Signed-off-by: Maura Dailey <maura(a)eclipse.ncsc.mil>
---
RHEL6/input/checks/no_netrc_files.xml | 22 ++++++++++++++++++++
.../accounts/restrictions/password_storage.xml | 2 +-
2 files changed, 23 insertions(+), 1 deletions(-)
create mode 100644 RHEL6/input/checks/no_netrc_files.xml
diff --git a/RHEL6/input/checks/no_netrc_files.xml
b/RHEL6/input/checks/no_netrc_files.xml
new file mode 100644
index 0000000..c69c8e6
--- /dev/null
+++ b/RHEL6/input/checks/no_netrc_files.xml
@@ -0,0 +1,22 @@
+<def-group>
+ <definition class="compliance" id="no_netrc_files"
version="1">
+ <metadata>
+ <title>Verify No netrc Files Exist</title>
+ <affected family="unix">
+ <platform>Red Hat Enterprise Linux 6</platform>
+ </affected>
+ <description>The .netrc files contain login information used to auto-login
into FTP servers and reside in the user's home directory. Any .netrc files should be
removed.</description>
+ </metadata>
+ <criteria>
+ <criterion test_ref="test_no_netrc_files_home" negate="true"
/>
+ </criteria>
+ </definition>
+ <unix:file_test check="all"
check_existence="at_least_one_exists" comment="look for .netrc in
/home" id="test_no_netrc_files_home" version="1">
+ <unix:object object_ref="object_no_netrc_files_home" />
+ </unix:file_test>
+ <unix:file_object comment="look for .netrc in /home"
id="object_no_netrc_files_home" version="1">
+ <unix:behaviors recurse="directories" recurse_direction="down"
max_depth="1" recurse_file_system="all" />
+ <unix:path operation="equals">/home</unix:path>
+ <unix:filename operation="pattern
match">^\.netrc$</unix:filename>
+ </unix:file_object>
+</def-group>
diff --git a/RHEL6/input/system/accounts/restrictions/password_storage.xml
b/RHEL6/input/system/accounts/restrictions/password_storage.xml
index efa8d0d..e71ef62 100644
--- a/RHEL6/input/system/accounts/restrictions/password_storage.xml
+++ b/RHEL6/input/system/accounts/restrictions/password_storage.xml
@@ -106,7 +106,7 @@ files. DoD policy requires passwords be encrypted in storage and not
used
in access scripts.
</rationale>
<ident cce="27225-2" />
-<oval id="TODO" />
+<oval id="no_netrc_files" />
<ref nist="IA-5(h)" disa="196" />
</Rule>
--
1.7.1