|
 |
dac76a |
From db7bff613cb14543378661c1bf78582ada09d84a Mon Sep 17 00:00:00 2001
|
|
|
dac76a |
From: Watson Sato <wsato@redhat.com>
|
|
|
dac76a |
Date: Tue, 24 Mar 2020 09:31:41 +0100
|
|
|
dac76a |
Subject: [PATCH 1/4] Add rules to check owners of /etc/issue
|
|
|
dac76a |
|
|
|
dac76a |
---
|
|
|
dac76a |
.../file_groupowner_etc_issue/rule.yml | 35 +++++++++++++++++++
|
|
|
dac76a |
.../file_owner_etc_issue/rule.yml | 35 +++++++++++++++++++
|
|
|
dac76a |
.../file_permissions_etc_issue/rule.yml | 2 ++
|
|
|
dac76a |
shared/references/cce-redhat-avail.txt | 4 ---
|
|
|
dac76a |
4 files changed, 72 insertions(+), 4 deletions(-)
|
|
|
dac76a |
create mode 100644 linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue/rule.yml
|
|
|
dac76a |
create mode 100644 linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue/rule.yml
|
|
|
dac76a |
|
|
|
dac76a |
diff --git a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue/rule.yml
|
|
|
dac76a |
new file mode 100644
|
|
|
dac76a |
index 0000000000..fe22c4ceda
|
|
|
dac76a |
--- /dev/null
|
|
|
dac76a |
+++ b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue/rule.yml
|
|
|
dac76a |
@@ -0,0 +1,35 @@
|
|
|
dac76a |
+documentation_complete: true
|
|
|
dac76a |
+
|
|
|
dac76a |
+prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,wrlinux1019
|
|
|
dac76a |
+
|
|
|
dac76a |
+title: 'Verify group ownership of System Login Banner'
|
|
|
dac76a |
+
|
|
|
dac76a |
+description: |-
|
|
|
dac76a |
+ {{{ describe_file_group_owner(file="/etc/issue", group="root") }}}
|
|
|
dac76a |
+
|
|
|
dac76a |
+rationale: |-
|
|
|
dac76a |
+ Display of a standardized and approved use notification before granting
|
|
|
dac76a |
+ access to the operating system ensures privacy and security notification
|
|
|
dac76a |
+ verbiage used is consistent with applicable federal laws, Executive Orders,
|
|
|
dac76a |
+ directives, policies, regulations, standards, and guidance.
|
|
|
dac76a |
+ Proper group ownership will ensure that only root user can modify the banner.
|
|
|
dac76a |
+
|
|
|
dac76a |
+severity: medium
|
|
|
dac76a |
+
|
|
|
dac76a |
+identifiers:
|
|
|
dac76a |
+ cce@rhel7: 83707-0
|
|
|
dac76a |
+ cce@rhel8: 83708-8
|
|
|
dac76a |
+
|
|
|
dac76a |
+references:
|
|
|
dac76a |
+ cis@rhel7: 1.7.1.5
|
|
|
dac76a |
+ cis@rhel8: 1.8.1.5
|
|
|
dac76a |
+
|
|
|
dac76a |
+ocil_clause: '{{{ ocil_clause_file_group_owner(file="/etc/issue", group="root") }}}'
|
|
|
dac76a |
+
|
|
|
dac76a |
+ocil: '{{{ ocil_file_group_owner(file="/etc/issue", group="root") }}}'
|
|
|
dac76a |
+
|
|
|
dac76a |
+template:
|
|
|
dac76a |
+ name: file_groupowner
|
|
|
dac76a |
+ vars:
|
|
|
dac76a |
+ filepath: /etc/issue
|
|
|
dac76a |
+ filegid: '0'
|
|
|
dac76a |
diff --git a/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue/rule.yml
|
|
|
dac76a |
new file mode 100644
|
|
|
dac76a |
index 0000000000..1a96fc1bee
|
|
|
dac76a |
--- /dev/null
|
|
|
dac76a |
+++ b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue/rule.yml
|
|
|
dac76a |
@@ -0,0 +1,35 @@
|
|
|
dac76a |
+documentation_complete: true
|
|
|
dac76a |
+
|
|
|
dac76a |
+prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,wrlinux1019
|
|
|
dac76a |
+
|
|
|
dac76a |
+title: 'Verify ownership of System Login Banner'
|
|
|
dac76a |
+
|
|
|
dac76a |
+description: |-
|
|
|
dac76a |
+ {{{ describe_file_owner(file="/etc/issue", owner="root") }}}
|
|
|
dac76a |
+
|
|
|
dac76a |
+rationale: |-
|
|
|
dac76a |
+ Display of a standardized and approved use notification before granting
|
|
|
dac76a |
+ access to the operating system ensures privacy and security notification
|
|
|
dac76a |
+ verbiage used is consistent with applicable federal laws, Executive Orders,
|
|
|
dac76a |
+ directives, policies, regulations, standards, and guidance.
