File scap-yast2sec-oval.xml of Package openscap

<?xml version="1.0"?>
<oval_definitions xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5"
 xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5"
 xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5"
 xmlns:ind-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent"
 xmlns:lin-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux"
 xmlns:unix-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix">
  <generator>
    <oval:product_name>vim</oval:product_name>
    <oval:schema_version>5.9</oval:schema_version>
    <oval:timestamp>2011-10-31T12:00:00-04:00</oval:timestamp>
  </generator>

<definitions>
<!-- @@GENOVAL START DEFINITIONS -->
<definition class="compliance" id="oval:de.suse.suse121:def:2" version="1">
  <metadata>
    <title>sysctl net.ipv4.ip_forward must be 0</title>
    <description>sysctl net.ipv4.ip_forward must be 0</description>
  </metadata>
  <criteria>
    <criterion test_ref="oval:de.suse.suse121:tst:2" comment="sysctl net.ipv4.ip_forward must be 0" />
  </criteria>
</definition>
<definition class="compliance" id="oval:de.suse.suse121:def:3" version="1">
  <metadata>
    <title>sysctl net.ipv4.tcp_syncookies must be 1</title>
    <description>sysctl net.ipv4.tcp_syncookies must be 1</description>
  </metadata>
  <criteria>
    <criterion test_ref="oval:de.suse.suse121:tst:3" comment="sysctl net.ipv4.tcp_syncookies must be 1" />
  </criteria>
</definition>
<definition class="compliance" id="oval:de.suse.suse121:def:4" version="1">
  <metadata>
    <title>sysctl net.ipv6.conf.all.forwarding must be 0</title>
    <description>sysctl net.ipv6.conf.all.forwarding must be 0</description>
  </metadata>
  <criteria>
    <criterion test_ref="oval:de.suse.suse121:tst:4" comment="sysctl net.ipv6.conf.all.forwarding must be 0" />
  </criteria>
</definition>
<definition class="compliance" id="oval:de.suse.suse121:def:5" version="1">
  <metadata>
    <title>sysctl net.ipv6.conf.default.forwarding must be 0</title>
    <description>sysctl net.ipv6.conf.default.forwarding must be 0</description>
  </metadata>
  <criteria>
    <criterion test_ref="oval:de.suse.suse121:tst:5" comment="sysctl net.ipv6.conf.default.forwarding must be 0" />
  </criteria>
</definition>
<definition class="compliance" id="oval:de.suse.suse121:def:6" version="1">
  <metadata>
    <title>kernel config CONFIG_SYN_COOKIES must be y</title>
    <description>kernel config CONFIG_SYN_COOKIES must be y</description>
  </metadata>
  <criteria>
    <criterion test_ref="oval:de.suse.suse121:tst:6" comment="kernel config CONFIG_SYN_COOKIES must be y" />
  </criteria>
</definition>
<definition class="compliance" id="oval:de.suse.suse121:def:9" version="1">
  <metadata>
    <title>file /etc/login.defs must have a line that matches ^PASS_MAX_DAYS.*99999</title>
    <description>file /etc/login.defs must have a line that matches ^PASS_MAX_DAYS.*99999</description>
  </metadata>
  <criteria>
    <criterion test_ref="oval:de.suse.suse121:tst:9" comment="file /etc/login.defs must have a line that matches ^PASS_MAX_DAYS.*99999" />
  </criteria>
</definition>
<definition class="compliance" id="oval:de.suse.suse121:def:10" version="1">
  <metadata>
    <title>file /etc/login.defs must have a line that matches ^PASS_MIN_DAYS.*0</title>
    <description>file /etc/login.defs must have a line that matches ^PASS_MIN_DAYS.*0</description>
  </metadata>
  <criteria>
    <criterion test_ref="oval:de.suse.suse121:tst:10" comment="file /etc/login.defs must have a line that matches ^PASS_MIN_DAYS.*0" />
  </criteria>
</definition>
<definition class="compliance" id="oval:de.suse.suse121:def:11" version="1">
  <metadata>
    <title>file /etc/login.defs must have a line that matches ^PASS_WARN_AGE.*7</title>
    <description>file /etc/login.defs must have a line that matches ^PASS_WARN_AGE.*7</description>
  </metadata>
  <criteria>
    <criterion test_ref="oval:de.suse.suse121:tst:11" comment="file /etc/login.defs must have a line that matches ^PASS_WARN_AGE.*7" />
  </criteria>
</definition>
<definition class="compliance" id="oval:de.suse.suse121:def:12" version="1">
  <metadata>
    <title>file /etc/pam.d/common-password must have a line that matches minlen=6</title>
    <description>file /etc/pam.d/common-password must have a line that matches minlen=6</description>
  </metadata>
  <criteria>
    <criterion test_ref="oval:de.suse.suse121:tst:12" comment="file /etc/pam.d/common-password must have a line that matches minlen=6" />
  </criteria>
</definition>
<definition class="compliance" id="oval:de.suse.suse121:def:13" version="1">
  <metadata>
    <title>file /etc/pam.d/common-password must have a line that matches remember=</title>
    <description>file /etc/pam.d/common-password must have a line that matches remember=</description>
