Ack -- please push. Thanks!
On 08/10/2012 08:43 PM, Willy Santos wrote: > --- > .../accounts/restrictions/password_storage.xml | 24 > +++++++++++++++++++- > 1 files changed, 23 insertions(+), 1 deletions(-) > > diff --git a/RHEL6/input/system/accounts/restrictions/password_storage.xml > b/RHEL6/input/system/accounts/restrictions/password_storage.xml > index 8f39126..29572f2 100644 > --- a/RHEL6/input/system/accounts/restrictions/password_storage.xml > +++ b/RHEL6/input/system/accounts/restrictions/password_storage.xml > @@ -40,7 +40,6 @@ environments. > <ref nist="AC-3, CM-6, IA-5" /> > </Rule> > > - > <Rule id="no_hashes_outside_shadow"> > <title>Verify All Account Password Hashes are Shadowed</title> > <description>To ensure that no password hashes are stored in > @@ -56,5 +55,28 @@ which is readable by all users. > <oval id="accounts_password_all_shadowed" /> > <ref nist="IA-5" disa="196" /> > </Rule> > + > +<Rule id="no_netrc_files"> > +<title>Verify No netrc Files Exist</title> > +<description>The <tt>.netrc</tt> files contain login information > +used to auto-login into FTP servers and reside in the user's home > +directory. These files may contain unencrypted passwords to > +remote FTP servers making them susceptible to access by unauthorized > +users and should not be used. > +<br /><br /> > +To check the system for the existence of any <tt>.netrc</tt> files, > +run the following command: > +<pre># find / -name .netrc</pre> > +</description> > +<rationale> > +Unencrypted passwords for remote FTP servers may be stored in <tt>.netrc</tt> > +files. DoD policy requires passwords be encrypted in storage and not used > +in access scripts. > +</rationale> > +<ident cce="TODO" /> > +<oval id="TODO" /> > +<ref nist="IA-5" disa="196" /> > +</Rule> > + > </Group> > _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
