[PATCH 2/2] removal of invalid state child element in world-writable files test

Signed-off-by: Jeffrey Blank --- ...ile_permissions_unauthorized_world_writable.xml |1 - 1 files changed, 0 insertions(+), 1 deletions(-) diff --git a/RHEL6/input/checks/file_permissions_unauthorized_world_writable.xml b/RHEL6/input/checks/file_permissions_unauthorized_world_writable.xml

[PATCH 1/2] removal of invalid state child element in /var/log/audit ownership test

Signed-off-by: Jeffrey Blank --- .../input/checks/file_ownership_var_log_audit.xml |8 ++-- 1 files changed, 6 insertions(+), 2 deletions(-) diff --git a/RHEL6/input/checks/file_ownership_var_log_audit.xml b/RHEL6/input/checks/file_ownership_var_log_audit.xml index a6e5c19..d597573 10

[PATCH 0/2] closing in on OVAL schematron validation

This is about taking care of the output from "make validate", which remains a testament to how little motivation exists to maintain OVAL. Jeffrey Blank (2): removal of invalid state child element in /var/log/audit ownership test removal of invalid state child element in world-writable fil

[PATCH 0/2] updated setuid/setgid OVAL checks

This is a notification of push of (slightly modified) OVAL code submitted by Rui, as described here: https://lists.fedorahosted.org/pipermail/scap-security-guide/2013-July/003540.html Thanks Rui! Ideally we would be able to "pass" any setuid/setgid program that was installed as part of an RPM. Til

[PATCH 2/2] new versions of unauth suid/sgid OVAL checks

Signed-off-by: Jeffrey Blank --- .../checks/file_permissions_unauthorized_sgid.xml | 60 -- .../checks/file_permissions_unauthorized_suid.xml | 86 +-- 2 files changed, 128 insertions(+), 18 deletions(-) diff --git a/RHEL6/input/checks/file_permissions_unauthor

[PATCH 1/2] Added line to indicate test output file, to OVAL testing script

Signed-off-by: Jeffrey Blank --- RHEL6/input/checks/testcheck.py |1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/RHEL6/input/checks/testcheck.py b/RHEL6/input/checks/testcheck.py index 66b8381..72e724e 100755 --- a/RHEL6/input/checks/testcheck.py +++ b/RHEL6/input/checks

Re: OVAL check for unauthorized suig/sgid files

Thanks Rui! This raises an important question about how to handle setuid/setgid programs. Your OVAL includes a hardcoded list of setuid/setgid programs included with RHEL. However, this could change with each update of RHEL, or with every installation of 3rd party software. A better approach mig

Re: [PATCH 2/2] Added remediation from create_services_enabled template

Seems reasonable. Are the IDs for all services consistent now? On Sun, Jul 7, 2013 at 4:39 AM, Shawn Wells wrote: > > > ___ > scap-security-guide mailing list > scap-security-guide@lists.fedorahosted.org > https://lists.fedorahosted.org/mailman/li

Re: [PATCH 1/2] Created remediation template

Typo here: +# Stop SERVICENAME if currently running Otherwise seems harmless enough. On Sun, Jul 7, 2013 at 4:39 AM, Shawn Wells wrote: > > > ___ > scap-security-guide mailing list > scap-security-guide@lists.fedorahosted.org > https://lists.fedo