  </metadata>
  <criteria>
    <criterion test_ref="oval:de.suse.suse121:tst:13" comment="file /etc/pam.d/common-password must have a line that matches remember=" />
  </criteria>
</definition>
<definition class="compliance" id="oval:de.suse.suse121:def:16" version="1">
  <metadata>
    <title>file /etc/login.defs may not have a line that matches ^FAIL_DELAY.*0</title>
    <description>file /etc/login.defs may not have a line that matches ^FAIL_DELAY.*0</description>
  </metadata>
  <criteria>
    <criterion test_ref="oval:de.suse.suse121:tst:16" comment="file /etc/login.defs may not have a line that matches ^FAIL_DELAY.*0" />
  </criteria>
</definition>
<definition class="compliance" id="oval:de.suse.suse121:def:17" version="1">
  <metadata>
    <title>file /etc/login.defs must have a line that matches ^FAIL_DELAY</title>
    <description>file /etc/login.defs must have a line that matches ^FAIL_DELAY</description>
  </metadata>
  <criteria>
    <criterion test_ref="oval:de.suse.suse121:tst:17" comment="file /etc/login.defs must have a line that matches ^FAIL_DELAY" />
  </criteria>
</definition>
<definition class="compliance" id="oval:de.suse.suse121:def:18" version="1">
  <metadata>
    <title>file /etc/sysconfig/displaymanager must have a line that matches ^DISPLAYMANAGER_REMOTE_ACCESS.*no</title>
    <description>file /etc/sysconfig/displaymanager must have a line that matches ^DISPLAYMANAGER_REMOTE_ACCESS.*no</description>
  </metadata>
  <criteria>
    <criterion test_ref="oval:de.suse.suse121:tst:18" comment="file /etc/sysconfig/displaymanager must have a line that matches ^DISPLAYMANAGER_REMOTE_ACCESS.*no" />
  </criteria>
</definition>
<definition class="compliance" id="oval:de.suse.suse121:def:19" version="1">
  <metadata>
    <title>file /etc/sysconfig/displaymanager must have a line that matches ^DISPLAYMANAGER_ROOT_LOGIN_REMOTE.*no</title>
    <description>file /etc/sysconfig/displaymanager must have a line that matches ^DISPLAYMANAGER_ROOT_LOGIN_REMOTE.*no</description>
  </metadata>
  <criteria>
    <criterion test_ref="oval:de.suse.suse121:tst:19" comment="file /etc/sysconfig/displaymanager must have a line that matches ^DISPLAYMANAGER_ROOT_LOGIN_REMOTE.*no" />
  </criteria>
</definition>
<definition class="compliance" id="oval:de.suse.suse121:def:22" version="1">
  <metadata>
    <title>file /etc/login.defs must have a line that matches ^UID_MIN.*1000</title>
    <description>file /etc/login.defs must have a line that matches ^UID_MIN.*1000</description>
  </metadata>
  <criteria>
    <criterion test_ref="oval:de.suse.suse121:tst:22" comment="file /etc/login.defs must have a line that matches ^UID_MIN.*1000" />
  </criteria>
</definition>
<definition class="compliance" id="oval:de.suse.suse121:def:23" version="1">
  <metadata>
    <title>file /etc/login.defs must have a line that matches ^UID_MAX.*60000</title>
    <description>file /etc/login.defs must have a line that matches ^UID_MAX.*60000</description>
  </metadata>
  <criteria>
    <criterion test_ref="oval:de.suse.suse121:tst:23" comment="file /etc/login.defs must have a line that matches ^UID_MAX.*60000" />
  </criteria>
</definition>
<definition class="compliance" id="oval:de.suse.suse121:def:24" version="1">
  <metadata>
    <title>file /etc/login.defs must have a line that matches ^GID_MIN.*1000</title>
    <description>file /etc/login.defs must have a line that matches ^GID_MIN.*1000</description>
  </metadata>
  <criteria>
    <criterion test_ref="oval:de.suse.suse121:tst:24" comment="file /etc/login.defs must have a line that matches ^GID_MIN.*1000" />
  </criteria>
</definition>
<definition class="compliance" id="oval:de.suse.suse121:def:25" version="1">
  <metadata>
    <title>file /etc/login.defs must have a line that matches ^GID_MAX.*60000</title>
    <description>file /etc/login.defs must have a line that matches ^GID_MAX.*60000</description>
  </metadata>
  <criteria>
    <criterion test_ref="oval:de.suse.suse121:tst:25" comment="file /etc/login.defs must have a line that matches ^GID_MAX.*60000" />
  </criteria>
</definition>
<definition class="compliance" id="oval:de.suse.suse121:def:29" version="1">
  <metadata>
    <title>sysctl kernel.sysrq must be 0</title>
    <description>sysctl kernel.sysrq must be 0</description>
  </metadata>
  <criteria>
    <criterion test_ref="oval:de.suse.suse121:tst:29" comment="sysctl kernel.sysrq must be 0" />
  </criteria>
</definition>
<definition class="compliance" id="oval:de.suse.suse121:def:30" version="1">
  <metadata>
    <title>file /etc/default/passwd may not have a line that matches ^CRYPT_FILES=md5</title>
    <description>file /etc/default/passwd may not have a line that matches ^CRYPT_FILES=md5</description>
  </metadata>
  <criteria>
