>From 6d8d3b510c9261c022f70efa633d45b1acb1f26a Mon Sep 17 00:00:00 2001
From: Shawn Wells <[email protected]>
Date: Mon, 14 Apr 2014 23:28:58 -0400
Subject: [PATCH 26/26] Updating commit per Jan's feedback
- Updated rule titles
- Fixed sed rule for character sensitivities
- Fixed stickbit remediation
---
RHEL/6/input/services/obsolete.xml | 4 ++--
RHEL/6/input/system/selinux.xml | 6 +++---
shared/fixes/bash/enable_selinux_bootloader.sh | 4 ++--
shared/fixes/bash/sticky_world_writable_dirs.sh | 2 +-
4 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/RHEL/6/input/services/obsolete.xml
b/RHEL/6/input/services/obsolete.xml
index 619f0ab..ee980d4 100644
--- a/RHEL/6/input/services/obsolete.xml
+++ b/RHEL/6/input/services/obsolete.xml
@@ -111,12 +111,12 @@ telnet service's accidental (or intentional) activation.
<title>Remove telnet Clients</title>
<description>The telnet client allows users to start connections to other
systems via the telnet protocol.</description>
-<ocil><package-remove-macro package="telnet" /> </ocil>
+<ocil><package-remove-macro package="telnet" /></ocil>
<rationale>The <tt>telnet</tt> protocol is insecure and unencrypted. The use
of an unencrypted transmission medium could allow an unauthorized user
to steal credentials. The <tt>ssh</tt> package provides an
encrypted session and stronger security and is included in Red Hat
-Enterprise Linux.<rationale>
+Enterprise Linux.</rationale>
<ident cce="" />
<oval id="package_telnet_removed" />
</Rule>
diff --git a/RHEL/6/input/system/selinux.xml b/RHEL/6/input/system/selinux.xml
index 9d7ed81..59a84cb 100644
--- a/RHEL/6/input/system/selinux.xml
+++ b/RHEL/6/input/system/selinux.xml
@@ -135,7 +135,7 @@ of file contexts created by some programs.</rationale>
</Rule>
<Rule id="package_setroubleshoot_removed">
-<title>Remove SETroubleshoot</title>
+<title>Uninstall setroubleshoot Package</title>
<description>The SETroubleshoot service notifies desktop users of SELinux
denials. The service provides information around configuration errors,
unauthorized intrusions, and other potential errors.
@@ -148,7 +148,7 @@ have running on a server</rationale>
</Rule>
<Rule id="package_mcstrans_removed">
-<title>Remove MCS Translation Service (mcstrans)</title>
+<title>Uninstall mcstrans Package</title>
<description>The <tt>mcstransd</tt> daemon provides category label information
to client processes requesting information. The label translations are defined
in <tt>/etc/selinux/targeted/setrans.conf</tt>.
@@ -158,7 +158,7 @@ in <tt>/etc/selinux/targeted/setrans.conf</tt>.
amount of potentially vulnerable code running on the system.
NOTE: This rule was added in support of the CIS RHEL6 v1.2.0 benchmark. Please
-note that Red Hat does not feel this rule is security relevant.
+note that Red Hat does not feel this rule is security relevant.
</rationale>
<ident cce="" />
<oval id="package_mcstrans_removed" />
diff --git a/shared/fixes/bash/enable_selinux_bootloader.sh
b/shared/fixes/bash/enable_selinux_bootloader.sh
index 2aa0077..f2d3def 100644
--- a/shared/fixes/bash/enable_selinux_bootloader.sh
+++ b/shared/fixes/bash/enable_selinux_bootloader.sh
@@ -1,2 +1,2 @@
-sed -i "s/[Ss][Ee][Ll][Ii][Nn][Uu][Xx]=0//g" /etc/grub.conf
-sed -i "s/[Ee][Nn][Ff][Oo][Rr][Cc][Ii][Nn][Gg]=0//g" /etc/grub.conf
+sed -i "s/selinux=0//gI" /etc/grub.conf
+sed -i "s/enforcing=0//gI" /etc/grub.conf
diff --git a/shared/fixes/bash/sticky_world_writable_dirs.sh
b/shared/fixes/bash/sticky_world_writable_dirs.sh
index ad07ddd..4069298 100644
--- a/shared/fixes/bash/sticky_world_writable_dirs.sh
+++ b/shared/fixes/bash/sticky_world_writable_dirs.sh
@@ -1,4 +1,4 @@
df --local -P | awk {'if (NR!=1) print $6'} \
| xargs -I '{}' find '{}' -xdev -type d \
-( -perm -0002 -a ! -perm -1000 \) 2>/dev/null \
+\( -perm -0002 -a ! -perm -1000 \) 2>/dev/null \
| xargs chmod a+t
--
1.7.1
_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
