>From 17ae9da8bb349020a10ed56f89a1f437fd5e8fcb Mon Sep 17 00:00:00 2001 From: Shawn Wells <[email protected]> Date: Sun, 15 Sep 2013 19:53:17 -0400 Subject: [PATCH 19/22] Added remediation for disable_users_coredumps - OVAL/XCCDF naming - Added remediation
TESTING: [root@SSG-RHEL6 checks]# ./testcheck.py disable_users_coredumps.xml Evaluating with OVAL tempfile : /tmp/disable_users_coredumpsbV8MsT.xml Writing results to : /tmp/disable_users_coredumpsbV8MsT.xml-results Definition oval:scap-security-guide.testing:def:221: false Evaluation done. [root@SSG-RHEL6 checks]# bash ../fixes/bash/disable_users_coredumps.sh [root@SSG-RHEL6 checks]# ./testcheck.py disable_users_coredumps.xml Evaluating with OVAL tempfile : /tmp/disable_users_coredumpsTRSdQo.xml Writing results to : /tmp/disable_users_coredumpsTRSdQo.xml-results Definition oval:scap-security-guide.testing:def:221: true Evaluation done. --- RHEL6/input/checks/core_dumps_limitsconf.xml | 31 --------------------- RHEL6/input/checks/disable_users_coredumps.xml | 31 +++++++++++++++++++++ RHEL6/input/fixes/bash/disable_users_coredumps.sh | 1 + RHEL6/input/system/permissions/execution.xml | 2 +- 4 files changed, 33 insertions(+), 32 deletions(-) delete mode 100644 RHEL6/input/checks/core_dumps_limitsconf.xml create mode 100644 RHEL6/input/checks/disable_users_coredumps.xml create mode 100644 RHEL6/input/fixes/bash/disable_users_coredumps.sh diff --git a/RHEL6/input/checks/core_dumps_limitsconf.xml b/RHEL6/input/checks/core_dumps_limitsconf.xml deleted file mode 100644 index 6732cdb..0000000 --- a/RHEL6/input/checks/core_dumps_limitsconf.xml +++ /dev/null @@ -1,31 +0,0 @@ -<def-group> - <definition class="compliance" id="core_dumps_limitsconf" version="1"> - <metadata> - <title>Disable Core Dumps</title> - <affected family="unix"> - <platform>Red Hat Enterprise Linux 6</platform> - </affected> - <description>Core dumps for all users should be disabled</description> - <reference source="MED" ref_id="20130807" ref_url="test_attestation" /> - </metadata> - <criteria> - <criterion comment="Are core dumps disabled" - test_ref="test_core_dumps_limitsconf" /> - </criteria> - </definition> - <ind:textfilecontent54_test check="all" - comment="Tests the value of the ^[\s]*\*[\s]+hard[\s]+core[\s]+([\d]+) setting in the /etc/security/limits.conf file" - id="test_core_dumps_limitsconf" version="1"> - <ind:object object_ref="object_core_dumps_limitsconf" /> - <ind:state state_ref="state_core_dumps_limitsconf" /> - </ind:textfilecontent54_test> - <ind:textfilecontent54_state id="state_core_dumps_limitsconf" version="1"> - <ind:subexpression operation="equals">0</ind:subexpression> - </ind:textfilecontent54_state> - <ind:textfilecontent54_object id="object_core_dumps_limitsconf" version="1"> - <ind:path>/etc/security</ind:path> - <ind:filename>limits.conf</ind:filename> - <ind:pattern operation="pattern match">^[\s]*\*[\s]+hard[\s]+core[\s]+([\d]+)</ind:pattern> - <ind:instance datatype="int">1</ind:instance> - </ind:textfilecontent54_object> -</def-group> diff --git a/RHEL6/input/checks/disable_users_coredumps.xml b/RHEL6/input/checks/disable_users_coredumps.xml new file mode 100644 index 0000000..6732cdb --- /dev/null +++ b/RHEL6/input/checks/disable_users_coredumps.xml @@ -0,0 +1,31 @@ +<def-group> + <definition class="compliance" id="core_dumps_limitsconf" version="1"> + <metadata> + <title>Disable Core Dumps</title> + <affected family="unix"> + <platform>Red Hat Enterprise Linux 6</platform> + </affected> + <description>Core dumps for all users should be disabled</description> + <reference source="MED" ref_id="20130807" ref_url="test_attestation" /> + </metadata> + <criteria> + <criterion comment="Are core dumps disabled" + test_ref="test_core_dumps_limitsconf" /> + </criteria> + </definition> + <ind:textfilecontent54_test check="all" + comment="Tests the value of the ^[\s]*\*[\s]+hard[\s]+core[\s]+([\d]+) setting in the /etc/security/limits.conf file" + id="test_core_dumps_limitsconf" version="1"> + <ind:object object_ref="object_core_dumps_limitsconf" /> + <ind:state state_ref="state_core_dumps_limitsconf" /> + </ind:textfilecontent54_test> + <ind:textfilecontent54_state id="state_core_dumps_limitsconf" version="1"> + <ind:subexpression operation="equals">0</ind:subexpression> + </ind:textfilecontent54_state> + <ind:textfilecontent54_object id="object_core_dumps_limitsconf" version="1"> + <ind:path>/etc/security</ind:path> + <ind:filename>limits.conf</ind:filename> + <ind:pattern operation="pattern match">^[\s]*\*[\s]+hard[\s]+core[\s]+([\d]+)</ind:pattern> + <ind:instance datatype="int">1</ind:instance> + </ind:textfilecontent54_object> +</def-group> diff --git a/RHEL6/input/fixes/bash/disable_users_coredumps.sh b/RHEL6/input/fixes/bash/disable_users_coredumps.sh new file mode 100644 index 0000000..dcfcda3 --- /dev/null +++ b/RHEL6/input/fixes/bash/disable_users_coredumps.sh @@ -0,0 +1 @@ +echo "* hard core 0" >> /etc/security/limits.conf diff --git a/RHEL6/input/system/permissions/execution.xml b/RHEL6/input/system/permissions/execution.xml index e15f7ff..9ce2f86 100644 --- a/RHEL6/input/system/permissions/execution.xml +++ b/RHEL6/input/system/permissions/execution.xml @@ -86,7 +86,7 @@ The output should be: terminates an application. The memory image could contain sensitive data and is generally useful only for developers trying to debug problems.</rationale> <ident cce="27033-0" /> -<oval id="core_dumps_limitsconf" /> +<oval id="disable_users_coredumps" /> <ref nist="SC-5" /> </Rule> -- 1.7.1
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
