[gentoo-commits] proj/hardened-docs:master commit in: xml/SCAP/ - gentoo-commits

From:	Sven Vermeulen <swift@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/hardened-docs:master commit in: xml/SCAP/
Date:	Sun, 30 Mar 2014 20:08:45
Message-Id:	`1396209991.15f31c8d487f24d0d6971801531ebfc9e06161ec.swift@gentoo`

1

commit:     15f31c8d487f24d0d6971801531ebfc9e06161ec

2

Author:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>

3

AuthorDate: Sun Mar 30 20:06:31 2014 +0000

4

Commit:     Sven Vermeulen <swift <AT> gentoo <DOT> org>

5

CommitDate: Sun Mar 30 20:06:31 2014 +0000

6

URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-docs.git;a=commit;h=15f31c8d

7

8

Add test for world writable directories

9

10

---

11

 xml/SCAP/gentoo-oval.xml  | 101 ++++++++++++++++++++++++++++++++++++++++++++++

12

 xml/SCAP/gentoo-xccdf.xml |  29 ++++++++++++-

13

 2 files changed, 128 insertions(+), 2 deletions(-)

14

15

diff --git a/xml/SCAP/gentoo-oval.xml b/xml/SCAP/gentoo-oval.xml

16

index f873701..427e5c1 100644

17

--- a/xml/SCAP/gentoo-oval.xml

18

+++ b/xml/SCAP/gentoo-oval.xml

19

@@ -581,6 +581,37 @@

20

     </criteria>

21

   </definition>

22

23

+  <definition id="oval:org.gentoo.dev.swift:def:35" version="1" class="compliance">

24

+    <metadata>

25

+      <title>/etc/lilo.conf has a password set</title>

26

+      <affected family="unix">

27

+        <platform>Gentoo Linux</platform>

28

+      </affected>

29

+      <description>

30

+        If /etc/lilo.conf exists, then it must have a password set.

31

+      </description>

32

+    </metadata>

33

+    <criteria operator="OR">

34

+      <criterion test_ref="oval:org.gentoo.dev.swift:tst:38" comment="/etc/lilo.conf does not exist" />

35

+      <criterion test_ref="oval:org.gentoo.dev.swift:tst:39" comment="/etc/lilo.conf has a password set" />

36

+    </criteria>

37

+  </definition>

38

+

39

+  <definition id="oval:org.gentoo.dev.swift:def:36" version="1" class="compliance">

40

+    <metadata>

41

+      <title>All world writable directories have the sticky bit set</title>

42

+      <affected family="unix">

43

+        <platform>Gentoo Linux</platform>

44

+      </affected>

45

+      <description>

46

+        All world writable directories must have the sticky bit set.

47

+      </description>

48

+    </metadata>

49

+    <criteria>

50

+      <criterion test_ref="oval:org.gentoo.dev.swift:tst:40" comment="All world writable directories have the sticky bit set" />

51

+    </criteria>

52

+  </definition>

53

+

54

 </definitions>

55

56

 <tests>

57

@@ -879,6 +910,7 @@

58

     version="1" check="at least one" check_existence="at_least_one_exists">

59

     <!-- The /boot/grub/grub.conf file content -->

60

     <ind-def:object object_ref="oval:org.gentoo.dev.swift:obj:23" />

61

+    <!-- A "password - -md5 somevalue" match -->

62

     <ind-def:state state_ref="oval:org.gentoo.dev.swift:ste:15" />

63

   </ind-def:textfilecontent54_test>

64

65

@@ -889,6 +921,31 @@

66

     <unix-def:object object_ref="oval:org.gentoo.dev.swift:obj:24" />

67

   </unix-def:file_test>

68

69

+  <unix-def:file_test id="oval:org.gentoo.dev.swift:tst:38"

70

+    version="1" check="all" check_existence="none_exist"

71

+    comment="/etc/lilo.conf does not exist">

72

+    <!-- The /etc/lilo.conf file -->

73

+    <unix-def:object object_ref="oval:org.gentoo.dev.swift:obj:25" />

74

+  </unix-def:file_test>

75

+

76

+  <ind-def:textfilecontent54_test id="oval:org.gentoo.dev.swift:tst:39"

77

+    comment="lilo.conf has a password set"

