Fwd: SCAP Compliance Checker 3.1 Final Release
by Shawn Wells
Question for the group: The SCC tool requires that content be packaged
in a zip file, and has no current or planned capability to read files
from the industry accepted location of /usr/share/xml/scap/*.
Should we create a zip file in addition to the RPM?
-------- Original Message --------
Subject: SCAP Compliance Checker 3.1 Final Release
Date: Wed, 13 Feb 2013 11:16:33 -0500
From: SSC LANT-SCC <ssc_lant-scc.fcm(a)navy.mil>
To: SSC LANT-SCC <ssc_lant-scc.fcm(a)navy.mil>
We would like to thank everyone that was involved in the SCC 3.1 Beta and Release Candidate testing over the past month. We are pleased to announce that we have finished development of SCC 3.1.
Since several bugs were fixed from SCC 3.0.2 to SCC 3.1, we highly recommend upgrading to SCC 3.1.
You'll be receiving an email from AMRDEC in the next hour with download instructions
Primary Changes from SCC 3.0.x to 3.1
For All Platforms
. Updated default location for Logs and Results to be dynamic based on each user's profile/home directory.
. Added applicable DISA STIG SCAP Benchmarks to each installer.
. Added new OVAL Processing Options, which allows the user to exclude certain OVAL features which known to cause system resource issues.
. Added support for OVAL 'unique' function.
. Added support for OVAL 'count' function.
. Added ability to copy results via SSH to a centralized server.
. Improved OCIL functionality to allow for resuming of partially completed questionnaires.
. Improved documentation in the User Manual.
For Windows
. Added ability to install and run as a service.
. Added support for case insensitivity to several OVAL tests
. Added support for OVAL windows cmdlet test, object, state.
. Updated registry tests to support OVAL 5.10 'windows_view'.
. Updated file test to support OVAL 5.10 'windows_view'.
For UNIX
For all UNIX (Linux, Solaris, Mac OS X)
. Added support for OVAL UNIX fileextendedattribute test, object, state.
. Added support for UNIX sysctl test, object, state.
For Linux
. Added support for linux selinuxboolean test, object, state.
. Added support for linux selinuxsecuritycontext test, object, state.
. Added support for linux rpmverifyfile test, object, state.
. Added support for linux rpmverify test, object, state.
. Added support for linux rpmverifypackage test, object, state.
For Solaris
. Added support for Solaris packagecheck test, object, state.
For Mac OS X
Added support for Mac OS X including all applicable UNIX, Independent and all macos oval tests.
Kyle R. Stone
SPAWAR Systems Center Atlantic
Code 58600
(843) 218-5091
kyle.r.stone(a)navy.mil
11 years, 2 months
[PATCH 0/2] *** SUBJECT HERE ***
by Brian Millett
*** BLURB HERE ***
root (2):
Some minor cosmetic changes, but a major change to the REGEX to
correctly match sha512 no matter where it is on the line see:
"^[\s]*password[\s]+sufficient[\s]+(?:[\w_\.\-=\s]+[\s])sha512" vs
"^\s*password\s+sufficient\s+pam_unix.so\s+sha512.*$"
added extra values for the dcredit, ucredit, etc. then removed the
comments so the oval check will be created.
.../checks/accounts_password_hashing_algorithm.xml | 20 +++++++++++------
RHEL6/input/system/accounts/pam.xml | 22 ++++++++++----------
2 files changed, 24 insertions(+), 18 deletions(-)
11 years, 2 months
some questions about the checks / oval tests
by Brian Millett
I'm trying to understand (as an example) the following results from an
evaluation on a rhel6.3 box using the stig-rhel6-server profile. And I
apologize if these questions are answered in a FAQ somewhere.
1)
Ensure Log Files Are Owned By Appropriate Group unknown
Ensure System Log Files Have Correct Permissions unknown
2)
All GIDs referenced in /etc/passwd must be defined in /etc/group notchecked
Ensure All Accounts on the System Have Unique Names notchecked
I understand that the "notchecked" is because there is not an oval test
defined and the "unknown" is a specific "I don't know", as in the
rsyslog_files_groupownership.xml:
<ind:unknown_test check="all"
comment="use extended content to evaluated this test"
id="test_20155" version="1" />
So I've been reading the oval language definitions and I cannot see how to
address the "unknown" tests which require parsing a file to get parts out of
it (rsyslog wants defined log paths).
Q) How does one go about writing a test
that takes the result from evaluating a script? What is the "extended
content"??
