>From 06cb74271005a064e88c01e0dbac6bdf87e3a976 Mon Sep 17 00:00:00 2001 From: Shawn Wells <[email protected]> Date: Fri, 28 Sep 2012 00:35:01 -0400 Subject: [PATCH 5/8] Signed off on user_umask_profile - Updated OCIL conditional check to reflect failure if OCIL check returns no output - Signed off on user_umask_profile
--- RHEL6/input/system/accounts/session.xml | 12 +++++------- 1 files changed, 5 insertions(+), 7 deletions(-) diff --git a/RHEL6/input/system/accounts/session.xml b/RHEL6/input/system/accounts/session.xml index 6ca238b..fbb5e8d 100644 --- a/RHEL6/input/system/accounts/session.xml +++ b/RHEL6/input/system/accounts/session.xml @@ -255,7 +255,7 @@ umask 077</pre> <Rule id="user_umask_profile"> -<title>Ensure the Default Umask is Set Correctly in /etc/profile</title> +<title>Ensure the Default umask is Set Correctly in /etc/profile</title> <description> To ensure the default umask controlled by <tt>/etc/profile</tt> is set properly, add or correct the <tt>umask</tt> setting in <tt>/etc/profile</tt> to read as follows: @@ -265,7 +265,7 @@ add or correct the <tt>umask</tt> setting in <tt>/etc/profile</tt> to read as fo A misconfigured umask value could result in files with excessive permissions that can be read and/or written to by unauthorized users.</rationale> <ident cce="14847-8" /> -<ocil clause="the umask is configured incorrectly"> +<ocil clause="the above command returns no output, or if the umask is configured incorrectly"> Verify the <tt>umask</tt> setting is configured correctly in the <tt>/etc/profile</tt> file by running the following command: <pre># grep "umask" /etc/profile</pre> @@ -274,12 +274,12 @@ All output must show the value of <tt>umask</tt> set to 077, as shown in the bel umask 077</pre> </ocil> <oval id="accounts_umask_etc_profile" value="umask_user_value" /> +<tested by="swells" on="20120929"/> <ref nist="CM-6, CM-7"/> </Rule> - <Rule id="user_umask_logindefs"> -<title>Ensure the Default Umask is Set Correctly in login.defs</title> +<title>Ensure the Default umask is Set Correctly in login.defs</title> <description> To ensure the default umask controlled by <tt>/etc/login.defs</tt> is set properly, add or correct the <tt>umask</tt> setting in <tt>/etc/login.defs</tt> to read as follows: @@ -299,10 +299,8 @@ umask 077</pre> <ident cce="14107-7" /> <oval id="accounts_umask_login_defs" value="umask_user_value" /> <ref nist="CM-6, CM-7"/> -<tested by="SDW" on="20120929"> +<tested by="swells" on="20120929" /> </Rule> </Group> - - </Group> -- 1.7.1
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
