Added test checks for set of partition checks.
Signed-off-by: Maura Dailey maura@eclipse.ncsc.mil --- RHEL6/input/checks/partition_for_home.xml | 18 ++++++++++-------- RHEL6/input/checks/partition_for_tmp.xml | 14 ++++++++------ RHEL6/input/checks/partition_for_var.xml | 18 ++++++++++-------- RHEL6/input/checks/partition_for_var_log.xml | 12 +++++++----- RHEL6/input/checks/partition_for_var_log_audit.xml | 18 +++++++++++------- 5 files changed, 46 insertions(+), 34 deletions(-)
diff --git a/RHEL6/input/checks/partition_for_home.xml b/RHEL6/input/checks/partition_for_home.xml index b784316..2081d18 100644 --- a/RHEL6/input/checks/partition_for_home.xml +++ b/RHEL6/input/checks/partition_for_home.xml @@ -5,20 +5,22 @@ <affected family="unix"> <platform>Red Hat Enterprise Linux 6</platform> </affected> - <description>If user home directories will be stored locally, - create a separate partition for /home. If /home will be mounted - from another system such as an NFS server, then creating a separate - partition is not necessary at this time, and the mountpoint can - instead be configured later.</description> + <description>If user home directories will be stored locally, create a + separate partition for /home. If /home will be mounted from another + system such as an NFS server, then creating a separate partition is not + necessary at this time, and the mountpoint can instead be configured + later.</description> + <reference source="MED" ref_id="20130830" ref_url="test_attestation" /> </metadata> <criteria> <criterion test_ref="test_home_partition" comment="/home on own partition" /> </criteria> </definition> - <linux:partition_test check="all" check_existence="all_exist" id="test_home_partition" version="1" comment="/home on own partition"> - <linux:object object_ref="object_mount_home_own_partition" /> + <linux:partition_test check="all" check_existence="all_exist" + id="test_home_partition" version="1" comment="/home on own partition"> + <linux:object object_ref="object_mount_home_own_partition" /> </linux:partition_test> <linux:partition_object id="object_mount_home_own_partition" version="1"> - linux:mount_point/home</linux:mount_point> + linux:mount_point/home</linux:mount_point> </linux:partition_object> </def-group> diff --git a/RHEL6/input/checks/partition_for_tmp.xml b/RHEL6/input/checks/partition_for_tmp.xml index de93ee9..9c28c13 100644 --- a/RHEL6/input/checks/partition_for_tmp.xml +++ b/RHEL6/input/checks/partition_for_tmp.xml @@ -5,18 +5,20 @@ <affected family="unix"> <platform>Red Hat Enterprise Linux 6</platform> </affected> - <description>The /tmp directory is a world-writable directory - used for temporary file storage. Verify that it has its own - partition or logical volume.</description> + <description>The /tmp directory is a world-writable directory used for + temporary file storage. Verify that it has its own partition or logical + volume.</description> + <reference source="MED" ref_id="20130830" ref_url="test_attestation" /> </metadata> <criteria> <criterion test_ref="test_tmp_partition" comment="/tmp on own partition" /> </criteria> </definition> - <linux:partition_test check="all" check_existence="all_exist" id="test_tmp_partition" version="1" comment="/tmp on own partition"> - <linux:object object_ref="object_own_tmp_partition" /> + <linux:partition_test check="all" check_existence="all_exist" + id="test_tmp_partition" version="1" comment="/tmp on own partition"> + <linux:object object_ref="object_own_tmp_partition" /> </linux:partition_test> <linux:partition_object id="object_own_tmp_partition" version="1"> - linux:mount_point/tmp</linux:mount_point> + linux:mount_point/tmp</linux:mount_point> </linux:partition_object> </def-group> diff --git a/RHEL6/input/checks/partition_for_var.xml b/RHEL6/input/checks/partition_for_var.xml index 58089ab..2ed1d38 100644 --- a/RHEL6/input/checks/partition_for_var.xml +++ b/RHEL6/input/checks/partition_for_var.xml @@ -5,20 +5,22 @@ <affected family="unix"> <platform>Red Hat Enterprise Linux 6</platform> </affected> - <description>Ensuring that /var is mounted on its own partition enables the - setting of more restrictive mount options, which is used as temporary - storage by many program, particularly system services such as daemons. - It is not uncommon for the /var directory to contain world-writable directories, - installed by other software packages.</description> + <description>Ensuring that /var is mounted on its own partition enables + the setting of more restrictive mount options, which is used as temporary + storage by many program, particularly system services such as daemons. It + is not uncommon for the /var directory to contain world-writable + directories, installed by other software packages.</description> + <reference source="MED" ref_id="20130830" ref_url="test_attestation" /> </metadata> <criteria> <criterion test_ref="test_var_partition" comment="/var on own partition" /> </criteria> </definition> - <linux:partition_test check="all" check_existence="all_exist" id="test_var_partition" version="1" comment="/var on own partition"> - <linux:object object_ref="object_mount_var_own_partition" /> + <linux:partition_test check="all" check_existence="all_exist" + id="test_var_partition" version="1" comment="/var on own partition"> + <linux:object object_ref="object_mount_var_own_partition" /> </linux:partition_test> <linux:partition_object id="object_mount_var_own_partition" version="1"> - linux:mount_point/var</linux:mount_point> + linux:mount_point/var</linux:mount_point> </linux:partition_object> </def-group> diff --git a/RHEL6/input/checks/partition_for_var_log.xml b/RHEL6/input/checks/partition_for_var_log.xml index 8a8a6f4..94d235b 100644 --- a/RHEL6/input/checks/partition_for_var_log.xml +++ b/RHEL6/input/checks/partition_for_var_log.xml @@ -5,17 +5,19 @@ <affected family="unix"> <platform>Red Hat Enterprise Linux 6</platform> </affected> - <description>System logs are stored in the /var/log directory. - Ensure that it has its own partition or logical volume.</description> + <description>System logs are stored in the /var/log directory. Ensure + that it has its own partition or logical volume.</description> + <reference source="MED" ref_id="20130830" ref_url="test_attestation" /> </metadata> <criteria> <criterion test_ref="test_var_log_partition" comment="/var/log on own partition" /> </criteria> </definition> - <linux:partition_test check="all" check_existence="all_exist" id="test_var_log_partition" version="1" comment="/var/log on own partition"> - <linux:object object_ref="object_mount_var_log_own_partition" /> + <linux:partition_test check="all" check_existence="all_exist" + id="test_var_log_partition" version="1" comment="/var/log on own partition"> + <linux:object object_ref="object_mount_var_log_own_partition" /> </linux:partition_test> <linux:partition_object id="object_mount_var_log_own_partition" version="1"> - linux:mount_point/var/log</linux:mount_point> + linux:mount_point/var/log</linux:mount_point> </linux:partition_object> </def-group> diff --git a/RHEL6/input/checks/partition_for_var_log_audit.xml b/RHEL6/input/checks/partition_for_var_log_audit.xml index e88ceba..b7a7d68 100644 --- a/RHEL6/input/checks/partition_for_var_log_audit.xml +++ b/RHEL6/input/checks/partition_for_var_log_audit.xml @@ -6,18 +6,22 @@ <platform>Red Hat Enterprise Linux 6</platform> </affected> <description>Audit logs are stored in the /var/log/audit directory. - Ensure that it has its own partition or logical volume. Make - absolutely certain that it is large enough to store all audit logs - that will be created by the auditing daemon.</description> + Ensure that it has its own partition or logical volume. Make absolutely + certain that it is large enough to store all audit logs that will be + created by the auditing daemon.</description> + <reference source="MED" ref_id="20130830" ref_url="test_attestation" /> </metadata> <criteria> <criterion test_ref="test_var_log_audit_partition" comment="/var/log/audit on own partition" /> </criteria> </definition> - <linux:partition_test check="all" check_existence="all_exist" id="test_var_log_audit_partition" version="1" comment="check for /var/log/audit partition"> - <linux:object object_ref="object_mount_var_log_audit_own_partition" /> + <linux:partition_test check="all" check_existence="all_exist" + id="test_var_log_audit_partition" version="1" + comment="check for /var/log/audit partition"> + <linux:object object_ref="object_mount_var_log_audit_own_partition" /> </linux:partition_test> - <linux:partition_object id="object_mount_var_log_audit_own_partition" version="1"> - linux:mount_point/var/log/audit</linux:mount_point> + <linux:partition_object id="object_mount_var_log_audit_own_partition" + version="1"> + linux:mount_point/var/log/audit</linux:mount_point> </linux:partition_object> </def-group>
No one's ACKED these.