Q) Are the "notchecked" tests because the check is too vague? Or just not
written yet?
Any documents I should be reading?
Thanks.
--
Brian Millett
"Terrible to see places I grew up going up in flames."
-- [ Sinclair, "A Voice in the Wilderness I"]
11 years, 2 months
[PATCH] added CCEs
by David Smith
---
RHEL6/input/services/base.xml | 30 ++++++++++----------
RHEL6/input/services/nfs.xml | 2 +-
RHEL6/input/services/obsolete.xml | 4 +-
RHEL6/input/system/accounts/banners.xml | 2 +-
RHEL6/input/system/accounts/pam.xml | 6 ++--
.../accounts/restrictions/password_storage.xml | 2 +-
RHEL6/input/system/auditing.xml | 12 ++++----
RHEL6/input/system/logging.xml | 4 +-
RHEL6/input/system/network/ipv6.xml | 8 ++--
RHEL6/input/system/permissions/mounting.xml | 2 +-
RHEL6/input/system/software/integrity.xml | 6 ++--
11 files changed, 39 insertions(+), 39 deletions(-)
diff --git a/RHEL6/input/services/base.xml b/RHEL6/input/services/base.xml
index b0ebf16..5b1aae4 100644
--- a/RHEL6/input/services/base.xml
+++ b/RHEL6/input/services/base.xml
@@ -20,7 +20,7 @@ system such as RHTSupport.
<rationale> Mishandling crash data could expose sensitive information about
vulnerabilities in software executing on the local machine, as well as sensitive
information from within a process's address space or registers.</rationale>
-<ident cce="TODO" />
+<ident cce="27247-6" />
<oval id="service_abrtd_disabled" />
<ref nist="AC-17(8),CM-7" disa="381" />
</Rule>
@@ -58,7 +58,7 @@ out activities outside of a normal login session, which could complicate
accountability. Furthermore, the need to schedule tasks with <tt>at</tt> or
<tt>batch</tt> is not common.
</rationale>
-<ident cce="TODO" />
+<ident cce="27249-2" />
<oval id="service_atd_disabled" />
<ref nist="CM-7" disa="381" />
</Rule>
@@ -75,7 +75,7 @@ solution to aid in the management of certificates.
<rationale>The services provided by certmonger may be essential for systems
fulfilling some roles a PKI infrastructure, but its functionality is not necessary
for many other use cases.</rationale>
-<ident cce="TODO" />
+<ident cce="27267-4" />
<oval id="service_certmonger_disabled" />
<ref nist="CM-7" />
</Rule>
@@ -91,7 +91,7 @@ a system. The <tt>cgconfig</tt> daemon starts at boot and establishes the predef
<rationale>Unless control groups are used to manage system resources, running the cgconfig
service is not necessary.
</rationale>
-<ident cce="TODO" />
+<ident cce="27250-0" />
<oval id="service_cgconfig_disabled" />
<ref nist="CM-7" />
</Rule>
@@ -106,7 +106,7 @@ parameters set in the <tt>/etc/cgrules.conf</tt> configuration file.
<rationale>Unless control groups are used to manage system resources, running the cgred service
service is not necessary.
</rationale>
-<ident cce="TODO" />
+<ident cce="27252-6" />
<oval id="service_cgred_disabled" />
<ref nist="CM-7" />
</Rule>
@@ -243,7 +243,7 @@ serial consoles are impractical.
<rationale>The <tt>netconsole</tt> service is not necessary unless there is a need to debug
kernel panics, which is not common.
</rationale>
-<ident cce="TODO" />
+<ident cce="27254-2" />
<oval id="service_netconsole_disabled" />
<ref nist="AC-17(8),CM-7" disa="381" />
</Rule>
@@ -262,7 +262,7 @@ system time.
are rebooted frequently enough that clock drift does not cause problems between
reboots. In any event, the functionality of the ntpdate service is now
available in the ntpd program and should be considered deprecated.</rationale>
-<ident cce="TODO" />
+<ident cce="27256-7" />
<!--<oval id="service_ntpdate_disabled" /> -->
<ref nist="AC-17(8),AU-8,CM-7" disa="382" />
<tested by="DS" on="20121024"/>
@@ -281,7 +281,7 @@ applications. Communication with <tt>oddjobd</tt> through the system message bus
some environments but it can be disabled if it is not needed. Execution of
tasks by privileged programs, on behalf of unprivileged ones, has traditionally
been a source of privilege escalation security issues.</rationale>
-<ident cce="TODO" />
+<ident cce="27257-5" />
<oval id="service_oddjobd_disabled" />
<ref nist="CM-7" disa="381" />
<tested by="DS" on="20121024"/>
@@ -298,7 +298,7 @@ required for other services.
