Thanks Rui! This raises an important question about how to handle
setuid/setgid programs.
Your OVAL includes a hardcoded list of setuid/setgid programs included with
RHEL.
However, this could change with each update of RHEL, or with every
installation of 3rd party software.
A better approach might be (as the text in XCCDF suggests) to see if each
setuid or setgid program is included a part of an RPM package.
This would address the problems of:
1) installation of unpackaged software
2) admins flipping a setuid bit on a program (accidental or intentional
misconfiguration)
(The threat of malicious software is not addressed by this check in any
form.)
Thoughts?
Let me see if I can create OVAL to accomplish that...
On Mon, Jul 8, 2013 at 10:16 AM, Rui Pedro Bernardino <
rui-p-bernardino(a)ptinovacao.pt> wrote:
Hi,
I found that the 'file_permissions_unauthorized_suid/sgid' checks were too
important to always fail, so I picked up Open SCAP's and adapted the check
to SSG.
It works for me, hope you find it useful.
Regards
--
Rui Pedro Bernardino
CTE2/Tecnologias e Desenvolvimento
PT Inovação
_______________________________________________
scap-security-guide mailing list
scap-security-guide(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide