You are entirely right. This is being worked.
The only reason the RHEL 5 CCEs are currently in the content is to
facilitate their easy replacement with RHEL 6 ones (if a mapping is
provided), once they are available.
This transform was provided in order to enable correction of the ones
that are simply wrong (as in wrong semantically, and not just with
regard to version mismatch):
I'm certain others will correct me if I am wrong, but...
CCEs should not be shared between successive generations of operating
system software. I just did a quick compare of the CCEs for RHEL5
and RHEL4 and the CCE IDs do not overlap. The only RHEL4 CCE
corresponding to the RHEL5 /etc/*shadow permissions CCEs is
CCE-5735-6 for /etc/shadow perms; there is no RHEL4 CCE referencing
/etc/gshadow perms.
I cannot find a specific FAQ entry or explanation, beyond 'A CCE
"platform group" roughly identifies the operating system or
application to which a CCE entry applies' in several places on
cce.mitre.org.
Regards, -- Leland Steinke, Security+ DISA FSO Technical Support
Contractor tapestry technologies, llc 717-267-5797 (DSN 570)
leland.j.steinke.ctr(a)mail.mil (gov't) lsteinke(a)tapestrytech.com
(com'l)
-----Original Message----- From:
scap-security-guide-bounces(a)lists.fedorahosted.org
[mailto:scap-security-guide-bounces@lists.fedorahosted.org] On Behalf
Of Jeffrey Blank Sent: Friday, August 31, 2012 5:14 PM To:
scap-security-guide(a)lists.fedorahosted.org Subject: Re: /etc/shadow
and gshadow mode 0400 or 0?
Just to add: CCEs don't actually require anything in themselves.
Technically, the CCE serves only to indicate that we are talking
about the permissions on that file (and perhaps provide a selection
of choices, from which baselines may select a requirement.)
http://cce.mitre.org/lists/cce_list.html
And thanks for the QA / improving the content!
On 08/31/2012 02:48 PM, Kenneth Stailey wrote:
> Hi,
>
> RHEL5 ships with /etc/shadow and gshadow set to mode 0400 while
> RHEL 6 uses mode 0 for those two files.
>
> CCE-3932-1 and CCE-4130-1 require mode 0400.
>
> Changing RHEL 6 to use 0400 causes CCE-14931 (verify files against
> RPM database) to flag /etc/shadow and gshadow as modified.
>
> Is it better to change /etc/shadow and gshadow to 0400 or use the
> mode 0 that the files are distributed from Red Hat with?
>
> Thanks _______________________________________________
> scap-security-guide mailing list
> scap-security-guide(a)lists.fedorahosted.org
>
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
>
_______________________________________________ scap-security-guide
mailing list scap-security-guide(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
_______________________________________________ scap-security-guide
mailing list scap-security-guide(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
--
___________________________
Jeffrey Blank
410-854-8675
Technology and Systems Analysis / Network Components
NSA Information Assurance