>From 7ca0acdcb78bd47610ec60e03d83ce41e40f8295 Mon Sep 17 00:00:00 2001 From: Shawn Wells <[email protected]> Date: Fri, 29 Mar 2013 20:08:52 -0400 Subject: [PATCH 18/21] Renamed OVAL in restrict_root_console_logins to match XCCDF rule name
--- .../input/checks/restrict_root_console_logins.xml | 27 ++++++++++++++++++++ .../checks/securetty_root_login_console_only.xml | 27 -------------------- .../system/accounts/restrictions/root_logins.xml | 2 +- 3 files changed, 28 insertions(+), 28 deletions(-) create mode 100644 RHEL6/input/checks/restrict_root_console_logins.xml delete mode 100644 RHEL6/input/checks/securetty_root_login_console_only.xml diff --git a/RHEL6/input/checks/restrict_root_console_logins.xml b/RHEL6/input/checks/restrict_root_console_logins.xml new file mode 100644 index 0000000..18cdca5 --- /dev/null +++ b/RHEL6/input/checks/restrict_root_console_logins.xml @@ -0,0 +1,27 @@ +<def-group> + <definition class="compliance" id="securetty_root_login_console_only" version="1"> + <metadata> + <title>Restrict Virtual Console Root Logins</title> + <affected family="unix"> + <platform>Red Hat Enterprise Linux 6</platform> + </affected> + <description>Preventing direct root login to virtual console devices + helps ensure accountability for actions taken on the system + using the root account.</description> + </metadata> + <criteria> + <criterion comment="virtual consoles /etc/securetty" test_ref="test_virtual_consoles_etc_securetty" /> + </criteria> + </definition> + + <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="virtual consoles /etc/securetty" id="test_virtual_consoles_etc_securetty" version="1"> + <ind:object object_ref="object_virtual_consoles_etc_securetty" /> + </ind:textfilecontent54_test> + + <ind:textfilecontent54_object comment="virtual consoles /etc/securetty" id="object_virtual_consoles_etc_securetty" version="1"> + <ind:path>/etc</ind:path> + <ind:filename>securetty</ind:filename> + <ind:pattern operation="pattern match">^vc/[0-9]+$</ind:pattern> + <ind:instance datatype="int" operation="greater than or equal">1</ind:instance> + </ind:textfilecontent54_object> +</def-group> diff --git a/RHEL6/input/checks/securetty_root_login_console_only.xml b/RHEL6/input/checks/securetty_root_login_console_only.xml deleted file mode 100644 index 18cdca5..0000000 --- a/RHEL6/input/checks/securetty_root_login_console_only.xml +++ /dev/null @@ -1,27 +0,0 @@ -<def-group> - <definition class="compliance" id="securetty_root_login_console_only" version="1"> - <metadata> - <title>Restrict Virtual Console Root Logins</title> - <affected family="unix"> - <platform>Red Hat Enterprise Linux 6</platform> - </affected> - <description>Preventing direct root login to virtual console devices - helps ensure accountability for actions taken on the system - using the root account.</description> - </metadata> - <criteria> - <criterion comment="virtual consoles /etc/securetty" test_ref="test_virtual_consoles_etc_securetty" /> - </criteria> - </definition> - - <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="virtual consoles /etc/securetty" id="test_virtual_consoles_etc_securetty" version="1"> - <ind:object object_ref="object_virtual_consoles_etc_securetty" /> - </ind:textfilecontent54_test> - - <ind:textfilecontent54_object comment="virtual consoles /etc/securetty" id="object_virtual_consoles_etc_securetty" version="1"> - <ind:path>/etc</ind:path> - <ind:filename>securetty</ind:filename> - <ind:pattern operation="pattern match">^vc/[0-9]+$</ind:pattern> - <ind:instance datatype="int" operation="greater than or equal">1</ind:instance> - </ind:textfilecontent54_object> -</def-group> diff --git a/RHEL6/input/system/accounts/restrictions/root_logins.xml b/RHEL6/input/system/accounts/restrictions/root_logins.xml index 5977ebf..ec71fd3 100644 --- a/RHEL6/input/system/accounts/restrictions/root_logins.xml +++ b/RHEL6/input/system/accounts/restrictions/root_logins.xml @@ -58,7 +58,7 @@ helps ensure accountability for actions taken on the system using the root account. </rationale> <ident cce="26855-7" /> -<oval id="securetty_root_login_console_only" /> +<oval id="restrict_root_console_logins" /> <ref nist="AC-6(2)" disa="770" /> <tested by="DS" on="20121024"/> </Rule> -- 1.7.1
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