    <criterion test_ref="oval:de.suse.suse121:tst:30" comment="file /etc/default/passwd may not have a line that matches ^CRYPT_FILES=md5" />
  </criteria>
</definition>
<definition class="compliance" id="oval:de.suse.suse121:def:31" version="1">
  <metadata>
    <title>file /etc/default/passwd may not have a line that matches ^CRYPT_FILES=des</title>
    <description>file /etc/default/passwd may not have a line that matches ^CRYPT_FILES=des</description>
  </metadata>
  <criteria>
    <criterion test_ref="oval:de.suse.suse121:tst:31" comment="file /etc/default/passwd may not have a line that matches ^CRYPT_FILES=des" />
  </criteria>
</definition>
<definition class="compliance" id="oval:de.suse.suse121:def:32" version="1">
  <metadata>
    <title>file /etc/sysconfig/security must have a line that matches ^CHECK_PERMISSIONS.*set</title>
    <description>file /etc/sysconfig/security must have a line that matches ^CHECK_PERMISSIONS.*set</description>
  </metadata>
  <criteria>
    <criterion test_ref="oval:de.suse.suse121:tst:32" comment="file /etc/sysconfig/security must have a line that matches ^CHECK_PERMISSIONS.*set" />
  </criteria>
</definition>
<definition class="compliance" id="oval:de.suse.suse121:def:33" version="1">
  <metadata>
    <title>file /etc/sysconfig/security must have a line that matches ^CHECK_SIGNATURES.*yes</title>
    <description>file /etc/sysconfig/security must have a line that matches ^CHECK_SIGNATURES.*yes</description>
  </metadata>
  <criteria>
    <criterion test_ref="oval:de.suse.suse121:tst:33" comment="file /etc/sysconfig/security must have a line that matches ^CHECK_SIGNATURES.*yes" />
  </criteria>
</definition>
<definition class="compliance" id="oval:de.suse.suse121:def:38" version="1">
  <metadata>
    <title>file /etc/sysconfig/dhcpd must have a line that matches ^DHCPD_RUN_CHROOTED.*yes</title>
    <description>file /etc/sysconfig/dhcpd must have a line that matches ^DHCPD_RUN_CHROOTED.*yes</description>
  </metadata>
  <criteria>
    <criterion test_ref="oval:de.suse.suse121:tst:38" comment="file /etc/sysconfig/dhcpd must have a line that matches ^DHCPD_RUN_CHROOTED.*yes" />
  </criteria>
</definition>
<definition class="compliance" id="oval:de.suse.suse121:def:39" version="1">
  <metadata>
    <title>file /etc/sysconfig/dhcpd must have a line that matches ^DHCPD_RUN_AS.*dhcpd</title>
    <description>file /etc/sysconfig/dhcpd must have a line that matches ^DHCPD_RUN_AS.*dhcpd</description>
  </metadata>
  <criteria>
    <criterion test_ref="oval:de.suse.suse121:tst:39" comment="file /etc/sysconfig/dhcpd must have a line that matches ^DHCPD_RUN_AS.*dhcpd" />
  </criteria>
</definition>
<definition class="compliance" id="oval:de.suse.suse121:def:40" version="1">
  <metadata>
    <title>file /etc/sysconfig/dhcpd must have a line that matches ^DHCPD6_RUN_CHROOTED.*yes</title>
    <description>file /etc/sysconfig/dhcpd must have a line that matches ^DHCPD6_RUN_CHROOTED.*yes</description>
  </metadata>
  <criteria>
    <criterion test_ref="oval:de.suse.suse121:tst:40" comment="file /etc/sysconfig/dhcpd must have a line that matches ^DHCPD6_RUN_CHROOTED.*yes" />
  </criteria>
</definition>
<definition class="compliance" id="oval:de.suse.suse121:def:41" version="1">
  <metadata>
    <title>file /etc/sysconfig/dhcpd must have a line that matches ^DHCPD6_RUN_AS.*dhcpd</title>
    <description>file /etc/sysconfig/dhcpd must have a line that matches ^DHCPD6_RUN_AS.*dhcpd</description>
  </metadata>
  <criteria>
    <criterion test_ref="oval:de.suse.suse121:tst:41" comment="file /etc/sysconfig/dhcpd must have a line that matches ^DHCPD6_RUN_AS.*dhcpd" />
  </criteria>
</definition>
<definition class="compliance" id="oval:de.suse.suse121:def:42" version="1">
  <metadata>
    <title>file /etc/sysconfig/services must have a line that matches ^DISABLE_RESTART_ON_UPDATE.*yes</title>
    <description>file /etc/sysconfig/services must have a line that matches ^DISABLE_RESTART_ON_UPDATE.*yes</description>
  </metadata>
  <criteria>
    <criterion test_ref="oval:de.suse.suse121:tst:42" comment="file /etc/sysconfig/services must have a line that matches ^DISABLE_RESTART_ON_UPDATE.*yes" />
  </criteria>
</definition>
<definition class="compliance" id="oval:de.suse.suse121:def:43" version="1">
  <metadata>
    <title>file /etc/sysconfig/services must have a line that matches ^DISABLE_STOP_ON_REMOVAL.*yes</title>
    <description>file /etc/sysconfig/services must have a line that matches ^DISABLE_STOP_ON_REMOVAL.*yes</description>
  </metadata>
  <criteria>
    <criterion test_ref="oval:de.suse.suse121:tst:43" comment="file /etc/sysconfig/services must have a line that matches ^DISABLE_STOP_ON_REMOVAL.*yes" />
  </criteria>
</definition>
<!-- @@GENOVAL END DEFINITIONS -->
</definitions>

<tests>
<!-- @@GENOVAL START TESTS -->
<ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:2" version="1" check="at least one" comment="sysctl net.ipv4.ip_forward must be 0" check_existence="at_least_one_exists">
  <ind-def:object object_ref="oval:de.suse.suse121:obj:1" />
  <ind-def:state state_ref="oval:de.suse.suse121:ste:1" />
</ind-def:textfilecontent54_test>
<ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:3" version="1" check="at least one" comment="sysctl net.ipv4.tcp_syncookies must be 1" check_existence="at_least_one_exists">
  <ind-def:object object_ref="oval:de.suse.suse121:obj:2" />
  <ind-def:state state_ref="oval:de.suse.suse121:ste:2" />
</ind-def:textfilecontent54_test>
<ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:4" version="1" check="at least one" comment="sysctl net.ipv6.conf.all.forwarding must be 0" check_existence="at_least_one_exists">
  <ind-def:object object_ref="oval:de.suse.suse121:obj:4" />
  <ind-def:state state_ref="oval:de.suse.suse121:ste:1" />
</ind-def:textfilecontent54_test>
<ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:5" version="1" check="at least one" comment="sysctl net.ipv6.conf.default.forwarding must be 0" check_existence="at_least_one_exists">
  <ind-def:object object_ref="oval:de.suse.suse121:obj:5" />
  <ind-def:state state_ref="oval:de.suse.suse121:ste:1" />
</ind-def:textfilecontent54_test>
<ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:6" version="1" check="at least one" comment="kernel config CONFIG_SYN_COOKIES must be y" check_existence="at_least_one_exists">
  <ind-def:object object_ref="oval:de.suse.suse121:obj:3" />
  <ind-def:state state_ref="oval:de.suse.suse121:ste:3" />
</ind-def:textfilecontent54_test>
<ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:9" version="1" check="at least one" comment="file /etc/login.defs must have a line that matches ^PASS_MAX_DAYS.*99999" check_existence="at_least_one_exists">
  <ind-def:object object_ref="oval:de.suse.suse121:obj:7" />
  <ind-def:state state_ref="oval:de.suse.suse121:ste:4" />
</ind-def:textfilecontent54_test>
<ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:10" version="1" check="at least one" comment="file /etc/login.defs must have a line that matches ^PASS_MIN_DAYS.*0" check_existence="at_least_one_exists">
  <ind-def:object object_ref="oval:de.suse.suse121:obj:7" />
  <ind-def:state state_ref="oval:de.suse.suse121:ste:5" />
</ind-def:textfilecontent54_test>
<ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:11" version="1" check="at least one" comment="file /etc/login.defs must have a line that matches ^PASS_WARN_AGE.*7" check_existence="at_least_one_exists">
  <ind-def:object object_ref="oval:de.suse.suse121:obj:7" />
  <ind-def:state state_ref="oval:de.suse.suse121:ste:6" />
</ind-def:textfilecontent54_test>
<ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:12" version="1" check="at least one" comment="file /etc/pam.d/common-password must have a line that matches minlen=6" check_existence="at_least_one_exists">
  <ind-def:object object_ref="oval:de.suse.suse121:obj:10" />
  <ind-def:state state_ref="oval:de.suse.suse121:ste:17" />
</ind-def:textfilecontent54_test>
<ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:13" version="1" check="at least one" comment="file /etc/pam.d/common-password must have a line that matches remember=" check_existence="at_least_one_exists">
  <ind-def:object object_ref="oval:de.suse.suse121:obj:10" />
  <ind-def:state state_ref="oval:de.suse.suse121:ste:18" />
</ind-def:textfilecontent54_test>
<ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:16" version="1" check="none satisfy" comment="file /etc/login.defs may not have a line that matches ^FAIL_DELAY.*0" check_existence="at_least_one_exists">
  <ind-def:object object_ref="oval:de.suse.suse121:obj:7" />
  <ind-def:state state_ref="oval:de.suse.suse121:ste:9" />
</ind-def:textfilecontent54_test>
<ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:17" version="1" check="at least one" comment="file /etc/login.defs must have a line that matches ^FAIL_DELAY" check_existence="at_least_one_exists">
  <ind-def:object object_ref="oval:de.suse.suse121:obj:7" />
  <ind-def:state state_ref="oval:de.suse.suse121:ste:10" />
</ind-def:textfilecontent54_test>
<ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:18" version="1" check="at least one" comment="file /etc/sysconfig/displaymanager must have a line that matches ^DISPLAYMANAGER_REMOTE_ACCESS.*no" check_existence="at_least_one_exists">
  <ind-def:object object_ref="oval:de.suse.suse121:obj:12" />
  <ind-def:state state_ref="oval:de.suse.suse121:ste:23" />
</ind-def:textfilecontent54_test>
<ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:19" version="1" check="at least one" comment="file /etc/sysconfig/displaymanager must have a line that matches ^DISPLAYMANAGER_ROOT_LOGIN_REMOTE.*no" check_existence="at_least_one_exists">