- Maura Dailey
On 08/30/2013 01:41 PM, Maura Dailey wrote:
Added test checks for set of partition checks.
Signed-off-by: Maura Dailey maura@eclipse.ncsc.mil
RHEL6/input/checks/partition_for_home.xml | 18 ++++++++++-------- RHEL6/input/checks/partition_for_tmp.xml | 14 ++++++++------ RHEL6/input/checks/partition_for_var.xml | 18 ++++++++++-------- RHEL6/input/checks/partition_for_var_log.xml | 12 +++++++----- RHEL6/input/checks/partition_for_var_log_audit.xml | 18 +++++++++++------- 5 files changed, 46 insertions(+), 34 deletions(-)
diff --git a/RHEL6/input/checks/partition_for_home.xml b/RHEL6/input/checks/partition_for_home.xml index b784316..2081d18 100644 --- a/RHEL6/input/checks/partition_for_home.xml +++ b/RHEL6/input/checks/partition_for_home.xml @@ -5,20 +5,22 @@ <affected family="unix"> <platform>Red Hat Enterprise Linux 6</platform> </affected>
<description>If user home directories will be stored locally,create a separate partition for /home. If /home will be mountedfrom another system such as an NFS server, then creating a separatepartition is not necessary at this time, and the mountpoint caninstead be configured later.</description>
<description>If user home directories will be stored locally, create aseparate partition for /home. If /home will be mounted from anothersystem such as an NFS server, then creating a separate partition is notnecessary at this time, and the mountpoint can instead be configuredlater.</description><reference source="MED" ref_id="20130830" ref_url="test_attestation" /> </metadata> <criteria> <criterion test_ref="test_home_partition" comment="/home on own partition" /> </criteria></definition>
- <linux:partition_test check="all" check_existence="all_exist" id="test_home_partition" version="1" comment="/home on own partition">
<linux:object object_ref="object_mount_home_own_partition" />
- <linux:partition_test check="all" check_existence="all_exist"
- id="test_home_partition" version="1" comment="/home on own partition">
- <linux:object object_ref="object_mount_home_own_partition" /> </linux:partition_test> <linux:partition_object id="object_mount_home_own_partition" version="1">
<linux:mount_point>/home</linux:mount_point>
- linux:mount_point/home</linux:mount_point> </linux:partition_object>
</def-group>
diff --git a/RHEL6/input/checks/partition_for_tmp.xml b/RHEL6/input/checks/partition_for_tmp.xml index de93ee9..9c28c13 100644 --- a/RHEL6/input/checks/partition_for_tmp.xml +++ b/RHEL6/input/checks/partition_for_tmp.xml @@ -5,18 +5,20 @@ <affected family="unix"> <platform>Red Hat Enterprise Linux 6</platform> </affected>
<description>The /tmp directory is a world-writable directoryused for temporary file storage. Verify that it has its ownpartition or logical volume.</description>
<description>The /tmp directory is a world-writable directory used fortemporary file storage. Verify that it has its own partition or logicalvolume.</description><reference source="MED" ref_id="20130830" ref_url="test_attestation" /> </metadata> <criteria> <criterion test_ref="test_tmp_partition" comment="/tmp on own partition" /> </criteria></definition>
- <linux:partition_test check="all" check_existence="all_exist" id="test_tmp_partition" version="1" comment="/tmp on own partition">
<linux:object object_ref="object_own_tmp_partition" />
- <linux:partition_test check="all" check_existence="all_exist"
- id="test_tmp_partition" version="1" comment="/tmp on own partition">
- <linux:object object_ref="object_own_tmp_partition" /> </linux:partition_test> <linux:partition_object id="object_own_tmp_partition" version="1">
<linux:mount_point>/tmp</linux:mount_point>
- linux:mount_point/tmp</linux:mount_point> </linux:partition_object>
</def-group>
diff --git a/RHEL6/input/checks/partition_for_var.xml b/RHEL6/input/checks/partition_for_var.xml index 58089ab..2ed1d38 100644 --- a/RHEL6/input/checks/partition_for_var.xml +++ b/RHEL6/input/checks/partition_for_var.xml @@ -5,20 +5,22 @@ <affected family="unix"> <platform>Red Hat Enterprise Linux 6</platform> </affected>
<description>Ensuring that /var is mounted on its own partition enables thesetting of more restrictive mount options, which is used as temporarystorage by many program, particularly system services such as daemons.It is not uncommon for the /var directory to contain world-writable directories,installed by other software packages.</description>
<description>Ensuring that /var is mounted on its own partition enablesthe setting of more restrictive mount options, which is used as temporarystorage by many program, particularly system services such as daemons. Itis not uncommon for the /var directory to contain world-writabledirectories, installed by other software packages.</description><reference source="MED" ref_id="20130830" ref_url="test_attestation" /> </metadata> <criteria> <criterion test_ref="test_var_partition" comment="/var on own partition" /> </criteria></definition>
- <linux:partition_test check="all" check_existence="all_exist" id="test_var_partition" version="1" comment="/var on own partition">
<linux:object object_ref="object_mount_var_own_partition" />
- <linux:partition_test check="all" check_existence="all_exist"
- id="test_var_partition" version="1" comment="/var on own partition">
- <linux:object object_ref="object_mount_var_own_partition" /> </linux:partition_test> <linux:partition_object id="object_mount_var_own_partition" version="1">
<linux:mount_point>/var</linux:mount_point>
- linux:mount_point/var</linux:mount_point> </linux:partition_object>
</def-group>
diff --git a/RHEL6/input/checks/partition_for_var_log.xml b/RHEL6/input/checks/partition_for_var_log.xml index 8a8a6f4..94d235b 100644 --- a/RHEL6/input/checks/partition_for_var_log.xml +++ b/RHEL6/input/checks/partition_for_var_log.xml @@ -5,17 +5,19 @@ <affected family="unix"> <platform>Red Hat Enterprise Linux 6</platform> </affected>
<description>System logs are stored in the /var/log directory.Ensure that it has its own partition or logical volume.</description>
<description>System logs are stored in the /var/log directory. Ensurethat it has its own partition or logical volume.</description><reference source="MED" ref_id="20130830" ref_url="test_attestation" /> </metadata> <criteria> <criterion test_ref="test_var_log_partition" comment="/var/log on own partition" /> </criteria></definition>
- <linux:partition_test check="all" check_existence="all_exist" id="test_var_log_partition" version="1" comment="/var/log on own partition">
<linux:object object_ref="object_mount_var_log_own_partition" />
- <linux:partition_test check="all" check_existence="all_exist"
