This check and rule only seem to appear in the USGCB profile. Jeff has requested that I remove it.
- Maura Dailey Signed-off-by: Maura Dailey <[email protected]> --- .../checks/accounts_root_path_dirs_no_write.xml | 60 -------------------- RHEL6/input/system/accounts/session.xml | 1 - 2 files changed, 0 insertions(+), 61 deletions(-) delete mode 100644 RHEL6/input/checks/accounts_root_path_dirs_no_write.xml diff --git a/RHEL6/input/checks/accounts_root_path_dirs_no_write.xml b/RHEL6/input/checks/accounts_root_path_dirs_no_write.xml deleted file mode 100644 index 36a02cf..0000000 --- a/RHEL6/input/checks/accounts_root_path_dirs_no_write.xml +++ /dev/null @@ -1,60 +0,0 @@ -<def-group> - <definition class="compliance" - id="accounts_root_path_dirs_no_write" version="1"> - <metadata> - <title>Write permissions are disabled for group and other in - all directories in Root's Path</title> - <affected family="unix"> - <platform>Red Hat Enterprise Linux 6</platform> - </affected> - <description>Check each directory in root's path and make use - it does not grant write permission to group and - other</description> - </metadata> - <criteria comment="Check that write permission to group and other in root's path is denied" - negate="true" operator="OR"> - <criterion comment="Check for write permission to group in root's path" - test_ref="test_2008551" /> - <criterion comment="Check for write permission to other in root's path" - test_ref="test_2008552" /> - </criteria> - </definition> - <unix:file_test check="all" check_existence="any_exist" - comment="Check that write permission to group and other in root's path is denied" - id="test_2008551" version="1"> - <unix:object object_ref="obj_200855" /> - <unix:state state_ref="state_2008551" /> - </unix:file_test> - <unix:file_state comment="Group has write privilege" - id="state_2008551" version="1"> - <unix:gwrite datatype="boolean">1</unix:gwrite> - </unix:file_state> - <unix:file_object xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; - comment="root's PATH" id="obj_200855" - version="1"> - <unix:path var_ref="var_200855" /> - <unix:filename xsi:nil="true" /> - </unix:file_object> - <local_variable comment="Split the PATH on the : delimiter" - datatype="string" id="var_200855" - version="1"> - <split delimiter=":"> - <object_component item_field="value" - object_ref="obj_20085" /> - </split> - </local_variable> - <ind:environmentvariable_object id="obj_20085" - version="1"> - <ind:name>PATH</ind:name> - </ind:environmentvariable_object> - <unix:file_test check="all" check_existence="any_exist" - comment="Check that write permission to group and other in root's path is denied" - id="test_2008552" version="1"> - <unix:object object_ref="obj_200855" /> - <unix:state state_ref="state_2008552" /> - </unix:file_test> - <unix:file_state comment="Other has write privilege" - id="state_2008552" version="1"> - <unix:owrite datatype="boolean">1</unix:owrite> - </unix:file_state> -</def-group> diff --git a/RHEL6/input/system/accounts/session.xml b/RHEL6/input/system/accounts/session.xml index 7f6d287..69d9e3a 100644 --- a/RHEL6/input/system/accounts/session.xml +++ b/RHEL6/input/system/accounts/session.xml @@ -111,7 +111,6 @@ execute code provided by unprivileged users, and potentially malicious code. </rationale> <ident cce="26768-2" /> -<oval id="accounts_root_path_dirs_no_write" /> <ref nist=""/> </Rule> </Group> -- 1.7.1 _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
