[PATCH 28/31] Linked shared/file_ownership_binary_dirs -> RHEL6 & 7

Fri, 27 Dec 2013 15:30:11 -0800 

>From a13fbca43719c791f88df6c2d736fdee6fe7003e Mon Sep 17 00:00:00 2001
From: Shawn Wells <[email protected]>
Date: Fri, 27 Dec 2013 02:52:40 -0500
Subject: [PATCH 28/31] Linked shared/file_ownership_binary_dirs -> RHEL6 & 7

- Tested shared/file_ownership_binary_dirs on rhel6,7
- Updated CPE info
- Created symlinks
- Deleted old RHEL6 version
---
 RHEL/6/input/checks/file_ownership_binary_dirs.xml | 163 +--------------------
 RHEL/7/input/checks/file_ownership_binary_dirs.xml |   1 +
 shared/oval/file_ownership_binary_dirs.xml         |   2 +
 3 files changed, 4 insertions(+), 162 deletions(-)
 mode change 100644 => 120000 RHEL/6/input/checks/file_ownership_binary_dirs.xml
 create mode 120000 RHEL/7/input/checks/file_ownership_binary_dirs.xml

diff --git a/RHEL/6/input/checks/file_ownership_binary_dirs.xml 
b/RHEL/6/input/checks/file_ownership_binary_dirs.xml
deleted file mode 100644
index 602c720..0000000
--- a/RHEL/6/input/checks/file_ownership_binary_dirs.xml
+++ /dev/null
@@ -1,162 +0,0 @@
-<def-group>
-  <definition class="compliance" id="file_ownership_binary_dirs" version="1">
-    <metadata>
-      <title>Verify that System Executables Have Root Ownership</title>
-      <affected family="unix">
-        <platform>Red Hat Enterprise Linux 6</platform>
-      </affected>
-      <description>Checks that /bin, /sbin, /usr/bin, /usr/sbin, 
/usr/local/bin, /usr/local/sbin and objects therein, are owned by 
root</description>
-    </metadata>
-    <criteria operator="AND">
-      <criterion test_ref="test_ownership_bin_dir" />
-      <criterion test_ref="test_ownership_sbin_dir" />
-      <criterion test_ref="test_ownership_usr_bin_dir" />
-      <criterion test_ref="test_ownership_usr_sbin_dir" />
-      <criterion test_ref="test_ownership_usr_local_bin_dir" />
-      <criterion test_ref="test_ownership_usr_local_bin_dir" />
-      <criterion test_ref="test_ownership_bin_files" />
-      <criterion test_ref="test_ownership_sbin_files" />
-      <criterion test_ref="test_ownership_usr_bin_files" />
-      <criterion test_ref="test_ownership_usr_sbin_files" />
-      <criterion test_ref="test_ownership_usr_local_bin_files" />
-      <criterion test_ref="test_ownership_usr_local_sbin_files" />
-    </criteria>
-  </definition>
-
-  <unix:file_test  check="all" check_existence="none_exist" comment="/bin 
directories uid root" id="test_ownership_bin_dir" version="1">
-    <unix:object object_ref="file_ownership_object_bin_dir" />
-  </unix:file_test>
-
-  <unix:file_test  check="all" check_existence="none_exist" comment="/bin 
files uid root" id="test_ownership_bin_files" version="1">
-    <unix:object object_ref="object_file_ownership_bin_files" />
-  </unix:file_test>
-
-  <unix:file_object comment="/bin directories" 
id="file_ownership_object_bin_dir" version="1">
-    <unix:behaviors recurse="directories" recurse_direction="down" 
max_depth="-1" recurse_file_system="all" />
-    <unix:path operation="equals">/bin</unix:path>
-    <unix:filename xsi:nil="true" />
-    <filter action="include">state_owner_not_root</filter>
-  </unix:file_object>
-
-  <unix:file_object comment="/bin files" id="object_file_ownership_bin_files" 
version="1">
-    <unix:behaviors recurse="directories" recurse_direction="down" 
max_depth="-1" recurse_file_system="all" />
-    <unix:path operation="equals">/bin</unix:path>
-    <unix:filename operation="pattern match">^.*$</unix:filename>
-   <filter action="include">state_owner_not_root</filter>
-  </unix:file_object>
-
-  <unix:file_test  check="all" check_existence="none_exist" comment="/sbin 
directories uid root" id="test_ownership_sbin_dir" version="1">
-    <unix:object object_ref="object_file_ownership_sbin_dir" />
-  </unix:file_test>
-
-  <unix:file_test  check="all" check_existence="none_exist" comment="/sbin 
files uid root" id="test_ownership_sbin_files" version="1">
