For Verify No netrc Files Exist - (CCE-27225-2), with the usgcb-rhel6-server profile selected from the SCAP stream, when run with SCC 3.1.1.1, may produce a false-negative when running SCC 3.1.1.1 on a RHEL6V1R2 non-complaint machine. $ /usr/bin/sudo /bin/find / -xdev -name .netrc /root/.netrc See the following report output: Verify No netrc Files Exist ID: no_netrc_files Result: Pass Identities: CCE-27225-2 Description: The .netrc files contain login information used to auto-login into FTP servers and reside in the user's home directory. These files may contain unencrypted passwords to remote FTP servers making them susceptible to access by unauthorized users and should not be used. Any .netrc files should be removed. Fix Text: Severity: medium Weight: Reference: IA-5(h) 196 Definitions: ID: oval:ssg:def:1142 Result: true Title: Verify No netrc Files Exist Description: The .netrc files contain login information used to auto-login into FTP servers and reside in the user's home directory. Any .netrc files should be removed. Class: compliance Tests:
true (All item-state comparisons must be true.) true (look for .netrc in /home) (negated) Tests: Test ID: oval:ssg:tst:1143 Result: false Title: look for .netrc in /home Check Existence: One or more collected items must exist. Check: Result is based on check existence only. State Operator: All item-state comparisons must be true. Object ID: oval:ssg:obj:2117 Object Requirements: behavior requirements: recurse_direction = down max_depth = 1 recurse = directories path must be equal to '/home' filename must match the pattern '^\.netrc$' Additional Information: Collected items did not meet the check existence requirement. _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
