DISA STIG file permission testing
Steve Grubb
sgrubb at redhat.com
Wed May 11 13:49:54 UTC 2011
Hello,
I do a lot of work on making sure Linux meets various security standards. One of the
better known security profiles is the DISA STIG. (STIG means Security Technical
Information Guide.) Back in February, there was a big update to it. I have reviewed it
and sent feedback to get some items corrected. But in the mean time, I wanted to check
how far off we have gotten and wrote a script to do some checking. The guide requires a
UMASK of 027 for users, so you may find that home dir file permissions are not right.
However, if you just create a user and have never logged in...the file permissions
should be right.
In any event, I have uploaded the scripts so that file permission problems can be found
and fixed. The original guide can be found here:
http://iase.disa.mil/stigs/downloads/zip/unclassified_os-srg-unix_v1r1_finalsrg.zip
We used openscap to translate the XCCDF content into html. The (uncorrected) settings
can be found here:
http://people.redhat.com/sgrubb/files/stig-2011/stig-2011-checklist.html
and the test script can be found here:
http://people.redhat.com/sgrubb/files/stig-2011/stig-file-test.sh
I think we should realign some file permissions.
-Steve
More information about the devel
mailing list