it compiles, ship it
On 05/21/2013 01:36 PM, Maura Dailey wrote:
Signed-off-by: Maura Dailey <maura(a)eclipse.ncsc.mil>
---
RHEL6/input/checks/no_rsh_trust_files.xml | 26 +++++++++++++-------------
RHEL6/input/services/obsolete.xml | 2 +-
2 files changed, 14 insertions(+), 14 deletions(-)
diff --git a/RHEL6/input/checks/no_rsh_trust_files.xml
b/RHEL6/input/checks/no_rsh_trust_files.xml
index 1e05dd1..22c1c82 100644
--- a/RHEL6/input/checks/no_rsh_trust_files.xml
+++ b/RHEL6/input/checks/no_rsh_trust_files.xml
@@ -1,5 +1,5 @@
<def-group>
- <definition class="compliance" id="no_rsh_trusted_host_files"
version="1">
+ <definition class="compliance" id="no_rsh_trust_files"
version="1">
<metadata>
<title>No Legacy .rhosts Or hosts.equiv Files</title>
<affected family="unix">
@@ -8,30 +8,30 @@
<description>There should not be any .rhosts or hosts.equiv files on the
system.</description>
</metadata>
<criteria operator="AND">
- <criterion test_ref="test_no_rsh_trusted_host_files_root"
negate="true" />
- <criterion test_ref="test_no_rsh_trusted_host_files_home"
negate="true" />
- <criterion test_ref="test_no_rsh_trusted_host_files_etc"
negate="true" />
+ <criterion test_ref="test_no_rsh_trust_files_root"
negate="true" />
+ <criterion test_ref="test_no_rsh_trust_files_home"
negate="true" />
+ <criterion test_ref="test_no_rsh_trust_files_etc"
negate="true" />
</criteria>
</definition>
- <unix:file_test check="all"
check_existence="at_least_one_exists" comment="look for .rhosts or .shosts
in /root" id="test_no_rsh_trusted_host_files_root"
version="1">
- <unix:object object_ref="object_no_rsh_trusted_host_files_root" />
+ <unix:file_test check="all"
check_existence="at_least_one_exists" comment="look for .rhosts or .shosts
in /root" id="test_no_rsh_trust_files_root" version="1">
+ <unix:object object_ref="object_no_rsh_trust_files_root" />
</unix:file_test>
- <unix:file_test check="all"
check_existence="at_least_one_exists" comment="look for .rhosts or .shosts
in /home" id="test_no_rsh_trusted_host_files_home"
version="1">
- <unix:object object_ref="object_no_rsh_trusted_host_files_home" />
+ <unix:file_test check="all"
check_existence="at_least_one_exists" comment="look for .rhosts or .shosts
in /home" id="test_no_rsh_trust_files_home" version="1">
+ <unix:object object_ref="object_no_rsh_trust_files_home" />
</unix:file_test>
- <unix:file_test check="all"
check_existence="at_least_one_exists" comment="look for /etc/hosts.equiv or
/etc/shosts.equiv" id="test_no_rsh_trusted_host_files_etc"
version="1">
- <unix:object object_ref="object_no_rsh_trusted_host_files_etc" />
+ <unix:file_test check="all"
check_existence="at_least_one_exists" comment="look for /etc/hosts.equiv or
/etc/shosts.equiv" id="test_no_rsh_trust_files_etc"
version="1">
+ <unix:object object_ref="object_no_rsh_trust_files_etc" />
</unix:file_test>
- <unix:file_object comment="look for .rhosts or .shosts in /root"
id="object_no_rsh_trusted_host_files_root" version="1">
+ <unix:file_object comment="look for .rhosts or .shosts in /root"
id="object_no_rsh_trust_files_root" version="1">
<unix:path operation="equals">/root</unix:path>
<unix:filename operation="pattern
match">^\.(r|s)hosts$</unix:filename>
</unix:file_object>
- <unix:file_object comment="look for .rhosts or .shosts in /home"
id="object_no_rsh_trusted_host_files_home" version="1">
+ <unix:file_object comment="look for .rhosts or .shosts in /home"
id="object_no_rsh_trust_files_home" version="1">
<unix:behaviors recurse="directories"
recurse_direction="down" max_depth="1"
recurse_file_system="all" />
<unix:path operation="equals">/home</unix:path>
<unix:filename operation="pattern
match">^\.(r|s)hosts$</unix:filename>
</unix:file_object>
- <unix:file_object comment="look for /etc/hosts.equiv or
/etc/shosts.equiv" id="object_no_rsh_trusted_host_files_etc"
version="1">
+ <unix:file_object comment="look for /etc/hosts.equiv or
/etc/shosts.equiv" id="object_no_rsh_trust_files_etc"
version="1">
<unix:path operation="equals">/etc</unix:path>
<unix:filename operation="pattern
match">^s?hosts.equiv$</unix:filename>
</unix:file_object>
diff --git a/RHEL6/input/services/obsolete.xml b/RHEL6/input/services/obsolete.xml
index 0c28d24..8883caf 100644
--- a/RHEL6/input/services/obsolete.xml
+++ b/RHEL6/input/services/obsolete.xml
@@ -209,7 +209,7 @@ used in conjunction with the R-services, they can allow
unauthenticated access to a system.</rationale>
<ident cce="27270-8" />
<ref nist="AC-17(8),CM-7" disa="1436" />
-<oval id="no_rsh_trusted_host_files" />
+<oval id="no_rsh_trust_files" />
<tested by="DS" on="20121026"/>
</Rule>