>From fbf5ca521134803457f78f7e79ff84d7f00ac36a Mon Sep 17 00:00:00 2001
From: Shawn Wells <shawn@redhat.com>
Date: Sun, 10 Nov 2013 02:36:25 -0500
Subject: [PATCH 09/11] Updated OVAL + remediation for accounts_umask_login_defs
 - XCCDF naming update
 - OVAL filename->filepath
 - Added remediation

TESTING:
[root@SSG-RHEL6 checks]# ./testcheck.py accounts_umask_login_defs.xml
external_variable with id : var_accounts_user_umask
Evaluating with OVAL tempfile : /tmp/accounts_umask_login_defsTNp_or.xml
Writing results to : /tmp/accounts_umask_login_defsTNp_or.xml-results
Definition oval:scap-security-guide.testing:def:293: false
Evaluation done.
[root@SSG-RHEL6 checks]# cd ../fixes/bash/
[root@SSG-RHEL6 bash]# bash accounts_umask_login_defs.sh
[root@SSG-RHEL6 bash]# cd -
/var/www/html/scap-security-guide/RHEL6/input/checks
[root@SSG-RHEL6 checks]# ./testcheck.py accounts_umask_login_defs.xml
external_variable with id : var_accounts_user_umask
Evaluating with OVAL tempfile : /tmp/accounts_umask_login_defsQf6R3R.xml
Writing results to : /tmp/accounts_umask_login_defsQf6R3R.xml-results
Definition oval:scap-security-guide.testing:def:293: true
Evaluation done.
---
 RHEL6/input/checks/accounts_umask_login_defs.xml   |    3 +--
 .../input/fixes/bash/accounts_umask_login_defs.sh  |    8 ++++++++
 RHEL6/input/profiles/CS2.xml                       |    2 +-
 RHEL6/input/profiles/stig-rhel6-server.xml         |    2 +-
 RHEL6/input/profiles/test.xml                      |    2 +-
 RHEL6/input/profiles/usgcb-rhel6-server.xml        |    2 +-
 RHEL6/input/system/accounts/session.xml            |    2 +-
 7 files changed, 14 insertions(+), 7 deletions(-)
 create mode 100644 RHEL6/input/fixes/bash/accounts_umask_login_defs.sh

diff --git a/RHEL6/input/checks/accounts_umask_login_defs.xml b/RHEL6/input/checks/accounts_umask_login_defs.xml
index 28f707e..b8552dc 100644
--- a/RHEL6/input/checks/accounts_umask_login_defs.xml
+++ b/RHEL6/input/checks/accounts_umask_login_defs.xml
@@ -25,8 +25,7 @@
   </ind:textfilecontent54_state>
   <external_variable comment="user umask" datatype="string" id="var_accounts_user_umask" version="1" />
   <ind:textfilecontent54_object id="obj_accounts_umask_login_defs" version="1">
-    <ind:path>/etc</ind:path>
-    <ind:filename>login.defs</ind:filename>
+    <ind:filepath>/etc/login.defs</ind:filepath>
     <ind:pattern operation="pattern match">^[\s]*UMASK[\s]+([^#\s]*)</ind:pattern>
     <ind:instance datatype="int">1</ind:instance>
   </ind:textfilecontent54_object>
diff --git a/RHEL6/input/fixes/bash/accounts_umask_login_defs.sh b/RHEL6/input/fixes/bash/accounts_umask_login_defs.sh
new file mode 100644
index 0000000..20574ff
--- /dev/null
+++ b/RHEL6/input/fixes/bash/accounts_umask_login_defs.sh
@@ -0,0 +1,8 @@
+source ./templates/support.sh
+populate var_accounts_user_umask
+
+grep -q UMASK /etc/login.defs && \
+  sed -i "s/UMASK.*/UMASK $var_accounts_user_umask/g" /etc/login.defs
+if ! [ $? -eq 0 ]; then
+    echo "UMASK $var_accounts_user_umask" >> /etc/login.defs
+fi
diff --git a/RHEL6/input/profiles/CS2.xml b/RHEL6/input/profiles/CS2.xml
index 171f701..83b90c6 100644
--- a/RHEL6/input/profiles/CS2.xml
+++ b/RHEL6/input/profiles/CS2.xml
@@ -85,7 +85,7 @@
 <select idref="root_paths" selected="true" />
 <select idref="root_path_no_groupother_writable" selected="true" />
 <select idref="accounts_umask_bashrc" selected="true" />
-<select idref="user_umask_logindefs" selected="true" />
+<select idref="accounts_umask_login_defs" selected="true" />
 <refine-value idref="var_accounts_user_umask" selector="077" />
 <select idref="no_shelllogin_for_systemaccounts" selected="true"/>
 <select idref="root_path_default" selected="true" />
diff --git a/RHEL6/input/profiles/stig-rhel6-server.xml b/RHEL6/input/profiles/stig-rhel6-server.xml
index edf6ef4..1a77635 100644
--- a/RHEL6/input/profiles/stig-rhel6-server.xml
+++ b/RHEL6/input/profiles/stig-rhel6-server.xml
@@ -67,7 +67,7 @@
 <select idref="accounts_umask_bashrc" selected="true" />
 <select idref="accounts_umask_cshrc" selected="true" />
 <select idref="accounts_umask_etc_profile" selected="true" />
-<select idref="user_umask_logindefs" selected="true" />
+<select idref="accounts_umask_login_defs" selected="true" />
 <refine-value idref="var_accounts_user_umask" selector="077" />
 
