Re: [PATCH 08/21] [bugfix] Modify file_permissions_binary_dirs to follow symlinks

Sun, 27 Jul 2014 20:36:34 -0700 


On 7/27/14, 11:26 PM, Shawn Wells wrote:

From: Leland Steinke<[email protected]>


Signed-off-by: Leland Steinke<[email protected]>
---
  RHEL/6/input/auxiliary/stig_overlay.xml   |    2 +-
  RHEL/6/input/system/permissions/files.xml |    2 +-
  2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/RHEL/6/input/auxiliary/stig_overlay.xml 
b/RHEL/6/input/auxiliary/stig_overlay.xml
index 84515ab..d9820bc 100644
--- a/RHEL/6/input/auxiliary/stig_overlay.xml
+++ b/RHEL/6/input/auxiliary/stig_overlay.xml
@@ -153,7 +153,7 @@
                <title>Library files must be owned by root.</title>
        </overlay>
        <overlay owner="disastig" ruleid="file_permissions_binary_dirs" ownerid="RHEL-06-000047" 
disa="1499" severity="medium">
-               <VMSinfo VKey="38469" SVKey="50269" VRelease="1" />
+               <VMSinfo VKey="38469" SVKey="50269" VRelease="2" />
                <title>All system command files must have mode 0755 or less 
permissive.</title>
        </overlay>
        <overlay owner="disastig" ruleid="file_ownership_binary_dirs" ownerid="RHEL-06-000048" 
disa="1499" severity="medium">
diff --git a/RHEL/6/input/system/permissions/files.xml 
b/RHEL/6/input/system/permissions/files.xml
index e2883f3..5762fd9 100644
--- a/RHEL/6/input/system/permissions/files.xml
+++ b/RHEL/6/input/system/permissions/files.xml
@@ -285,7 +285,7 @@ System executables are stored in the following directories 
by default:
  /usr/local/sbin</pre>
  To find system executables that are group-writable or world-writable,
  run the following command for each directory <i>DIR</i> which contains system 
executables:
-<pre>$ find <i>DIR</i> -perm /022</pre>
+<pre>$ find -L <i>DIR</i> -perm /022 -type f</pre>
  </ocil>
  <rationale>System binaries are executed by privileged users, as well as 
system services,
  and restrictive permissions are necessary to ensure execution of these 
programs
-- 1.7.1


ack

-- 
SCAP Security Guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
https://github.com/OpenSCAP/scap-security-guide/

Reply via email to