Shawn,
Due to the change in directory structure, RHEL6 vs. RHEL/{6,7}, I was
not able to “git push” this modification into the project, so I
performed another "git commit" after a fresh "git clone"
I need a "re-ack" please and I will promptly "git push"
See
https://lists.fedorahosted.org/pipermail/scap-security-guide/2014-January...
for the original ack.
Rodney.
-------
Based on comments and recommendations from the following thread, I've
submitted a patch to fix CCE-27032-2 no_files_unowned_by_user.xml
https://lists.fedorahosted.org/pipermail/scap-security-guide/2013-July/00...
This only checks /etc/passwd and not any other authorization databases.
8<====================
From a03058b43bd3aec3c8c02c34911f7d5751b7b796 Mon Sep 17 00:00:00 2001
From: Rodney Mercer <rmercer(a)harris.com>
Date: Tue, 28 Jan 2014 15:01:58 +0000
Subject: [PATCH] modified completely broken no_files_unowned_by_user.xml
to properly check all files on the system to make sure that they are
owned by a user that resides in /etc/passwd.
---
RHEL/6/input/checks/no_files_unowned_by_user.xml | 51
++++++++++++----------
1 files changed, 28 insertions(+), 23 deletions(-)
diff --git a/RHEL/6/input/checks/no_files_unowned_by_user.xml
b/RHEL/6/input/checks/no_files_unowned_by_user.xml
index a73183a..f3f1276 100644
--- a/RHEL/6/input/checks/no_files_unowned_by_user.xml
+++ b/RHEL/6/input/checks/no_files_unowned_by_user.xml
@@ -1,38 +1,43 @@
<def-group>
- <definition class="compliance"
- id="no_files_unowned_by_user" version="1">
+ <definition class="compliance" id="no_files_unowned_by_user"
version="1">
<metadata>
<title>Find files unowned by a user</title>
<affected family="unix">
<platform>Red Hat Enterprise Linux 6</platform>
</affected>
- <description>All files should be owned by a
- user</description>
+ <description>All files should be owned by a user</description>
+ <reference source="rmercer" ref_id="20131218"
ref_url="test_attestation" />
</metadata>
<criteria>
- <criterion comment="Check all files and make sure they are owned
by a user"
- negate="true"
- test_ref="test_20050" />
+ <criterion comment="Check all files and make sure they are owned
by a user" test_ref="no_files_unowned_by_user_test" />
</criteria>
</definition>
- <unix:file_test
xmlns:unix="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix&...
- check="all" comment="files with no user owner"
- id="test_20050" version="1">
- <notes>
- <note>This will enumerate all files on local
- partitions</note>
- </notes>
- <unix:object object_ref="obj_20022" />
- <unix:state state_ref="state_20050" />
- </unix:file_test>
- <unix:file_state comment="Executables with suid set"
- id="state_20050" version="1">
- <unix:user_id datatype="int">0</unix:user_id>
+
+ <unix:file_state id="file_permissions_unowned_userid_list_match"
version="1">
+ <unix:user_id var_check="at least one"
var_ref="file_permissions_unowned_userid_list" datatype="int" />
</unix:file_state>
- <unix:file_object comment="all local files"
- id="obj_20022" version="1">
- <unix:behaviors recurse="symlinks and directories"
recurse_file_system="local" />
+
+ <local_variable id="file_permissions_unowned_userid_list"
comment="List of valid user ids" datatype="int"
version="1">
+ <object_component item_field="subexpression"
object_ref="file_permissions_unowned_userid_list_object" />
+ </local_variable>
+
+ <ind:textfilecontent54_object
id="file_permissions_unowned_userid_list_object" version="1">
+ <ind:filepath>/etc/passwd</ind:filepath>
+ <ind:pattern operation="pattern
match">^[^:]+:[^:]+:([\d]+):[\d]+:[^:]*:[^:]+:[^:]*$</ind:pattern>
+ <ind:instance operation="greater than or equal"
datatype="int">1</ind:instance>
+ </ind:textfilecontent54_object>
+
+ <unix:file_object comment="all local files"
id="file_permissions_unowned_object" version="1">
+ <unix:behaviors recurse="symlinks and directories"
recurse_direction="down" recurse_file_system="local" />
<unix:path>/</unix:path>
<unix:filename operation="pattern match">.*</unix:filename>
+ <filter
action="exclude">file_permissions_unowned_userid_list_match</filter>
</unix:file_object>
+
+ <unix:file_test
xmlns:unix="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix&...
+ check="all" check_existence="none_exist" comment="Check user
ids on
all files on the system"
+ id="no_files_unowned_by_user_test" version="1">
+ <unix:object object_ref="file_permissions_unowned_object" />
+ </unix:file_test>
</def-group>
+
--
1.7.1