[PATCH 20/31] Renamed groupowner_passwd_file to

Fri, 27 Dec 2013 15:29:06 -0800 

>From c49a518428a373597fd0a31134bace0c41f5b2a4 Mon Sep 17 00:00:00 2001
From: Shawn Wells <[email protected]>
Date: Fri, 27 Dec 2013 01:17:21 -0500
Subject: [PATCH 20/31] Renamed groupowner_passwd_file to
 file_groupowner_etc_passwd, added to shared/

- XCCDF renamed to align with template style

- Tested on RHEL7, updated CPE, added to shared/
---
 RHEL/6/input/auxiliary/stig_overlay.xml            |  2 +-
 RHEL/6/input/checks/file_groupowner_etc_passwd.xml | 30 +---------------------
 RHEL/6/input/profiles/CS2.xml                      |  2 +-
 RHEL/6/input/profiles/common.xml                   |  2 +-
 .../6/input/profiles/fisma-medium-rhel6-server.xml |  2 +-
 RHEL/6/input/profiles/nist-CL-IL-AL.xml            |  2 +-
 RHEL/6/input/profiles/rht-ccp.xml                  |  2 +-
 RHEL/6/input/profiles/usgcb-rhel6-server.xml       |  2 +-
 RHEL/6/input/system/permissions/files.xml          |  2 +-
 RHEL/7/input/auxiliary/stig_overlay.xml            |  2 +-
 RHEL/7/input/checks/file_groupowner_etc_passwd.xml |  1 +
 RHEL/7/input/profiles/rht-ccp.xml                  |  2 +-
 RHEL/7/input/system/permissions/files.xml          |  2 +-
 shared/oval/file_groupowner_etc_passwd.xml         | 30 ++++++++++++++++++++++
 14 files changed, 43 insertions(+), 40 deletions(-)
 mode change 100644 => 120000 RHEL/6/input/checks/file_groupowner_etc_passwd.xml
 create mode 120000 RHEL/7/input/checks/file_groupowner_etc_passwd.xml
 create mode 100644 shared/oval/file_groupowner_etc_passwd.xml