  <ind-def:object object_ref="oval:de.suse.suse121:obj:12" />
  <ind-def:state state_ref="oval:de.suse.suse121:ste:24" />
</ind-def:textfilecontent54_test>
<ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:22" version="1" check="at least one" comment="file /etc/login.defs must have a line that matches ^UID_MIN.*1000" check_existence="at_least_one_exists">
  <ind-def:object object_ref="oval:de.suse.suse121:obj:7" />
  <ind-def:state state_ref="oval:de.suse.suse121:ste:11" />
</ind-def:textfilecontent54_test>
<ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:23" version="1" check="at least one" comment="file /etc/login.defs must have a line that matches ^UID_MAX.*60000" check_existence="at_least_one_exists">
  <ind-def:object object_ref="oval:de.suse.suse121:obj:7" />
  <ind-def:state state_ref="oval:de.suse.suse121:ste:12" />
</ind-def:textfilecontent54_test>
<ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:24" version="1" check="at least one" comment="file /etc/login.defs must have a line that matches ^GID_MIN.*1000" check_existence="at_least_one_exists">
  <ind-def:object object_ref="oval:de.suse.suse121:obj:7" />
  <ind-def:state state_ref="oval:de.suse.suse121:ste:13" />
</ind-def:textfilecontent54_test>
<ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:25" version="1" check="at least one" comment="file /etc/login.defs must have a line that matches ^GID_MAX.*60000" check_existence="at_least_one_exists">
  <ind-def:object object_ref="oval:de.suse.suse121:obj:7" />
  <ind-def:state state_ref="oval:de.suse.suse121:ste:14" />
</ind-def:textfilecontent54_test>
<ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:29" version="1" check="at least one" comment="sysctl kernel.sysrq must be 0" check_existence="at_least_one_exists">
  <ind-def:object object_ref="oval:de.suse.suse121:obj:6" />
  <ind-def:state state_ref="oval:de.suse.suse121:ste:1" />
</ind-def:textfilecontent54_test>
<ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:30" version="1" check="none satisfy" comment="file /etc/default/passwd may not have a line that matches ^CRYPT_FILES=md5" check_existence="at_least_one_exists">
  <ind-def:object object_ref="oval:de.suse.suse121:obj:9" />
  <ind-def:state state_ref="oval:de.suse.suse121:ste:15" />
</ind-def:textfilecontent54_test>
<ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:31" version="1" check="none satisfy" comment="file /etc/default/passwd may not have a line that matches ^CRYPT_FILES=des" check_existence="at_least_one_exists">
  <ind-def:object object_ref="oval:de.suse.suse121:obj:9" />
  <ind-def:state state_ref="oval:de.suse.suse121:ste:16" />
</ind-def:textfilecontent54_test>
<ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:32" version="1" check="at least one" comment="file /etc/sysconfig/security must have a line that matches ^CHECK_PERMISSIONS.*set" check_existence="at_least_one_exists">
  <ind-def:object object_ref="oval:de.suse.suse121:obj:13" />
  <ind-def:state state_ref="oval:de.suse.suse121:ste:25" />
</ind-def:textfilecontent54_test>
<ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:33" version="1" check="at least one" comment="file /etc/sysconfig/security must have a line that matches ^CHECK_SIGNATURES.*yes" check_existence="at_least_one_exists">
  <ind-def:object object_ref="oval:de.suse.suse121:obj:13" />
  <ind-def:state state_ref="oval:de.suse.suse121:ste:26" />
</ind-def:textfilecontent54_test>
<ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:38" version="1" check="at least one" comment="file /etc/sysconfig/dhcpd must have a line that matches ^DHCPD_RUN_CHROOTED.*yes" check_existence="at_least_one_exists">
  <ind-def:object object_ref="oval:de.suse.suse121:obj:11" />
  <ind-def:state state_ref="oval:de.suse.suse121:ste:19" />
</ind-def:textfilecontent54_test>
<ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:39" version="1" check="at least one" comment="file /etc/sysconfig/dhcpd must have a line that matches ^DHCPD_RUN_AS.*dhcpd" check_existence="at_least_one_exists">
  <ind-def:object object_ref="oval:de.suse.suse121:obj:11" />
  <ind-def:state state_ref="oval:de.suse.suse121:ste:20" />
</ind-def:textfilecontent54_test>
<ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:40" version="1" check="at least one" comment="file /etc/sysconfig/dhcpd must have a line that matches ^DHCPD6_RUN_CHROOTED.*yes" check_existence="at_least_one_exists">
  <ind-def:object object_ref="oval:de.suse.suse121:obj:11" />
  <ind-def:state state_ref="oval:de.suse.suse121:ste:21" />
</ind-def:textfilecontent54_test>
<ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:41" version="1" check="at least one" comment="file /etc/sysconfig/dhcpd must have a line that matches ^DHCPD6_RUN_AS.*dhcpd" check_existence="at_least_one_exists">
  <ind-def:object object_ref="oval:de.suse.suse121:obj:11" />
