For SSGID Verify All Account Password Hashes are Shadowed - (CCE-26476-2), with either the stig-rhel6-server or the usgcb-rhel6-server profiles selected from the SCAP stream, when run with SCC 3.1.1.1, may produce a false-positive on a RHEL6V1R2 complaint machine. See the following report output: Verify All Account Password Hashes are Shadowed ID: no_hashes_outside_shadow Result: Fail Identities: CCE-26476-2 Description: If any password hashes are stored in /etc/passwd (in the second field, instead of an x), the cause of this misconfiguration should be investigated. The account should have its password reset and the hash should be properly stored, or the account should be deleted entirely. Fix Text: Severity: medium Weight: Reference: IA-5(h) 201 Definitions: ID: oval:ssg:def:717 Result: false Title: All Password Hashes Shadowed Description: All password hashes should be shadowed. Class: compliance Tests:
false (All item-state comparisons must be true.) false (password hashes are shadowed) Tests: Test ID: oval:ssg:tst:718 Result: false Title: password hashes are shadowed Check Existence: One or more collected items must exist. Check: All collected items must match the given state(s). State Operator: All item-state comparisons must be true. Object ID: oval:ssg:obj:1760 Object Requirements: username must match the pattern '.*' State ID: oval:ssg:ste:1761 State Requirements: password must be equal to 'x' Collected Item Properties: username equals 'root' password equals '[MASKED PASSWORD FIELD]' user_id equals '0' group_id equals '0' gcos equals 'root' home_dir equals '/root' login_shell equals '/bin/bash' last_login equals '1388687566' Collected Item Properties: username equals 'bin' password equals '[MASKED PASSWORD FIELD]' user_id equals '1' group_id equals '1' gcos equals 'bin' home_dir equals '/bin' login_shell equals '/sbin/nologin' last_login equals '0' Collected Item Properties: username equals 'daemon' password equals '[MASKED PASSWORD FIELD]' user_id equals '2' group_id equals '2' gcos equals 'daemon' home_dir equals '/sbin' login_shell equals '/sbin/nologin' last_login equals '0' Collected Item Properties: username equals 'adm' password equals '[MASKED PASSWORD FIELD]' user_id equals '3' group_id equals '4' gcos equals 'adm' home_dir equals '/var/adm' login_shell equals '/sbin/nologin' last_login equals '0' Collected Item Properties: username equals 'lp' password equals '[MASKED PASSWORD FIELD]' user_id equals '4' group_id equals '7' gcos equals 'lp' home_dir equals '/var/spool/lpd' login_shell equals '/sbin/nologin' last_login equals '0' Collected Item Properties: username equals 'sync' password equals '[MASKED PASSWORD FIELD]' user_id equals '5' group_id equals '0' gcos equals 'sync' home_dir equals '/sbin' login_shell equals '/bin/sync' last_login equals '0' Collected Item Properties: username equals 'shutdown' password equals '[MASKED PASSWORD FIELD]' user_id equals '6' group_id equals '0' gcos equals 'shutdown' home_dir equals '/sbin' login_shell equals '/sbin/shutdown' last_login equals '0' Collected Item Properties: username equals 'halt' password equals '[MASKED PASSWORD FIELD]' user_id equals '7' group_id equals '0' gcos equals 'halt' home_dir equals '/sbin' login_shell equals '/sbin/halt' last_login equals '0' Collected Item Properties: username equals 'mail' password equals '[MASKED PASSWORD FIELD]' user_id equals '8' group_id equals '12' gcos equals 'mail' home_dir equals '/var/spool/mail' login_shell equals '/sbin/nologin' last_login equals '0' Collected Item Properties: username equals 'uucp' password equals '[MASKED PASSWORD FIELD]' user_id equals '10' group_id equals '14' gcos equals 'uucp' home_dir equals '/var/spool/uucp' login_shell equals '/sbin/nologin' last_login equals '0' Collected Item Properties: username equals 'operator' password equals '[MASKED PASSWORD FIELD]' user_id equals '11' group_id equals '0' gcos equals 'operator' home_dir equals '/root' login_shell equals '/sbin/nologin' last_login equals '0' Collected Item Properties: username equals 'games' password equals '[MASKED PASSWORD FIELD]' user_id equals '12' group_id equals '100' gcos equals 'games' home_dir equals '/usr/games' login_shell equals '/sbin/nologin' last_login equals '0' Collected Item Properties: username equals 'gopher' password equals '[MASKED PASSWORD FIELD]' user_id equals '13' group_id equals '30' gcos equals 'gopher' home_dir equals '/var/gopher' login_shell equals '/sbin/nologin' last_login equals '0' Collected Item Properties: username equals 'ftp' password equals '[MASKED PASSWORD FIELD]' user_id equals '14' group_id equals '50' gcos equals 'FTP User' home_dir equals '/var/ftp' login_shell equals '/sbin/nologin' last_login equals '0' Collected Item Properties: username equals 'nobody' password equals '[MASKED PASSWORD FIELD]' user_id equals '99' group_id equals '99' gcos equals 'Nobody' home_dir equals '/' login_shell equals '/sbin/nologin' last_login equals '0' Collected Item Properties: username equals 'dbus' password equals '[MASKED PASSWORD FIELD]' user_id equals '81' group_id equals '81' gcos equals 'System message bus' home_dir equals '/' login_shell equals '/sbin/nologin' last_login equals '0' Collected Item Properties: username equals 'vcsa' password equals '[MASKED PASSWORD FIELD]' user_id equals '69' group_id equals '69' gcos equals 'virtual console memory owner' home_dir equals '/dev' login_shell equals '/sbin/nologin' last_login equals '0' Collected Item Properties: username equals 'rtkit' password equals '[MASKED PASSWORD FIELD]' user_id equals '499' group_id equals '497' gcos equals 'RealtimeKit' home_dir equals '/proc' login_shell equals '/sbin/nologin' last_login equals '0' Collected Item Properties: username equals 'avahi-autoipd' password equals '[MASKED PASSWORD FIELD]' user_id equals '170' group_id equals '170' gcos equals 'Avahi IPv4LL Stack' home_dir equals '/var/lib/avahi-autoipd' login_shell equals '/sbin/nologin' last_login equals '0' Collected Item Properties: _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