<rationale>The <tt>portreserve</tt> service provides helpful functionality by
preventing conflicting usage of ports in the reserved port range, but it can be
disabled if not needed.</rationale>
-<ident cce="TODO" />
+<ident cce="27258-3" />
<oval id="service_portreserve_disabled" />
<ref nist="AC-17(8),CM-7" />
<tested by="DS" on="20121024"/>
@@ -316,7 +316,7 @@ user activity, such as commands issued by users of the system.
view into some user activities. However, it should be noted that the auditing
system and its audit records provide more authoritative and comprehensive
records.</rationale>
-<ident cce="TODO" />
+<ident cce="27259-1" />
<oval id="service_psacct_enabled" />
<ref nist="AU-12,CM-7" />
<tested by="DS" on="20121024"/>
@@ -356,7 +356,7 @@ last accessed.
remain enabled. However, if disk quotas are not used or user notification of
disk quota violation is not desired then there is no need to run this
service.</rationale>
-<ident cce="TODO" />
+<ident cce="27260-9" />
<oval id="service_quota_nld_disabled" />
<ref nist="CM-7" />
<tested by="DS" on="20121024"/>
@@ -375,7 +375,7 @@ updated with a corresponding default route. By default this daemon is disabled.
information configured statically by a system administrator. Workstations or
some special-purpose systems often use DHCP (instead of IRDP) to retrieve
dynamic network configuration information.</rationale>
-<ident cce="TODO" />
+<ident cce="27261-7" />
<oval id="service_rdisc_disabled" />
<ref nist="AC-17(8),AC-4,CM-7" disa="382" />
<tested by="DS" on="20121024"/>
@@ -413,7 +413,7 @@ additional control over which of their systems are entitled to particular
subscriptions. However, for systems that are managed locally or which are not
expected to require remote changes to their subscription status, it is
unnecessary and can be disabled.</rationale>
-<ident cce="TODO" />
+<ident cce="27262-5" />
<oval id="service_rhsmcertd_disabled" />
<ref nist="CM-7" />
<tested by="DS" on="20121024"/>
@@ -433,7 +433,7 @@ based authentication.
performing authentication in some directory environments, such as those which
use Kerberos and LDAP. For others, however, in which only local files may be
consulted, it is not necessary and should be disabled.</rationale>
-<ident cce="TODO" />
+<ident cce="27263-3" />
<oval id="service_saslauthd_disabled" />
<ref nist="AC-17(8),CM-7" />
<tested by="DS" on="20121024"/>
@@ -490,7 +490,7 @@ at boot time.
boot to reset the statistics, which can be retrieved using programs such as
<tt>sar</tt> and <tt>sadc</tt>. These may provide useful insight into system
operation, but unless used this service can be disabled.</rationale>
-<ident cce="TODO" />
+<ident cce="27265-8" />
<oval id="service_sysstat_disabled" />
<ref nist="CM-7" />
<tested by="DS" on="20121024"/>
diff --git a/RHEL6/input/services/nfs.xml b/RHEL6/input/services/nfs.xml
index d9f8d8f..1dec65d 100644
--- a/RHEL6/input/services/nfs.xml
+++ b/RHEL6/input/services/nfs.xml
@@ -125,7 +125,7 @@ communicate with. Unless RPC services are needed on the local system it is
recommended to disable this service.
<service-disable-macro service="rpcbind" />
</description>
-<ident cce="TODO" />
+<ident cce="27268-2" />
<oval id="service_rpcbind_disabled" />
</Rule>
diff --git a/RHEL6/input/services/obsolete.xml b/RHEL6/input/services/obsolete.xml
index c07a15e..9105152 100644
--- a/RHEL6/input/services/obsolete.xml
+++ b/RHEL6/input/services/obsolete.xml
@@ -201,7 +201,7 @@ of an Rsh trust relationship.
