>From 6b16fcc50ba522c0f87fafeb448274e98c1f54cc Mon Sep 17 00:00:00 2001 From: Shawn Wells <[email protected]> Date: Wed, 4 Jul 2012 01:14:05 -0400 Subject: [PATCH 04/11] Updated prose of userowner_shadow_file, mapped to CCI-000225 Updated language to match that of RHEL5 STIG, mapped to CCI-000225
--- rhel6/src/input/system/permissions/files.xml | 9 ++++++--- 1 files changed, 6 insertions(+), 3 deletions(-) diff --git a/rhel6/src/input/system/permissions/files.xml b/rhel6/src/input/system/permissions/files.xml index 561f26a..ce190b6 100644 --- a/rhel6/src/input/system/permissions/files.xml +++ b/rhel6/src/input/system/permissions/files.xml @@ -21,11 +21,14 @@ enabled.</description> <title>Verify user who owns <tt>shadow</tt> file</title> <description>The <tt>/etc/shadow</tt> file should be owned by root.</description> -<rationale>The /etc/shadow file stores password hashes. Protection of this file is -critical for system security.</rationale> +<rationale>The <tt>/etc/shadow</tt> file contains the list of local +system accounts and stores password hashes. Protection of this file is +critical for system security. Failure to give ownership of this file +to root provides the designated owner with access to sensitive information +which could weaken the system security posture.</rationale> <ident cce="3918-0" /> <oval id="file_owner_etc_shadow" /> -<ref nist="AC-3, CM-6"/> +<ref nist="AC-3, CM-6" disa="225"/> </Rule> <Rule id="groupowner_shadow_file"> -- 1.7.1
_______________________________________________ scap-security-guide mailing list [email protected] https://fedorahosted.org/mailman/listinfo/scap-security-guide
