>From 0b102e277da3628364124f3b364a8d89b7c106af Mon Sep 17 00:00:00 2001 From: Shawn Wells <[email protected]> Date: Fri, 29 Mar 2013 20:12:31 -0400 Subject: [PATCH 20/21] Renamed OVAL in no_shelllogin_for_systemaccounts.xml to match XCCDF rule name Renamed OVAL in no_shelllogin_for_systemaccounts.xml to match XCCDF rule name
--- RHEL6/input/checks/accounts_nologin_for_system.xml | 25 -------------------- .../checks/no_shelllogin_for_systemaccounts.xml | 25 ++++++++++++++++++++ .../system/accounts/restrictions/root_logins.xml | 2 +- 3 files changed, 26 insertions(+), 26 deletions(-) delete mode 100644 RHEL6/input/checks/accounts_nologin_for_system.xml create mode 100644 RHEL6/input/checks/no_shelllogin_for_systemaccounts.xml diff --git a/RHEL6/input/checks/accounts_nologin_for_system.xml b/RHEL6/input/checks/accounts_nologin_for_system.xml deleted file mode 100644 index fdca860..0000000 --- a/RHEL6/input/checks/accounts_nologin_for_system.xml +++ /dev/null @@ -1,25 +0,0 @@ -<def-group> - <definition class="compliance" id="accounts_nologin_for_system" version="1"> - <metadata> - <title>Block Shell and Login Access for Non-Root System Accounts</title> - <affected family="unix"> - <platform>Red Hat Enterprise Linux 6</platform> - </affected> - <description>Login access to non-root system accounts should be disabled.</description> - </metadata> - <criteria> - <criterion comment="check /etc/passwd for /sbin/nologin on non root system accounts" test_ref="test_accounts_nologin_for_system" /> - </criteria> - </definition> - <unix:password_test check="none satisfy" id="test_accounts_nologin_for_system" comment="no system user unauthorized shell" version="1"> - <unix:object object_ref="object_accounts_nologin_for_system" /> - <unix:state state_ref="state_sys_user_unauth_shell" /> - </unix:password_test> - <unix:password_object id="object_accounts_nologin_for_system" version="1"> - <unix:username operation="not equal">root</unix:username> - </unix:password_object> - <unix:password_state id="state_sys_user_unauth_shell" version="1" operator="AND"> - <unix:user_id datatype="int" operation="less than">500</unix:user_id> - <unix:login_shell datatype="string" operation="not equal">/sbin/nologin</unix:login_shell> - </unix:password_state> -</def-group> diff --git a/RHEL6/input/checks/no_shelllogin_for_systemaccounts.xml b/RHEL6/input/checks/no_shelllogin_for_systemaccounts.xml new file mode 100644 index 0000000..fdca860 --- /dev/null +++ b/RHEL6/input/checks/no_shelllogin_for_systemaccounts.xml @@ -0,0 +1,25 @@ +<def-group> + <definition class="compliance" id="accounts_nologin_for_system" version="1"> + <metadata> + <title>Block Shell and Login Access for Non-Root System Accounts</title> + <affected family="unix"> + <platform>Red Hat Enterprise Linux 6</platform> + </affected> + <description>Login access to non-root system accounts should be disabled.</description> + </metadata> + <criteria> + <criterion comment="check /etc/passwd for /sbin/nologin on non root system accounts" test_ref="test_accounts_nologin_for_system" /> + </criteria> + </definition> + <unix:password_test check="none satisfy" id="test_accounts_nologin_for_system" comment="no system user unauthorized shell" version="1"> + <unix:object object_ref="object_accounts_nologin_for_system" /> + <unix:state state_ref="state_sys_user_unauth_shell" /> + </unix:password_test> + <unix:password_object id="object_accounts_nologin_for_system" version="1"> + <unix:username operation="not equal">root</unix:username> + </unix:password_object> + <unix:password_state id="state_sys_user_unauth_shell" version="1" operator="AND"> + <unix:user_id datatype="int" operation="less than">500</unix:user_id> + <unix:login_shell datatype="string" operation="not equal">/sbin/nologin</unix:login_shell> + </unix:password_state> +</def-group> diff --git a/RHEL6/input/system/accounts/restrictions/root_logins.xml b/RHEL6/input/system/accounts/restrictions/root_logins.xml index bb33399..82d94b0 100644 --- a/RHEL6/input/system/accounts/restrictions/root_logins.xml +++ b/RHEL6/input/system/accounts/restrictions/root_logins.xml @@ -140,7 +140,7 @@ section on the root account. Doing so might cause the system to become inaccessible. </warning> <ident cce="26966-2" /> -<oval id="accounts_nologin_for_system" /> +<oval id="no_shelllogin_for_systemaccounts" /> <ref nist="" disa="178" /> <tested by="DS" on="20121024"/> </Rule> -- 1.7.1
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