- id="test_var_log_partition" version="1" comment="/var/log on own partition">
- <linux:object object_ref="object_mount_var_log_own_partition" /> </linux:partition_test> <linux:partition_object id="object_mount_var_log_own_partition" version="1">
<linux:mount_point>/var/log</linux:mount_point>
- linux:mount_point/var/log</linux:mount_point> </linux:partition_object>
</def-group>
diff --git a/RHEL6/input/checks/partition_for_var_log_audit.xml b/RHEL6/input/checks/partition_for_var_log_audit.xml index e88ceba..b7a7d68 100644 --- a/RHEL6/input/checks/partition_for_var_log_audit.xml +++ b/RHEL6/input/checks/partition_for_var_log_audit.xml @@ -6,18 +6,22 @@ <platform>Red Hat Enterprise Linux 6</platform> </affected> <description>Audit logs are stored in the /var/log/audit directory.
Ensure that it has its own partition or logical volume. Makeabsolutely certain that it is large enough to store all audit logsthat will be created by the auditing daemon.</description>
Ensure that it has its own partition or logical volume. Make absolutelycertain that it is large enough to store all audit logs that will becreated by the auditing daemon.</description><reference source="MED" ref_id="20130830" ref_url="test_attestation" /> </metadata> <criteria> <criterion test_ref="test_var_log_audit_partition" comment="/var/log/audit on own partition" /> </criteria></definition>
- <linux:partition_test check="all" check_existence="all_exist" id="test_var_log_audit_partition" version="1" comment="check for /var/log/audit partition">
<linux:object object_ref="object_mount_var_log_audit_own_partition" />
- <linux:partition_test check="all" check_existence="all_exist"
- id="test_var_log_audit_partition" version="1"
- comment="check for /var/log/audit partition">
- <linux:object object_ref="object_mount_var_log_audit_own_partition" /> </linux:partition_test>
- <linux:partition_object id="object_mount_var_log_audit_own_partition" version="1">
<linux:mount_point>/var/log/audit</linux:mount_point>
- <linux:partition_object id="object_mount_var_log_audit_own_partition"
- version="1">
- linux:mount_point/var/log/audit</linux:mount_point> </linux:partition_object>
</def-group>
until now -- ack!
On Tue, Sep 10, 2013 at 12:55 PM, Maura Dailey maura@eclipse.ncsc.milwrote:
No one's ACKED these.
- Maura Dailey
On 08/30/2013 01:41 PM, Maura Dailey wrote:
Added test checks for set of partition checks.
Signed-off-by: Maura Dailey maura@eclipse.ncsc.mil
RHEL6/input/checks/partition_**for_home.xml | 18 ++++++++++-------- RHEL6/input/checks/partition_**for_tmp.xml | 14 ++++++++------ RHEL6/input/checks/partition_**for_var.xml | 18 ++++++++++-------- RHEL6/input/checks/partition_**for_var_log.xml | 12 +++++++----- RHEL6/input/checks/partition_**for_var_log_audit.xml | 18 +++++++++++------- 5 files changed, 46 insertions(+), 34 deletions(-)
diff --git a/RHEL6/input/checks/**partition_for_home.xml b/RHEL6/input/checks/**partition_for_home.xml index b784316..2081d18 100644 --- a/RHEL6/input/checks/**partition_for_home.xml +++ b/RHEL6/input/checks/**partition_for_home.xml @@ -5,20 +5,22 @@ <affected family="unix"> <platform>Red Hat Enterprise Linux 6</platform> </affected>
<description>If user home directories will be stored locally,create a separate partition for /home. If /home will be mountedfrom another system such as an NFS server, then creating a separatepartition is not necessary at this time, and the mountpoint caninstead be configured later.</description>
<description>If user home directories will be stored locally,create a
separate partition for /home. If /home will be mounted from anothersystem such as an NFS server, then creating a separate partitionis not
necessary at this time, and the mountpoint can instead beconfigured
later.</description><reference source="MED" ref_id="20130830"ref_url="test_attestation" /> </metadata> <criteria> <criterion test_ref="test_home_partition" comment="/home on own partition" /> </criteria> </definition>
- <linux:partition_test check="all" check_existence="all_exist"
id="test_home_partition" version="1" comment="/home on own partition">
<linux:object object_ref="object_mount_home_**own_partition" />
- <linux:partition_test check="all" check_existence="all_exist"
- id="test_home_partition" version="1" comment="/home on own partition">
- <linux:object object_ref="object_mount_home_**own_partition" /> </linux:partition_test> <linux:partition_object id="object_mount_home_own_**partition"
version="1">
<linux:mount_point>/home</**linux:mount_point>
- linux:mount_point/home</**linux:mount_point> </linux:partition_object>
</def-group>
diff --git a/RHEL6/input/checks/**partition_for_tmp.xml b/RHEL6/input/checks/**partition_for_tmp.xml index de93ee9..9c28c13 100644 --- a/RHEL6/input/checks/**partition_for_tmp.xml +++ b/RHEL6/input/checks/**partition_for_tmp.xml @@ -5,18 +5,20 @@ <affected family="unix"> <platform>Red Hat Enterprise Linux 6</platform> </affected>
<description>The /tmp directory is a world-writable directoryused for temporary file storage. Verify that it has its ownpartition or logical volume.</description>
<description>The /tmp directory is a world-writable directory usedfor
temporary file storage. Verify that it has its own partition orlogical
volume.</description><reference source="MED" ref_id="20130830"ref_url="test_attestation" /> </metadata> <criteria> <criterion test_ref="test_tmp_partition" comment="/tmp on own partition" /> </criteria> </definition>
- <linux:partition_test check="all" check_existence="all_exist"
id="test_tmp_partition" version="1" comment="/tmp on own partition">
<linux:object object_ref="object_own_tmp_**partition" />
- <linux:partition_test check="all" check_existence="all_exist"
- id="test_tmp_partition" version="1" comment="/tmp on own partition">
- <linux:object object_ref="object_own_tmp_**partition" /> </linux:partition_test> <linux:partition_object id="object_own_tmp_partition" version="1">
<linux:mount_point>/tmp</**linux:mount_point>
- linux:mount_point/tmp</**linux:mount_point> </linux:partition_object>
</def-group>
diff --git a/RHEL6/input/checks/**partition_for_var.xml b/RHEL6/input/checks/**partition_for_var.xml index 58089ab..2ed1d38 100644 --- a/RHEL6/input/checks/**partition_for_var.xml +++ b/RHEL6/input/checks/**partition_for_var.xml @@ -5,20 +5,22 @@ <affected family="unix"> <platform>Red Hat Enterprise Linux 6</platform> </affected>
<description>Ensuring that /var is mounted on its own partitionenables the
setting of more restrictive mount options, which is used astemporary
storage by many program, particularly system services such asdaemons.