78

+    version="1" check="at least one" check_existence="at_least_one_exists">

79

+    <!-- The /etc/lilo.conf content -->

80

+    <ind-def:object object_ref="oval:org.gentoo.dev.swift:obj:26" />

81

+    <!-- A password=somevalue match -->

82

+    <ind-def:state state_ref="oval:org.gentoo.dev.swift:ste:16" />

83

+  </ind-def:textfilecontent54_test>

84

+

85

+  <unix-def:file_test id="oval:org.gentoo.dev.swift:tst:40"

86

+    comment="All world writable directories have the sticky bit set"

87

+    version="1" check="all" check_existence="all_exist">

88

+    <!-- All world writable directories -->

89

+    <unix-def:object object_ref="oval:org.gentoo.dev.swift:obj:27" />

90

+    <!-- sticky bit is set -->

91

+    <unix-def:state state_ref="oval:org.gentoo.dev.swift:ste:17" />

92

+  </unix-def:file_test>

93

+

94

 </tests>

95

96

 <objects>

97

@@ -1031,6 +1088,35 @@

98

     <unix-def:filepath>/boot/grub</unix-def:filepath>

99

   </unix-def:file_object>

100

101

+  <unix-def:file_object id="oval:org.gentoo.dev.swift:obj:25"

102

+    version="1" comment="The /etc/lilo.conf file">

103

+    <unix-def:filepath>/etc/lilo.conf</unix-def:filepath>

104

+  </unix-def:file_object>

105

+

106

+  <ind-def:textfilecontent54_object id="oval:org.gentoo.dev.swift:obj:26"

107

+    version="1" comment="The /etc/lilo.conf content">

108

+    <ind-def:filepath>/etc/lilo.conf</ind-def:filepath>

109

+    <ind-def:pattern operation="pattern match">^([^#\n]*)(?#.*)?$</ind-def:pattern>

110

+    <ind-def:instance operation="greater than or equal" datatype="int">1</ind-def:instance>

111

+  </ind-def:textfilecontent54_object>

112

+

113

+  <unix-def:file_object id="oval:org.gentoo.dev.swift:obj:27"

114

+    version="1" comment="All world writable directories">

115

+    <set set_operator="UNION" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5">

116

+      <!-- All local directories -->

117

+      <object_reference>oval:org.gentoo.dev.swift:obj:28</object_reference>

118

+      <!-- filter out just those with the world-writable bit set -->

119

+      <filter action="exclude">oval:org.gentoo.dev.swift:ste:18</filter> <!-- exclude is default but this is more readable -->

120

+    </set>

121

+  </unix-def:file_object>

122

+

123

+  <unix-def:file_object id="oval:org.gentoo.dev.swift:obj:28"

124

+    version="1" comment="All local directories">

125

+    <unix-def:behaviors recurse_direction="down" recurse_file_system="local" recurse="directories"/>

126

+    <unix-def:path>/</unix-def:path>

127

+    <unix-def:filename xsi:nil="true"/>

128

+  </unix-def:file_object>

129

+

130

 </objects>

131

132

 <states>

133

@@ -1110,6 +1196,21 @@

134

     <ind-def:subexpression datatype="string" operation="pattern match" entity_check="all">[\s]*password --md5 [\S]+</ind-def:subexpression>

135

   </ind-def:textfilecontent54_state>

136

137

+  <ind-def:textfilecontent54_state id="oval:org.gentoo.dev.swift:ste:16"

138

+    version="1" comment="Has a password=... entry">

139

+    <ind-def:subexpression datatype="string" operation="pattern match" entity_check="all">[\s]*password=[\S]+</ind-def:subexpression>

140

+  </ind-def:textfilecontent54_state>

141

+

142

+  <unix-def:file_state id="oval:org.gentoo.dev.swift:ste:17"

143

+    version="1" comment="The sticky bit is set">

144

+    <unix-def:sticky datatype="boolean">1</unix-def:sticky>

145

+  </unix-def:file_state>

146

+

147

+  <unix-def:file_state id="oval:org.gentoo.dev.swift:ste:18"

148

+    version="1" comment="Not world writable">

149

+    <unix-def:owrite datatype="boolean">0</unix-def:owrite>

150

+  </unix-def:file_state>

151

+

152

 </states>

153

154

 <variables>

155

156

diff --git a/xml/SCAP/gentoo-xccdf.xml b/xml/SCAP/gentoo-xccdf.xml

157

index 732bde3..aa85c1e 100644

158

--- a/xml/SCAP/gentoo-xccdf.xml

159

+++ b/xml/SCAP/gentoo-xccdf.xml

160

@@ -20,6 +20,8 @@

161

       large impact on the performance of a server. Tests include scripted

162

       validationn.