  <ind-def:state state_ref="oval:de.suse.suse121:ste:22" />
</ind-def:textfilecontent54_test>
<ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:42" version="1" check="at least one" comment="file /etc/sysconfig/services must have a line that matches ^DISABLE_RESTART_ON_UPDATE.*yes" check_existence="at_least_one_exists">
  <ind-def:object object_ref="oval:de.suse.suse121:obj:14" />
  <ind-def:state state_ref="oval:de.suse.suse121:ste:27" />
</ind-def:textfilecontent54_test>
<ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:43" version="1" check="at least one" comment="file /etc/sysconfig/services must have a line that matches ^DISABLE_STOP_ON_REMOVAL.*yes" check_existence="at_least_one_exists">
  <ind-def:object object_ref="oval:de.suse.suse121:obj:14" />
  <ind-def:state state_ref="oval:de.suse.suse121:ste:28" />
</ind-def:textfilecontent54_test>
<!-- @@GENOVAL END TESTS -->
</tests>

<objects>
<!-- @@GENOVAL START OBJECTS -->
<ind-def:textfilecontent54_object id="oval:de.suse.suse121:obj:1" version="1" comment="Non-comment lines in /proc/sys/net/ipv4/ip_forward">
  <ind-def:filepath>/proc/sys/net/ipv4/ip_forward</ind-def:filepath>
  <ind-def:pattern operation="pattern match">^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$</ind-def:pattern>
  <ind-def:instance datatype="int" operation="greater than or equal">1</ind-def:instance>
</ind-def:textfilecontent54_object>
<ind-def:textfilecontent54_object id="oval:de.suse.suse121:obj:2" version="1" comment="Non-comment lines in /proc/sys/net/ipv4/tcp_syncookies">
  <ind-def:filepath>/proc/sys/net/ipv4/tcp_syncookies</ind-def:filepath>
  <ind-def:pattern operation="pattern match">^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$</ind-def:pattern>
  <ind-def:instance datatype="int" operation="greater than or equal">1</ind-def:instance>
</ind-def:textfilecontent54_object>
<ind-def:textfilecontent54_object id="oval:de.suse.suse121:obj:3" version="1" comment="Kernel configuration entry CONFIG_SYN_COOKIES">
  <ind-def:filepath>/usr/src/linux/.config</ind-def:filepath>
  <ind-def:pattern operation="pattern match">(CONFIG_SYN_COOKIES.*)</ind-def:pattern>
  <ind-def:instance datatype="int" operation="greater than or equal">1</ind-def:instance>
</ind-def:textfilecontent54_object>
<ind-def:textfilecontent54_object id="oval:de.suse.suse121:obj:4" version="1" comment="Non-comment lines in /proc/sys/net/ipv6/conf/all/forwarding">
  <ind-def:filepath>/proc/sys/net/ipv6/conf/all/forwarding</ind-def:filepath>
  <ind-def:pattern operation="pattern match">^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$</ind-def:pattern>
  <ind-def:instance datatype="int" operation="greater than or equal">1</ind-def:instance>
</ind-def:textfilecontent54_object>
<ind-def:textfilecontent54_object id="oval:de.suse.suse121:obj:5" version="1" comment="Non-comment lines in /proc/sys/net/ipv6/conf/default/forwarding">
  <ind-def:filepath>/proc/sys/net/ipv6/conf/default/forwarding</ind-def:filepath>
  <ind-def:pattern operation="pattern match">^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$</ind-def:pattern>
  <ind-def:instance datatype="int" operation="greater than or equal">1</ind-def:instance>
</ind-def:textfilecontent54_object>
<ind-def:textfilecontent54_object id="oval:de.suse.suse121:obj:6" version="1" comment="Non-comment lines in /proc/sys/kernel/sysrq">
  <ind-def:filepath>/proc/sys/kernel/sysrq</ind-def:filepath>
  <ind-def:pattern operation="pattern match">^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$</ind-def:pattern>
  <ind-def:instance datatype="int" operation="greater than or equal">1</ind-def:instance>
</ind-def:textfilecontent54_object>
<ind-def:textfilecontent54_object id="oval:de.suse.suse121:obj:7" version="1" comment="Non-comment lines in /etc/login.defs">
  <ind-def:filepath>/etc/login.defs</ind-def:filepath>
  <ind-def:pattern operation="pattern match">^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$</ind-def:pattern>
  <ind-def:instance datatype="int" operation="greater than or equal">1</ind-def:instance>
</ind-def:textfilecontent54_object>
<ind-def:textfilecontent54_object id="oval:de.suse.suse121:obj:8" version="1" comment="Non-comment lines in /etc/pam.d/common-passwd">
  <ind-def:filepath>/etc/pam.d/common-passwd</ind-def:filepath>
  <ind-def:pattern operation="pattern match">^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$</ind-def:pattern>
  <ind-def:instance datatype="int" operation="greater than or equal">1</ind-def:instance>
</ind-def:textfilecontent54_object>
<ind-def:textfilecontent54_object id="oval:de.suse.suse121:obj:9" version="1" comment="Non-comment lines in /etc/default/passwd">
  <ind-def:filepath>/etc/default/passwd</ind-def:filepath>
  <ind-def:pattern operation="pattern match">^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$</ind-def:pattern>
