For Ensure All World-Writable Directories Are Owned by a System Account - (CCE-26642-9), with either the stig-rhel6-server or the usgcb-rhel6-server profiles selected from the SCAP stream, when run with SCC 3.1.1.1, may produce a false-negative when running SCC 3.1.1.1 on a RHEL6V1R2 non-complaint machine. The non-complaint system contains world-writable directories not owned by a system account: /bin/ls -dn /root/ drwxrwxrwx. 28 500 500 4096 Feb 7 09:46 /root/ /bin/ls -dl /root/ && /bin/grep ^user: /etc/group /etc/passwd drwxrwxrwx. 28 user user 4096 Jan 8 13:07 /root/ /etc/group:user:x:500: /etc/passwd:user::500:500:user:/home/user:/bin/bash See the following report output: Ensure All World-Writable Directories Are Owned by a System Account ID: world_writable_files_system_ownership Result: Pass Identities: CCE-26642-9 Description: All directories in local partitions which are world-writable should be owned by root or another system account. If any world-writable directories are not owned by a system account, this should be investigated. Following this, the files should be deleted or assigned to an appropriate group. Fix Text: Severity: low Weight: Reference: AC-6 Definitions: ID: oval:ssg:def:521 Result: true Title: Find world writable directories not owned by a system account Description: All world writable directories should be owned by a system user. Class: compliance Tests:
true (All item-state comparisons must be true.) (negated) false (check for local directories that are world writable and have uid greater than or equal to 500) Tests: Test ID: oval:ssg:tst:522 Result: false Title: check for local directories that are world writable and have uid greater than or equal to 500 Check Existence: One or more collected items must exist. Check: All collected items must match the given state(s). State Operator: All item-state comparisons must be true. Object ID: oval:ssg:obj:1587 Object Requirements: behavior requirements: recurse_direction = down recurse = directories recurse_file_system = local path must be equal to '/' filter must be equal to 'oval:ssg:ste:1588' State ID: oval:ssg:ste:1588 State Requirements: user_id must be greater than or equal to '500' owrite must be equal to 'true' Additional Information: Collected items did not meet the check existence requirement. _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
