>From a8f8f56d6e2b73b68c4e3fc7220186460d526cff Mon Sep 17 00:00:00 2001 From: Michael McConachie <[email protected]> Date: Wed, 26 Sep 2012 13:52:42 -0400 Subject: [PATCH 4/4] OCIL clause changes for input/system/permissions/files.xml
--- RHEL6/input/system/permissions/files.xml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/RHEL6/input/system/permissions/files.xml b/RHEL6/input/system/permissions/files.xml index 59f0a3a..0623089 100644 --- a/RHEL6/input/system/permissions/files.xml +++ b/RHEL6/input/system/permissions/files.xml @@ -186,7 +186,7 @@ Kernel modules, which can be added to the kernel during runtime, are stored in <tt>/lib/modules</tt>. All files in these directories should not be group-writable or world-writable. </description> -<ocil> +<ocil clause="any of the modules are group-writable"> To find shared libraries that are group-writable or world-writable, run the following command for each directory <i>DIR</i> which contains shared libraries: <pre>$ find <i>DIR</i> -perm /022</pre> @@ -211,7 +211,7 @@ Kernel modules, which can be added to the kernel during runtime, are also stored in <tt>/lib/modules</tt>. All files in these directories should be owned by the <tt>root</tt> user. </description> -<ocil> +<ocil clause="any of the shared modules aren't owned by root"> To find shared libraries that are not owned by <tt>root</tt>, run the following command for each directory <i>DIR</i> which contains shared libraries: <pre>$ find <i>DIR</i> \! -user root</pre> @@ -235,7 +235,7 @@ System executables are stored in the following directories by default: /usr/local/sbin</pre> All files in these directories should not be group-writable or world-writable. </description> -<ocil> +<ocil clause="any system executables are found to be group, or world writable"> To find system executables that are group-writable or world-writable, run the following command for each directory <i>DIR</i> which contains system executables: <pre>$ find <i>DIR</i> -perm /022</pre> @@ -258,7 +258,7 @@ System executables are stored in the following directories by default: /usr/local/sbin</pre> All files in these directories should be owned by the <tt>root</tt> user. </description> -<ocil> +<ocil clause="any system executables are found to not be owned by root"> To find system executables that are not owned by <tt>root</tt>, run the following command for each directory <i>DIR</i> which contains system executables: <pre>$ find <i>DIR</i> \! -user root</pre> @@ -289,7 +289,7 @@ To set the sticky bit on a world-writable directory <i>DIR</i>, run the following command: <pre># chmod +t <i>DIR</i></pre> </description> -<ocil> +<ocil clause="any world-writable directories are missing the sticky bit"> To find world-writable directories that lack the sticky bit, run the following command: <pre># find / -type d -perm -002 ! -perm -1000</pre> </ocil> -- 1.7.11.4
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