It is not uncommon for the /var directory to containworld-writable directories,
installed by other software packages.</description>
<description>Ensuring that /var is mounted on its own partitionenables
the setting of more restrictive mount options, which is used astemporary
storage by many program, particularly system services such asdaemons. It
is not uncommon for the /var directory to contain world-writabledirectories, installed by other software packages.</description><reference source="MED" ref_id="20130830"ref_url="test_attestation" /> </metadata> <criteria> <criterion test_ref="test_var_partition" comment="/var on own partition" /> </criteria> </definition>
- <linux:partition_test check="all" check_existence="all_exist"
id="test_var_partition" version="1" comment="/var on own partition">
<linux:object object_ref="object_mount_var_**own_partition" />
- <linux:partition_test check="all" check_existence="all_exist"
- id="test_var_partition" version="1" comment="/var on own partition">
- <linux:object object_ref="object_mount_var_**own_partition" /> </linux:partition_test> <linux:partition_object id="object_mount_var_own_**partition"
version="1">
<linux:mount_point>/var</**linux:mount_point>
- linux:mount_point/var</**linux:mount_point> </linux:partition_object>
</def-group>
diff --git a/RHEL6/input/checks/**partition_for_var_log.xml b/RHEL6/input/checks/**partition_for_var_log.xml index 8a8a6f4..94d235b 100644 --- a/RHEL6/input/checks/**partition_for_var_log.xml +++ b/RHEL6/input/checks/**partition_for_var_log.xml @@ -5,17 +5,19 @@ <affected family="unix"> <platform>Red Hat Enterprise Linux 6</platform> </affected>
<description>System logs are stored in the /var/log directory.Ensure that it has its own partition or logicalvolume.</description>
<description>System logs are stored in the /var/log directory.Ensure
that it has its own partition or logical volume.</description><reference source="MED" ref_id="20130830"ref_url="test_attestation" /> </metadata> <criteria> <criterion test_ref="test_var_log_**partition" comment="/var/log on own partition" /> </criteria> </definition>
- <linux:partition_test check="all" check_existence="all_exist"
id="test_var_log_partition" version="1" comment="/var/log on own partition">
<linux:object object_ref="object_mount_var_**log_own_partition" />
- <linux:partition_test check="all" check_existence="all_exist"
- id="test_var_log_partition" version="1" comment="/var/log on own
partition">
- <linux:object object_ref="object_mount_var_**log_own_partition" /> </linux:partition_test> <linux:partition_object id="object_mount_var_log_own_**partition"
version="1">
<linux:mount_point>/var/log</**linux:mount_point>
- linux:mount_point/var/log</**linux:mount_point> </linux:partition_object>
</def-group>
diff --git a/RHEL6/input/checks/**partition_for_var_log_audit.**xml b/RHEL6/input/checks/**partition_for_var_log_audit.**xml index e88ceba..b7a7d68 100644 --- a/RHEL6/input/checks/**partition_for_var_log_audit.**xml +++ b/RHEL6/input/checks/**partition_for_var_log_audit.**xml @@ -6,18 +6,22 @@ <platform>Red Hat Enterprise Linux 6</platform> </affected> <description>Audit logs are stored in the /var/log/audit directory.
Ensure that it has its own partition or logical volume. Makeabsolutely certain that it is large enough to store all audit logsthat will be created by the auditing daemon.</description>
Ensure that it has its own partition or logical volume. Makeabsolutely
certain that it is large enough to store all audit logs that willbe
created by the auditing daemon.</description><reference source="MED" ref_id="20130830"ref_url="test_attestation" /> </metadata> <criteria> <criterion test_ref="test_var_log_audit_**partition" comment="/var/log/audit on own partition" /> </criteria> </definition>
- <linux:partition_test check="all" check_existence="all_exist"
id="test_var_log_audit_**partition" version="1" comment="check for /var/log/audit partition">
<linux:object object_ref="object_mount_var_**log_audit_own_partition"/>
- <linux:partition_test check="all" check_existence="all_exist"
- id="test_var_log_audit_**partition" version="1"
- comment="check for /var/log/audit partition">
- <linux:object object_ref="object_mount_var_**log_audit_own_partition"
/> </linux:partition_test>
- <linux:partition_object id="object_mount_var_log_**audit_own_partition"
version="1">
<linux:mount_point>/var/log/**audit</linux:mount_point>
- <linux:partition_object id="object_mount_var_log_**
audit_own_partition"
- version="1">
- linux:mount_point/var/log/**audit</linux:mount_point> </linux:partition_object>
</def-group>
______________________________**_________________ scap-security-guide mailing list scap-security-guide@lists.**fedorahosted.orgscap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.**org/mailman/listinfo/scap-**security-guidehttps://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
Making /var/tmp a bind mount to /tmp seems like a really bad idea. Why do it?
On Tue, Sep 10, 2013 at 12:57 PM, David Smith dsmith@eclipse.ncsc.milwrote:
until now -- ack!
On Tue, Sep 10, 2013 at 12:55 PM, Maura Dailey maura@eclipse.ncsc.milwrote:
No one's ACKED these.
- Maura Dailey
On 08/30/2013 01:41 PM, Maura Dailey wrote:
Added test checks for set of partition checks.
