Re: List of user accounts
by Andrew Gilmore
Jeff said:
> Yes -- there has been an outstanding ticket for
> "research security-relevant gconf settings" for quite a while:
I twigged to this by looking at Steve Grubb's kickstart scripts for
securing at install, and wondered where this group was.
> If you'd like to take stab at it, patches are welcome!
>
lol, we'll see after I get a chance to finish my server install to test the
project.
And Maura and Shawn pointed out ways to turn this off
> GDM by default will read from the gconf settings folder in
> the gdm user's home directory (/var/lib/gdm/.gconf).
gconftool-2 -s /apps/gdm/simple-greeter/disable_user_list true
>
I implemented something that I'm not sure is sufficient:
gconftool-2 --direct
--config-source=xml:readwrite:/etc/gconf/gconf.xml.mandatory \
-t bool -s /apps/gdm/simple-greeter/disable_user_list true
Testing is the easier way, but I would think that the gdm user's .gconf has
already been populated at creation, and therefore misses this setting that
occurs after installation?
Where is the right place to put changes like these? Should I be changing
/var/lib/gdm/.gconf?
Andrew
11 years, 6 months
[PATCH] Removed redundant profile check which was causing validati...
by Kevin Spargur
Redundant profile entry was causing validation to fail.
$ make validate
oscap xccdf validate-xml output/ssg-rhel6-xccdf.xml
1 1877 In file 'output/ssg-rhel6-xccdf.xml' on line 383: Element '{http://checklists.nist.gov/xccdf/1.1}select': Duplicate key-sequence ['rpm_verify_permissions'] in unique identity-constraint '{http://checklists.nist.gov/xccdf/1.1}itemSelectKey'.
oscap was unable to validate the XML document you provided.
Please ensure that the XML document is valid and well-formed, and try again.
make: *** [validate] Error 1
Kevin Spargur (1):
Removed redundant profile check which was causing validation to fail
RHEL6/input/profiles/STIG-server.xml | 3 ---
1 files changed, 0 insertions(+), 3 deletions(-)
--
1.7.7.6
11 years, 6 months
[PATCH] fixed banner formatting
by David Smith
fixed the banner to show bulleted formatting
David Smith (1):
fixed formatting of banner revision
RHEL6/input/system/accounts/banners.xml | 19 ++++++++++---------
1 files changed, 10 insertions(+), 9 deletions(-)
11 years, 6 months
[PATCH 00/12] various hurried changes / fixups
by Jeffrey Blank
Pushing toward quality for all Rule content.
Jeffrey Blank (12):
added table-idents back to tables Makerule
made text consistent for mount option settings
added new macro for how to specify mount options
removed mistaken and unnecessary <table> tag from srgmap transform
simplying Makefile by reducing dependency lists
adding items to STIG-server profile identified as missing
minor style change to differentiate partition names from partition
types in macro
rewording of sections for additional security software
additional transition notes for items now in content, or slated for
obsoletion
grammatical fixups to SELinux section
replaced repetitive text with macros for uncommon filesystems
removal of duplicative rule, incoherent rule which crept in from RHEL
5 STIG
11 years, 6 months
[PATCH] banner modification Rule edits
by David Smith
attempted to fix the wall of text in "Modify the System Login Banner"
David Smith (1):
quick edit to banner modification Rule
RHEL6/input/system/accounts/banners.xml | 22 ++++++++--------------
1 files changed, 8 insertions(+), 14 deletions(-)
11 years, 6 months
[PATCH] a couple of quick edits
by David Smith
removed a visable to-do line, reworded password prompt Rule text
David Smith (1):
quick Rule edits
RHEL6/input/services/dhcp.xml | 2 +-
RHEL6/input/system/accounts/banners.xml | 4 ++--
RHEL6/input/system/accounts/pam.xml | 16 +++++++---------
.../accounts/restrictions/password_expiration.xml | 1 -
4 files changed, 10 insertions(+), 13 deletions(-)
11 years, 6 months
[PATCH] quick edits, added password lockout Rule
by David Smith
quick NFS edits, added password lockout Rule, fixed password reuse Rule
David Smith (1):
added password lockout Rule, fixed issues with other rules
RHEL6/input/auxiliary/transition_notes.xml | 8 ++--
RHEL6/input/services/nfs.xml | 4 +-
RHEL6/input/system/accounts/pam.xml | 59 +++++++--------------------
3 files changed, 22 insertions(+), 49 deletions(-)
11 years, 6 months
[PATCH 0/3] Macro and some cleanup of RHEL5 ref's
by Kevin Spargur
Added a macro for iptables rules with some options for fringe cases. Also
includes a correction to the default iptables policy. Finally, this cleans
up some references to RH-Firewall-1-INPUT which is no longer a default chain
in RHEL6.
Kevin Spargur (3):
Correcting the default iptables policy
Added a macro for common iptable rules
Cleaned up some references to RHEL5 settings
RHEL6/input/services/dns.xml | 10 ++--
RHEL6/input/services/ftp.xml | 6 +-
RHEL6/input/services/http.xml | 13 ++----
RHEL6/input/services/imap.xml | 6 +--
RHEL6/input/services/ldap.xml | 22 +++++-----
RHEL6/input/services/mail.xml | 5 +-
RHEL6/input/services/printing.xml | 20 ++++------
RHEL6/input/services/ssh.xml | 6 +-
RHEL6/input/system/network/iptables.xml | 63 +++++++++++-------------------
RHEL6/transforms/shorthand2xccdf.xslt | 31 +++++++++++++++
10 files changed, 91 insertions(+), 91 deletions(-)
--
1.7.7.6
11 years, 6 months
[PATCH 0/3] additional SRG mapping table formats
by Jeffrey Blank
This patchset provides the ability to output SRG mapping information
in additional formats. (Thanks Leland; please pardon the delay).
This should also make it fairly easy/clear how to
add additional output formats in a relatively modular fashion,
simply as a new template (plus modifying a <when> element).
There's also re-insertion of the ident-tables as a dependency for the
table Makerule, which was accidentally removed by me
at one point. This allows for the creation of a chart which demonstrates
the true value of CCE description and technical mechanism text.
Jeffrey Blank (3):
addition to SRG mapping Makerule for additional output format
support for new output format for SRG mapping
added table-idents back in to Makerule for all tables
11 years, 6 months
[PATCH] new rules
by David Smith
Added rules from the RHEL5 content for reserved GIDs and audit log permissions.
David Smith (1):
added new rules from RHEL 5 content
RHEL6/input/auxiliary/transition_notes.xml | 8 ++------
.../system/accounts/restrictions/root_logins.xml | 19 +++++++++++++++++++
RHEL6/input/system/auditing.xml | 18 ++++++++++++++++++
3 files changed, 39 insertions(+), 6 deletions(-)
11 years, 6 months