This check and rule only seem to appear in the USGCB profile. Jeff has requested that I
remove it.
- Maura Dailey
Signed-off-by: Maura Dailey <maura(a)eclipse.ncsc.mil>
---
.../checks/accounts_root_path_dirs_no_write.xml | 60 --------------------
RHEL6/input/system/accounts/session.xml | 1 -
2 files changed, 0 insertions(+), 61 deletions(-)
delete mode 100644 RHEL6/input/checks/accounts_root_path_dirs_no_write.xml
diff --git a/RHEL6/input/checks/accounts_root_path_dirs_no_write.xml
b/RHEL6/input/checks/accounts_root_path_dirs_no_write.xml
deleted file mode 100644
index 36a02cf..0000000
--- a/RHEL6/input/checks/accounts_root_path_dirs_no_write.xml
+++ /dev/null
@@ -1,60 +0,0 @@
-<def-group>
- <definition class="compliance"
- id="accounts_root_path_dirs_no_write" version="1">
- <metadata>
- <title>Write permissions are disabled for group and other in
- all directories in Root's Path</title>
- <affected family="unix">
- <platform>Red Hat Enterprise Linux 6</platform>
- </affected>
- <description>Check each directory in root's path and make use
- it does not grant write permission to group and
- other</description>
- </metadata>
- <criteria comment="Check that write permission to group and other in
root's path is denied"
- negate="true" operator="OR">
- <criterion comment="Check for write permission to group in root's
path"
- test_ref="test_2008551" />
- <criterion comment="Check for write permission to other in root's
path"
- test_ref="test_2008552" />
- </criteria>
- </definition>
- <unix:file_test check="all" check_existence="any_exist"
- comment="Check that write permission to group and other in root's path is
denied"
- id="test_2008551" version="1">
- <unix:object object_ref="obj_200855" />
- <unix:state state_ref="state_2008551" />
- </unix:file_test>
- <unix:file_state comment="Group has write privilege"
- id="state_2008551" version="1">
- <unix:gwrite datatype="boolean">1</unix:gwrite>
- </unix:file_state>
- <unix:file_object
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- comment="root's PATH" id="obj_200855"
- version="1">
- <unix:path var_ref="var_200855" />
- <unix:filename xsi:nil="true" />
- </unix:file_object>
- <local_variable comment="Split the PATH on the : delimiter"
- datatype="string" id="var_200855"
- version="1">
- <split delimiter=":">
- <object_component item_field="value"
- object_ref="obj_20085" />
- </split>
- </local_variable>
- <ind:environmentvariable_object id="obj_20085"
- version="1">
- <ind:name>PATH</ind:name>
- </ind:environmentvariable_object>
- <unix:file_test check="all" check_existence="any_exist"
- comment="Check that write permission to group and other in root's path is
denied"
- id="test_2008552" version="1">
- <unix:object object_ref="obj_200855" />
- <unix:state state_ref="state_2008552" />
- </unix:file_test>
- <unix:file_state comment="Other has write privilege"
- id="state_2008552" version="1">
- <unix:owrite datatype="boolean">1</unix:owrite>
- </unix:file_state>
-</def-group>
diff --git a/RHEL6/input/system/accounts/session.xml
b/RHEL6/input/system/accounts/session.xml
index 7f6d287..69d9e3a 100644
--- a/RHEL6/input/system/accounts/session.xml
+++ b/RHEL6/input/system/accounts/session.xml
@@ -111,7 +111,6 @@ execute code provided by unprivileged users,
and potentially malicious code.
</rationale>
<ident cce="26768-2" />
-<oval id="accounts_root_path_dirs_no_write" />
<ref nist=""/>
</Rule>
</Group>
--
1.7.1