>From 27b54501b22bc6785434104b6f599b2c36871ddd Mon Sep 17 00:00:00 2001 From: Shawn Wells <[email protected]> Date: Mon, 23 Dec 2013 06:13:20 -0500 Subject: [PATCH 15/25] Migrated no_shelllogin_for_systemaccounts --> shared/
- Updated CPE info - Created symlinks - Basic testcheck.py testing Signed-off-by: Shawn Wells <[email protected]> --- :100644 120000 b7dfb5d... 7fd833d... T RHEL/6/input/checks/no_shelllogin_for_systemaccounts.xml :000000 120000 0000000... 7fd833d... A RHEL/7/input/checks/no_shelllogin_for_systemaccounts.xml :000000 100644 0000000... d38e4bb... A shared/oval/no_shelllogin_for_systemaccounts.xml .../checks/no_shelllogin_for_systemaccounts.xml | 24 +--------------------- .../checks/no_shelllogin_for_systemaccounts.xml | 1 + shared/oval/no_shelllogin_for_systemaccounts.xml | 24 ++++++++++++++++++++++ 3 files changed, 26 insertions(+), 23 deletions(-) diff --git a/RHEL/6/input/checks/no_shelllogin_for_systemaccounts.xml b/RHEL/6/input/checks/no_shelllogin_for_systemaccounts.xml deleted file mode 100644 index b7dfb5d..0000000 --- a/RHEL/6/input/checks/no_shelllogin_for_systemaccounts.xml +++ /dev/null @@ -1,23 +0,0 @@ -<def-group> - <definition class="compliance" id="no_shelllogin_for_systemaccounts" version="1"> - <metadata> - <title>System Accounts Do Not Run a Shell</title> - <affected family="unix"> - <platform>Red Hat Enterprise Linux 6</platform> - </affected> - <description>The root account is the only system account that should have a login shell.</description> - <reference source="swells" ref_id="20130918" ref_url="test_attestation" /> - </metadata> - <criteria> - <criterion comment="tests for the presence of login shells (not /sbin/nologin) for system accounts in /etc/passwd file" test_ref="test_no_shelllogin_for_systemaccounts" /> - </criteria> - </definition> - <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="tests for the presence of login shells (not /sbin/nologin) for system accounts in /etc/passwd file" id="test_no_shelllogin_for_systemaccounts" version="1"> - <ind:object object_ref="object_no_shelllogin_for_systemaccounts" /> - </ind:textfilecontent54_test> - <ind:textfilecontent54_object id="object_no_shelllogin_for_systemaccounts" version="1"> - <ind:filepath>/etc/passwd</ind:filepath> - <ind:pattern operation="pattern match">^(?!root).*:x:[\d]*:0*([0-9]{1,2}|[1-4][0-9]{2}):[^:]*:[^:]*:(?!\/sbin\/nologin|\/bin\/sync|\/sbin\/shutdown|\/sbin\/halt).*$</ind:pattern> - <ind:instance datatype="int">1</ind:instance> - </ind:textfilecontent54_object> -</def-group> diff --git a/RHEL/6/input/checks/no_shelllogin_for_systemaccounts.xml b/RHEL/6/input/checks/no_shelllogin_for_systemaccounts.xml new file mode 120000 index 0000000..7fd833d --- /dev/null +++ b/RHEL/6/input/checks/no_shelllogin_for_systemaccounts.xml @@ -0,0 +1 @@ +../../../../shared/oval/no_shelllogin_for_systemaccounts.xml \ No newline at end of file diff --git a/RHEL/7/input/checks/no_shelllogin_for_systemaccounts.xml b/RHEL/7/input/checks/no_shelllogin_for_systemaccounts.xml new file mode 120000 index 0000000..7fd833d --- /dev/null +++ b/RHEL/7/input/checks/no_shelllogin_for_systemaccounts.xml @@ -0,0 +1 @@ +../../../../shared/oval/no_shelllogin_for_systemaccounts.xml \ No newline at end of file diff --git a/shared/oval/no_shelllogin_for_systemaccounts.xml b/shared/oval/no_shelllogin_for_systemaccounts.xml new file mode 100644 index 0000000..d38e4bb --- /dev/null +++ b/shared/oval/no_shelllogin_for_systemaccounts.xml @@ -0,0 +1,24 @@ +<def-group> + <definition class="compliance" id="no_shelllogin_for_systemaccounts" version="1"> + <metadata> + <title>System Accounts Do Not Run a Shell</title> + <affected family="unix"> + <platform>Red Hat Enterprise Linux 6</platform> + <platform>Red Hat Enterprise Linux 7</platform> + </affected> + <description>The root account is the only system account that should have a login shell.</description> + <reference source="swells" ref_id="20130918" ref_url="test_attestation" /> + </metadata> + <criteria> + <criterion comment="tests for the presence of login shells (not /sbin/nologin) for system accounts in /etc/passwd file" test_ref="test_no_shelllogin_for_systemaccounts" /> + </criteria> + </definition> + <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="tests for the presence of login shells (not /sbin/nologin) for system accounts in /etc/passwd file" id="test_no_shelllogin_for_systemaccounts" version="1"> + <ind:object object_ref="object_no_shelllogin_for_systemaccounts" /> + </ind:textfilecontent54_test> + <ind:textfilecontent54_object id="object_no_shelllogin_for_systemaccounts" version="1"> + <ind:filepath>/etc/passwd</ind:filepath> + <ind:pattern operation="pattern match">^(?!root).*:x:[\d]*:0*([0-9]{1,2}|[1-4][0-9]{2}):[^:]*:[^:]*:(?!\/sbin\/nologin|\/bin\/sync|\/sbin\/shutdown|\/sbin\/halt).*$</ind:pattern> + <ind:instance datatype="int">1</ind:instance> + </ind:textfilecontent54_object> +</def-group> -- 1.8.3.1
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