Signed-off-by: Maura Dailey maura@eclipse.ncsc.mil
RHEL6/input/checks/partition_**for_home.xml | 18 ++++++++++-------- RHEL6/input/checks/partition_**for_tmp.xml | 14 ++++++++------ RHEL6/input/checks/partition_**for_var.xml | 18 ++++++++++-------- RHEL6/input/checks/partition_**for_var_log.xml | 12 +++++++----- RHEL6/input/checks/partition_**for_var_log_audit.xml | 18 +++++++++++------- 5 files changed, 46 insertions(+), 34 deletions(-)
diff --git a/RHEL6/input/checks/**partition_for_home.xml b/RHEL6/input/checks/**partition_for_home.xml index b784316..2081d18 100644 --- a/RHEL6/input/checks/**partition_for_home.xml +++ b/RHEL6/input/checks/**partition_for_home.xml @@ -5,20 +5,22 @@ <affected family="unix"> <platform>Red Hat Enterprise Linux 6</platform> </affected>
<description>If user home directories will be stored locally,create a separate partition for /home. If /home will be mountedfrom another system such as an NFS server, then creating aseparate
partition is not necessary at this time, and the mountpoint caninstead be configured later.</description>
<description>If user home directories will be stored locally,create a
separate partition for /home. If /home will be mounted fromanother
system such as an NFS server, then creating a separate partitionis not
necessary at this time, and the mountpoint can instead beconfigured
later.</description><reference source="MED" ref_id="20130830"ref_url="test_attestation" /> </metadata> <criteria> <criterion test_ref="test_home_partition" comment="/home on own partition" /> </criteria> </definition>
- <linux:partition_test check="all" check_existence="all_exist"
id="test_home_partition" version="1" comment="/home on own partition">
<linux:object object_ref="object_mount_home_**own_partition" />
- <linux:partition_test check="all" check_existence="all_exist"
- id="test_home_partition" version="1" comment="/home on own partition">
- <linux:object object_ref="object_mount_home_**own_partition" /> </linux:partition_test> <linux:partition_object id="object_mount_home_own_**partition"
version="1">
<linux:mount_point>/home</**linux:mount_point>
- linux:mount_point/home</**linux:mount_point> </linux:partition_object>
</def-group>
diff --git a/RHEL6/input/checks/**partition_for_tmp.xml b/RHEL6/input/checks/**partition_for_tmp.xml index de93ee9..9c28c13 100644 --- a/RHEL6/input/checks/**partition_for_tmp.xml +++ b/RHEL6/input/checks/**partition_for_tmp.xml @@ -5,18 +5,20 @@ <affected family="unix"> <platform>Red Hat Enterprise Linux 6</platform> </affected>
<description>The /tmp directory is a world-writable directoryused for temporary file storage. Verify that it has its ownpartition or logical volume.</description>
<description>The /tmp directory is a world-writable directoryused for
temporary file storage. Verify that it has its own partition orlogical
volume.</description><reference source="MED" ref_id="20130830"ref_url="test_attestation" /> </metadata> <criteria> <criterion test_ref="test_tmp_partition" comment="/tmp on own partition" /> </criteria> </definition>
- <linux:partition_test check="all" check_existence="all_exist"
id="test_tmp_partition" version="1" comment="/tmp on own partition">
<linux:object object_ref="object_own_tmp_**partition" />
- <linux:partition_test check="all" check_existence="all_exist"
- id="test_tmp_partition" version="1" comment="/tmp on own partition">
- <linux:object object_ref="object_own_tmp_**partition" /> </linux:partition_test> <linux:partition_object id="object_own_tmp_partition" version="1">
<linux:mount_point>/tmp</**linux:mount_point>
- linux:mount_point/tmp</**linux:mount_point> </linux:partition_object>
</def-group>
diff --git a/RHEL6/input/checks/**partition_for_var.xml b/RHEL6/input/checks/**partition_for_var.xml index 58089ab..2ed1d38 100644 --- a/RHEL6/input/checks/**partition_for_var.xml +++ b/RHEL6/input/checks/**partition_for_var.xml @@ -5,20 +5,22 @@ <affected family="unix"> <platform>Red Hat Enterprise Linux 6</platform> </affected>
<description>Ensuring that /var is mounted on its own partitionenables the
setting of more restrictive mount options, which is used astemporary
storage by many program, particularly system services such asdaemons.
It is not uncommon for the /var directory to containworld-writable directories,
installed by other software packages.</description>
<description>Ensuring that /var is mounted on its own partitionenables
the setting of more restrictive mount options, which is used astemporary
storage by many program, particularly system services such asdaemons. It
is not uncommon for the /var directory to contain world-writabledirectories, installed by other software packages.</description><reference source="MED" ref_id="20130830"ref_url="test_attestation" /> </metadata> <criteria> <criterion test_ref="test_var_partition" comment="/var on own partition" /> </criteria> </definition>
- <linux:partition_test check="all" check_existence="all_exist"
id="test_var_partition" version="1" comment="/var on own partition">
<linux:object object_ref="object_mount_var_**own_partition" />
- <linux:partition_test check="all" check_existence="all_exist"
- id="test_var_partition" version="1" comment="/var on own partition">
- <linux:object object_ref="object_mount_var_**own_partition" /> </linux:partition_test> <linux:partition_object id="object_mount_var_own_**partition"
version="1">
<linux:mount_point>/var</**linux:mount_point>
- linux:mount_point/var</**linux:mount_point> </linux:partition_object>
</def-group>
diff --git a/RHEL6/input/checks/**partition_for_var_log.xml b/RHEL6/input/checks/**partition_for_var_log.xml index 8a8a6f4..94d235b 100644 --- a/RHEL6/input/checks/**partition_for_var_log.xml +++ b/RHEL6/input/checks/**partition_for_var_log.xml @@ -5,17 +5,19 @@ <affected family="unix"> <platform>Red Hat Enterprise Linux 6</platform> </affected>
<description>System logs are stored in the /var/log directory.Ensure that it has its own partition or logicalvolume.</description>
<description>System logs are stored in the /var/log directory.Ensure
that it has its own partition or logical volume.</description><reference source="MED" ref_id="20130830"ref_url="test_attestation" /> </metadata> <criteria> <criterion test_ref="test_var_log_**partition" comment="/var/log on own partition" /> </criteria> </definition>
- <linux:partition_test check="all" check_existence="all_exist"
id="test_var_log_partition" version="1" comment="/var/log on own partition">
<linux:object object_ref="object_mount_var_**log_own_partition"/>
- <linux:partition_test check="all" check_existence="all_exist"
- id="test_var_log_partition" version="1" comment="/var/log on own
partition">
- <linux:object object_ref="object_mount_var_**log_own_partition" /> </linux:partition_test> <linux:partition_object id="object_mount_var_log_own_**partition"
version="1">
<linux:mount_point>/var/log</**linux:mount_point>
- linux:mount_point/var/log</**linux:mount_point> </linux:partition_object>
</def-group>
diff --git a/RHEL6/input/checks/**partition_for_var_log_audit.**xml b/RHEL6/input/checks/**partition_for_var_log_audit.**xml index e88ceba..b7a7d68 100644 --- a/RHEL6/input/checks/**partition_for_var_log_audit.**xml +++ b/RHEL6/input/checks/**partition_for_var_log_audit.**xml @@ -6,18 +6,22 @@ <platform>Red Hat Enterprise Linux 6</platform> </affected> <description>Audit logs are stored in the /var/log/audit directory.
