>From 0b430da6c2b21e2ec39afde2d815cd39087b5b01 Mon Sep 17 00:00:00 2001 From: Shawn Wells <[email protected]> Date: Wed, 4 Jul 2012 01:22:30 -0400 Subject: [PATCH 05/11] Updated prose of file_permissions_etc_passwd and mapped to CCI-000225
This sections stated the file permissions needed to be secure, but did not provide a recomendation. Updated to state 0644 or less permissive, which is the RHEL default and matches the RHEL5 STIG requirements. Updated rational field as well. Mapped to CCI-000225. --- rhel6/src/input/system/permissions/files.xml | 9 +++++---- 1 files changed, 5 insertions(+), 4 deletions(-) diff --git a/rhel6/src/input/system/permissions/files.xml b/rhel6/src/input/system/permissions/files.xml index ce190b6..1bd75b1 100644 --- a/rhel6/src/input/system/permissions/files.xml +++ b/rhel6/src/input/system/permissions/files.xml @@ -144,12 +144,13 @@ the system. Protection of this file is critical for system security.</rationale> <Rule id="file_permissions_etc_passwd"> <title>Verify permissions on <tt>passwd</tt> file</title> <description>File permissions for <tt>/etc/passwd</tt> should be set -correctly.</description> -<rationale>The /etc/passwd contains information about the users that are configured on -the system. Protection of this file is critical for system security.</rationale> +to 0644 or less permissive.</description> +<rationale>If the passwd file is writable by a group-owner or the world the +risk of passwd file compromise is increased. The passwd file contains the +list of acounts on the system and associated information.</rational> <ident cce="3566-7" /> <oval id="file_permissions_etc_passwd" /> -<ref nist="AC-3, CM-6"/> +<ref nist="AC-3, CM-6" disa="225"/> </Rule> </Group> -- 1.7.1
_______________________________________________ scap-security-guide mailing list [email protected] https://fedorahosted.org/mailman/listinfo/scap-security-guide
