For SSGID Ensure the Default C Shell Umask is Set Correctly - (CCE-27034-8), with the usgcb-rhel6-server profile selected from the SCAP stream, when run with SCC 3.1.1.1, may produce a false-positive on a RHEL6V1R2 complaint machine. The STIG value is 077. The SSG content “Description” also states a value of 077. However the SSG content state requirement is “subexpression must be equal to '027'” See the following report output: Ensure the Default C Shell Umask is Set Correctly ID: user_umask_cshrc Result: Fail Identities: CCE-27034-8 Description: To ensure the default umask for users of the C shell is set properly, add or correct the umask setting in /etc/csh.cshrc to read as follows: umask 077 Fix Text: Severity: low Weight: Reference: 366 Definitions: ID: oval:ssg:def:711 Result: false Title: Ensure that Users Have Sensible Umask Values set for csh Description: The default umask for users of the csh shell Class: compliance Tests:
false (All item-state comparisons must be true.) false (Tests the value of the ^[\s]*umask[\s]+([^#]*) expression in the /etc/csh.cshrc file) Tests: Test ID: oval:ssg:tst:712 Result: false Title: Tests the value of the ^[\s]*umask[\s]+([^#]*) expression in the /etc/csh.cshrc file Check Existence: All collected items must exist. Check: All collected items must match the given state(s). State Operator: All item-state comparisons must be true. Object ID: oval:ssg:obj:1755 Object Requirements: path must be equal to '/etc' filename must be equal to 'csh.cshrc' pattern must match the pattern '^[\s]*umask[\s]+([^#\s]*)' instance must be equal to '1' State ID: oval:ssg:ste:1756 State Requirements: subexpression must be equal to '027' Collected Item Properties: filepath equals '/etc/csh.cshrc' path equals '/etc' filename equals 'csh.cshrc' pattern equals '^[\s]*umask[\s]+([^#\s]*)' instance equals '1' text equals 'umask 077' subexpression equals '077' Additional Information: Collected items did not meet the check requirement. _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