Ensure that it has its own partition or logical volume. Makeabsolutely certain that it is large enough to store all audit logsthat will be created by the auditing daemon.</description>
Ensure that it has its own partition or logical volume. Makeabsolutely
certain that it is large enough to store all audit logs that willbe
created by the auditing daemon.</description><reference source="MED" ref_id="20130830"ref_url="test_attestation" /> </metadata> <criteria> <criterion test_ref="test_var_log_audit_**partition" comment="/var/log/audit on own partition" /> </criteria> </definition>
- <linux:partition_test check="all" check_existence="all_exist"
id="test_var_log_audit_**partition" version="1" comment="check for /var/log/audit partition">
<linux:object object_ref="object_mount_var_**log_audit_own_partition"/>
- <linux:partition_test check="all" check_existence="all_exist"
- id="test_var_log_audit_**partition" version="1"
- comment="check for /var/log/audit partition">
- <linux:object object_ref="object_mount_var_**log_audit_own_partition"
/> </linux:partition_test>
- <linux:partition_object id="object_mount_var_log_**audit_own_partition"
version="1">
<linux:mount_point>/var/log/**audit</linux:mount_point>
- <linux:partition_object id="object_mount_var_log_**
audit_own_partition"
- version="1">
- linux:mount_point/var/log/**audit</linux:mount_point> </linux:partition_object>
</def-group>
______________________________**_________________ scap-security-guide mailing list scap-security-guide@lists.**fedorahosted.orgscap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.**org/mailman/listinfo/scap-**security-guidehttps://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
Sorry, this was in reference to a different note.
Leam
On Tue, Sep 10, 2013 at 12:59 PM, leam hall leamhall@gmail.com wrote:
Making /var/tmp a bind mount to /tmp seems like a really bad idea. Why do it?
On Tue, Sep 10, 2013 at 12:57 PM, David Smith dsmith@eclipse.ncsc.milwrote:
until now -- ack!
On Tue, Sep 10, 2013 at 12:55 PM, Maura Dailey maura@eclipse.ncsc.milwrote:
No one's ACKED these.
- Maura Dailey
On 08/30/2013 01:41 PM, Maura Dailey wrote:
Added test checks for set of partition checks.
Signed-off-by: Maura Dailey maura@eclipse.ncsc.mil
RHEL6/input/checks/partition_**for_home.xml | 18 ++++++++++-------- RHEL6/input/checks/partition_**for_tmp.xml | 14 ++++++++------ RHEL6/input/checks/partition_**for_var.xml | 18 ++++++++++-------- RHEL6/input/checks/partition_**for_var_log.xml | 12 +++++++----- RHEL6/input/checks/partition_**for_var_log_audit.xml | 18 +++++++++++------- 5 files changed, 46 insertions(+), 34 deletions(-)
diff --git a/RHEL6/input/checks/**partition_for_home.xml b/RHEL6/input/checks/**partition_for_home.xml index b784316..2081d18 100644 --- a/RHEL6/input/checks/**partition_for_home.xml +++ b/RHEL6/input/checks/**partition_for_home.xml @@ -5,20 +5,22 @@ <affected family="unix"> <platform>Red Hat Enterprise Linux 6</platform> </affected>
<description>If user home directories will be stored locally,create a separate partition for /home. If /home will be mountedfrom another system such as an NFS server, then creating aseparate
partition is not necessary at this time, and the mountpoint caninstead be configured later.</description>
<description>If user home directories will be stored locally,create a
separate partition for /home. If /home will be mounted fromanother
system such as an NFS server, then creating a separate partitionis not
necessary at this time, and the mountpoint can instead beconfigured
later.</description><reference source="MED" ref_id="20130830"ref_url="test_attestation" /> </metadata> <criteria> <criterion test_ref="test_home_partition" comment="/home on own partition" /> </criteria> </definition>
- <linux:partition_test check="all" check_existence="all_exist"
id="test_home_partition" version="1" comment="/home on own partition">
<linux:object object_ref="object_mount_home_**own_partition" />
- <linux:partition_test check="all" check_existence="all_exist"
- id="test_home_partition" version="1" comment="/home on own
partition">
- <linux:object object_ref="object_mount_home_**own_partition" /> </linux:partition_test> <linux:partition_object id="object_mount_home_own_**partition"
version="1">
<linux:mount_point>/home</**linux:mount_point>
- linux:mount_point/home</**linux:mount_point> </linux:partition_object>
</def-group>
diff --git a/RHEL6/input/checks/**partition_for_tmp.xml b/RHEL6/input/checks/**partition_for_tmp.xml index de93ee9..9c28c13 100644 --- a/RHEL6/input/checks/**partition_for_tmp.xml +++ b/RHEL6/input/checks/**partition_for_tmp.xml @@ -5,18 +5,20 @@ <affected family="unix"> <platform>Red Hat Enterprise Linux 6</platform> </affected>
<description>The /tmp directory is a world-writable directoryused for temporary file storage. Verify that it has its ownpartition or logical volume.</description>
<description>The /tmp directory is a world-writable directoryused for
temporary file storage. Verify that it has its own partition orlogical
volume.</description><reference source="MED" ref_id="20130830"ref_url="test_attestation" /> </metadata> <criteria> <criterion test_ref="test_tmp_partition" comment="/tmp on own partition" /> </criteria> </definition>
- <linux:partition_test check="all" check_existence="all_exist"
id="test_tmp_partition" version="1" comment="/tmp on own partition">
<linux:object object_ref="object_own_tmp_**partition" />
- <linux:partition_test check="all" check_existence="all_exist"
- id="test_tmp_partition" version="1" comment="/tmp on own partition">
- <linux:object object_ref="object_own_tmp_**partition" /> </linux:partition_test> <linux:partition_object id="object_own_tmp_partition" version="1">
<linux:mount_point>/tmp</**linux:mount_point>
- linux:mount_point/tmp</**linux:mount_point> </linux:partition_object>
</def-group>
diff --git a/RHEL6/input/checks/**partition_for_var.xml b/RHEL6/input/checks/**partition_for_var.xml index 58089ab..2ed1d38 100644 --- a/RHEL6/input/checks/**partition_for_var.xml +++ b/RHEL6/input/checks/**partition_for_var.xml @@ -5,20 +5,22 @@ <affected family="unix"> <platform>Red Hat Enterprise Linux 6</platform> </affected>
<description>Ensuring that /var is mounted on its own partitionenables the
setting of more restrictive mount options, which is used astemporary
storage by many program, particularly system services such asdaemons.
