>From 693e04c22b41e70fe49ea78a6ba1133cf62d8406 Mon Sep 17 00:00:00 2001
From: Shawn Wells <shawn@redhat.com>
Date: Wed, 20 Mar 2013 19:44:58 -0400
Subject: [PATCH] ticket 338 - improve check text for noexec on removable media
 Updated grep to search for the negative; calls for manual inspection of output

---
 RHEL6/input/system/permissions/partitions.xml |    7 ++++---
 1 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/RHEL6/input/system/permissions/partitions.xml b/RHEL6/input/system/permissions/partitions.xml
index a9a7b2d..1026e9b 100644
--- a/RHEL6/input/system/permissions/partitions.xml
+++ b/RHEL6/input/system/permissions/partitions.xml
@@ -64,10 +64,11 @@ certain types of worms or malicious code.
 </description>
 <rationale>Allowing users to execute binaries from removable media such as USB keys exposes
 the system to potential compromise.</rationale>
-<ocil clause="it does not">
+<ocil clause="removable media partitions are present">
 To verify that binaries cannot be directly executed from removable media, run the following command:
-<pre># grep noexec /etc/fstab</pre>
-The output should show <tt>noexec</tt> in use.
+<pre># grep -v noexec /etc/fstab</pre>
+The resulting output will show partitions which do not have the <tt>noexec</tt> flag. Verify all partitions
+in the output are not removable media.
 </ocil>
 <ident cce="27196-5" />
 <oval id="mount_option_noexec_removable_partitions" value="var_removable_partition" />
-- 
1.7.1