I am new to OpenSCAP and am stuck
Operating System is CentOS 7.1 oscap version is 1.1.1 I am using "ssg.rhel7.ds..xml" to scan with. The Rule "Verify that Shared Library Files have Restrictive Permissions" indicate a "FAIL" I am using SCAP-Workbench. When I run a scan, that Rule fails. Apparently the Rule is looking for NO Group or Other write permissions (555) But on CentOS 7.1, the /lib and /lib64 directories do not exist by default and Symbolic links are used instead. They point to the real directories /usr/lib and /usr/lib64 respectively. By default, apparently, symbolic links have file permissions of "777". This is why I think the test is failing. I don't see how to do an effective "chmod" on a symbolic link. So I thot I would simply take the directories of interest (/lib and /lib64) out of the Rule criteria. But I don't know how to do that. I need help correcting this Rule test so the test will indicate a "PASS". I suppose I could actually delete the two symbolic links but I might break something Ideas? Ron
-- SCAP Security Guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