It is not uncommon for the /var directory to containworld-writable directories,
installed by other software packages.</description>
<description>Ensuring that /var is mounted on its own partitionenables
the setting of more restrictive mount options, which is used astemporary
storage by many program, particularly system services such asdaemons. It
is not uncommon for the /var directory to contain world-writabledirectories, installed by other software packages.</description><reference source="MED" ref_id="20130830"ref_url="test_attestation" /> </metadata> <criteria> <criterion test_ref="test_var_partition" comment="/var on own partition" /> </criteria> </definition>
- <linux:partition_test check="all" check_existence="all_exist"
id="test_var_partition" version="1" comment="/var on own partition">
<linux:object object_ref="object_mount_var_**own_partition" />
- <linux:partition_test check="all" check_existence="all_exist"
- id="test_var_partition" version="1" comment="/var on own partition">
- <linux:object object_ref="object_mount_var_**own_partition" /> </linux:partition_test> <linux:partition_object id="object_mount_var_own_**partition"
version="1">
<linux:mount_point>/var</**linux:mount_point>
- linux:mount_point/var</**linux:mount_point> </linux:partition_object>
</def-group>
diff --git a/RHEL6/input/checks/**partition_for_var_log.xml b/RHEL6/input/checks/**partition_for_var_log.xml index 8a8a6f4..94d235b 100644 --- a/RHEL6/input/checks/**partition_for_var_log.xml +++ b/RHEL6/input/checks/**partition_for_var_log.xml @@ -5,17 +5,19 @@ <affected family="unix"> <platform>Red Hat Enterprise Linux 6</platform> </affected>
<description>System logs are stored in the /var/log directory.Ensure that it has its own partition or logicalvolume.</description>
<description>System logs are stored in the /var/log directory.Ensure
that it has its own partition or logical volume.</description><reference source="MED" ref_id="20130830"ref_url="test_attestation" /> </metadata> <criteria> <criterion test_ref="test_var_log_**partition" comment="/var/log on own partition" /> </criteria> </definition>
- <linux:partition_test check="all" check_existence="all_exist"
id="test_var_log_partition" version="1" comment="/var/log on own partition">
<linux:object object_ref="object_mount_var_**log_own_partition"/>
- <linux:partition_test check="all" check_existence="all_exist"
- id="test_var_log_partition" version="1" comment="/var/log on own
partition">
- <linux:object object_ref="object_mount_var_**log_own_partition" /> </linux:partition_test> <linux:partition_object id="object_mount_var_log_own_**partition"
version="1">
<linux:mount_point>/var/log</**linux:mount_point>
- linux:mount_point/var/log</**linux:mount_point> </linux:partition_object>
</def-group>
diff --git a/RHEL6/input/checks/**partition_for_var_log_audit.**xml b/RHEL6/input/checks/**partition_for_var_log_audit.**xml index e88ceba..b7a7d68 100644 --- a/RHEL6/input/checks/**partition_for_var_log_audit.**xml +++ b/RHEL6/input/checks/**partition_for_var_log_audit.**xml @@ -6,18 +6,22 @@ <platform>Red Hat Enterprise Linux 6</platform> </affected> <description>Audit logs are stored in the /var/log/audit directory.
Ensure that it has its own partition or logical volume. Makeabsolutely certain that it is large enough to store all auditlogs
that will be created by the auditing daemon.</description>
Ensure that it has its own partition or logical volume. Makeabsolutely
certain that it is large enough to store all audit logs thatwill be
created by the auditing daemon.</description><reference source="MED" ref_id="20130830"ref_url="test_attestation" /> </metadata> <criteria> <criterion test_ref="test_var_log_audit_**partition" comment="/var/log/audit on own partition" /> </criteria> </definition>
- <linux:partition_test check="all" check_existence="all_exist"
id="test_var_log_audit_**partition" version="1" comment="check for /var/log/audit partition">
<linux:object object_ref="object_mount_var_**log_audit_own_partition"/>
- <linux:partition_test check="all" check_existence="all_exist"
- id="test_var_log_audit_**partition" version="1"
- comment="check for /var/log/audit partition">
- <linux:object object_ref="object_mount_var_**log_audit_own_partition"
/> </linux:partition_test>
- <linux:partition_object id="object_mount_var_log_**audit_own_partition"
version="1">
<linux:mount_point>/var/log/**audit</linux:mount_point>
- <linux:partition_object id="object_mount_var_log_**
audit_own_partition"
- version="1">
- linux:mount_point/var/log/**audit</linux:mount_point> </linux:partition_object>
</def-group>
______________________________**_________________ scap-security-guide mailing list scap-security-guide@lists.**fedorahosted.orgscap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.**org/mailman/listinfo/scap-**security-guidehttps://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
-- Mind on a Mission http://leamhall.blogspot.com/
OK, pushed this set.
On 09/10/2013 12:57 PM, David Smith wrote:
until now -- ack!
On Tue, Sep 10, 2013 at 12:55 PM, Maura Dailey <maura@eclipse.ncsc.mil mailto:maura@eclipse.ncsc.mil> wrote:
No one's ACKED these. - Maura Dailey On 08/30/2013 01:41 PM, Maura Dailey wrote: Added test checks for set of partition checks. Signed-off-by: Maura Dailey <maura@eclipse.ncsc.mil <mailto:maura@eclipse.ncsc.mil>> --- RHEL6/input/checks/partition_for_home.xml | 18 ++++++++++-------- RHEL6/input/checks/partition_for_tmp.xml | 14 ++++++++------ RHEL6/input/checks/partition_for_var.xml | 18 ++++++++++-------- RHEL6/input/checks/partition_for_var_log.xml | 12 +++++++----- RHEL6/input/checks/partition_for_var_log_audit.xml | 18 +++++++++++------- 5 files changed, 46 insertions(+), 34 deletions(-) diff --git a/RHEL6/input/checks/partition_for_home.xml b/RHEL6/input/checks/partition_for_home.xml index b784316..2081d18 100644 --- a/RHEL6/input/checks/partition_for_home.xml +++ b/RHEL6/input/checks/partition_for_home.xml @@ -5,20 +5,22 @@ <affected family="unix"> <platform>Red Hat Enterprise Linux 6</platform> </affected> - <description>If user home directories will be stored locally, - create a separate partition for /home. If /home will be mounted - from another system such as an NFS server, then creating a separate - partition is not necessary at this time, and the mountpoint can - instead be configured later.</description> + <description>If user home directories will be stored locally, create a + separate partition for /home. If /home will be mounted from another + system such as an NFS server, then creating a separate partition is not + necessary at this time, and the mountpoint can instead be configured + later.