until now -- ack!
On Tue, Sep 10, 2013 at 12:55 PM, Maura Dailey <[email protected]>wrote: > No one's ACKED these. > > - Maura Dailey > > On 08/30/2013 01:41 PM, Maura Dailey wrote: > >> Added test checks for set of partition checks. >> >> Signed-off-by: Maura Dailey <[email protected]> >> --- >> RHEL6/input/checks/partition_**for_home.xml | 18 >> ++++++++++-------- >> RHEL6/input/checks/partition_**for_tmp.xml | 14 >> ++++++++------ >> RHEL6/input/checks/partition_**for_var.xml | 18 >> ++++++++++-------- >> RHEL6/input/checks/partition_**for_var_log.xml | 12 >> +++++++----- >> RHEL6/input/checks/partition_**for_var_log_audit.xml | 18 >> +++++++++++------- >> 5 files changed, 46 insertions(+), 34 deletions(-) >> >> diff --git a/RHEL6/input/checks/**partition_for_home.xml >> b/RHEL6/input/checks/**partition_for_home.xml >> index b784316..2081d18 100644 >> --- a/RHEL6/input/checks/**partition_for_home.xml >> +++ b/RHEL6/input/checks/**partition_for_home.xml >> @@ -5,20 +5,22 @@ >> <affected family="unix"> >> <platform>Red Hat Enterprise Linux 6</platform> >> </affected> >> - <description>If user home directories will be stored locally, >> - create a separate partition for /home. If /home will be mounted >> - from another system such as an NFS server, then creating a separate >> - partition is not necessary at this time, and the mountpoint can >> - instead be configured later.</description> >> + <description>If user home directories will be stored locally, >> create a >> + separate partition for /home. If /home will be mounted from another >> + system such as an NFS server, then creating a separate partition >> is not >> + necessary at this time, and the mountpoint can instead be >> configured >> + later.</description> >> + <reference source="MED" ref_id="20130830" >> ref_url="test_attestation" /> >> </metadata> >> <criteria> >> <criterion test_ref="test_home_partition" comment="/home on own >> partition" /> >> </criteria> >> </definition> >> - <linux:partition_test check="all" check_existence="all_exist" >> id="test_home_partition" version="1" comment="/home on own partition"> >> - <linux:object object_ref="object_mount_home_**own_partition" /> >> + <linux:partition_test check="all" check_existence="all_exist" >> + id="test_home_partition" version="1" comment="/home on own partition"> >> + <linux:object object_ref="object_mount_home_**own_partition" /> >> </linux:partition_test> >> <linux:partition_object id="object_mount_home_own_**partition" >> version="1"> >> - <linux:mount_point>/home</**linux:mount_point> >> + <linux:mount_point>/home</**linux:mount_point> >> </linux:partition_object> >> </def-group> >> diff --git a/RHEL6/input/checks/**partition_for_tmp.xml >> b/RHEL6/input/checks/**partition_for_tmp.xml >> index de93ee9..9c28c13 100644 >> --- a/RHEL6/input/checks/**partition_for_tmp.xml >> +++ b/RHEL6/input/checks/**partition_for_tmp.xml >> @@ -5,18 +5,20 @@ >> <affected family="unix"> >> <platform>Red Hat Enterprise Linux 6</platform> >> </affected> >> - <description>The /tmp directory is a world-writable directory >> - used for temporary file storage. Verify that it has its own >> - partition or logical volume.</description> >> + <description>The /tmp directory is a world-writable directory used >> for >> + temporary file storage. Verify that it has its own partition or >> logical >> + volume.</description> >> + <reference source="MED" ref_id="20130830" >> ref_url="test_attestation" /> >> </metadata> >> <criteria> >> <criterion test_ref="test_tmp_partition" comment="/tmp on own >> partition" /> >> </criteria> >> </definition> >> - <linux:partition_test check="all" check_existence="all_exist" >> id="test_tmp_partition" version="1" comment="/tmp on own partition"> >> - <linux:object object_ref="object_own_tmp_**partition" /> >> + <linux:partition_test check="all" check_existence="all_exist" >> + id="test_tmp_partition" version="1" comment="/tmp on own partition"> >> + <linux:object object_ref="object_own_tmp_**partition" /> >> </linux:partition_test> >> <linux:partition_object id="object_own_tmp_partition" version="1"> >> - <linux:mount_point>/tmp</**linux:mount_point> >> + <linux:mount_point>/tmp</**linux:mount_point> >> </linux:partition_object> >> </def-group> >> diff --git a/RHEL6/input/checks/**partition_for_var.xml >> b/RHEL6/input/checks/**partition_for_var.xml >> index 58089ab..2ed1d38 100644 >> --- a/RHEL6/input/checks/**partition_for_var.xml >> +++ b/RHEL6/input/checks/**partition_for_var.xml >> @@ -5,20 +5,22 @@ >> <affected family="unix"> >> <platform>Red Hat Enterprise Linux 6</platform> >> </affected> >> - <description>Ensuring that /var is mounted on its own partition >> enables the >> - setting of more restrictive mount options, which is used as >> temporary >> - storage by many program, particularly system services such as >> daemons. >> - It is not uncommon for the /var directory to contain >> world-writable directories, >> - installed by other software packages.