<rationale>Trust files are convenient, but when
used in conjunction with the R-services, they can allow
unauthenticated access to a system.</rationale>
-<ident cce="TODO" />
+<ident cce="27270-8" />
<ref nist="AC-17(8),CM-7" disa="1436" />
<oval id="no_rsh_trusted_host_files" />
<tested by="DS" on="20121026"/>
@@ -316,7 +316,7 @@ flag, matching the example below:
<pre> # grep "server_args" /etc/xinetd.d/tftp
server_args = -s /var/lib/tftpboot</pre>
</ocil>
-<ident cce="TODO" />
+<ident cce="27272-4" />
<oval id="tftpd_uses_secure_mode" />
<ref nist="AC-17(8),CM-7" disa="366"/>
</Rule>
diff --git a/RHEL6/input/system/accounts/banners.xml b/RHEL6/input/system/accounts/banners.xml
index 0b22d71..1a441e0 100644
--- a/RHEL6/input/system/accounts/banners.xml
+++ b/RHEL6/input/system/accounts/banners.xml
@@ -168,7 +168,7 @@ The output should be <tt>true</tt>.
<rationale>Leaving the user list enabled is a security risk since it allows anyone
with physical access to the system to quickly enumerate known user accounts
without logging in.</rationale>
-<ident cce="TODO" />
+<ident cce="27230-2" />
<ref nist="AC-23" />
</Rule>
diff --git a/RHEL6/input/system/accounts/pam.xml b/RHEL6/input/system/accounts/pam.xml
index 9089911..5c8344a 100644
--- a/RHEL6/input/system/accounts/pam.xml
+++ b/RHEL6/input/system/accounts/pam.xml
@@ -238,7 +238,7 @@ Look for the value of the <tt>maxrepeat</tt> parameter. The DoD requirement is
<rationale>
Passwords with excessive repeating characters may be more vulnerable to password-guessing attacks.
</rationale>
-<ident cce="TODO" />
+<ident cce="27227-8" />
<ref disa="366"/>
</Rule>
@@ -535,7 +535,7 @@ Inspect <tt>/etc/login.defs</tt> and ensure the following line appears:
Using a stronger hashing algorithm makes password cracking attacks more difficult.
</rationale>
<!-- <oval id="accounts_password_hashing_algorithm" /> -->
-<ident cce="TODO" />
+<ident cce="27228-6" />
<ref nist="IA-5" disa="803"/>
<tested by="DS" on="20121024"/>
</Rule>
@@ -557,7 +557,7 @@ in the <tt>[default]</tt> section:
Using a stronger hashing algorithm makes password cracking attacks more difficult.
</rationale>
<!-- <oval id="accounts_password_hashing_algorithm" /> -->
-<ident cce="TODO" />
+<ident cce="27229-4" />
<ref nist="IA-5" disa="803"/>
<tested by="DS" on="20121026"/>
</Rule>
diff --git a/RHEL6/input/system/accounts/restrictions/password_storage.xml b/RHEL6/input/system/accounts/restrictions/password_storage.xml
index 53bc053..be8ed82 100644
--- a/RHEL6/input/system/accounts/restrictions/password_storage.xml
+++ b/RHEL6/input/system/accounts/restrictions/password_storage.xml
@@ -105,7 +105,7 @@ Unencrypted passwords for remote FTP servers may be stored in <tt>.netrc</tt>
files. DoD policy requires passwords be encrypted in storage and not used
in access scripts.
</rationale>
-<ident cce="TODO" />
+<ident cce="27225-2" />
<oval id="TODO" />
<ref nist="IA-5" disa="196" />
</Rule>
diff --git a/RHEL6/input/system/auditing.xml b/RHEL6/input/system/auditing.xml
index 6943c14..2142b44 100644
--- a/RHEL6/input/system/auditing.xml
+++ b/RHEL6/input/system/auditing.xml
@@ -304,7 +304,7 @@ minimizes the chances of the system unexpectedly running out of disk space by
being overwhelmed with log data. However, for systems that must never discard
log data, or which use external processes to transfer it and reclaim space,
<tt>keep_logs</tt> can be employed.</rationale>
-<ident cce="TODO" />
+<ident cce="27237-7" />
<oval id="auditd_data_retention_max_log_file_action" value="var_auditd_max_log_file_action" />
<ref nist="AU-1(b),AU-4,AU-11" />
<tested by="DS" on="20121024"/>
@@ -355,7 +355,7 @@ disk space is starting to run low:
</ocil>
<rationale>Notifying administrators of an impending disk space problem may
allow them to take corrective action prior to any disruption.</rationale>
-<ident cce="TODO" />
+<ident cce="27238-5" />
<oval id="auditd_data_retention_space_left_action" value="var_auditd_space_left_action"/>
<ref nist="AU-1(b),AU-4" disa="140,143,1339" />
<tested by="DS" on="20121024"/>
@@ -396,7 +396,7 @@ when disk space has run low:
audit records. If a separate partition or logical volume of adequate size
is used, running low on space for audit records should never occur.