</description> + <reference source="MED" ref_id="20130830" ref_url="test_attestation" /> </metadata> <criteria> <criterion test_ref="test_home_partition" comment="/home on own partition" /> </criteria> </definition> - <linux:partition_test check="all" check_existence="all_exist" id="test_home_partition" version="1" comment="/home on own partition"> - <linux:object object_ref="object_mount_home_own_partition" /> + <linux:partition_test check="all" check_existence="all_exist" + id="test_home_partition" version="1" comment="/home on own partition"> + <linux:object object_ref="object_mount_home_own_partition" /> </linux:partition_test> <linux:partition_object id="object_mount_home_own_partition" version="1"> - <linux:mount_point>/home</linux:mount_point> + <linux:mount_point>/home</linux:mount_point> </linux:partition_object> </def-group> diff --git a/RHEL6/input/checks/partition_for_tmp.xml b/RHEL6/input/checks/partition_for_tmp.xml index de93ee9..9c28c13 100644 --- a/RHEL6/input/checks/partition_for_tmp.xml +++ b/RHEL6/input/checks/partition_for_tmp.xml @@ -5,18 +5,20 @@ <affected family="unix"> <platform>Red Hat Enterprise Linux 6</platform> </affected> - <description>The /tmp directory is a world-writable directory - used for temporary file storage. Verify that it has its own - partition or logical volume.</description> + <description>The /tmp directory is a world-writable directory used for + temporary file storage. Verify that it has its own partition or logical + volume.</description> + <reference source="MED" ref_id="20130830" ref_url="test_attestation" /> </metadata> <criteria> <criterion test_ref="test_tmp_partition" comment="/tmp on own partition" /> </criteria> </definition> - <linux:partition_test check="all" check_existence="all_exist" id="test_tmp_partition" version="1" comment="/tmp on own partition"> - <linux:object object_ref="object_own_tmp_partition" /> + <linux:partition_test check="all" check_existence="all_exist" + id="test_tmp_partition" version="1" comment="/tmp on own partition"> + <linux:object object_ref="object_own_tmp_partition" /> </linux:partition_test> <linux:partition_object id="object_own_tmp_partition" version="1"> - <linux:mount_point>/tmp</linux:mount_point> + <linux:mount_point>/tmp</linux:mount_point> </linux:partition_object> </def-group> diff --git a/RHEL6/input/checks/partition_for_var.xml b/RHEL6/input/checks/partition_for_var.xml index 58089ab..2ed1d38 100644 --- a/RHEL6/input/checks/partition_for_var.xml +++ b/RHEL6/input/checks/partition_for_var.xml @@ -5,20 +5,22 @@ <affected family="unix"> <platform>Red Hat Enterprise Linux 6</platform> </affected> - <description>Ensuring that /var is mounted on its own partition enables the - setting of more restrictive mount options, which is used as temporary - storage by many program, particularly system services such as daemons. - It is not uncommon for the /var directory to contain world-writable directories, - installed by other software packages.</description> + <description>Ensuring that /var is mounted on its own partition enables + the setting of more restrictive mount options, which is used as temporary + storage by many program, particularly system services such as daemons. It + is not uncommon for the /var directory to contain world-writable + directories, installed by other software packages.</description> + <reference source="MED" ref_id="20130830" ref_url="test_attestation" /> </metadata> <criteria> <criterion test_ref="test_var_partition" comment="/var on own partition" /> </criteria> </definition> - <linux:partition_test check="all" check_existence="all_exist" id="test_var_partition" version="1" comment="/var on own partition"> - <linux:object object_ref="object_mount_var_own_partition" /> + <linux:partition_test check="all" check_existence="all_exist" + id="test_var_partition" version="1" comment="/var on own partition"> + <linux:object object_ref="object_mount_var_own_partition" /> </linux:partition_test> <linux:partition_object id="object_mount_var_own_partition" version="1"> - <linux:mount_point>/var</linux:mount_point> + <linux:mount_point>/var</linux:mount_point> </linux:partition_object> </def-group> diff --git a/RHEL6/input/checks/partition_for_var_log.xml b/RHEL6/input/checks/partition_for_var_log.xml index 8a8a6f4..94d235b 100644 --- a/RHEL6/input/checks/partition_for_var_log.xml +++ b/RHEL6/input/checks/partition_for_var_log.xml @@ -5,17 +5,19 @@ <affected family="unix"> <platform>Red Hat Enterprise Linux 6</platform> </affected> - <description>System logs are stored in the /var/log directory. - Ensure that it has its own partition or logical volume.</description> + <description>System logs are stored in the /var/log directory. Ensure + that it has its own partition or logical volume.</description> + <reference source="MED" ref_id="20130830" ref_url="test_attestation" /> </metadata> <criteria> <criterion test_ref="test_var_log_partition" comment="/var/log on own partition" /> </criteria> </definition> - <linux:partition_test check="all" check_existence="all_exist" id="test_var_log_partition" version="1" comment="/var/log on own partition"> - <linux:object object_ref="object_mount_var_log_own_partition" /> + <linux:partition_test check="all" check_existence="all_exist" + id="test_var_log_partition" version="1" comment="/var/log on own partition"> + <linux:object object_ref="object_mount_var_log_own_partition" /> </linux:partition_test> <linux:partition_object id="object_mount_var_log_own_partition" version="1"> - <linux:mount_point>/var/log</linux:mount_point> + <linux:mount_point>/var/log</linux:mount_point> </linux:partition_object> </def-group> diff --git a/RHEL6/input/checks/partition_for_var_log_audit.xml b/RHEL6/input/checks/partition_for_var_log_audit.xml index e88ceba..b7a7d68 100644 --- a/RHEL6/input/checks/partition_for_var_log_audit.xml +++ b/RHEL6/input/checks/partition_for_var_log_audit.xml @@ -6,18 +6,22 @@ <platform>Red Hat Enterprise Linux 6</platform> </affected> <description>Audit logs are stored in the /var/log/audit directory. - Ensure that it has its own partition or logical volume. Make - absolutely certain that it is large enough to store all audit logs - that will be created by the auditing daemon.</description> + Ensure that it has its own partition or logical volume. Make absolutely + certain that it is large enough to store all audit logs that will be + created by the auditing daemon.</description> + <reference source="MED" ref_id="20130830" ref_url="test_attestation" /> </metadata> <criteria> <criterion test_ref="test_var_log_audit_partition" comment="/var/log/audit on own partition" /> </criteria> </definition> - <linux:partition_test check="all" check_existence="all_exist" id="test_var_log_audit_partition" version="1" comment="check for /var/log/audit partition"> - <linux:object object_ref="object_mount_var_log_audit_own_partition" /> + <linux:partition_test check="all" check_existence="all_exist" + id="test_var_log_audit_partition" version="1" + comment="check for /var/log/audit partition"> + <linux:object object_ref="object_mount_var_log_audit_own_partition" /> </linux:partition_test> - <linux:partition_object id="object_mount_var_log_audit_own_partition" version="1"> - <linux:mount_point>/var/log/audit</linux:mount_point> + <linux:partition_object id="object_mount_var_log_audit_own_partition" + version="1"> + <linux:mount_point>/var/log/audit</linux:mount_point> </linux:partition_object> </def-group> _______________________________________________ scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org <mailto:scap-security-guide@lists.fedorahosted.org> https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
scap-security-guide@lists.fedorahosted.org
-
David Smith -
leam hall -
Maura Dailey