Do you happen to generate and/or save an HTML report? You can generate a report, click on the "Verify that Shared Library Files have Restrictive Permissions" link which should open a new window, and check out the "OVAL details" section would should give you a list of the offending files.
On Thu, Jul 30, 2015 at 11:22 AM, Ron Backman <[email protected]> wrote: > I am new to OpenSCAP and am stuck > > > Operating System is CentOS 7.1 > oscap version is 1.1.1 > > I am using "ssg.rhel7.ds..xml" to scan with. > > The Rule "Verify that Shared Library Files have Restrictive Permissions" > indicate a "FAIL" > > I am using SCAP-Workbench. When I run a scan, that Rule fails. > Apparently the Rule is looking for NO Group or Other write permissions > (555) But on CentOS 7.1, the /lib and /lib64 directories do not exist by > default and Symbolic links are used instead. They point to the real > directories /usr/lib and /usr/lib64 respectively. By default, apparently, > symbolic links have file permissions of "777". This is why I think the > test is failing. I don't see how to do an effective "chmod" on a symbolic > link. So I thot I would simply take the directories of interest (/lib and > /lib64) out of the Rule criteria. But I don't know how to do that. > > I need help correcting this Rule test so the test will indicate a "PASS". > > I suppose I could actually delete the two symbolic links but I might break > something > > Ideas? > > Ron > > -- > SCAP Security Guide mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide > https://github.com/OpenSCAP/scap-security-guide/ >
-- SCAP Security Guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