diff --git a/RHEL/6/input/auxiliary/stig_overlay.xml 
b/RHEL/6/input/auxiliary/stig_overlay.xml
index 428681e..9848d2c 100644
--- a/RHEL/6/input/auxiliary/stig_overlay.xml
+++ b/RHEL/6/input/auxiliary/stig_overlay.xml
@@ -116,7 +116,7 @@
                <VMSinfo VKey="38450" SVKey="50250" VRelease="1" />
                <title>The /etc/passwd file must be owned by root.</title>
        </overlay>
-       <overlay owner="disastig" ruleid="groupowner_passwd_file" 
ownerid="RHEL-06-000040" disa="366" severity="medium">
+       <overlay owner="disastig" ruleid="file_groupowner_etc_passwd" 
ownerid="RHEL-06-000040" disa="366" severity="medium">
                <VMSinfo VKey="38451" SVKey="50251" VRelease="1" />
                <title>The /etc/passwd file must be group-owned by root.</title>
        </overlay>
diff --git a/RHEL/6/input/checks/file_groupowner_etc_passwd.xml 
b/RHEL/6/input/checks/file_groupowner_etc_passwd.xml
deleted file mode 100644
index 678d30a..0000000
--- a/RHEL/6/input/checks/file_groupowner_etc_passwd.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<def-group>
-  <definition class="compliance" id="file_groupowner_etc_passwd" version="1">
-    <metadata>
-      <title>Verify group who owns 'passwd' file</title>
-      <affected family="unix">
-        <platform>Red Hat Enterprise Linux 6</platform>
-      </affected>
-      <description>The /etc/passwd file should be owned by the appropriate
-      group.</description>
-      <reference source="swells" ref_id="20130918" ref_url="test_attestation" 
/>
-    </metadata>
-    <criteria>
-      <criterion test_ref="test_file_groupowner_etc_passwd" />
-    </criteria>
-  </definition>
-  <unix:file_test check="all" check_existence="all_exist"
-  comment="Testing group ownership of /etc/passwd"
-  id="test_file_groupowner_etc_passwd" version="1">
-    <unix:object object_ref="object_file_groupowner_etc_passwd" />
-    <unix:state state_ref="state_file_groupowner_etc_passwd" />
-  </unix:file_test>
-  <unix:file_state id="state_file_groupowner_etc_passwd" version="1">
-    <unix:group_id datatype="int">0</unix:group_id>
-  </unix:file_state>
-  <unix:file_object comment="/etc/passwd"
-  id="object_file_groupowner_etc_passwd" version="1">
-    <unix:filepath>/etc/passwd</unix:filepath>
-  </unix:file_object>
-</def-group>
diff --git a/RHEL/6/input/checks/file_groupowner_etc_passwd.xml 
b/RHEL/6/input/checks/file_groupowner_etc_passwd.xml
new file mode 120000
index 0000000..0a08fa3
--- /dev/null
+++ b/RHEL/6/input/checks/file_groupowner_etc_passwd.xml
@@ -0,0 +1 @@
+../../../../shared/oval/file_groupowner_etc_passwd.xml
\ No newline at end of file
diff --git a/RHEL/6/input/profiles/CS2.xml b/RHEL/6/input/profiles/CS2.xml
index 86ba34e..645966a 100644
--- a/RHEL/6/input/profiles/CS2.xml
+++ b/RHEL/6/input/profiles/CS2.xml
@@ -155,7 +155,7 @@
 <select idref="file_groupowner_etc_gshadow" selected="true"/>
 <select idref="file_permissions_etc_gshadow" selected="true"/>
 <select idref="file_owner_etc_passwd" selected="true"/>
-<select idref="groupowner_passwd_file" selected="true"/>
+<select idref="file_groupowner_etc_passwd" selected="true"/>
 <select idref="file_permissions_etc_passwd" selected="true"/>
 <select idref="userowner_group_file" selected="true" />
 <select idref="groupowner_group_file" selected="true" />
diff --git a/RHEL/6/input/profiles/common.xml b/RHEL/6/input/profiles/common.xml
index 2b7f984..20d7d4f 100644
--- a/RHEL/6/input/profiles/common.xml
+++ b/RHEL/6/input/profiles/common.xml
@@ -33,7 +33,7 @@
 <select idref="file_permissions_etc_gshadow" selected="true"/>
 
 <select idref="file_owner_etc_passwd" selected="true"/>
-<select idref="groupowner_passwd_file" selected="true"/>
+<select idref="file_groupowner_etc_passwd" selected="true"/>
 <select idref="file_permissions_etc_passwd" selected="true"/>
 
