For Verify Only Root Has UID 0 - (CCE-26971-2), with either the
stig-rhel6-server or the usgcb-rhel6-server profiles selected from the SCAP
stream, when run with SCC 3.1.1.1, may produce a false-negative when running
SCC 3.1.1.1 on a RHEL6V1R2 non-complaint machine.
$ /usr/bin/id -u root && /usr/bin/id -u root2
0
0
$/usr/bin/awk -F: '($3 == "0") {print}' /etc/passwd
root:...:0:0:root:/root:/bin/bash
root2:...:0:0::/home/root2:/bin/bash
The regex matches root vice uid 0:^[^r][^o][^o][^t].*:0
See the following report output:
Verify Only Root Has UID 0
ID: no_uidzero_except_root
Result: Pass
Identities: CCE-26971-2
Description: If any account other than root has a UID of 0, this
misconfiguration should be investigated and the accounts other than root should
be removed or have their UID changed.
Fix Text:
Severity: medium
Weight:
Reference: AC-6
IA-2(1)
366
Definitions:
ID: oval:ssg:def:273
Result: true
Title: UID 0 Belongs Only To Root
Description: Only the root account should be assigned a user id of 0.
Class: compliance
Tests:
true (All item-state comparisons must be true.)
true (tests for reg exp ^[^r][^o][^o][^t].*:0 in /etc/passwd file)
Tests:
Test ID: oval:ssg:tst:274
Result: true
Title: tests for reg exp ^[^r][^o][^o][^t].*:0 in /etc/passwd file
Check Existence: No collected items may exist.
Check: Result is based on check existence only.
State Operator: All item-state comparisons must be true.
Object ID: oval:ssg:obj:1384
Object Requirements:
path must be equal to '/etc'
filename must be equal to 'passwd'
pattern must match the pattern '^(?!root:)[^:]*:[^:]:0'
instance must be equal to '1'
_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
