skyler / rpms / scap-security-guide

Forked from rpms/scap-security-guide 3 years ago
Clone
Source Code
GIT

Files

  1.   7a1abbf72ba8ee4ba8a777847d799d90841744b9
  2.   SOURCES
  3.   scap-security-guide-0.1.37-disable-check-libexec_ownership.patch
Blob Blame History Raw 
From 6f502074053282dd3afbb5ed1594fbbd524c9bc6 Mon Sep 17 00:00:00 2001
From: Gabe <redhatrises@gmail.com>
Date: Fri, 8 Dec 2017 11:34:50 -0700
Subject: [PATCH] Do not check library ownership in libexec

- Fixes #2473
---
 shared/checks/oval/file_ownership_library_dirs.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/shared/checks/oval/file_ownership_library_dirs.xml b/shared/checks/oval/file_ownership_library_dirs.xml
index 41394a01e..186c99012 100644
--- a/shared/checks/oval/file_ownership_library_dirs.xml
+++ b/shared/checks/oval/file_ownership_library_dirs.xml
@@ -34,7 +34,7 @@
 
   <unix:file_object comment="library files" id="object_file_ownership_lib_files" version="1">
     <!-- Check that files within /lib, /lib64, /usr/lib, and /usr/lib64 directories belong to user with uid 0 (root) -->
-    <unix:path operation="pattern match">^\/lib(|64)|^\/usr\/lib(|64)</unix:path>
+    <unix:path operation="pattern match">^\/lib(|64)\/|^\/usr\/lib(|64)\/</unix:path>
     <unix:filename operation="pattern match">^.*$</unix:filename>
    <filter action="include">state_owner_libraries_not_root</filter>
   </unix:file_object>

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation