I am new to OpenSCAP and am stuck
Operating System is CentOS 7.1
oscap version is 1.1.1
I am using "ssg.rhel7.ds..xml" to scan with.
The Rule "Verify that Shared Library Files have Restrictive Permissions"
indicate a "FAIL"
I am using SCAP-Workbench. When I run a scan, that Rule fails. Apparently
the Rule is looking for NO Group or Other write permissions (555) But on
CentOS 7.1, the /lib and /lib64 directories do not exist by default and
Symbolic links are used instead. They point to the real directories
/usr/lib and /usr/lib64 respectively. By default, apparently, symbolic
links have file permissions of "777". This is why I think the test is
failing. I don't see how to do an effective "chmod" on a symbolic link.
So I thot I would simply take the directories of interest (/lib and /lib64)
out of the Rule criteria. But I don't know how to do that.
I need help correcting this Rule test so the test will indicate a "PASS".
I suppose I could actually delete the two symbolic links but I might break
something
Ideas?
Ron
Show replies by date