[Open-scap] Need help understanding RHEL STIG findings
Snyder, Chris
Chris_Snyder at sra.com
Wed Jan 30 21:57:40 UTC 2013
In V1R2 def:70 does point at tst:7000, but the test doesn't point to obj:7701, it points to obj:7001.
As I said before, I'm just getting started with all of this, but if I'm reading this right, it sure looks like it's finding all non-0 UID users and then comparing that list to 'root' (control state). If that's the case then the operation in ste:7001 should probably be "equal" rather than "not equal".
Anybody disagree with this assessment? Should I file a bug on this?
<unix-def:password_test id="oval:mil.disa.fso.rhel:tst:7000" version="1" check="all" check_existence="any_exist" comment="all UID 0s are root">
<unix-def:object object_ref="oval:mil.disa.fso.rhel:obj:7001" />
<unix-def:state state_ref="oval:mil.disa.fso.rhel:ste:7000" />
</unix-def:password_test>
<unix-def:password_state id="oval:mil.disa.fso.rhel:ste:7000" version="1" comment="root">
<unix-def:username>root</unix-def:username>
</unix-def:password_state>
<unix-def:password_object id="oval:mil.disa.fso.rhel:obj:7001" version="1" comment="uid 0 and not root">
<set>
<object_reference>oval:mil.disa.fso.rhel:obj:7000</object_reference>
<filter>oval:mil.disa.fso.rhel:ste:7001</filter>
</set>
</unix-def:password_object>
<unix-def:password_object id="oval:mil.disa.fso.rhel:obj:7000" version="1" comment="all users">
<unix-def:username operation="pattern match" datatype="string">.*</unix-def:username>
</unix-def:password_object>
<unix-def:password_state id="oval:mil.disa.fso.rhel:ste:7001" version="1" comment="uid not 0">
<unix-def:user_id operation="not equal">0</unix-def:user_id>
</unix-def:password_state>
-----Original Message-----
From: open-scap-list-bounces at redhat.com [mailto:open-scap-list-bounces at redhat.com] On Behalf Of Brian Millett
Sent: Wednesday, January 30, 2013 12:28 PM
To: open-scap-list at redhat.com
Subject: Re: [Open-scap] Need help understanding RHEL STIG findings
The check is being done by def:70 in the STIG_Benchmark-oval.xml, so that following the references in the
xml file,
def:70->tst:7000->obj:7701
<unix-def:file_object id="oval:mil.disa.fso.rhel:obj:7701" version="1" comment="root exec search path directories">
<unix-def:path var_check="at least one" var_ref="oval:mil.disa.fso.rhel:var:7700" datatype="string" />
<unix-def:filename datatype="string" xsi:nil="true" />
</unix-def:file_object>
Which leads you off into root path directories, or into a big WHAT??
So yeah, the oval is messed up.
But that is my observation, and I'm no expert.
Looking forward to the answer to the problem.
--
Brian Millett
"Oh, that's cute. A zombie with a gas attack."
-- [ Garibaldi, "Knives"]
_______________________________________________
Open-scap-list mailing list
Open-scap-list at redhat.com
https://www.redhat.com/mailman/listinfo/open-scap-list
More information about the Open-scap-list
mailing list