-    <unix:object object_ref="object_file_ownership_sbin_files" />
-  </unix:file_test>
-
-  <unix:file_object comment="/sbin directories" 
id="object_file_ownership_sbin_dir" version="1">
-    <unix:behaviors recurse="directories" recurse_direction="down" 
max_depth="-1" recurse_file_system="all" />
-    <unix:path operation="equals">/sbin</unix:path>
-    <unix:filename xsi:nil="true" />
-    <filter action="include">state_owner_not_root</filter>
-  </unix:file_object>
-
-  <unix:file_object comment="/sbin files" 
id="object_file_ownership_sbin_files" version="1">
-    <unix:behaviors recurse="directories" recurse_direction="down" 
max_depth="-1" recurse_file_system="all" />
-    <unix:path operation="equals">/sbin</unix:path>
-    <unix:filename operation="pattern match">^.*$</unix:filename>
-    <filter action="include">state_owner_not_root</filter>
-  </unix:file_object>
-
-  <unix:file_test  check="all" check_existence="none_exist" comment="/usr/bin 
directories uid root" id="test_ownership_usr_bin_dir" version="1">
-    <unix:object object_ref="object_file_ownership_usr_bin_dir" />
-  </unix:file_test>
-
-  <unix:file_test  check="all" check_existence="none_exist" comment="/usr/bin 
files uid root" id="test_ownership_usr_bin_files" version="1">
-    <unix:object object_ref="object_file_ownership_usr_bin_files" />
-  </unix:file_test>
-
-  <unix:file_object comment="/usr/bin directories" 
id="object_file_ownership_usr_bin_dir" version="1">
-    <unix:behaviors recurse="directories" recurse_direction="down" 
max_depth="-1" recurse_file_system="all" />
-    <unix:path operation="equals">/usr/bin</unix:path>
-    <unix:filename xsi:nil="true" />
-       <filter action="include">state_owner_not_root</filter>
-  </unix:file_object>
-
-  <unix:file_object comment="/usr/bin files" 
id="object_file_ownership_usr_bin_files" version="1">
-    <unix:behaviors recurse="directories" recurse_direction="down" 
max_depth="-1" recurse_file_system="all" />
-    <unix:path operation="equals">/usr/bin</unix:path>
-    <unix:filename operation="pattern match">^.*$</unix:filename>
-    <filter action="include">state_owner_not_root</filter>
-  </unix:file_object>  
-
-  <unix:file_test  check="all" check_existence="none_exist" comment="/usr/sbin 
directories uid root" id="test_ownership_usr_sbin_dir" version="1">
-    <unix:object object_ref="object_file_ownership_usr_sbin_dir" />
-  </unix:file_test>
-
-  <unix:file_test  check="all" check_existence="none_exist" comment="/usr/sbin 
files uid root" id="test_ownership_usr_sbin_files" version="1">
-    <unix:object object_ref="object_file_ownership_usr_sbin_files" />
-  </unix:file_test>
-
-  <unix:file_object comment="/usr/sbin directories" 
id="object_file_ownership_usr_sbin_dir" version="1">
-    <unix:behaviors recurse="directories" recurse_direction="down" 
max_depth="-1" recurse_file_system="all" />
-    <unix:path operation="equals">/usr/sbin</unix:path>
-    <unix:filename xsi:nil="true" />
-       <filter action="include">state_owner_not_root</filter>
-  </unix:file_object>
-
-  <unix:file_object comment="/usr/sbin files" 
id="object_file_ownership_usr_sbin_files" version="1">
-    <unix:behaviors recurse="directories" recurse_direction="down" 
max_depth="-1" recurse_file_system="all" />
-    <unix:path operation="equals">/usr/sbin</unix:path>
-    <unix:filename operation="pattern match">^.*$</unix:filename>
-    <filter action="include">state_owner_not_root</filter>
-  </unix:file_object>
-
-  <unix:file_test  check="all" check_existence="none_exist" 
comment="/usr/local/bin directories uid root" 
id="test_ownership_usr_local_bin_dir" version="1">
-    <unix:object object_ref="object_file_ownership_usr_local_bin_dir" />
-  </unix:file_test>
-
-  <unix:file_test  check="all" check_existence="none_exist" 
comment="/usr/local/bin files uid root" id="test_ownership_usr_local_bin_files" 
version="1">
