---
...ile_permissions_unauthorized_world_writable.xml | 5 +++++
1 files changed, 5 insertions(+), 0 deletions(-)
diff --git
a/RHEL/6/input/checks/file_permissions_unauthorized_world_writable.xml
b/RHEL/6/input/checks/file_permissions_unauthorized_world_writable.xml
index c3d4c8a..b6624c4 100644
--- a/RHEL/6/input/checks/file_permissions_unauthorized_world_writable.xml
+++ b/RHEL/6/input/checks/file_permissions_unauthorized_world_writable.xml
@@ -23,8 +23,10 @@
<unix:path operation="equals">/</unix:path>
<unix:filename operation="pattern match">^.*$</unix:filename>
<filter
action="include">state_file_permissions_unauthorized_world_write</filter>
+ <!-- don't search /proc, /sys, and some special files from /selinux -->
<filter
action="exclude">state_file_permissions_unauthorized_world_write_exclude_special_selinux_files</filter>
<filter
action="exclude">state_file_permissions_unauthorized_world_write_exclude_proc</filter>
+ <filter
action="exclude">state_file_permissions_unauthorized_world_write_exclude_sys</filter>
</unix:file_object>
<unix:file_state id="state_file_permissions_unauthorized_world_write"
version="1">
<unix:type operation="equals">regular</unix:type>
@@ -36,4 +38,7 @@
<unix:file_state
id="state_file_permissions_unauthorized_world_write_exclude_proc" version="1">
<unix:filepath operation="pattern match">^/proc/.*$</unix:filepath>
</unix:file_state>
+ <unix:file_state
id="state_file_permissions_unauthorized_world_write_exclude_sys" version="1">
+ <unix:filepath operation="pattern match">^/sys/.*$</unix:filepath>
+ </unix:file_state>
</def-group>
--
1.7.1
_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
