>From a8f8f56d6e2b73b68c4e3fc7220186460d526cff Mon Sep 17 00:00:00 2001
From: Michael McConachie <michael@redhat.com>
Date: Wed, 26 Sep 2012 13:52:42 -0400
Subject: [PATCH 4/4] OCIL clause changes for
 input/system/permissions/files.xml

---
 RHEL6/input/system/permissions/files.xml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/RHEL6/input/system/permissions/files.xml b/RHEL6/input/system/permissions/files.xml
index 59f0a3a..0623089 100644
--- a/RHEL6/input/system/permissions/files.xml
+++ b/RHEL6/input/system/permissions/files.xml
@@ -186,7 +186,7 @@ Kernel modules, which can be added to the kernel during runtime, are
 stored in <tt>/lib/modules</tt>. All files in these directories should not be
 group-writable or world-writable.
 </description>
-<ocil>
+<ocil clause="any of the modules are group-writable">
 To find shared libraries that are group-writable or world-writable,
 run the following command for each directory <i>DIR</i> which contains shared libraries:
 <pre>$ find <i>DIR</i> -perm /022</pre>
@@ -211,7 +211,7 @@ Kernel modules, which can be added to the kernel during runtime, are also
 stored in <tt>/lib/modules</tt>.  All files in these directories should be
 owned by the <tt>root</tt> user.
 </description>
-<ocil>
+<ocil clause="any of the shared modules aren't owned by root">
 To find shared libraries that are not owned by <tt>root</tt>,
 run the following command for each directory <i>DIR</i> which contains shared libraries:
 <pre>$ find <i>DIR</i> \! -user root</pre>
@@ -235,7 +235,7 @@ System executables are stored in the following directories by default:
 /usr/local/sbin</pre>
 All files in these directories should not be group-writable or world-writable.
 </description>
-<ocil>
+<ocil clause="any system executables are found to be group, or world writable">
 To find system executables that are group-writable or world-writable,
 run the following command for each directory <i>DIR</i> which contains system executables:
 <pre>$ find <i>DIR</i> -perm /022</pre>
@@ -258,7 +258,7 @@ System executables are stored in the following directories by default:
 /usr/local/sbin</pre>
 All files in these directories should be owned by the <tt>root</tt> user.
 </description>
-<ocil>
+<ocil clause="any system executables are found to not be owned by root">
 To find system executables that are not owned by <tt>root</tt>,
 run the following command for each directory <i>DIR</i> which contains system executables:
 <pre>$ find <i>DIR</i> \! -user root</pre>
@@ -289,7 +289,7 @@ To set the sticky bit on a world-writable directory <i>DIR</i>, run the
 following command:
 <pre># chmod +t <i>DIR</i></pre>
 </description>
-<ocil>
+<ocil clause="any world-writable directories are missing the sticky bit">
 To find world-writable directories that lack the sticky bit, run the following command:
 <pre># find / -type d -perm -002 ! -perm -1000</pre>
 </ocil>
-- 
1.7.11.4