source-git / oscap-anaconda-addon

Clone
Source Code
GIT

Blame testing_files/test_report_anaconda_fixes.xccdf.xml

c8 c8s master
  1.   6a88105a6c9a7fca79fb0f8712092c9c275d18be
  2.   testing_files
  3.   test_report_anaconda_fixes.xccdf.xml
Blob History Raw
Packit 792a06
Packit 792a06
Packit 792a06 
    id="xccdf_moc.elpmaxe.www_benchmark_test" resolved="1">
Packit 792a06 
  <status>accepted</status>
Packit 792a06 
  <version>1.0</version>
Packit 792a06 
  <model system="urn:xccdf:scoring:default"/>
Packit 792a06 
  <Profile id="xccdf_moc.elpmaxe.www_profile_1">
Packit 792a06 
    <title>Some arbitrary hardening profile for anaconda testing</title>
Packit 792a06 
    <select idref="xccdf_moc.elpmaxe.www_group_1" selected="true"/>
Packit 792a06 
    <select idref="xccdf_moc.elpmaxe.www_rule_3" selected="true"/>
Packit 792a06 
    <refine-value idref="xccdf_moc.elpmaxe.www_value_1" selector="len14"/>
Packit 792a06 
  </Profile>
Packit 792a06 
  <Rule id="xccdf_moc.elpmaxe.www_rule_1" selected="true">
Packit 792a06 
    <title>Ensure /tmp Located On Separate Partition</title>
Packit 792a06 
    <ident system="http://cce.mitre.org">CCE-14161-4</ident>
Packit 792a06 
    <fix id="partition_for_tmp_fix_anaconda_pre" system="urn:redhat:anaconda:pre">
Packit 792a06
Packit 792a06 
      part /tmp
Packit 792a06 
    </fix>
Packit 792a06 
  </Rule>
Packit 792a06 
  <Rule id="xccdf_moc.elpmaxe.www_rule_2" selected="true">
Packit 792a06 
    <title>Add nodev Option to /tmp</title>
Packit 792a06 
    <ident system="http://cce.mitre.org">CCE-14412-1</ident>
Packit 792a06 
    <fix id="mount_option_tmp_fix_anaconda_pre" system="urn:redhat:anaconda:pre">
Packit 792a06 
      part /tmp --mountoptions=nodev
Packit 792a06 
    </fix>
Packit 792a06 
    <fix id="mount_option_tmp_fix" system="urn:xccdf:script:sh">
Packit 792a06
Packit 792a06 
      grep -e '^[^#].*/tmp.*nodev' /etc/fstab
Packit 792a06 
      if [ "$?" -ne 0 ]; then
Packit 792a06 
          new_fstab=$(cat /etc/fstab | sed -e 's%^[^#]([^ ]+)\s+/tmp([^ ]+)\s+([^ ]+)\s+(\d)\s+(\d)%\1\t/tmp\2\t\3,nodev\t\4 \5'
Packit 792a06 
          echo $new_fstab > /etc/fstab
Packit 792a06 
      fi
Packit 792a06 
    </fix>
Packit 792a06 
  </Rule>
Packit 792a06 
  <Group id="xccdf_moc.elpmaxe.www_group_1" selected="false">
Packit 792a06 
    <Value id="xccdf_moc.elpmaxe.www_value_1">
Packit 792a06 
      <title>Minimal password length</title>
Packit 792a06 
      <value selector="len8">8</value>
Packit 792a06 
      <value selector="len14">14</value>
Packit 792a06 
      <value selector="len18">18</value>
Packit 792a06 
    </Value>
Packit 792a06 
    <Rule id="xccdf_moc.elpmaxe.www_rule_3">
Packit 792a06 
      <title>Set Password Minimum Length in login.defs</title>
Packit 792a06 
      <fix xmlns:xhtml="http://www.w3.org/1999/xhtml" system="urn:redhat:anaconda:pre">
Packit 792a06
Packit 792a06 
        passwd --minlen=<sub idref="xccdf_moc.elpmaxe.www_value_1"/>
Packit 792a06 
      </fix>
Packit 792a06 
      <fix id="password_min_len_fix" system="urn:xccdf:script:python">
Packit 792a06
Packit 792a06
Packit 792a06 
                PASS_MIN_LEN=<sub idref="xccdf_moc.elpmaxe.www_value_1"/> in /etc/login.defs
Packit 792a06 
            and
Packit 792a06 
                minlen=<sub idref="xccdf_moc.elpmaxe.www_value_1"/> in /etc/security/pwquality.conf
Packit 792a06 
         -->
Packit 792a06 
      </fix>
Packit 792a06 
    </Rule>
Packit 792a06 
  </Group>
Packit 792a06 
</Benchmark>

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation