diff options
Diffstat (limited to 'xml/SCAP/gentoo-xccdf.xml')
| -rw-r--r-- | xml/SCAP/gentoo-xccdf.xml | 29 |
1 files changed, 27 insertions, 2 deletions
diff --git a/xml/SCAP/gentoo-xccdf.xml b/xml/SCAP/gentoo-xccdf.xml index 732bde3..aa85c1e 100644 --- a/xml/SCAP/gentoo-xccdf.xml +++ b/xml/SCAP/gentoo-xccdf.xml @@ -20,6 +20,8 @@ large impact on the performance of a server. Tests include scripted validationn. </description> + <!-- Make sure all world-writable directories have the sticky bit set --> + <select idref="xccdf_org.gentoo.dev.swift_rule_worldwritedir-stickybit" selected="true" /> </Profile> <Profile id="xccdf_org.gentoo.dev.swift_profile_intensive-oval" extends="xccdf_org.gentoo.dev.swift_profile_default-oval"> <title>Intensive validation profile (non-scripted)</title> @@ -30,6 +32,8 @@ large impact on the performance of a server. Tests do not include scripted validation. </description> + <!-- Make sure all world-writable directories have the sticky bit set --> + <select idref="xccdf_org.gentoo.dev.swift_rule_worldwritedir-stickybit" selected="true" /> </Profile> <Profile id="xccdf_org.gentoo.dev.swift_profile_default-oval"> <title>Default server setup settings (non-scripted)</title> @@ -103,8 +107,10 @@ <select idref="xccdf_org.gentoo.dev.swift_rule_securetty-limitentries" selected="true" /> <!-- Make sure /proc is mounted with hidepid=1 or hidepid=2 --> <select idref="xccdf_org.gentoo.dev.swift_rule_proc-hidepid" selected="true" /> - <!-- Make sure /boot/grub/grub.conf has a password entry with md5 hash --> + <!-- Make sure /boot/grub/grub.conf (if it exists) has a password entry with md5 hash --> <select idref="xccdf_org.gentoo.dev.swift_rule_grubconf-password-md5" selected="true" /> + <!-- Make sure /etc/lilo.conf (if it exists) has a password entry --> + <select idref="xccdf_org.gentoo.dev.swift_rule_liloconf-password" selected="true" /> </Profile> <Profile id="xccdf_org.gentoo.dev.swift_profile_default" extends="xccdf_org.gentoo.dev.swift_profile_default-oval"> <title>Default server setup settings</title> @@ -1516,7 +1522,7 @@ grub> <h:b>quit</h:b></h:pre> </h:p> </description> <Rule id="xccdf_org.gentoo.dev.swift_rule_grubconf-password-md5" selected="false" severity="low" weight="6.9"> - <title>Grub legacy has a password entry with md5 hash</title> + <title>Grub legacy (if it exists) has a password entry with md5 hash</title> <fixtext fixref="xccdf_org.gentoo.dev.swift_fix_grubconf-password-md5"> Edit /boot/grub/grub.conf and set a password entry with md5 hash </fixtext> @@ -1557,6 +1563,15 @@ image=/boot/bzImage Rerun <h:code>lilo</h:code> after updating the configuration file. </h:p> </description> + <Rule id="xccdf_org.gentoo.dev.swift_rule_liloconf-password" selected="false" severity="low" weight="6.9"> + <title>LILO (if it exists) has a password entry</title> + <fixtext fixref="xccdf_org.gentoo.dev.swift_fix_liloconf-password"> + Edit /etc/lilo.conf and set a password entry + </fixtext> + <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"> + <check-content-ref name="oval:org.gentoo.dev.swift:def:35" href="gentoo-oval.xml" /> + </check> + </Rule> </Group> </Group> <Group id="xccdf_org.gentoo.dev.swift_group_system-auth"> @@ -1782,6 +1797,16 @@ session required pam_unix.so</h:pre> world writable privilege is not accessible anyhow). </h:p> </description> + <Rule id="xccdf_org.gentoo.dev.swift_rule_worldwritedir-stickybit" selected="false" severity="medium" weight="4.3"> + <title>All world writable directories have the sticky bit set</title> + <fixtext fixref="xccdf_org.gentoo.dev.swift_fix_worldwritedirs-stickybit"> + Make sure all world-writable directories have the sticky bit set + </fixtext> + <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"> + <check-content-ref name="oval:org.gentoo.dev.swift:def:36" href="gentoo-oval.xml" /> + </check> + </Rule> + </Group> <Group id="xccdf_org.gentoo.dev.swift_group_system-fileprivileges-suidsgid"> <title>Limit setuid and setgid file and directory usage</title> |