</rationale>
-<ident cce="TODO" />
+<ident cce="27239-3" />
<oval id="auditd_data_retention_admin_space_left_action" value="var_auditd_admin_space_left_action" />
<ref nist="AU-1(b),AU-4" disa="140,1343" />
<tested by="DS" on="20121024"/>
@@ -419,7 +419,7 @@ account when it needs to notify an administrator:
</ocil>
<rationale>Email sent to the root account is typically aliased to the
administrators of the system, who can take appropriate action.</rationale>
-<ident cce="TODO" />
+<ident cce="27241-9" />
<oval id="auditd_data_retention_action_mail_acct" value="var_auditd_action_mail_acct" />
<ref nist="AU-1(b),AU-4" disa="139,144" />
</Rule>
@@ -695,7 +695,7 @@ Audit logs must be mode 0640 or less permissive.
<rationale>
If users can write to audit logs, audit trails can be modified or destroyed.
</rationale>
-<ident cce="TODO" />
+<ident cce="27243-5" />
<oval id="file_permissions_var_log_audit" />
<ref nist="AC-6,AU-1(b),AU-9" disa="166" />
<tested by="DS" on="20121024"/>
@@ -711,7 +711,7 @@ If users can write to audit logs, audit trails can be modified or destroyed.
</ocil>
<rationale>Failure to give ownership of the audit log file(s) to root allows the designated
owner, and unauthorized users, potential access to sensitive information.</rationale>
-<ident cce="TODO" />
+<ident cce="27244-3" />
<oval id="file_ownership_var_log_audit" />
<ref nist="AC-6,AU-1(b),AU-9" disa="166" />
<tested by="DS" on="20121024"/>
diff --git a/RHEL6/input/system/logging.xml b/RHEL6/input/system/logging.xml
index 12bf472..9ff9334 100644
--- a/RHEL6/input/system/logging.xml
+++ b/RHEL6/input/system/logging.xml
@@ -314,7 +314,7 @@ $InputTCPServerRun 514</pre>
If the system needs to act as a log server, this ensures that it can receive
messages over a reliable TCP connection.
</rationale>
-<ident cce="TODO" />
+<ident cce="27235-1" />
<!--<oval id="rsyslog_listen_tcp" />-->
<ref nist="AU-9" />
</Rule>
@@ -333,7 +333,7 @@ Many devices, such as switches, routers, and other Unix-like systems, may only s
the traditional syslog transmission over UDP. If the system must act as a log server,
this enables it to receive their messages as well.
</rationale>
-<ident cce="TODO" />
+<ident cce="27236-9" />
<!--<oval id="rsyslog_listen_udp" />-->
<ref nist="AU-9" />
</Rule>
diff --git a/RHEL6/input/system/network/ipv6.xml b/RHEL6/input/system/network/ipv6.xml
index 336e619..f273d0d 100644
--- a/RHEL6/input/system/network/ipv6.xml
+++ b/RHEL6/input/system/network/ipv6.xml
@@ -60,7 +60,7 @@ For each network interface, add or correct the following lines in
prevention mechanism:
<pre>IPV6INIT=no</pre>
</description>
-<ident cce="TODO" />
+<ident cce="27231-0" />
<ref nist="CM-7" />
<tested by="DS" on="20121024"/>
</Rule>
@@ -75,7 +75,7 @@ following two lines in <tt>/etc/netconfig</tt>:
<pre>udp6 tpi_clts v inet6 udp - -
tcp6 tpi_cots_ord v inet6 tcp - -</pre>
</description>
-<ident cce="TODO" />
+<ident cce="27232-8" />
<oval id="network_ipv6_disable_rpc" />
<ref nist="CM-7" />
</Rule>
@@ -171,7 +171,7 @@ Manually assigning an IP address is preferable to accepting one from routers or
from the network otherwise. The example address here is an IPv6 address
reserved for documentation purposes, as defined by RFC3849.
</description>
-<ident cce="TODO" />
+<ident cce="27233-6" />
<oval id="network_ipv6_static_address" />
<ref nist="" />
</Rule>
@@ -202,7 +202,7 @@ the following line (substituting your gateway IP as appropriate):
Router addresses should be manually set and not accepted via any
auto-configuration or router advertisement.
</description>
-<ident cce="TODO" />
+<ident cce="27234-4" />
<oval id="network_ipv6_default_gateway" />
<ref nist="" />
</Rule>
diff --git a/RHEL6/input/system/permissions/mounting.xml b/RHEL6/input/system/permissions/mounting.xml
index b5a2f22..636aee6 100644
--- a/RHEL6/input/system/permissions/mounting.xml
+++ b/RHEL6/input/system/permissions/mounting.xml
@@ -302,7 +302,7 @@ file to exploit this flaw. Assuming the attacker could place the malicious file
(via a web upload for example) and assuming a user browses the same location using Nautilus, the
malicious file would exploit the thumbnailer with the potential for malicious code execution. It
is best to disable these thumbnailer applications unless they are explicitly required.</rationale>
-<ident cce="TODO" />
+<ident cce="27224-5" />
<oval id="disable_gnome_thumbnailers" />
<ref nist="CM-7" />
</Rule>
diff --git a/RHEL6/input/system/software/integrity.xml b/RHEL6/input/system/software/integrity.xml
index e8a2a19..86fbc66 100644
--- a/RHEL6/input/system/software/integrity.xml
+++ b/RHEL6/input/system/software/integrity.xml
@@ -57,7 +57,7 @@ Next, the following command to return binaries to a normal, non-prelinked state
The prelinking feature can interfere with the operation
of AIDE, because it changes binaries.
</rationale>
-<ident cce="TODO" />
+<ident cce="27221-1" />
<ref nist="CM-6(d),CM-6(3),SC-28, SI-7" />
</Rule>
@@ -97,7 +97,7 @@ To determine that periodic AIDE execution has been scheduled, run the following
By default, AIDE does not install itself for periodic execution. Periodically
running AIDE may reveal unexpected changes in installed files.
</rationale>
-<ident cce="TODO" />
+<ident cce="27222-9" />
<ref nist="CM-6(d),CM-6(3),SC-28,SI-7" disa="374,416,1069,1263,1297,1589"/>
</Rule>
<!--
@@ -188,7 +188,7 @@ have file hashes different from what is expected by the RPM database.
The hash on important files like system executables should match the information given
by the RPM database. Executables with erroneous hashes could be a sign of nefarious activity
on the system.</rationale>
-<ident cce="TODO" />
+<ident cce="27223-7" />
<oval id="rpm_verify_hashes" />
<ref nist="CM-6(d),CM-6(3),SI-7" disa="1496" />
</Rule>
--
1.7.1
11 years, 2 months
Getting the umask tests/checks to finally work
by Brian Millett
See attached patch for the following files
scap-security-guide/RHEL6/input/system/accounts/session.xml
scap-security-guide/RHEL6/input/checks/accounts_umask_etc_profile.xml
scap-security-guide/RHEL6/input/checks/accounts_umask_bash_users.xml
scap-security-guide/RHEL6/input/checks/accounts_umask_csh.xml
scap-security-guide/RHEL6/input/checks/accounts_umask_login_defs.xml
scap-security-guide/RHEL6/input/profiles/usgcb-rhel6-server.xml
scap-security-guide/RHEL6/input/profiles/common.xml
scap-security-guide/RHEL6/input/profiles/maritz-rhel6-server.xml
scap-security-guide/RHEL6/input/profiles/test.xml
scap-security-guide/RHEL6/input/profiles/stig-rhel6-server.xml
result now are
Ensure the Default Bash Umask is Set Correctly fail
Ensure the Default C Shell Umask is Set Correctly fail
Ensure the Default Umask is Set Correctly in /etc/profile fail
Ensure the Default Umask is Set Correctly in login.defs pass
Set Daemon Umask fail
--
Brian Millett
Enterprise Consulting Group "Shifts in paradigms
(314) 205-9030 often cause nose bleeds."
bpmATec-groupDOTcom Greg Glenn
-------------------------------------------------------------------------
The information transmitted in this e-mail is intended only for the person
or entity to which it is addressed, and may contain confidential and privileged
information. Any review, retransmission, dissemination, reproduction, or other
uses of this information by persons or entities other than the intended
recipient is prohibited by law. If you believe that you have received this e-mail
in error, please notify the sender and delete the message and any attachments
from your computer.
The recipient of this e-mail is solely responsible for checking for the presence
of computer viruses or other malicious software code. Enterprise Consulting Group
accepts no liability for any damage caused by any such code transmitted by or
accompanying this e-mail or any attachment.
11 years, 2 months