163

     </description>

164

+    <!-- Make sure all world-writable directories have the sticky bit set -->

165

+    <select idref="xccdf_org.gentoo.dev.swift_rule_worldwritedir-stickybit" selected="true" />

166

   </Profile>

167

   <Profile id="xccdf_org.gentoo.dev.swift_profile_intensive-oval" extends="xccdf_org.gentoo.dev.swift_profile_default-oval">

168

     <title>Intensive validation profile (non-scripted)</title>

169

@@ -30,6 +32,8 @@

170

       large impact on the performance of a server. Tests do not include

171

       scripted validation.

172

     </description>

173

+    <!-- Make sure all world-writable directories have the sticky bit set -->

174

+    <select idref="xccdf_org.gentoo.dev.swift_rule_worldwritedir-stickybit" selected="true" />

175

   </Profile>

176

   <Profile id="xccdf_org.gentoo.dev.swift_profile_default-oval">

177

     <title>Default server setup settings (non-scripted)</title>

178

@@ -103,8 +107,10 @@

179

     <select idref="xccdf_org.gentoo.dev.swift_rule_securetty-limitentries" selected="true" />

180

     <!-- Make sure /proc is mounted with hidepid=1 or hidepid=2 -->

181

     <select idref="xccdf_org.gentoo.dev.swift_rule_proc-hidepid" selected="true" />

182

-    <!-- Make sure /boot/grub/grub.conf has a password entry with md5 hash -->

183

+    <!-- Make sure /boot/grub/grub.conf (if it exists) has a password entry with md5 hash -->

184

     <select idref="xccdf_org.gentoo.dev.swift_rule_grubconf-password-md5" selected="true" />

185

+    <!-- Make sure /etc/lilo.conf (if it exists) has a password entry -->

186

+    <select idref="xccdf_org.gentoo.dev.swift_rule_liloconf-password" selected="true" />

187

   </Profile>

188

   <Profile id="xccdf_org.gentoo.dev.swift_profile_default" extends="xccdf_org.gentoo.dev.swift_profile_default-oval">

189

     <title>Default server setup settings</title>

190

@@ -1516,7 +1522,7 @@ grub&gt; <h:b>quit</h:b></h:pre>

191

 	  </h:p>

192

         </description>

193

         <Rule id="xccdf_org.gentoo.dev.swift_rule_grubconf-password-md5" selected="false" severity="low" weight="6.9">

194

-	  <title>Grub legacy has a password entry with md5 hash</title>

195

+	  <title>Grub legacy (if it exists) has a password entry with md5 hash</title>

196

 	  <fixtext fixref="xccdf_org.gentoo.dev.swift_fix_grubconf-password-md5">

197

 	    Edit /boot/grub/grub.conf and set a password entry with md5 hash

198

 	  </fixtext>

199

@@ -1557,6 +1563,15 @@ image=/boot/bzImage

200

            Rerun <h:code>lilo</h:code> after updating the configuration file.

201

 	   </h:p>

202

         </description>

203

+        <Rule id="xccdf_org.gentoo.dev.swift_rule_liloconf-password" selected="false" severity="low" weight="6.9">

204

+	  <title>LILO (if it exists) has a password entry</title>

205

+	  <fixtext fixref="xccdf_org.gentoo.dev.swift_fix_liloconf-password">

206

+	    Edit /etc/lilo.conf and set a password entry

207

+	  </fixtext>

208

+	  <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">

209

+	    <check-content-ref name="oval:org.gentoo.dev.swift:def:35" href="gentoo-oval.xml" />

210

+	  </check>

211

+	</Rule>

212

       </Group>

213

     </Group>

214

     <Group id="xccdf_org.gentoo.dev.swift_group_system-auth">

215

@@ -1782,6 +1797,16 @@ session  required pam_unix.so</h:pre>

216

           world writable privilege is not accessible anyhow).