 <select idref="userowner_group_file" selected="true" />
diff --git a/RHEL/6/input/profiles/fisma-medium-rhel6-server.xml 
b/RHEL/6/input/profiles/fisma-medium-rhel6-server.xml
index da7355f..de9673a 100644
--- a/RHEL/6/input/profiles/fisma-medium-rhel6-server.xml
+++ b/RHEL/6/input/profiles/fisma-medium-rhel6-server.xml
@@ -49,7 +49,7 @@
 <select idref="file_groupowner_etc_gshadow" selected="true" />
 <select idref="file_permissions_etc_gshadow" selected="true" />
 <select idref="file_owner_etc_passwd" selected="true" />
-<select idref="groupowner_passwd_file" selected="true" />
+<select idref="file_groupowner_etc_passwd" selected="true" />
 <select idref="file_permissions_etc_passwd" selected="true" />
 <select idref="file_permissions_library_dirs" selected="true" />
 <select idref="file_ownership_library_dirs" selected="true" />
diff --git a/RHEL/6/input/profiles/nist-CL-IL-AL.xml 
b/RHEL/6/input/profiles/nist-CL-IL-AL.xml
index 5548ffe..265b303 100644
--- a/RHEL/6/input/profiles/nist-CL-IL-AL.xml
+++ b/RHEL/6/input/profiles/nist-CL-IL-AL.xml
@@ -143,7 +143,7 @@ assurance."</description>
 <select idref="file_groupowner_etc_gshadow" selected="true" \>
 <select idref="file_permissions_etc_gshadow" selected="true" \>
 <select idref="file_owner_etc_passwd" selected="true" \>
-<select idref="groupowner_passwd_file" selected="true" \>
+<select idref="file_groupowner_etc_passwd" selected="true" \>
 <select idref="file_permissions_etc_passwd" selected="true" \>
 <select idref="selinux_confinement_of_daemons" selected="true" \>
 <select idref="permissions_within_important_dirs" selected="true" \>
diff --git a/RHEL/6/input/profiles/rht-ccp.xml 
b/RHEL/6/input/profiles/rht-ccp.xml
index aefea86..c1be635 100644
--- a/RHEL/6/input/profiles/rht-ccp.xml
+++ b/RHEL/6/input/profiles/rht-ccp.xml
@@ -74,7 +74,7 @@
 <select idref="file_groupowner_etc_gshadow" selected="true"/>
 <select idref="file_permissions_etc_gshadow" selected="true"/>
 <select idref="file_owner_etc_passwd" selected="true"/>
-<select idref="groupowner_passwd_file" selected="true"/>
+<select idref="file_groupowner_etc_passwd" selected="true"/>
 <select idref="file_permissions_etc_passwd" selected="true"/>
 <select idref="userowner_group_file" selected="true"/>
 <select idref="groupowner_group_file" selected="true"/>
diff --git a/RHEL/6/input/profiles/usgcb-rhel6-server.xml 
b/RHEL/6/input/profiles/usgcb-rhel6-server.xml
index 2983256..a390a3e 100644
--- a/RHEL/6/input/profiles/usgcb-rhel6-server.xml
+++ b/RHEL/6/input/profiles/usgcb-rhel6-server.xml
@@ -44,7 +44,7 @@
 <select idref="groupowner_group_file" selected="true" />
 <select idref="file_permissions_etc_passwd" selected="true" />
 <select idref="file_owner_etc_passwd" selected="true" />
-<select idref="groupowner_passwd_file" selected="true" />
+<select idref="file_groupowner_etc_passwd" selected="true" />
 <select idref="sticky_world_writable_dirs" selected="true" />
 <select idref="world_writeable_files" selected="true" />
 <select idref="no_unpackaged_sgid_files" selected="true" />
diff --git a/RHEL/6/input/system/permissions/files.xml 
b/RHEL/6/input/system/permissions/files.xml
index 71461d7..197e4ae 100644
--- a/RHEL/6/input/system/permissions/files.xml
+++ b/RHEL/6/input/system/permissions/files.xml
@@ -143,7 +143,7 @@ the system. Protection of this file is critical for system 
security.</rationale>
 <tested by="DS" on="20121026"/>
 </Rule>
 
