For SSGID Ensure the Default Bash Umask is Set Correctly - (CCE-26917-5), with the usgcb-rhel6-server profile selected from the SCAP stream, when run with SCC 3.1.1.1, may produce a false-positive on a RHEL6V1R2 complaint machine. The STIG value is 077. The SSG content “Description” also states a value of 077. However the SSG content state requirement is “subexpression must be equal to '027'” See the following report output: Ensure the Default Bash Umask is Set Correctly ID: user_umask_bashrc Result: Fail Identities: CCE-26917-5 Description: To ensure the default umask for users of the Bash shell is set properly, add or correct the umask setting in /etc/bashrc to read as follows: umask 077 Fix Text: Severity: low Weight: Reference: 366 Definitions: ID: oval:ssg:def:742 Result: false Title: Ensure that Users Have Sensible Umask Values set for bash Description: The default umask for users of the bash shell Class: compliance Tests:
false (All item-state comparisons must be true.) false (Tests the value of the ^[\s]*umask[\s]+([^#]*) expression in the /etc/bashrc file) Tests: Test ID: oval:ssg:tst:743 Result: false Title: Tests the value of the ^[\s]*umask[\s]+([^#]*) expression in the /etc/bashrc file Check Existence: All collected items must exist. Check: All collected items must match the given state(s). State Operator: All item-state comparisons must be true. Object ID: oval:ssg:obj:1781 Object Requirements: path must be equal to '/etc' filename must be equal to 'bashrc' pattern must match the pattern '^[\s]*umask[\s]+([^#\s]*)' instance must be equal to '1' State ID: oval:ssg:ste:1782 State Requirements: subexpression must be equal to '027' Collected Item Properties: filepath equals '/etc/bashrc' path equals '/etc' filename equals 'bashrc' pattern equals '^[\s]*umask[\s]+([^#\s]*)' instance equals '1' text equals ' umask 077' subexpression equals '077' Additional Information: Collected items did not meet the check requirement. _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
