>From ee559c284d957bd607f7ad8cacc1500ae4c4b915 Mon Sep 17 00:00:00 2001 From: Shawn Wells <[email protected]> Date: Fri, 28 Sep 2012 00:47:16 -0400 Subject: [PATCH 6/8] Signed off on world_writable_files_system_ownership - Updated find command. It's trivial, but modifying to "-perm 0002" is easier to read/understand "-perm -0002" - Signed off on the rule
--- RHEL6/input/system/permissions/files.xml | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/RHEL6/input/system/permissions/files.xml b/RHEL6/input/system/permissions/files.xml index 0b58a19..965a1a4 100644 --- a/RHEL6/input/system/permissions/files.xml +++ b/RHEL6/input/system/permissions/files.xml @@ -430,7 +430,7 @@ appropriate group. The following command will discover and print world-writable directories that are not owned by a system account, given the assumption that only system accounts have a uid lower than 500. Run it once for each local partition <i>PART</i>: -<pre># find <i>PART</i> -xdev -type d -perm -0002 -uid +500 -print</pre> +<pre># find <i>PART</i> -xdev -type d -perm 0002 -uid +500 -print</pre> </ocil> <rationale> Allowing a user account to own a world-writeable directory is @@ -441,5 +441,6 @@ users. <ident cce="14794-2" /> <oval id="dir_perms_world_writable_system_owned" /> <ref nist="AC-3, CM-6"/> +<tested by="swells" on="20120929"/> </Rule> </Group> -- 1.7.1
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