 <select idref="umask_for_daemons" selected="true" />
diff --git a/RHEL6/input/profiles/test.xml b/RHEL6/input/profiles/test.xml
index d815897..758d8bf 100644
--- a/RHEL6/input/profiles/test.xml
+++ b/RHEL6/input/profiles/test.xml
@@ -46,7 +46,7 @@
 <select idref="accounts_umask_bashrc" selected="true" />
 <select idref="accounts_umask_cshrc" selected="true" />
 <select idref="accounts_umask_etc_profile" selected="true" />
-<select idref="user_umask_logindefs" selected="true" />
+<select idref="accounts_umask_login_defs" selected="true" />
 <refine-value idref="var_accounts_user_umask" selector="077" />
 
 <select idref="umask_for_daemons" selected="true"/>
diff --git a/RHEL6/input/profiles/usgcb-rhel6-server.xml b/RHEL6/input/profiles/usgcb-rhel6-server.xml
index aa20ed6..01b313d 100644
--- a/RHEL6/input/profiles/usgcb-rhel6-server.xml
+++ b/RHEL6/input/profiles/usgcb-rhel6-server.xml
@@ -95,7 +95,7 @@
 <select idref="accounts_umask_bashrc" selected="true" />
 <select idref="accounts_umask_cshrc" selected="true" />
 <select idref="accounts_umask_etc_profile" selected="true" />
-<select idref="user_umask_logindefs" selected="true" />
+<select idref="accounts_umask_login_defs" selected="true" />
 <select idref="user_owner_grub_conf" selected="true" />
 <select idref="group_owner_grub_conf" selected="true" />
 <select idref="permissions_grub_conf" selected="true" />
diff --git a/RHEL6/input/system/accounts/session.xml b/RHEL6/input/system/accounts/session.xml
index 3d2574f..c4f4f56 100644
--- a/RHEL6/input/system/accounts/session.xml
+++ b/RHEL6/input/system/accounts/session.xml
@@ -279,7 +279,7 @@ umask 077</pre>
 <ref nist="" disa="366"/>
 </Rule>
 
-<Rule id="user_umask_logindefs">
+<Rule id="accounts_umask_login_defs">
 <title>Ensure the Default Umask is Set Correctly in login.defs</title>
 <description>
 To ensure the default umask controlled by <tt>/etc/login.defs</tt> is set properly,
-- 
1.7.1