--- RHEL6/input/system/accounts/restrictions/password_storage.xml | 2 +- RHEL6/input/system/auditing.xml | 4 ++-- RHEL6/input/system/permissions/files.xml | 8 ++++---- 3 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/RHEL6/input/system/accounts/restrictions/password_storage.xml b/RHEL6/input/system/accounts/restrictions/password_storage.xml index 6c1c187..153a2d6 100644 --- a/RHEL6/input/system/accounts/restrictions/password_storage.xml +++ b/RHEL6/input/system/accounts/restrictions/password_storage.xml @@ -97,7 +97,7 @@ users and should not be used. Any <tt>.netrc</tt> files should be removed. <ocil clause="any .netrc files exist"> To check the system for the existence of any <tt>.netrc</tt> files, run the following command: -<pre># find / -name .netrc</pre> +<pre># find / -xdev -name .netrc</pre> <!-- needs fixup to limit search to home dirs --> </ocil> <rationale> diff --git a/RHEL6/input/system/auditing.xml b/RHEL6/input/system/auditing.xml index 9599c5c..d10fb78 100644 --- a/RHEL6/input/system/auditing.xml +++ b/RHEL6/input/system/auditing.xml @@ -1166,7 +1166,7 @@ these events could serve as evidence of potential system compromise.</rationale> <description>At a minimum the audit system should collect the execution of privileged commands for all users and root. To find the relevant setuid programs: -<pre># find / -type f -perm -4000 -o -perm -2000 2>/dev/null</pre> +<pre># find / -xdev -type f -perm -4000 -o -perm -2000 2>/dev/null</pre> Then, for each setuid program on the system, add a line of the following form to <tt>/etc/audit/audit.rules</tt>, where <i>SETUID_PROG_PATH</i> is the full path to each setuid program in the list: @@ -1174,7 +1174,7 @@ in the list: </description> <ocil clause="it is not the case"> To verify that auditing of privileged command use is configured, run the following command to find relevant setuid programs: -<pre># find / -type f -perm -4000 -o -perm -2000 2>/dev/null</pre> +<pre># find / -xdev -type f -perm -4000 -o -perm -2000 2>/dev/null</pre> Run the following command to verify entries in the audit rules for all programs found with the previous command: <pre># grep path /etc/audit/audit.rules</pre> It should be the case that all relevant setuid programs have a line in the audit rules. diff --git a/RHEL6/input/system/permissions/files.xml b/RHEL6/input/system/permissions/files.xml index b8c3871..44dabe8 100644 --- a/RHEL6/input/system/permissions/files.xml +++ b/RHEL6/input/system/permissions/files.xml @@ -313,7 +313,7 @@ following command: </description> <ocil clause="any world-writable directories are missing the sticky bit"> To find world-writable directories that lack the sticky bit, run the following command: -<pre># find / -type d -perm 002 ! -perm 1000</pre> +<pre># find / -xdev -type d -perm 002 ! -perm 1000</pre> </ocil> <rationale> Failing to set the sticky bit on public directories allows unauthorized users to delete files in the directory structure. @@ -345,7 +345,7 @@ symptoms of a misconfigured application or user account.</description> <ocil clause="there is output"> To find world-writable files, run the following command: -<pre># find / -type f -perm -002</pre> +<pre># find / -xdev -type f -perm -002</pre> </ocil> <ident cce="3795-2" /> <ref nist="CM-6"/> @@ -361,7 +361,7 @@ of any unpackaged SGID files. </description> <ocil clause="there is output"> To find world-writable files, run the following command: -<pre># find / -type f -perm -002</pre> +<pre># find / -xdev -type f -perm -002</pre> </ocil> <rationale>Executable files with the SGID permission run with the privileges of the owner of the file. SGID files of uncertain provenance could allow for @@ -382,7 +382,7 @@ of any unpackaged SUID files. </description> <ocil> To find world-writable files, run the following command: -<pre># find / -type f -perm -002</pre> +<pre># find / -xdev -type f -perm -002</pre> </ocil> <rationale>Executable files with the SUID permission run with the privileges of the owner of the file. SUID files of uncertain provenance could allow for -- 1.8.0 _______________________________________________ scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
