On 10/4/13 8:13 PM, Jeff Bachtel wrote:
I keep getting a fail on CCE-27032-2, even after rebuilding SSG from
master. The bad thing is that find / -nouser and find / -nogroup are
not finding whatever files are triggering the warning.
Is there a debug flag I should be using for more details from oscap to
track this down?
The failure should be in your results file. Since you're using source:
[shawn@SSG-RHEL6 checks]$ pwd
/var/www/html/scap-security-guide/RHEL6/input/checks
[shawn@SSG-RHEL6 checks]$ sudo find / -xdev -type d -perm 0002 -uid +500
-print
[shawn@SSG-RHEL6 checks]$ ./testcheck.py
dir_perms_world_writable_system_owned.xml
Evaluating with OVAL tempfile :
/tmp/dir_perms_world_writable_system_owneddqzNLB.xml
Writing results to :
/tmp/dir_perms_world_writable_system_owneddqzNLB.xml-results
Definition oval:scap-security-guide.testing:def:148: false
Evaluation done.
Open your results file and check what's in the system_data area. It'll
indicate what files/dirs are causing the fail. On mine:
[shawn@SSG-RHEL6 checks]$ grep -4 system_data
/tmp/dir_perms_world_writable_system_owneddqzNLB.xml-results
<object id="oval:scap-security-guide.testing:obj:150"
version="1" flag="complete">
<reference item_ref="1104981"/>
</object>
</collected_objects>
<system_data>
<unix-sys:file_item id="1104981" status="exists">
<unix-sys:path>/test</unix-sys:path>
<unix-sys:filename></unix-sys:filename>
<unix-sys:type>directory</unix-sys:type>
--
Clearly the find command needs updating though
_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