  <ind-def:instance datatype="int" operation="greater than or equal">1</ind-def:instance>
</ind-def:textfilecontent54_object>
<ind-def:textfilecontent54_object id="oval:de.suse.suse121:obj:10" version="1" comment="Non-comment lines in /etc/pam.d/common-password">
  <ind-def:filepath>/etc/pam.d/common-password</ind-def:filepath>
  <ind-def:pattern operation="pattern match">^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$</ind-def:pattern>
  <ind-def:instance datatype="int" operation="greater than or equal">1</ind-def:instance>
</ind-def:textfilecontent54_object>
<ind-def:textfilecontent54_object id="oval:de.suse.suse121:obj:11" version="1" comment="Non-comment lines in /etc/sysconfig/dhcpd">
  <ind-def:filepath>/etc/sysconfig/dhcpd</ind-def:filepath>
  <ind-def:pattern operation="pattern match">^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$</ind-def:pattern>
  <ind-def:instance datatype="int" operation="greater than or equal">1</ind-def:instance>
</ind-def:textfilecontent54_object>
<ind-def:textfilecontent54_object id="oval:de.suse.suse121:obj:12" version="1" comment="Non-comment lines in /etc/sysconfig/displaymanager">
  <ind-def:filepath>/etc/sysconfig/displaymanager</ind-def:filepath>
  <ind-def:pattern operation="pattern match">^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$</ind-def:pattern>
  <ind-def:instance datatype="int" operation="greater than or equal">1</ind-def:instance>
</ind-def:textfilecontent54_object>
<ind-def:textfilecontent54_object id="oval:de.suse.suse121:obj:13" version="1" comment="Non-comment lines in /etc/sysconfig/security">
  <ind-def:filepath>/etc/sysconfig/security</ind-def:filepath>
  <ind-def:pattern operation="pattern match">^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$</ind-def:pattern>
  <ind-def:instance datatype="int" operation="greater than or equal">1</ind-def:instance>
</ind-def:textfilecontent54_object>
<ind-def:textfilecontent54_object id="oval:de.suse.suse121:obj:14" version="1" comment="Non-comment lines in /etc/sysconfig/services">
  <ind-def:filepath>/etc/sysconfig/services</ind-def:filepath>
  <ind-def:pattern operation="pattern match">^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$</ind-def:pattern>
  <ind-def:instance datatype="int" operation="greater than or equal">1</ind-def:instance>
</ind-def:textfilecontent54_object>
<!-- @@GENOVAL END OBJECTS -->
</objects>

<states>
<!-- @@GENOVAL START STATES -->
<ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:1" version="1" comment="The match of 0">
  <ind-def:subexpression operation="pattern match">0</ind-def:subexpression>
</ind-def:textfilecontent54_state>
<ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:2" version="1" comment="The match of 1">
  <ind-def:subexpression operation="pattern match">1</ind-def:subexpression>
</ind-def:textfilecontent54_state>
<ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:3" version="1" comment="The match of CONFIG_SYN_COOKIES=y">
  <ind-def:subexpression operation="pattern match">CONFIG_SYN_COOKIES=y</ind-def:subexpression>
</ind-def:textfilecontent54_state>
<ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:4" version="1" comment="The match of ^PASS_MAX_DAYS.*99999">
  <ind-def:subexpression operation="pattern match">^PASS_MAX_DAYS.*99999</ind-def:subexpression>
</ind-def:textfilecontent54_state>
<ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:5" version="1" comment="The match of ^PASS_MIN_DAYS.*0">
  <ind-def:subexpression operation="pattern match">^PASS_MIN_DAYS.*0</ind-def:subexpression>
</ind-def:textfilecontent54_state>
<ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:6" version="1" comment="The match of ^PASS_WARN_AGE.*7">
  <ind-def:subexpression operation="pattern match">^PASS_WARN_AGE.*7</ind-def:subexpression>
</ind-def:textfilecontent54_state>
<ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:7" version="1" comment="The match of ^minlen=6">
  <ind-def:subexpression operation="pattern match">^minlen=6</ind-def:subexpression>
</ind-def:textfilecontent54_state>
<ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:8" version="1" comment="The match of ^remember=">
  <ind-def:subexpression operation="pattern match">^remember=</ind-def:subexpression>
</ind-def:textfilecontent54_state>
<ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:9" version="1" comment="The match of ^FAIL_DELAY.*0">
  <ind-def:subexpression operation="pattern match">^FAIL_DELAY.*0</ind-def:subexpression>
</ind-def:textfilecontent54_state>
<ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:10" version="1" comment="The match of ^FAIL_DELAY">
  <ind-def:subexpression operation="pattern match">^FAIL_DELAY</ind-def:subexpression>
</ind-def:textfilecontent54_state>
<ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:11" version="1" comment="The match of ^UID_MIN.*1000">