217

 	  </h:p>

218

         </description>

219

+        <Rule id="xccdf_org.gentoo.dev.swift_rule_worldwritedir-stickybit" selected="false" severity="medium" weight="4.3">

220

+	  <title>All world writable directories have the sticky bit set</title>

221

+	  <fixtext fixref="xccdf_org.gentoo.dev.swift_fix_worldwritedirs-stickybit">

222

+	    Make sure all world-writable directories have the sticky bit set

223

+	  </fixtext>

224

+	  <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">

225

+	    <check-content-ref name="oval:org.gentoo.dev.swift:def:36" href="gentoo-oval.xml" />

226

+	  </check>

227

+	</Rule>

228

+

229

       </Group>

230

       <Group id="xccdf_org.gentoo.dev.swift_group_system-fileprivileges-suidsgid">

231

         <title>Limit setuid and setgid file and directory usage</title>

1	commit: 15f31c8d487f24d0d6971801531ebfc9e06161ec
2	Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
3	AuthorDate: Sun Mar 30 20:06:31 2014 +0000
4	Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
5	CommitDate: Sun Mar 30 20:06:31 2014 +0000
6	URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-docs.git;a=commit;h=15f31c8d
7
8	Add test for world writable directories
9
10	---
11	xml/SCAP/gentoo-oval.xml \| 101 ++++++++++++++++++++++++++++++++++++++++++++++
12	xml/SCAP/gentoo-xccdf.xml \| 29 ++++++++++++-
13	2 files changed, 128 insertions(+), 2 deletions(-)
14
15	diff --git a/xml/SCAP/gentoo-oval.xml b/xml/SCAP/gentoo-oval.xml
16	index f873701..427e5c1 100644
17	--- a/xml/SCAP/gentoo-oval.xml
18	+++ b/xml/SCAP/gentoo-oval.xml
19	@@ -581,6 +581,37 @@
20	</criteria>
21	</definition>
22
23	+ <definition id="oval:org.gentoo.dev.swift:def:35" version="1" class="compliance">
24	+ <metadata>
25	+ <title>/etc/lilo.conf has a password set</title>
26	+ <affected family="unix">
27	+ <platform>Gentoo Linux</platform>
28	+ </affected>
29	+ <description>
30	+ If /etc/lilo.conf exists, then it must have a password set.
31	+ </description>
32	+ </metadata>
33	+ <criteria operator="OR">
34	+ <criterion test_ref="oval:org.gentoo.dev.swift:tst:38" comment="/etc/lilo.conf does not exist" />
35	+ <criterion test_ref="oval:org.gentoo.dev.swift:tst:39" comment="/etc/lilo.conf has a password set" />
36	+ </criteria>
37	+ </definition>
38	+
39	+ <definition id="oval:org.gentoo.dev.swift:def:36" version="1" class="compliance">
40	+ <metadata>
41	+ <title>All world writable directories have the sticky bit set</title>
42	+ <affected family="unix">
43	+ <platform>Gentoo Linux</platform>
44	+ </affected>
45	+ <description>
46	+ All world writable directories must have the sticky bit set.
47	+ </description>
48	+ </metadata>
49	+ <criteria>
50	+ <criterion test_ref="oval:org.gentoo.dev.swift:tst:40" comment="All world writable directories have the sticky bit set" />
51	+ </criteria>
52	+ </definition>
53	+
54	</definitions>
55
56	<tests>
57	@@ -879,6 +910,7 @@
58	version="1" check="at least one" check_existence="at_least_one_exists">
59	<!-- The /boot/grub/grub.conf file content -->
60	<ind-def:object object_ref="oval:org.gentoo.dev.swift:obj:23" />
61	+ <!-- A "password - -md5 somevalue" match -->
62	<ind-def:state state_ref="oval:org.gentoo.dev.swift:ste:15" />
63	</ind-def:textfilecontent54_test>
64
65	@@ -889,6 +921,31 @@
66	<unix-def:object object_ref="oval:org.gentoo.dev.swift:obj:24" />
67	</unix-def:file_test>
68
69	+ <unix-def:file_test id="oval:org.gentoo.dev.swift:tst:38"
70	+ version="1" check="all" check_existence="none_exist"
71	+ comment="/etc/lilo.conf does not exist">
72	+ <!-- The /etc/lilo.conf file -->
73	+ <unix-def:object object_ref="oval:org.gentoo.dev.swift:obj:25" />
74	+ </unix-def:file_test>
75	+
76	+ <ind-def:textfilecontent54_test id="oval:org.gentoo.dev.swift:tst:39"
77	+ comment="lilo.conf has a password set"
