Thanks for these, please push!
On Wed, Sep 18, 2013 at 11:53 AM, Maura Dailey <[email protected]>wrote: > Pushing out some checks I tested a little while back. I've verified that > no other changes were made on the mailing list. > > - Maura Dailey > > --- > RHEL6/input/checks/mount_option_dev_shm_nodev.xml | 7 +++++-- > RHEL6/input/checks/mount_option_dev_shm_noexec.xml | 14 +++++++++----- > RHEL6/input/checks/mount_option_dev_shm_nosuid.xml | 13 ++++++++----- > 3 files changed, 22 insertions(+), 12 deletions(-) > > diff --git a/RHEL6/input/checks/mount_option_dev_shm_nodev.xml > b/RHEL6/input/checks/mount_option_dev_shm_nodev.xml > index 09b69b6..f00b9e9 100644 > --- a/RHEL6/input/checks/mount_option_dev_shm_nodev.xml > +++ b/RHEL6/input/checks/mount_option_dev_shm_nodev.xml > @@ -8,12 +8,14 @@ > <description>Legitimate character and block devices should not exist > within temporary directories like /dev/shm. The nodev mount option > should > be specified for /dev/shm.</description> > + <reference source="MED" ref_id="20130820" > ref_url="test_attestation" /> > </metadata> > <criteria> > <criterion comment="nodev on /dev/shm" > test_ref="test_nodev_dev_shm" /> > </criteria> > </definition> > - <linux:partition_test check="all" check_existence="all_exist" > id="test_nodev_dev_shm" version="1" comment="nodev on /dev/shm"> > + <linux:partition_test check="all" check_existence="all_exist" > + id="test_nodev_dev_shm" version="1" comment="nodev on /dev/shm"> > <linux:object object_ref="object_dev_shm_partition_nodev" /> > <linux:state state_ref="state_dev_shm_nodev" /> > </linux:partition_test> > @@ -21,6 +23,7 @@ > <linux:mount_point>/dev/shm</linux:mount_point> > </linux:partition_object> > <linux:partition_state id="state_dev_shm_nodev" version="1"> > - <linux:mount_options datatype="string" entity_check="at least one" > operation="equals">nodev</linux:mount_options> > + <linux:mount_options datatype="string" entity_check="at least one" > + operation="equals">nodev</linux:mount_options> > </linux:partition_state> > </def-group> > diff --git a/RHEL6/input/checks/mount_option_dev_shm_noexec.xml > b/RHEL6/input/checks/mount_option_dev_shm_noexec.xml > index 25ac4fb..825f761 100644 > --- a/RHEL6/input/checks/mount_option_dev_shm_noexec.xml > +++ b/RHEL6/input/checks/mount_option_dev_shm_noexec.xml > @@ -5,15 +5,18 @@ > <affected family="unix"> > <platform>Red Hat Enterprise Linux 6</platform> > </affected> > - <description>It can be dangerous to allow the execution of binaries > - from world-writable temporary storage directories such as /dev/shm. > - The noexec mount option prevents binaries from being executed out > of /dev/shm.</description> > + <description>It can be dangerous to allow the execution of binaries > from > + world-writable temporary storage directories such as /dev/shm. The > noexec > + mount option prevents binaries from being executed out of > + /dev/shm.</description> > + <reference source="MED" ref_id="20130821" > ref_url="test_attestation" /> > </metadata> > <criteria> > <criterion comment="noexec on /dev/shm" > test_ref="test_noexec_dev_shm" /> > </criteria> > </definition> > - <linux:partition_test check="all" check_existence="all_exist" > id="test_noexec_dev_shm" version="1" comment="noexec on /dev/shm"> > + <linux:partition_test check="all" check_existence="all_exist" > + id="test_noexec_dev_shm" version="1" comment="noexec on /dev/shm"> > <linux:object object_ref="object_dev_shm_partition_noexec" /> > <linux:state state_ref="state_dev_shm_noexec" /> > </linux:partition_test> > @@ -21,6 +24,7 @@ > <linux:mount_point>/dev/shm</linux:mount_point> > </linux:partition_object> > <linux:partition_state id="state_dev_shm_noexec" version="1"> > - <linux:mount_options datatype="string" entity_check="at least one" > operation="equals">noexec</linux:mount_options> > + <linux:mount_options datatype="string" entity_check="at least one" > + operation="equals">noexec</linux:mount_options> > </linux:partition_state> > </def-group> > diff --git a/RHEL6/input/checks/mount_option_dev_shm_nosuid.xml > b/RHEL6/input/checks/mount_option_dev_shm_nosuid.xml > index e7c517d..2bc1463 100644 > --- a/RHEL6/input/checks/mount_option_dev_shm_nosuid.xml > +++ b/RHEL6/input/checks/mount_option_dev_shm_nosuid.xml > @@ -5,15 +5,17 @@ > <affected family="unix"> > <platform>Red Hat Enterprise Linux 6</platform> > </affected> > - <description>The nosuid mount option should be set for temporary > - storage partitions such as /dev/shm. The suid/sgid permissions > - should not be required in these world-writable > directories.</description> > + <description>The nosuid mount option should be set for temporary > storage > + partitions such as /dev/shm. The suid/sgid permissions should not be > + required in these world-writable directories.</description> > + <reference source="MED" ref_id="20130821" > ref_url="test_attestation" /> > </metadata> > <criteria> > <criterion comment="nosuid on /dev/shm" > test_ref="test_nosuid_dev_shm" /> > </criteria> > </definition> > - <linux:partition_test check="all" check_existence="all_exist" > id="test_nosuid_dev_shm" version="1" comment="nosuid on /dev/shm"> > + <linux:partition_test check="all" check_existence="all_exist" > + id="test_nosuid_dev_shm" version="1" comment="nosuid on /dev/shm"> > <linux:object object_ref="object_dev_shm_partition_nosuid" /> > <linux:state state_ref="state_dev_shm_nosuid" /> > </linux:partition_test> > @@ -21,6 +23,7 @@ > <linux:mount_point>/dev/shm</linux:mount_point> > </linux:partition_object> > <linux:partition_state id="state_dev_shm_nosuid" version="1"> > - <linux:mount_options datatype="string" entity_check="at least one" > operation="equals">nosuid</linux:mount_options> > + <linux:mount_options datatype="string" entity_check="at least one" > + operation="equals">nosuid</linux:mount_options> > </linux:partition_state> > </def-group> > -- > 1.7.1 > > _______________________________________________ > scap-security-guide mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide >
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
