>From 028d5709be25b32b082ac1eebe3662ac31c97646 Mon Sep 17 00:00:00 2001 From: Shawn Wells <sh...@redhat.com> Date: Wed, 19 Sep 2012 11:30:55 -0400 Subject: [PATCH 02/14] Created OCIL for no_netrc_files - Updated description language to place OCIL language in <OCIL> tags - Expanded OCIL check description to state that any .netrc files should be deleted or documented
--- .../accounts/restrictions/password_storage.xml | 12 ++++++++---- 1 files changed, 8 insertions(+), 4 deletions(-) diff --git a/RHEL6/input/system/accounts/restrictions/password_storage.xml b/RHEL6/input/system/accounts/restrictions/password_storage.xml index 29572f2..96b1b7a 100644 --- a/RHEL6/input/system/accounts/restrictions/password_storage.xml +++ b/RHEL6/input/system/accounts/restrictions/password_storage.xml @@ -63,16 +63,20 @@ used to auto-login into FTP servers and reside in the user's home directory. These files may contain unencrypted passwords to remote FTP servers making them susceptible to access by unauthorized users and should not be used. -<br /><br /> -To check the system for the existence of any <tt>.netrc</tt> files, -run the following command: -<pre># find / -name .netrc</pre> </description> <rationale> Unencrypted passwords for remote FTP servers may be stored in <tt>.netrc</tt> files. DoD policy requires passwords be encrypted in storage and not used in access scripts. </rationale> +<ocil>Check the system for the existence of <tt>.netrc</tt> files by +running the following command: +<pre># find / -name .netrc</pre> + +Output indicates the presense of <tt>.netrc</tt> files. Remove <tt>.netrc</tt> +files wherever possible. If <tt>.netrc</tt> files are required for +mission functionality their existence and risk mitigation steps should be +documented.</ocil> <ident cce="TODO" /> <oval id="TODO" /> <ref nist="IA-5" disa="196" /> -- 1.7.1
_______________________________________________ scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
