On 9/30/12 12:48 AM, Michael J. McConachie wrote:
0007-Test-Tags-added-to-input-system-accounts-restriction.patch
From 0cbaf75f038cdd0154e9beb77bc2de050d85c97f Mon Sep 17 00:00:00 2001 From: Michael McConachiemichael@redhat.com Date: Sun, 30 Sep 2012 00:44:49 -0400 Subject: [PATCH 7/7] Test Tags added to input/system/accounts/restrictions/root_logins.xml
RHEL6/input/system/accounts/restrictions/root_logins.xml | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/RHEL6/input/system/accounts/restrictions/root_logins.xml b/RHEL6/input/system/accounts/restrictions/root_logins.xml index f54c7e0..1240972 100644 --- a/RHEL6/input/system/accounts/restrictions/root_logins.xml +++ b/RHEL6/input/system/accounts/restrictions/root_logins.xml @@ -130,6 +130,7 @@ become inaccessible.
<ident cce="3987-5" /> <oval id="accounts_nologin_for_system" /> <ref nist="AC-3, CM-6" /> +<tested by="MM" on="20120929"/> </Rule>
nein nein nein
- Description text says "first, do this..." but never says "and then, do this other thing..." Language needs to be cleaned up. - Current OCIL text tells the user to perform an action, vs validate a setting. Arguably existing OCIL can be moved to <description> and new OCIL created
@@ -156,6 +157,7 @@ access to the root account.
<ident cce="4009-7" /> <oval id="accounts_no_uid_except_zero" /> <ref nist="AC-3, AC-11, CM-6, CM-7" disa="366"/> +<tested by="MM" on="20120929"/> </Rule>
</Group> -- 1.7.11.4
nack
- rational text gives an opinion that sudo is recommended. This belongs better in the description text - description text does not give instruction on how to check if anyone else has UID 0 - grammar errors in the ocil clause text
scap-security-guide@lists.fedorahosted.org