From: Shawn Wells <[email protected]>
TESTING:
[user@redhat-thing-1 checks]$ grep ftp /etc/passwd
ftp:x:14:50:FTP User:/var/ftp:/bin/bash
[user@redhat-thing-1 checks]$ ./testcheck.py
accounts_no_shelllogin_for_systemaccounts.xml
Evaluating with OVAL tempfile :
/tmp/accounts_no_shelllogin_for_systemaccountszRaZw9.xml
Writing results to :
/tmp/accounts_no_shelllogin_for_systemaccountszRaZw9.xml-results
Definition oval:scap-security-guide.testing:def:104: false
Evaluation done.
[user@redhat-thing-1 checks]$ grep ftp /etc/passwd
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
[user@redhat-thing-1 checks]$ ./testcheck.py
accounts_no_shelllogin_for_systemaccounts.xml
Evaluating with OVAL tempfile :
/tmp/accounts_no_shelllogin_for_systemaccountsn0AVoG.xml
Writing results to :
/tmp/accounts_no_shelllogin_for_systemaccountsn0AVoG.xml-results
Definition oval:scap-security-guide.testing:def:104: true
Evaluation done.
[user@redhat-thing-1 checks]$ vim accounts_no_shelllogin_for_systemaccounts.xml
[user@redhat-thing-1 checks]$ ./testcheck.py
accounts_no_shelllogin_for_systemaccounts.xml
Evaluating with OVAL tempfile :
/tmp/accounts_no_shelllogin_for_systemaccountsiUXzmf.xml
Writing results to :
/tmp/accounts_no_shelllogin_for_systemaccountsiUXzmf.xml-results
Definition oval:scap-security-guide.testing:def:104: true
Evaluation done.
---
.../accounts_no_shelllogin_for_systemaccounts.xml | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/RHEL6/input/checks/accounts_no_shelllogin_for_systemaccounts.xml
b/RHEL6/input/checks/accounts_no_shelllogin_for_systemaccounts.xml
index 966f75b..ff17b6e 100644
--- a/RHEL6/input/checks/accounts_no_shelllogin_for_systemaccounts.xml
+++ b/RHEL6/input/checks/accounts_no_shelllogin_for_systemaccounts.xml
@@ -6,6 +6,7 @@
<platform>Red Hat Enterprise Linux 6</platform>
</affected>
<description>The root account is the only system account that should
have a login shell.</description>
+ <reference source="swells" ref_id="20130918" ref_url="test_attestation"
/>
</metadata>
<criteria>
<criterion comment="tests for the presence of login shells (not
/sbin/nologin) for system accounts in /etc/passwd file"
test_ref="test_accounts_no_shelllogin_for_systemaccounts" />
@@ -15,8 +16,7 @@
<ind:object object_ref="object_accounts_no_shelllogin_for_systemaccounts"
/>
</ind:textfilecontent54_test>
<ind:textfilecontent54_object
id="object_accounts_no_shelllogin_for_systemaccounts" version="1">
- <ind:path>/etc</ind:path>
- <ind:filename>passwd</ind:filename>
+ <ind:filepath>/etc/passwd</ind:filepath>
<ind:pattern operation="pattern
match">^(?!root).*:x:[\d]*:0*([0-9]{1,2}|[1-4][0-9]{2}):[^:]*:[^:]*:(?!\/sbin\/nologin|\/bin\/sync|\/sbin\/shutdown|\/sbin\/halt).*$</ind:pattern>
<ind:instance datatype="int">1</ind:instance>
</ind:textfilecontent54_object>
--
1.7.1
_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
