Re: request for help creating new oval: file_ownership_binary_dirs

Mon, 30 Sep 2013 09:12:34 -0700 

On 09/28/2013 04:27 PM, Shawn Wells wrote:

On 9/28/13 4:25 PM, Shawn Wells wrote:
I'm attempting to create an OVAL check for file_ownership_binary_dirs, which will check various files for root ownership. I can't get the check to pass, though I verified I've no non-root owned files. 

I've defined a number of tests, e.g.:

  <unix:file_test check="all" check_existence="all_exist" 
comment="/bin files owned by root" id="test_ownership_bin_files" 
version="1">

    <unix:object object_ref="object_root_ownership_bin_files" />
    <unix:state state_ref="state_root_ownership" />
  </unix:file_test>


  <unix:file_object comment="/bin files" 
id="object_root_ownership_bin_files" version="1">
    <unix:behaviors recurse="symlinks and directories" 
recurse_direction="down" max_depth="-1" recurse_file_system="all" />

    <unix:path operation="equals">/bin</unix:path>
    <unix:filename operation="pattern match">^.*$</unix:filename>
    <filter action="exclude">state_symlink</filter>
  </unix:file_object>


And the state_root_ownership:


  <unix:file_state id="state_root_ownership" version="1">
    <unix:user_id datatype="int">0</unix:user_id>
  </unix:file_state>



I've also tried using a filter, versus a state_ref in the file_test:

  <unix:file_test check="all" check_existence="all_exist" 
comment="/bin files go-w" id="test_ownership_bin_files" version="1">

    <unix:object object_ref="object_root_ownership_bin_files" />
  </unix:file_test>


  <unix:file_object comment="/bin files" 
id="object_root_ownership_bin_files" version="1">
    <unix:behaviors recurse="symlinks and directories" 
recurse_direction="down" max_depth="-1" recurse_file_system="all" />

    <unix:path operation="equals">/bin</unix:path>
    <unix:filename operation="pattern match">^.*$</unix:filename>
    <filter action="exclude">state_symlink</filter>
    <filter action="exclude">state_root_ownership</filter>
  </unix:file_object>


Any ideas on where I'm going wrong?


Thanks! 


FWIW, here's how I'm verifying that all files are root owned:

DIRS="/bin /usr/bin /usr/local/bin /sbin /usr/sbin /usr/local/sbin"
for dirPath in $DIRS; do
        find $dirPath \! -user root -exec chown root '{}' \;
done


_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide



Is it failing with "file does not exist" or something like that? Check 
near the bottom of the generated results file.


- Maura Dailey
_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide






















					Reply via email to