78	+ version="1" check="at least one" check_existence="at_least_one_exists">
79	+ <!-- The /etc/lilo.conf content -->
80	+ <ind-def:object object_ref="oval:org.gentoo.dev.swift:obj:26" />
81	+ <!-- A password=somevalue match -->
82	+ <ind-def:state state_ref="oval:org.gentoo.dev.swift:ste:16" />
83	+ </ind-def:textfilecontent54_test>
84	+
85	+ <unix-def:file_test id="oval:org.gentoo.dev.swift:tst:40"
86	+ comment="All world writable directories have the sticky bit set"
87	+ version="1" check="all" check_existence="all_exist">
88	+ <!-- All world writable directories -->
89	+ <unix-def:object object_ref="oval:org.gentoo.dev.swift:obj:27" />
90	+ <!-- sticky bit is set -->
91	+ <unix-def:state state_ref="oval:org.gentoo.dev.swift:ste:17" />
92	+ </unix-def:file_test>
93	+
94	</tests>
95
96	<objects>
97	@@ -1031,6 +1088,35 @@
98	<unix-def:filepath>/boot/grub</unix-def:filepath>
99	</unix-def:file_object>
100
101	+ <unix-def:file_object id="oval:org.gentoo.dev.swift:obj:25"
102	+ version="1" comment="The /etc/lilo.conf file">
103	+ <unix-def:filepath>/etc/lilo.conf</unix-def:filepath>
104	+ </unix-def:file_object>
105	+
106	+ <ind-def:textfilecontent54_object id="oval:org.gentoo.dev.swift:obj:26"
107	+ version="1" comment="The /etc/lilo.conf content">
108	+ <ind-def:filepath>/etc/lilo.conf</ind-def:filepath>
109	+ <ind-def:pattern operation="pattern match">^([^#\n])(?#.)?$</ind-def:pattern>
110	+ <ind-def:instance operation="greater than or equal" datatype="int">1</ind-def:instance>
111	+ </ind-def:textfilecontent54_object>
112	+
113	+ <unix-def:file_object id="oval:org.gentoo.dev.swift:obj:27"
114	+ version="1" comment="All world writable directories">
115	+ <set set_operator="UNION" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5">
116	+ <!-- All local directories -->
117	+ <object_reference>oval:org.gentoo.dev.swift:obj:28</object_reference>
118	+ <!-- filter out just those with the world-writable bit set -->
119	+ <filter action="exclude">oval:org.gentoo.dev.swift:ste:18</filter> <!-- exclude is default but this is more readable -->
120	+ </set>
121	+ </unix-def:file_object>
122	+
123	+ <unix-def:file_object id="oval:org.gentoo.dev.swift:obj:28"
124	+ version="1" comment="All local directories">
125	+ <unix-def:behaviors recurse_direction="down" recurse_file_system="local" recurse="directories"/>
126	+ <unix-def:path>/</unix-def:path>
127	+ <unix-def:filename xsi:nil="true"/>
128	+ </unix-def:file_object>
129	+
130	</objects>
131
132	<states>
133	@@ -1110,6 +1196,21 @@
134	<ind-def:subexpression datatype="string" operation="pattern match" entity_check="all">[\s]*password --md5 [\S]+</ind-def:subexpression>
135	</ind-def:textfilecontent54_state>
136
137	+ <ind-def:textfilecontent54_state id="oval:org.gentoo.dev.swift:ste:16"
138	+ version="1" comment="Has a password=... entry">
139	+ <ind-def:subexpression datatype="string" operation="pattern match" entity_check="all">[\s]*password=[\S]+</ind-def:subexpression>
140	+ </ind-def:textfilecontent54_state>
141	+
142	+ <unix-def:file_state id="oval:org.gentoo.dev.swift:ste:17"
143	+ version="1" comment="The sticky bit is set">
144	+ <unix-def:sticky datatype="boolean">1</unix-def:sticky>
145	+ </unix-def:file_state>
146	+
147	+ <unix-def:file_state id="oval:org.gentoo.dev.swift:ste:18"
148	+ version="1" comment="Not world writable">
149	+ <unix-def:owrite datatype="boolean">0</unix-def:owrite>
150	+ </unix-def:file_state>
151	+
152	</states>
153
154	<variables>
155
156	diff --git a/xml/SCAP/gentoo-xccdf.xml b/xml/SCAP/gentoo-xccdf.xml
157	index 732bde3..aa85c1e 100644
158	--- a/xml/SCAP/gentoo-xccdf.xml
159	+++ b/xml/SCAP/gentoo-xccdf.xml
160	@@ -20,6 +20,8 @@
161	large impact on the performance of a server. Tests include scripted
162	validationn.
163	</description>
164	+ <!-- Make sure all world-writable directories have the sticky bit set -->
