Hi,
I am having an issue with OVAL test file_permissions_ungroupowned in CentOS
5. I believe it is a bug in the oscap version that it is available in
CentOS 5 (kind of old, v1.0.8).
Here is the procedure I am doing:
1. Download and build scap-security-guide for RHEL5 in my Fedora 23
machine; then copy the output to my CentOS 5 testing server:
wget
https://github.com/OpenSCAP/scap-security-guide/archive/v0.1.29.tar.gz
-O scap-security-guide-0.1.29.tar.gz
tar -zxf scap-security-guide-0.1.29.tar.gz
make -C scap-security-guide-0.1.29/RHEL/5 dist
scp -r scap-security-guide-0.1.29/RHEL/5/dist/content centos5-test:
Now in the CentOS 5 testing server, create a tailoring file to run
file_permissions_ungroupowned test alone:
cat >ssg-centos5-xccdf-tailoring.xml <<"EOF"
<?xml version="1.0" encoding="UTF-8"?>
<Tailoring
xmlns="http://checklists.nist.gov/xccdf/1.2"
id="xccdf_ssg-centos5_tailoring_xccdf">
<version time="2016-06-14T19:50:57">1</version>
<Profile id="xccdf_my_profile_stig-centos5-upstream_tailored">
<title>CentOS 5 [TAILORED]</title>
<select idref="file_permissions_ungroupowned"
selected="true"/>
</Profile>
</Tailoring>
EOF
Create a file without corresponding group in /etc/group:
touch /an_unowned_group_file
chgrp 4567 /an_unowned_group_file
find / -nogroup 2>/dev/null
/an_unowned_group_file <-- Check that it is found
Finally run oscap:
oscap xccdf eval \
--tailoring-file ssg-centos5-xccdf-tailoring.xml \
--profile xccdf_my_profile_stig-centos5-upstream_tailored \
--cpe content/ssg-rhel5-cpe-dictionary.xml \
content/ssg-centos5-xccdf.xml
... and output is:
Title Ensure All Files Are Owned by a Group
Rule file_permissions_ungroupowned
Ident GEN001170
Result pass
I would expect that the test fails since there is at least one file without
existing group.
I took a look at the OVAL definition
scap-security-guide-0.1.29/RHEL/5/input/oval/file_permissions_ungroupowned.xml
but I do not see anything wrong.
Do you have any idea why this test is passing when it should fail?
Regards
--
Rodolfo Martínez