>From f5d42e066a3175782a42187f1649bcb4af04e479 Mon Sep 17 00:00:00 2001 From: Shawn Wells <[email protected]> Date: Sun, 10 Nov 2013 01:57:24 -0500 Subject: [PATCH 07/11] Updated OVAL + remediation for accounts_umask_cshrc - Updated XCCDF/OVAL naming scheme to accounts_* - filename/filepath update - Added remediation
TESTING: [root@SSG-RHEL6 checks]# var_accounts_user_umask=077 ; export var_accounts_user_umask [root@SSG-RHEL6 checks]# ./testcheck.py accounts_umask_cshrc.xml external_variable with id : var_accounts_user_umask Evaluating with OVAL tempfile : /tmp/accounts_umask_cshrcwvaIIz.xml Writing results to : /tmp/accounts_umask_cshrcwvaIIz.xml-results Definition oval:scap-security-guide.testing:def:285: false Evaluation done. [root@SSG-RHEL6 checks]# cd ../fixes/bash/ [root@SSG-RHEL6 bash]# bash accounts_umask_cshrc.sh [root@SSG-RHEL6 bash]# cd - /var/www/html/scap-security-guide/RHEL6/input/checks [root@SSG-RHEL6 checks]# ./testcheck.py accounts_umask_cshrc.xml external_variable with id : var_accounts_user_umask Evaluating with OVAL tempfile : /tmp/accounts_umask_cshrckFVvtN.xml Writing results to : /tmp/accounts_umask_cshrckFVvtN.xml-results Definition oval:scap-security-guide.testing:def:285: true Evaluation done. --- RHEL6/input/fixes/bash/accounts_umask_cshrc.sh | 8 ++++++++ RHEL6/input/profiles/CS2.xml | 2 +- RHEL6/input/profiles/stig-rhel6-server.xml | 2 +- RHEL6/input/profiles/test.xml | 2 +- RHEL6/input/profiles/usgcb-rhel6-server.xml | 2 +- RHEL6/input/system/accounts/session.xml | 2 +- 6 files changed, 13 insertions(+), 5 deletions(-) create mode 100644 RHEL6/input/fixes/bash/accounts_umask_cshrc.sh diff --git a/RHEL6/input/fixes/bash/accounts_umask_cshrc.sh b/RHEL6/input/fixes/bash/accounts_umask_cshrc.sh new file mode 100644 index 0000000..2349ad2 --- /dev/null +++ b/RHEL6/input/fixes/bash/accounts_umask_cshrc.sh @@ -0,0 +1,8 @@ +source ./templates/support.sh +populate var_accounts_user_umask + +grep -q umask /etc/csh.cshrc && \ + sed -i "s/umask.*/umask $var_accounts_user_umask/g" /etc/csh.cshrc +if ! [ $? -eq 0 ]; then + echo "umask $var_accounts_user_umask" >> /etc/csh.cshrc +fi diff --git a/RHEL6/input/profiles/CS2.xml b/RHEL6/input/profiles/CS2.xml index 37608ea..05966f0 100644 --- a/RHEL6/input/profiles/CS2.xml +++ b/RHEL6/input/profiles/CS2.xml @@ -90,7 +90,7 @@ <select idref="no_shelllogin_for_systemaccounts" selected="true"/> <select idref="root_path_default" selected="true" /> <select idref="no_empty_passwords" selected="true"/> -<select idref="user_umask_cshrc" selected="true" /> +<select idref="accounts_umask_cshrc" selected="true" /> <select idref="user_umask_profile" selected="true" /> <select idref="no_netrc_files" selected="true" /> diff --git a/RHEL6/input/profiles/stig-rhel6-server.xml b/RHEL6/input/profiles/stig-rhel6-server.xml index f4be59b..510e634 100644 --- a/RHEL6/input/profiles/stig-rhel6-server.xml +++ b/RHEL6/input/profiles/stig-rhel6-server.xml @@ -65,7 +65,7 @@ <select idref="snmpd_not_default_password" selected="true" /> <select idref="accounts_umask_bashrc" selected="true" /> -<select idref="user_umask_cshrc" selected="true" /> +<select idref="accounts_umask_cshrc" selected="true" /> <select idref="user_umask_profile" selected="true" /> <select idref="user_umask_logindefs" selected="true" /> <refine-value idref="var_accounts_user_umask" selector="077" /> diff --git a/RHEL6/input/profiles/test.xml b/RHEL6/input/profiles/test.xml index f493bc4..9f05e6e 100644 --- a/RHEL6/input/profiles/test.xml +++ b/RHEL6/input/profiles/test.xml @@ -44,7 +44,7 @@ <refine-value idref="var_auditd_action_mail_acct" selector="root"/> <select idref="accounts_umask_bashrc" selected="true" /> -<select idref="user_umask_cshrc" selected="true" /> +<select idref="accounts_umask_cshrc" selected="true" /> <select idref="user_umask_profile" selected="true" /> <select idref="user_umask_logindefs" selected="true" /> <refine-value idref="var_accounts_user_umask" selector="077" /> diff --git a/RHEL6/input/profiles/usgcb-rhel6-server.xml b/RHEL6/input/profiles/usgcb-rhel6-server.xml index 5deab0f..70062be 100644 --- a/RHEL6/input/profiles/usgcb-rhel6-server.xml +++ b/RHEL6/input/profiles/usgcb-rhel6-server.xml @@ -93,7 +93,7 @@ <select idref="homedir_perms_no_groupwrite_worldread" selected="true" /> <refine-value idref="umask_user_value" selector="077" /> <select idref="accounts_umask_bashrc" selected="true" /> -<select idref="user_umask_cshrc" selected="true" /> +<select idref="accounts_umask_cshrc" selected="true" /> <select idref="user_umask_profile" selected="true" /> <select idref="user_umask_logindefs" selected="true" /> <select idref="user_owner_grub_conf" selected="true" /> diff --git a/RHEL6/input/system/accounts/session.xml b/RHEL6/input/system/accounts/session.xml index bf4af7c..069d8b1 100644 --- a/RHEL6/input/system/accounts/session.xml +++ b/RHEL6/input/system/accounts/session.xml @@ -231,7 +231,7 @@ umask 077</pre> <tested by="swells" on="20120929"/> </Rule> -<Rule id="user_umask_cshrc"> +<Rule id="accounts_umask_cshrc"> <title>Ensure the Default C Shell Umask is Set Correctly</title> <description> To ensure the default umask for users of the C shell is set properly, -- 1.7.1
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