165	+ <select idref="xccdf_org.gentoo.dev.swift_rule_worldwritedir-stickybit" selected="true" />
166	</Profile>
167	<Profile id="xccdf_org.gentoo.dev.swift_profile_intensive-oval" extends="xccdf_org.gentoo.dev.swift_profile_default-oval">
168	<title>Intensive validation profile (non-scripted)</title>
169	@@ -30,6 +32,8 @@
170	large impact on the performance of a server. Tests do not include
171	scripted validation.
172	</description>
173	+ <!-- Make sure all world-writable directories have the sticky bit set -->
174	+ <select idref="xccdf_org.gentoo.dev.swift_rule_worldwritedir-stickybit" selected="true" />
175	</Profile>
176	<Profile id="xccdf_org.gentoo.dev.swift_profile_default-oval">
177	<title>Default server setup settings (non-scripted)</title>
178	@@ -103,8 +107,10 @@
179	<select idref="xccdf_org.gentoo.dev.swift_rule_securetty-limitentries" selected="true" />
180	<!-- Make sure /proc is mounted with hidepid=1 or hidepid=2 -->
181	<select idref="xccdf_org.gentoo.dev.swift_rule_proc-hidepid" selected="true" />
182	- <!-- Make sure /boot/grub/grub.conf has a password entry with md5 hash -->
183	+ <!-- Make sure /boot/grub/grub.conf (if it exists) has a password entry with md5 hash -->
184	<select idref="xccdf_org.gentoo.dev.swift_rule_grubconf-password-md5" selected="true" />
185	+ <!-- Make sure /etc/lilo.conf (if it exists) has a password entry -->
186	+ <select idref="xccdf_org.gentoo.dev.swift_rule_liloconf-password" selected="true" />
187	</Profile>
188	<Profile id="xccdf_org.gentoo.dev.swift_profile_default" extends="xccdf_org.gentoo.dev.swift_profile_default-oval">
189	<title>Default server setup settings</title>
190	@@ -1516,7 +1522,7 @@ grub> <h:b>quit</h:b></h:pre>
191	</h:p>
192	</description>
193	<Rule id="xccdf_org.gentoo.dev.swift_rule_grubconf-password-md5" selected="false" severity="low" weight="6.9">
194	- <title>Grub legacy has a password entry with md5 hash</title>
195	+ <title>Grub legacy (if it exists) has a password entry with md5 hash</title>
196	<fixtext fixref="xccdf_org.gentoo.dev.swift_fix_grubconf-password-md5">
197	Edit /boot/grub/grub.conf and set a password entry with md5 hash
198	</fixtext>
199	@@ -1557,6 +1563,15 @@ image=/boot/bzImage
200	Rerun <h:code>lilo</h:code> after updating the configuration file.
201	</h:p>
202	</description>
203	+ <Rule id="xccdf_org.gentoo.dev.swift_rule_liloconf-password" selected="false" severity="low" weight="6.9">
204	+ <title>LILO (if it exists) has a password entry</title>
205	+ <fixtext fixref="xccdf_org.gentoo.dev.swift_fix_liloconf-password">
206	+ Edit /etc/lilo.conf and set a password entry
207	+ </fixtext>
208	+ <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
209	+ <check-content-ref name="oval:org.gentoo.dev.swift:def:35" href="gentoo-oval.xml" />
210	+ </check>
211	+ </Rule>
212	</Group>
213	</Group>
214	<Group id="xccdf_org.gentoo.dev.swift_group_system-auth">
215	@@ -1782,6 +1797,16 @@ session required pam_unix.so</h:pre>
216	world writable privilege is not accessible anyhow).
217	</h:p>
218	</description>
219	+ <Rule id="xccdf_org.gentoo.dev.swift_rule_worldwritedir-stickybit" selected="false" severity="medium" weight="4.3">
220	+ <title>All world writable directories have the sticky bit set</title>
221	+ <fixtext fixref="xccdf_org.gentoo.dev.swift_fix_worldwritedirs-stickybit">
222	+ Make sure all world-writable directories have the sticky bit set
223	+ </fixtext>
224	+ <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
225	+ <check-content-ref name="oval:org.gentoo.dev.swift:def:36" href="gentoo-oval.xml" />
226	+ </check>
227	+ </Rule>
228	+
229	</Group>
230	<Group id="xccdf_org.gentoo.dev.swift_group_system-fileprivileges-suidsgid">
231	<title>Limit setuid and setgid file and directory usage</title>

Gentoo Archives: gentoo-commits