In my particular case, it would fail the ‘file_ownership_library_dirs’
CCE-27424-1, test by finding this file:
528273 12 -rwsr-xr-x 1 abrt abrt 9904 Aug 13 2013
/usr/libexec/abrt-action-install-debuginfo-to-abrt-cache
Patched ssg-rhel6-oval.xml to include a / at the end of the directory in the
pattern match
--- orig.ssg-rhel6-oval.xml 2014-04-22 10:14:05.181639519 -0500
+++ ssg-rhel6-oval.xml 2014-04-22 10:15:26.376636705 -0500
@@ -10573,13 +10573,13 @@
</linux:rpminfo_object>
<unix:file_object comment="library directories" id="oval:ssg:obj:1862"
version="1">
<!-- Check that /lib, /lib64, /usr/lib, and /usr/lib64 directories
belong to user with uid 0 (root) -->
- <unix:path operation="pattern
match">^\/lib(|64)|^\/usr\/lib(|64)</unix:path>
+ <unix:path operation="pattern
match">^\/lib(|64)\/|^\/usr\/lib(|64)\/</unix:path>
<unix:filename xsi:nil="true"/>
<filter action="include">oval:ssg:ste:2182</filter>
</unix:file_object>
<unix:file_object comment="library files" id="oval:ssg:obj:1863"
version="1">
<!-- Check that files within /lib, /lib64, /usr/lib, and /usr/lib64
directories belong to user with uid 0 (root) -->
- <unix:path operation="pattern
match">^\/lib(|64)|^\/usr\/lib(|64)</unix:path>
+ <unix:path operation="pattern
match">^\/lib(|64)\/|^\/usr\/lib(|64)\/</unix:path>
<unix:filename operation="pattern match">^.*$</unix:filename>
<filter action="include">oval:ssg:ste:2182</filter>
</unix:file_object>
Verified it passes on my test system.
Thanks,
Rick Renshaw
_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