  <ind-def:subexpression operation="pattern match">^UID_MIN.*1000</ind-def:subexpression>
</ind-def:textfilecontent54_state>
<ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:12" version="1" comment="The match of ^UID_MAX.*60000">
  <ind-def:subexpression operation="pattern match">^UID_MAX.*60000</ind-def:subexpression>
</ind-def:textfilecontent54_state>
<ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:13" version="1" comment="The match of ^GID_MIN.*1000">
  <ind-def:subexpression operation="pattern match">^GID_MIN.*1000</ind-def:subexpression>
</ind-def:textfilecontent54_state>
<ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:14" version="1" comment="The match of ^GID_MAX.*60000">
  <ind-def:subexpression operation="pattern match">^GID_MAX.*60000</ind-def:subexpression>
</ind-def:textfilecontent54_state>
<ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:15" version="1" comment="The match of ^CRYPT_FILES=md5">
  <ind-def:subexpression operation="pattern match">^CRYPT_FILES=md5</ind-def:subexpression>
</ind-def:textfilecontent54_state>
<ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:16" version="1" comment="The match of ^CRYPT_FILES=des">
  <ind-def:subexpression operation="pattern match">^CRYPT_FILES=des</ind-def:subexpression>
</ind-def:textfilecontent54_state>
<ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:17" version="1" comment="The match of minlen=6">
  <ind-def:subexpression operation="pattern match">minlen=6</ind-def:subexpression>
</ind-def:textfilecontent54_state>
<ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:18" version="1" comment="The match of remember=">
  <ind-def:subexpression operation="pattern match">remember=</ind-def:subexpression>
</ind-def:textfilecontent54_state>
<ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:19" version="1" comment="The match of ^DHCPD_RUN_CHROOTED.*yes">
  <ind-def:subexpression operation="pattern match">^DHCPD_RUN_CHROOTED.*yes</ind-def:subexpression>
</ind-def:textfilecontent54_state>
<ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:20" version="1" comment="The match of ^DHCPD_RUN_AS.*dhcpd">
  <ind-def:subexpression operation="pattern match">^DHCPD_RUN_AS.*dhcpd</ind-def:subexpression>
</ind-def:textfilecontent54_state>
<ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:21" version="1" comment="The match of ^DHCPD6_RUN_CHROOTED.*yes">
  <ind-def:subexpression operation="pattern match">^DHCPD6_RUN_CHROOTED.*yes</ind-def:subexpression>
</ind-def:textfilecontent54_state>
<ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:22" version="1" comment="The match of ^DHCPD6_RUN_AS.*dhcpd">
  <ind-def:subexpression operation="pattern match">^DHCPD6_RUN_AS.*dhcpd</ind-def:subexpression>
</ind-def:textfilecontent54_state>
<ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:23" version="1" comment="The match of ^DISPLAYMANAGER_REMOTE_ACCESS.*no">
  <ind-def:subexpression operation="pattern match">^DISPLAYMANAGER_REMOTE_ACCESS.*no</ind-def:subexpression>
</ind-def:textfilecontent54_state>
<ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:24" version="1" comment="The match of ^DISPLAYMANAGER_ROOT_LOGIN_REMOTE.*no">
  <ind-def:subexpression operation="pattern match">^DISPLAYMANAGER_ROOT_LOGIN_REMOTE.*no</ind-def:subexpression>
</ind-def:textfilecontent54_state>
<ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:25" version="1" comment="The match of ^CHECK_PERMISSIONS.*set">
  <ind-def:subexpression operation="pattern match">^CHECK_PERMISSIONS.*set</ind-def:subexpression>
</ind-def:textfilecontent54_state>
<ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:26" version="1" comment="The match of ^CHECK_SIGNATURES.*yes">
  <ind-def:subexpression operation="pattern match">^CHECK_SIGNATURES.*yes</ind-def:subexpression>
</ind-def:textfilecontent54_state>
<ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:27" version="1" comment="The match of ^DISABLE_RESTART_ON_UPDATE.*yes">
  <ind-def:subexpression operation="pattern match">^DISABLE_RESTART_ON_UPDATE.*yes</ind-def:subexpression>
</ind-def:textfilecontent54_state>
<ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:28" version="1" comment="The match of ^DISABLE_STOP_ON_REMOVAL.*yes">
  <ind-def:subexpression operation="pattern match">^DISABLE_STOP_ON_REMOVAL.*yes</ind-def:subexpression>
</ind-def:textfilecontent54_state>
<!-- @@GENOVAL END STATES -->
</states>

<!--
<variables>
-->
<!-- @@GENOVAL START VARIABLES -->
<!-- @@GENOVAL END VARIABLES -->
<!--
<local_variable id="oval:de.suse.suse121.genoval:var:1" version="1" datatype="string" comment="Location where the helper scripts output is stored">
  <object_component item_field="value" object_ref="oval:de.suse.suse121.genoval:obj:1"/>
</local_variable>
</variables>
-->
</oval_definitions>