-    <unix:object object_ref="object_file_ownership_usr_local_bin_files" />
-  </unix:file_test>
-
-  <unix:file_object comment="/usr/local/bin directories" 
id="object_file_ownership_usr_local_bin_dir" version="1">
-    <unix:behaviors recurse="directories" recurse_direction="down" 
max_depth="-1" recurse_file_system="all" />
-    <unix:path operation="equals">/usr/local/bin</unix:path>
-    <unix:filename xsi:nil="true" />
-   <filter action="include">state_owner_not_root</filter>
-  </unix:file_object>
-
-  <unix:file_object comment="/usr/local/bin files" 
id="object_file_ownership_usr_local_bin_files" version="1">
-    <unix:behaviors recurse="directories" recurse_direction="down" 
max_depth="-1" recurse_file_system="all" />
-    <unix:path operation="equals">/usr/local/bin</unix:path>
-    <unix:filename operation="pattern match">^.*$</unix:filename>
-    <filter action="include">state_owner_not_root</filter>
-  </unix:file_object>
-  
-  <unix:file_test  check="all" check_existence="none_exist" 
comment="/usr/local/sbin directories uid root" 
id="test_ownership_usr_local_sbin_dir" version="1">
-    <unix:object object_ref="object_file_ownership_usr_local_sbin_dir" />
-  </unix:file_test>
-
-  <unix:file_test  check="all" check_existence="none_exist" 
comment="/usr/local/sbin files uid root" 
id="test_ownership_usr_local_sbin_files" version="1">
-    <unix:object object_ref="object_file_ownership_usr_local_sbin_files" />
-  </unix:file_test>
-
-  <unix:file_object comment="/usr/local/sbin directories" 
id="object_file_ownership_usr_local_sbin_dir" version="1">
-    <unix:behaviors recurse="directories" recurse_direction="down" 
max_depth="-1" recurse_file_system="all" />
-    <unix:path operation="equals">/usr/local/sbin</unix:path>
-    <unix:filename xsi:nil="true" />
-   <filter action="include">state_owner_not_root</filter>
-  </unix:file_object>
-
-  <unix:file_object comment="/usr/local/sbin files" 
id="object_file_ownership_usr_local_sbin_files" version="1">
-    <unix:behaviors recurse="directories" recurse_direction="down" 
max_depth="-1" recurse_file_system="all" />
-    <unix:path operation="equals">/usr/local/sbin</unix:path>
-    <unix:filename operation="pattern match">^.*$</unix:filename>
-    <filter action="include">state_owner_not_root</filter>
-  </unix:file_object>
-
-  <unix:file_state id="state_owner_not_root" version="1" operator="OR">
-<!--    <unix:group_id datatype="int" operation="not equal">0</unix:group_id> 
-->
-    <unix:user_id datatype="int" operation="not equal">0</unix:user_id>
-  </unix:file_state>
-</def-group>
diff --git a/RHEL/6/input/checks/file_ownership_binary_dirs.xml 
b/RHEL/6/input/checks/file_ownership_binary_dirs.xml
new file mode 120000
index 0000000..2394a85
--- /dev/null
+++ b/RHEL/6/input/checks/file_ownership_binary_dirs.xml
@@ -0,0 +1 @@
+../../../../shared/oval/file_ownership_binary_dirs.xml
\ No newline at end of file
diff --git a/RHEL/7/input/checks/file_ownership_binary_dirs.xml 
b/RHEL/7/input/checks/file_ownership_binary_dirs.xml
new file mode 120000
index 0000000..2394a85
--- /dev/null
+++ b/RHEL/7/input/checks/file_ownership_binary_dirs.xml
@@ -0,0 +1 @@
+../../../../shared/oval/file_ownership_binary_dirs.xml
\ No newline at end of file
diff --git a/shared/oval/file_ownership_binary_dirs.xml 
b/shared/oval/file_ownership_binary_dirs.xml
index b6d0eec..f56babb 100644
--- a/shared/oval/file_ownership_binary_dirs.xml
+++ b/shared/oval/file_ownership_binary_dirs.xml
@@ -4,6 +4,8 @@
       <title>Verify that System Executables Have Root Ownership</title>
       <affected family="unix">
         <platform>Fedora 19</platform>
+        <platform>Red Hat Enterprise Linux 6</platform>
+        <platform>Red Hat Enterprise Linux 7</platform>
       </affected>
       <description>
         Checks that /bin, /sbin, /usr/bin, /usr/sbin, /usr/local/bin,
-- 
1.8.3.1


_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide














    











					Reply via email to