>From f5d42e066a3175782a42187f1649bcb4af04e479 Mon Sep 17 00:00:00 2001
From: Shawn Wells <shawn@redhat.com>
Date: Sun, 10 Nov 2013 01:57:24 -0500
Subject: [PATCH 07/11] Updated OVAL + remediation for accounts_umask_cshrc
 - Updated XCCDF/OVAL naming scheme to accounts_*
 - filename/filepath update
 - Added remediation

TESTING:
[root@SSG-RHEL6 checks]# var_accounts_user_umask=077 ; export var_accounts_user_umask
[root@SSG-RHEL6 checks]# ./testcheck.py accounts_umask_cshrc.xml
external_variable with id : var_accounts_user_umask
Evaluating with OVAL tempfile : /tmp/accounts_umask_cshrcwvaIIz.xml
Writing results to : /tmp/accounts_umask_cshrcwvaIIz.xml-results
Definition oval:scap-security-guide.testing:def:285: false
Evaluation done.
[root@SSG-RHEL6 checks]# cd ../fixes/bash/
[root@SSG-RHEL6 bash]# bash accounts_umask_cshrc.sh
[root@SSG-RHEL6 bash]# cd -
/var/www/html/scap-security-guide/RHEL6/input/checks
[root@SSG-RHEL6 checks]# ./testcheck.py accounts_umask_cshrc.xml
external_variable with id : var_accounts_user_umask
Evaluating with OVAL tempfile : /tmp/accounts_umask_cshrckFVvtN.xml
Writing results to : /tmp/accounts_umask_cshrckFVvtN.xml-results
Definition oval:scap-security-guide.testing:def:285: true
Evaluation done.
---
 RHEL6/input/fixes/bash/accounts_umask_cshrc.sh |    8 ++++++++
 RHEL6/input/profiles/CS2.xml                   |    2 +-
 RHEL6/input/profiles/stig-rhel6-server.xml     |    2 +-
 RHEL6/input/profiles/test.xml                  |    2 +-
 RHEL6/input/profiles/usgcb-rhel6-server.xml    |    2 +-
 RHEL6/input/system/accounts/session.xml        |    2 +-
 6 files changed, 13 insertions(+), 5 deletions(-)
 create mode 100644 RHEL6/input/fixes/bash/accounts_umask_cshrc.sh

diff --git a/RHEL6/input/fixes/bash/accounts_umask_cshrc.sh b/RHEL6/input/fixes/bash/accounts_umask_cshrc.sh
new file mode 100644
index 0000000..2349ad2
--- /dev/null
+++ b/RHEL6/input/fixes/bash/accounts_umask_cshrc.sh
@@ -0,0 +1,8 @@
+source ./templates/support.sh
+populate var_accounts_user_umask
+
+grep -q umask /etc/csh.cshrc && \
+  sed -i "s/umask.*/umask $var_accounts_user_umask/g" /etc/csh.cshrc
+if ! [ $? -eq 0 ]; then
+    echo "umask $var_accounts_user_umask" >> /etc/csh.cshrc
+fi
diff --git a/RHEL6/input/profiles/CS2.xml b/RHEL6/input/profiles/CS2.xml
index 37608ea..05966f0 100644
--- a/RHEL6/input/profiles/CS2.xml
+++ b/RHEL6/input/profiles/CS2.xml
@@ -90,7 +90,7 @@
 <select idref="no_shelllogin_for_systemaccounts" selected="true"/>
 <select idref="root_path_default" selected="true" />
 <select idref="no_empty_passwords" selected="true"/>
-<select idref="user_umask_cshrc" selected="true" />
+<select idref="accounts_umask_cshrc" selected="true" />
 <select idref="user_umask_profile" selected="true" />
 
 <select idref="no_netrc_files" selected="true" />
diff --git a/RHEL6/input/profiles/stig-rhel6-server.xml b/RHEL6/input/profiles/stig-rhel6-server.xml
index f4be59b..510e634 100644
--- a/RHEL6/input/profiles/stig-rhel6-server.xml
+++ b/RHEL6/input/profiles/stig-rhel6-server.xml
@@ -65,7 +65,7 @@
 <select idref="snmpd_not_default_password" selected="true" />
 
 <select idref="accounts_umask_bashrc" selected="true" />
-<select idref="user_umask_cshrc" selected="true" />
+<select idref="accounts_umask_cshrc" selected="true" />
 <select idref="user_umask_profile" selected="true" />
 <select idref="user_umask_logindefs" selected="true" />
 <refine-value idref="var_accounts_user_umask" selector="077" />
diff --git a/RHEL6/input/profiles/test.xml b/RHEL6/input/profiles/test.xml
index f493bc4..9f05e6e 100644
--- a/RHEL6/input/profiles/test.xml
+++ b/RHEL6/input/profiles/test.xml
@@ -44,7 +44,7 @@
 <refine-value idref="var_auditd_action_mail_acct" selector="root"/>
 
 <select idref="accounts_umask_bashrc" selected="true" />
-<select idref="user_umask_cshrc" selected="true" />
+<select idref="accounts_umask_cshrc" selected="true" />
 <select idref="user_umask_profile" selected="true" />
 <select idref="user_umask_logindefs" selected="true" />
 <refine-value idref="var_accounts_user_umask" selector="077" />
diff --git a/RHEL6/input/profiles/usgcb-rhel6-server.xml b/RHEL6/input/profiles/usgcb-rhel6-server.xml
index 5deab0f..70062be 100644
--- a/RHEL6/input/profiles/usgcb-rhel6-server.xml
+++ b/RHEL6/input/profiles/usgcb-rhel6-server.xml
@@ -93,7 +93,7 @@
 <select idref="homedir_perms_no_groupwrite_worldread" selected="true" />
 <refine-value idref="umask_user_value" selector="077" />
 <select idref="accounts_umask_bashrc" selected="true" />
-<select idref="user_umask_cshrc" selected="true" />
+<select idref="accounts_umask_cshrc" selected="true" />
 <select idref="user_umask_profile" selected="true" />
 <select idref="user_umask_logindefs" selected="true" />
 <select idref="user_owner_grub_conf" selected="true" />
diff --git a/RHEL6/input/system/accounts/session.xml b/RHEL6/input/system/accounts/session.xml
index bf4af7c..069d8b1 100644
--- a/RHEL6/input/system/accounts/session.xml
+++ b/RHEL6/input/system/accounts/session.xml
@@ -231,7 +231,7 @@ umask 077</pre>
 <tested by="swells" on="20120929"/>
 </Rule>
 
-<Rule id="user_umask_cshrc">
+<Rule id="accounts_umask_cshrc">
 <title>Ensure the Default C Shell Umask is Set Correctly</title>
 <description>
 To ensure the default umask for users of the C shell is set properly,
-- 
1.7.1