source-git / oscap-anaconda-addon

Clone
Source Code
GIT

Files

  1.   39273c1f9c0cd8e8157f46be2e26f4e040af331d
  2.   testing_files
  3.   test_report_anaconda_fixes.xccdf.xml
Blob Blame History Raw 
<?xml version="1.0" encoding="UTF-8"?>
<Benchmark xmlns="http://checklists.nist.gov/xccdf/1.2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    id="xccdf_moc.elpmaxe.www_benchmark_test" resolved="1">
  <status>accepted</status>
  <version>1.0</version>
  <model system="urn:xccdf:scoring:default"/>
  <Profile id="xccdf_moc.elpmaxe.www_profile_1">
    <title>Some arbitrary hardening profile for anaconda testing</title>
    <select idref="xccdf_moc.elpmaxe.www_group_1" selected="true"/>
    <select idref="xccdf_moc.elpmaxe.www_rule_3" selected="true"/>
    <refine-value idref="xccdf_moc.elpmaxe.www_value_1" selector="len14"/>
  </Profile>
  <Rule id="xccdf_moc.elpmaxe.www_rule_1" selected="true">
    <title>Ensure /tmp Located On Separate Partition</title>
    <ident system="http://cce.mitre.org">CCE-14161-4</ident>
    <fix id="partition_for_tmp_fix_anaconda_pre" system="urn:redhat:anaconda:pre">
      <!--the system attribute identifies that this fix is for anaconda before installation-->
      part /tmp
    </fix>
  </Rule>
  <Rule id="xccdf_moc.elpmaxe.www_rule_2" selected="true">
    <title>Add nodev Option to /tmp</title>
    <ident system="http://cce.mitre.org">CCE-14412-1</ident>
    <fix id="mount_option_tmp_fix_anaconda_pre" system="urn:redhat:anaconda:pre">
      part /tmp --mountoptions=nodev
    </fix>
    <fix id="mount_option_tmp_fix" system="urn:xccdf:script:sh">
      <!--should run either post-install or during firstboot-->
      grep -e '^[^#].*/tmp.*nodev' /etc/fstab
      if [ "$?" -ne 0 ]; then
          new_fstab=$(cat /etc/fstab | sed -e 's%^[^#]([^ ]+)\s+/tmp([^ ]+)\s+([^ ]+)\s+(\d)\s+(\d)%\1\t/tmp\2\t\3,nodev\t\4 \5'
          echo $new_fstab > /etc/fstab
      fi
    </fix>
  </Rule>
  <Group id="xccdf_moc.elpmaxe.www_group_1" selected="false">
    <Value id="xccdf_moc.elpmaxe.www_value_1">
      <title>Minimal password length</title>
      <value selector="len8">8</value>
      <value selector="len14">14</value>
      <value selector="len18">18</value>
    </Value>
    <Rule id="xccdf_moc.elpmaxe.www_rule_3">
      <title>Set Password Minimum Length in login.defs</title>
      <fix xmlns:xhtml="http://www.w3.org/1999/xhtml" system="urn:redhat:anaconda:pre">
        <!--effect passwords created during installation-->
        passwd --minlen=<sub idref="xccdf_moc.elpmaxe.www_value_1"/>
      </fix>
      <fix id="password_min_len_fix" system="urn:xccdf:script:python">
        <!--should run either post-install or during firstboot-->
        <!--python script to set
                PASS_MIN_LEN=<sub idref="xccdf_moc.elpmaxe.www_value_1"/> in /etc/login.defs
            and
                minlen=<sub idref="xccdf_moc.elpmaxe.www_value_1"/> in /etc/security/pwquality.conf
         -->
      </fix>
    </Rule>
  </Group>
</Benchmark>

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation