The original prose check ignored UID 500. The associated OVAL includes UID 500, though.
Regards, -- Leland Steinke, Security+ DISA FSO Technical Support Contractor tapestry technologies, Inc 717-267-5797 (DSN 570) [email protected] (gov't) [email protected] (com'l)
>From 06db52e4f4e8762a5dae0b6d9f48095aa08af007 Mon Sep 17 00:00:00 2001 From: steinkel <[email protected]> Date: Wed, 27 Nov 2013 15:22:09 -0500 Subject: [PATCH] look for uid greater than 499, not 500 --- RHEL6/input/system/permissions/files.xml | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/RHEL6/input/system/permissions/files.xml b/RHEL6/input/system/permissions/files.xml index 44c6ada..9db278b 100644 --- a/RHEL6/input/system/permissions/files.xml +++ b/RHEL6/input/system/permissions/files.xml @@ -504,7 +504,7 @@ appropriate group. The following command will discover and print world-writable directories that are not owned by a system account, given the assumption that only system accounts have a uid lower than 500. Run it once for each local partition <i>PART</i>: -<pre># find <i>PART</i> -xdev -type d -perm -0002 -uid +500 -print</pre> +<pre># find <i>PART</i> -xdev -type d -perm -0002 -uid +499 -print</pre> </ocil> <rationale> Allowing a user account to own a world-writable directory is -- 1.7.1
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
