>From 39b7ebbbfe11a5bba19756aedc7c22dab0d1f2b3 Mon Sep 17 00:00:00 2001 From: Shawn Wells <[email protected]> Date: Fri, 29 Mar 2013 16:52:30 -0400 Subject: [PATCH 04/21] Updated partition_for_tmp OVAL - Updated OVAL rule name to match XCCDF rule name
--- RHEL6/input/checks/partition_for_tmp.xml | 22 +++++++++++++++++++++ RHEL6/input/system/software/disk_partitioning.xml | 2 +- 2 files changed, 23 insertions(+), 1 deletions(-) create mode 100644 RHEL6/input/checks/partition_for_tmp.xml diff --git a/RHEL6/input/checks/partition_for_tmp.xml b/RHEL6/input/checks/partition_for_tmp.xml new file mode 100644 index 0000000..62da746 --- /dev/null +++ b/RHEL6/input/checks/partition_for_tmp.xml @@ -0,0 +1,22 @@ +<def-group> + <definition class="compliance" id="mount_tmp_own_partition" version="1"> + <metadata> + <title>Ensure /tmp Located On Separate Partition</title> + <affected family="unix"> + <platform>Red Hat Enterprise Linux 6</platform> + </affected> + <description>The /tmp directory is a world-writable directory + used for temporary file storage. Verify that it has its own + partition or logical volume.</description> + </metadata> + <criteria> + <criterion test_ref="test_tmp_partition" comment="/tmp on own partition" /> + </criteria> + </definition> + <linux:partition_test check="all" check_existence="all_exist" id="test_tmp_partition" version="1" comment="/tmp on own partition"> + <linux:object object_ref="object_own_tmp_partition" /> + </linux:partition_test> + <linux:partition_object id="object_own_tmp_partition" version="1"> + <linux:mount_point>/tmp</linux:mount_point> + </linux:partition_object> +</def-group> diff --git a/RHEL6/input/system/software/disk_partitioning.xml b/RHEL6/input/system/software/disk_partitioning.xml index c674447..2ba96ce 100644 --- a/RHEL6/input/system/software/disk_partitioning.xml +++ b/RHEL6/input/system/software/disk_partitioning.xml @@ -38,7 +38,7 @@ Placing <tt>/tmp</tt> in its own partition enables the setting of more restrictive mount options, which can help protect programs which use it. </rationale> <ident cce="26435-8"/> -<oval id="mount_tmp_own_partition" /> +<oval id="partition_for_tmp" /> <ref nist="" disa="1208"/> <tested by="MM" on="20120928"/> </Rule> -- 1.7.1
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
