>From 424ddcd612705664c8ed1be0a0c48bfe9c0421d1 Mon Sep 17 00:00:00 2001 From: Shawn Wells <[email protected]> Date: Mon, 23 Dec 2013 07:37:20 -0500 Subject: [PATCH 18/25] accounts_no_uid_except_zero -> shared/
- Moved accounts_no_uid_except_zero.xml to shared - Updated CPE - Tested on RHEL7 - Added symlinks & changelog Signed-off-by: Shawn Wells <[email protected]> --- :100644 120000 bcd4d07... 1e32292... T RHEL/6/input/checks/accounts_no_uid_except_zero.xml :000000 120000 0000000... 1e32292... A RHEL/7/input/checks/accounts_no_uid_except_zero.xml :100644 100644 428d88b... 26ed7b9... M scap-security-guide.spec :000000 100644 0000000... 024f052... A shared/oval/accounts_no_uid_except_zero.xml .../6/input/checks/accounts_no_uid_except_zero.xml | 25 +--------------------- .../7/input/checks/accounts_no_uid_except_zero.xml | 1 + scap-security-guide.spec | 1 + shared/oval/accounts_no_uid_except_zero.xml | 24 +++++++++++++++++++++ 4 files changed, 27 insertions(+), 24 deletions(-) diff --git a/RHEL/6/input/checks/accounts_no_uid_except_zero.xml b/RHEL/6/input/checks/accounts_no_uid_except_zero.xml deleted file mode 100644 index bcd4d07..0000000 --- a/RHEL/6/input/checks/accounts_no_uid_except_zero.xml +++ /dev/null @@ -1,24 +0,0 @@ -<def-group> - <definition class="compliance" id="accounts_no_uid_except_zero" version="1"> - <metadata> - <title>UID 0 Belongs Only To Root</title> - <affected family="unix"> - <platform>Red Hat Enterprise Linux 6</platform> - </affected> - <description>Only the root account should be assigned a user id of 0.</description> - <reference source="MED" ref_id="20130807" ref_url="test_attestation" /> - </metadata> - <criteria> - <criterion comment="tests for reg exp ^[^r][^o][^o][^t].*:0 in /etc/passwd file" test_ref="test_accounts_no_uid_except_root" /> - </criteria> - </definition> - <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="tests for reg exp ^[^r][^o][^o][^t].*:0 in /etc/passwd file" id="test_accounts_no_uid_except_root" version="1"> - <ind:object object_ref="object_accounts_no_uid_except_root" /> - </ind:textfilecontent54_test> - <ind:textfilecontent54_object id="object_accounts_no_uid_except_root" version="1"> - <ind:path>/etc</ind:path> - <ind:filename>passwd</ind:filename> - <ind:pattern operation="pattern match">^(?!root:)[^:]*:[^:]:0</ind:pattern> - <ind:instance datatype="int">1</ind:instance> - </ind:textfilecontent54_object> -</def-group> diff --git a/RHEL/6/input/checks/accounts_no_uid_except_zero.xml b/RHEL/6/input/checks/accounts_no_uid_except_zero.xml new file mode 120000 index 0000000..1e32292 --- /dev/null +++ b/RHEL/6/input/checks/accounts_no_uid_except_zero.xml @@ -0,0 +1 @@ +../../../../shared/oval/accounts_no_uid_except_zero.xml \ No newline at end of file diff --git a/RHEL/7/input/checks/accounts_no_uid_except_zero.xml b/RHEL/7/input/checks/accounts_no_uid_except_zero.xml new file mode 120000 index 0000000..1e32292 --- /dev/null +++ b/RHEL/7/input/checks/accounts_no_uid_except_zero.xml @@ -0,0 +1 @@ +../../../../shared/oval/accounts_no_uid_except_zero.xml \ No newline at end of file diff --git a/scap-security-guide.spec b/scap-security-guide.spec index 428d88b..26ed7b9 100644 --- a/scap-security-guide.spec +++ b/scap-security-guide.spec @@ -70,6 +70,7 @@ cp -a RHEL/6/input/auxiliary/scap-security-guide.8 %{buildroot}%{_mandir}/en/man - OVAL for no_shelllogin_for_systemaccounts - OVAL for no_empty_passwords - OVAL for no_hashes_outside_shadow +- OVAL for accounts_no_uid_except_zero * Fri Nov 01 2013 Jan iankko Lieskovsky <[email protected]> 0.1-15 - Version bump diff --git a/shared/oval/accounts_no_uid_except_zero.xml b/shared/oval/accounts_no_uid_except_zero.xml new file mode 100644 index 0000000..024f052 --- /dev/null +++ b/shared/oval/accounts_no_uid_except_zero.xml @@ -0,0 +1,24 @@ +<def-group> + <definition class="compliance" id="accounts_no_uid_except_zero" version="1"> + <metadata> + <title>UID 0 Belongs Only To Root</title> + <affected family="unix"> + <platform>Red Hat Enterprise Linux 6</platform> + <platform>Red Hat Enterprise Linux 7</platform> + </affected> + <description>Only the root account should be assigned a user id of 0.</description> + <reference source="MED" ref_id="20130807" ref_url="test_attestation" /> + </metadata> + <criteria> + <criterion comment="tests for reg exp ^[^r][^o][^o][^t].*:0 in /etc/passwd file" test_ref="test_accounts_no_uid_except_root" /> + </criteria> + </definition> + <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="tests for reg exp ^[^r][^o][^o][^t].*:0 in /etc/passwd file" id="test_accounts_no_uid_except_root" version="1"> + <ind:object object_ref="object_accounts_no_uid_except_root" /> + </ind:textfilecontent54_test> + <ind:textfilecontent54_object id="object_accounts_no_uid_except_root" version="1"> + <ind:filepath>/etc/passwd</ind:filepath> + <ind:pattern operation="pattern match">^(?!root:)[^:]*:[^:]:0</ind:pattern> + <ind:instance datatype="int">1</ind:instance> + </ind:textfilecontent54_object> +</def-group> -- 1.8.3.1
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