</description> >> + <description>Ensuring that /var is mounted on its own partition >> enables >> + the setting of more restrictive mount options, which is used as >> temporary >> + storage by many program, particularly system services such as >> daemons. It >> + is not uncommon for the /var directory to contain world-writable >> + directories, installed by other software packages.</description> >> + <reference source="MED" ref_id="20130830" >> ref_url="test_attestation" /> >> </metadata> >> <criteria> >> <criterion test_ref="test_var_partition" comment="/var on own >> partition" /> >> </criteria> >> </definition> >> - <linux:partition_test check="all" check_existence="all_exist" >> id="test_var_partition" version="1" comment="/var on own partition"> >> - <linux:object object_ref="object_mount_var_**own_partition" /> >> + <linux:partition_test check="all" check_existence="all_exist" >> + id="test_var_partition" version="1" comment="/var on own partition"> >> + <linux:object object_ref="object_mount_var_**own_partition" /> >> </linux:partition_test> >> <linux:partition_object id="object_mount_var_own_**partition" >> version="1"> >> - <linux:mount_point>/var</**linux:mount_point> >> + <linux:mount_point>/var</**linux:mount_point> >> </linux:partition_object> >> </def-group> >> diff --git a/RHEL6/input/checks/**partition_for_var_log.xml >> b/RHEL6/input/checks/**partition_for_var_log.xml >> index 8a8a6f4..94d235b 100644 >> --- a/RHEL6/input/checks/**partition_for_var_log.xml >> +++ b/RHEL6/input/checks/**partition_for_var_log.xml >> @@ -5,17 +5,19 @@ >> <affected family="unix"> >> <platform>Red Hat Enterprise Linux 6</platform> >> </affected> >> - <description>System logs are stored in the /var/log directory. >> - Ensure that it has its own partition or logical >> volume.</description> >> + <description>System logs are stored in the /var/log directory. >> Ensure >> + that it has its own partition or logical volume.</description> >> + <reference source="MED" ref_id="20130830" >> ref_url="test_attestation" /> >> </metadata> >> <criteria> >> <criterion test_ref="test_var_log_**partition" comment="/var/log >> on own partition" /> >> </criteria> >> </definition> >> - <linux:partition_test check="all" check_existence="all_exist" >> id="test_var_log_partition" version="1" comment="/var/log on own partition"> >> - <linux:object object_ref="object_mount_var_**log_own_partition" /> >> + <linux:partition_test check="all" check_existence="all_exist" >> + id="test_var_log_partition" version="1" comment="/var/log on own >> partition"> >> + <linux:object object_ref="object_mount_var_**log_own_partition" /> >> </linux:partition_test> >> <linux:partition_object id="object_mount_var_log_own_**partition" >> version="1"> >> - <linux:mount_point>/var/log</**linux:mount_point> >> + <linux:mount_point>/var/log</**linux:mount_point> >> </linux:partition_object> >> </def-group> >> diff --git a/RHEL6/input/checks/**partition_for_var_log_audit.**xml >> b/RHEL6/input/checks/**partition_for_var_log_audit.**xml >> index e88ceba..b7a7d68 100644 >> --- a/RHEL6/input/checks/**partition_for_var_log_audit.**xml >> +++ b/RHEL6/input/checks/**partition_for_var_log_audit.**xml >> @@ -6,18 +6,22 @@ >> <platform>Red Hat Enterprise Linux 6</platform> >> </affected> >> <description>Audit logs are stored in the /var/log/audit >> directory. >> - Ensure that it has its own partition or logical volume. Make >> - absolutely certain that it is large enough to store all audit logs >> - that will be created by the auditing daemon.</description> >> + Ensure that it has its own partition or logical volume. Make >> absolutely >> + certain that it is large enough to store all audit logs that will >> be >> + created by the auditing daemon.</description> >> + <reference source="MED" ref_id="20130830" >> ref_url="test_attestation" /> >> </metadata> >> <criteria> >> <criterion test_ref="test_var_log_audit_**partition" >> comment="/var/log/audit on own partition" /> >> </criteria> >> </definition> >> - <linux:partition_test check="all" check_existence="all_exist" >> id="test_var_log_audit_**partition" version="1" comment="check for >> /var/log/audit partition"> >> - <linux:object object_ref="object_mount_var_**log_audit_own_partition" >> /> >> + <linux:partition_test check="all" check_existence="all_exist" >> + id="test_var_log_audit_**partition" version="1" >> + comment="check for /var/log/audit partition"> >> + <linux:object object_ref="object_mount_var_**log_audit_own_partition" >> /> >> </linux:partition_test> >> - <linux:partition_object id="object_mount_var_log_**audit_own_partition" >> version="1"> >> - <linux:mount_point>/var/log/**audit</linux:mount_point> >> + <linux:partition_object id="object_mount_var_log_** >> audit_own_partition" >> + version="1"> >> + <linux:mount_point>/var/log/**audit</linux:mount_point> >> </linux:partition_object> >> </def-group> >> > > ______________________________**_________________ > scap-security-guide mailing list > scap-security-guide@lists.**fedorahosted.org<[email protected]> > https://lists.fedorahosted.**org/mailman/listinfo/scap-**security-guide<https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide> >
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
