix: updated the pattern match for oval:nist.validation.winWuaUpdateSearcher:ste:40 to "^[^0]+\.$"
57. [Issue #226] linux-ind_environment_variable_test-config1.sh does not work for non-login shell
The linux-ind_environment_variable_58_test-config1.sh is affected as well.
Fix: Updated the scripts to support non-login shell.
58. [Issue #227] The oval:nist.validation.winSidSid:def:4 from the consolidated DS has the deprecated attribute set to true
Fix: removed the deprecated attribute for def:4
59. [Issue #151] unix_inetd XCCDF rules should not be selected
Fix: unselected the unix_inetd rules from the discrete data stream.
60. [Issue #228] The linux partition test 35 does not support IDE drives
Fix: updated the pattern match for oval:nist.validation.linuxPartition:ste:16 from "/dev/sd[\w]+" to "/dev/[hs]d[\w]+"
61. [Issue #229] The tests oval:nist.validation.winSidSid:tst:4 and 13 return ERROR instead PASS.
Fix: updated oval:nist.validation.winSidSid:obj:11 to use a fake trustee_sid which ends in -498 instead:
62. [Issue #231] win_sid_test\obj:5 does not exist because the equals operation for string datatype is case-sensitive
Fix: changed operation "equals" to "pattern match" for the oval:nist.validation.winSid:obj:5