Pushed ----- Shawn Wells Director, Innovation Programs [email protected] | 443.534.0130 @shawndwells
On Sep 18, 2013, at 4:42 PM, David Smith <[email protected]> wrote: > ack x9 -- please push > > On 09/18/2013 04:38 PM, [email protected] wrote: >> From: Shawn Wells <[email protected]> >> >> TESTING: >> [user@redhat-thing-1 checks]$ grep ftp /etc/passwd >> ftp:x:14:50:FTP User:/var/ftp:/bin/bash >> [user@redhat-thing-1 checks]$ ./testcheck.py >> accounts_no_shelllogin_for_systemaccounts.xml >> Evaluating with OVAL tempfile : >> /tmp/accounts_no_shelllogin_for_systemaccountszRaZw9.xml >> Writing results to : >> /tmp/accounts_no_shelllogin_for_systemaccountszRaZw9.xml-results >> Definition oval:scap-security-guide.testing:def:104: false >> Evaluation done. >> [user@redhat-thing-1 checks]$ grep ftp /etc/passwd >> ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin >> [user@redhat-thing-1 checks]$ ./testcheck.py >> accounts_no_shelllogin_for_systemaccounts.xml >> Evaluating with OVAL tempfile : >> /tmp/accounts_no_shelllogin_for_systemaccountsn0AVoG.xml >> Writing results to : >> /tmp/accounts_no_shelllogin_for_systemaccountsn0AVoG.xml-results >> Definition oval:scap-security-guide.testing:def:104: true >> Evaluation done. >> [user@redhat-thing-1 checks]$ vim >> accounts_no_shelllogin_for_systemaccounts.xml >> [user@redhat-thing-1 checks]$ ./testcheck.py >> accounts_no_shelllogin_for_systemaccounts.xml >> Evaluating with OVAL tempfile : >> /tmp/accounts_no_shelllogin_for_systemaccountsiUXzmf.xml >> Writing results to : >> /tmp/accounts_no_shelllogin_for_systemaccountsiUXzmf.xml-results >> Definition oval:scap-security-guide.testing:def:104: true >> Evaluation done. >> --- >> .../accounts_no_shelllogin_for_systemaccounts.xml | 4 ++-- >> 1 files changed, 2 insertions(+), 2 deletions(-) >> >> diff --git >> a/RHEL6/input/checks/accounts_no_shelllogin_for_systemaccounts.xml >> b/RHEL6/input/checks/accounts_no_shelllogin_for_systemaccounts.xml >> index 966f75b..ff17b6e 100644 >> --- a/RHEL6/input/checks/accounts_no_shelllogin_for_systemaccounts.xml >> +++ b/RHEL6/input/checks/accounts_no_shelllogin_for_systemaccounts.xml >> @@ -6,6 +6,7 @@ >> <platform>Red Hat Enterprise Linux 6</platform> >> </affected> >> <description>The root account is the only system account that should >> have a login shell.</description> >> + <reference source="swells" ref_id="20130918" >> ref_url="test_attestation" /> >> </metadata> >> <criteria> >> <criterion comment="tests for the presence of login shells (not >> /sbin/nologin) for system accounts in /etc/passwd file" >> test_ref="test_accounts_no_shelllogin_for_systemaccounts" /> >> @@ -15,8 +16,7 @@ >> <ind:object >> object_ref="object_accounts_no_shelllogin_for_systemaccounts" /> >> </ind:textfilecontent54_test> >> <ind:textfilecontent54_object >> id="object_accounts_no_shelllogin_for_systemaccounts" version="1"> >> - <ind:path>/etc</ind:path> >> - <ind:filename>passwd</ind:filename> >> + <ind:filepath>/etc/passwd</ind:filepath> >> <ind:pattern operation="pattern >> match">^(?!root).*:x:[\d]*:0*([0-9]{1,2}|[1-4][0-9]{2}):[^:]*:[^:]*:(?!\/sbin\/nologin|\/bin\/sync|\/sbin\/shutdown|\/sbin\/halt).*$</ind:pattern> >> <ind:instance datatype="int">1</ind:instance> >> </ind:textfilecontent54_object> > > _______________________________________________ > scap-security-guide mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