-<Rule id="groupowner_passwd_file" severity="medium">
+<Rule id="file_groupowner_etc_passwd" severity="medium">
 <title>Verify Group Who Owns <tt>passwd</tt> File</title>
 <description><filegroupowner-desc-macro file="/etc/passwd" 
group="root"/></description>
 <ocil><filegroupowner-check-macro file="/etc/passwd" group="root"/></ocil>
diff --git a/RHEL/7/input/auxiliary/stig_overlay.xml 
b/RHEL/7/input/auxiliary/stig_overlay.xml
index d21fe1e..bf24f96 100644
--- a/RHEL/7/input/auxiliary/stig_overlay.xml
+++ b/RHEL/7/input/auxiliary/stig_overlay.xml
@@ -116,7 +116,7 @@
                <VMSinfo VKey="38450" SVKey="50250" VRelease="1" />
                <title>The /etc/passwd file must be owned by root.</title>
        </overlay>
-       <overlay owner="disastig" ruleid="groupowner_passwd_file" 
ownerid="RHEL-06-000040" disa="366" severity="medium">
+       <overlay owner="disastig" ruleid="file_groupowner_etc_passwd" 
ownerid="RHEL-06-000040" disa="366" severity="medium">
                <VMSinfo VKey="38451" SVKey="50251" VRelease="1" />
                <title>The /etc/passwd file must be group-owned by root.</title>
        </overlay>
diff --git a/RHEL/7/input/checks/file_groupowner_etc_passwd.xml 
b/RHEL/7/input/checks/file_groupowner_etc_passwd.xml
new file mode 120000
index 0000000..0a08fa3
--- /dev/null
+++ b/RHEL/7/input/checks/file_groupowner_etc_passwd.xml
@@ -0,0 +1 @@
+../../../../shared/oval/file_groupowner_etc_passwd.xml
\ No newline at end of file
diff --git a/RHEL/7/input/profiles/rht-ccp.xml 
b/RHEL/7/input/profiles/rht-ccp.xml
index e4d9836..d6c5275 100644
--- a/RHEL/7/input/profiles/rht-ccp.xml
+++ b/RHEL/7/input/profiles/rht-ccp.xml
@@ -73,7 +73,7 @@ FILE PERMISSION CHECKS
 <select idref="file_groupowner_etc_gshadow" selected="true"/>
 <select idref="file_permissions_etc_gshadow" selected="true"/>
 <select idref="file_owner_etc_passwd" selected="true"/>
-<select idref="groupowner_passwd_file" selected="true"/>
+<select idref="file_groupowner_etc_passwd" selected="true"/>
 <select idref="file_permissions_etc_passwd" selected="true"/>
 <select idref="userowner_group_file" selected="true"/>
 <select idref="groupowner_group_file" selected="true"/>
diff --git a/RHEL/7/input/system/permissions/files.xml 
b/RHEL/7/input/system/permissions/files.xml
index b6c6943..38ee361 100644
--- a/RHEL/7/input/system/permissions/files.xml
+++ b/RHEL/7/input/system/permissions/files.xml
@@ -143,7 +143,7 @@ the system. Protection of this file is critical for system 
security.</rationale>
 <tested by="DS" on="20121026"/>
 </Rule>
 
-<Rule id="groupowner_passwd_file" severity="medium">
+<Rule id="file_groupowner_etc_passwd" severity="medium">
 <title>Verify Group Who Owns <tt>passwd</tt> File</title>
 <description><filegroupowner-desc-macro file="/etc/passwd" 
group="root"/></description>
 <ocil><filegroupowner-check-macro file="/etc/passwd" group="root"/></ocil>
diff --git a/shared/oval/file_groupowner_etc_passwd.xml 
b/shared/oval/file_groupowner_etc_passwd.xml
new file mode 100644
index 0000000..d0201f1
--- /dev/null
+++ b/shared/oval/file_groupowner_etc_passwd.xml
@@ -0,0 +1,30 @@
+<def-group>
+  <definition class="compliance" id="file_groupowner_etc_passwd" version="1">
+    <metadata>
+      <title>Verify group who owns 'passwd' file</title>
+      <affected family="unix">
+        <platform>Red Hat Enterprise Linux 6</platform>
+        <platform>Red Hat Enterprise Linux 7</platform>
+      </affected>
+      <description>The /etc/passwd file should be owned by the appropriate
+      group.</description>
+      <reference source="swells" ref_id="20130918" ref_url="test_attestation" 
/>
+    </metadata>
+    <criteria>
+      <criterion test_ref="test_file_groupowner_etc_passwd" />
+    </criteria>
+  </definition>
+  <unix:file_test check="all" check_existence="all_exist"
+  comment="Testing group ownership of /etc/passwd"
+  id="test_file_groupowner_etc_passwd" version="1">
+    <unix:object object_ref="object_file_groupowner_etc_passwd" />
+    <unix:state state_ref="state_file_groupowner_etc_passwd" />
+  </unix:file_test>
+  <unix:file_state id="state_file_groupowner_etc_passwd" version="1">
+    <unix:group_id datatype="int">0</unix:group_id>
+  </unix:file_state>
+  <unix:file_object comment="/etc/passwd"
+  id="object_file_groupowner_etc_passwd" version="1">
+    <unix:filepath>/etc/passwd</unix:filepath>
+  </unix:file_object>
+</def-group>
-- 
1.8.3.1


_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide














    











					Reply via email to