|
|
|
dac76a |
+ Proper ownership will ensure that only root user can modify the banner.
|
|
|
dac76a |
+
|
|
|
dac76a |
+severity: medium
|
|
|
dac76a |
+
|
|
|
dac76a |
+identifiers:
|
|
|
dac76a |
+ cce@rhel7: 83717-9
|
|
|
dac76a |
+ cce@rhel8: 83718-7
|
|
|
dac76a |
+
|
|
|
dac76a |
+references:
|
|
|
dac76a |
+ cis@rhel7: 1.7.1.5
|
|
|
dac76a |
+ cis@rhel8: 1.8.1.5
|
|
|
dac76a |
+
|
|
|
dac76a |
+ocil_clause: '{{{ ocil_clause_file_owner(file="/etc/issue", owner="root") }}}'
|
|
|
dac76a |
+
|
|
|
dac76a |
+ocil: '{{{ ocil_file_owner(file="/etc/issue", owner="root") }}}'
|
|
|
dac76a |
+
|
|
|
dac76a |
+template:
|
|
|
dac76a |
+ name: file_owner
|
|
|
dac76a |
+ vars:
|
|
|
dac76a |
+ filepath: /etc/issue
|
|
|
dac76a |
+ fileuid: '0'
|
|
|
dac76a |
diff --git a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue/rule.yml
|
|
|
dac76a |
index 323c3b93b6..6082783b89 100644
|
|
|
dac76a |
--- a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue/rule.yml
|
|
|
dac76a |
+++ b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue/rule.yml
|
|
|
dac76a |
@@ -1,5 +1,7 @@
|
|
|
dac76a |
documentation_complete: true
|
|
|
dac76a |
|
|
|
dac76a |
+prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,wrlinux1019
|
|
|
dac76a |
+
|
|
|
dac76a |
title: 'Verify permissions on System Login Banner'
|
|
|
dac76a |
|
|
|
dac76a |
description: |-
|
|
|
dac76a |
diff --git a/shared/references/cce-redhat-avail.txt b/shared/references/cce-redhat-avail.txt
|
|
|
dac76a |
index 4a8668ed97..565be50dcf 100644
|
|
|
dac76a |
--- a/shared/references/cce-redhat-avail.txt
|
|
|
dac76a |
+++ b/shared/references/cce-redhat-avail.txt
|
|
|
dac76a |
@@ -394,8 +394,6 @@ CCE-83703-9
|
|
|
dac76a |
CCE-83704-7
|
|
|
dac76a |
CCE-83705-4
|
|
|
dac76a |
CCE-83706-2
|
|
|
dac76a |
-CCE-83707-0
|
|
|
dac76a |
-CCE-83708-8
|
|
|
dac76a |
CCE-83709-6
|
|
|
dac76a |
CCE-83710-4
|
|
|
dac76a |
CCE-83711-2
|
|
|
dac76a |
@@ -404,8 +402,6 @@ CCE-83713-8
|
|
|
dac76a |
CCE-83714-6
|
|
|
dac76a |
CCE-83715-3
|
|
|
dac76a |
CCE-83716-1
|
|
|
dac76a |
-CCE-83717-9
|
|
|
dac76a |
-CCE-83718-7
|
|
|
dac76a |
CCE-83719-5
|
|
|
dac76a |
CCE-83720-3
|
|
|
dac76a |
CCE-83721-1
|
|
|
dac76a |
|
|
|
dac76a |
From ac323a919cd97ee34d17d96ca20d10e8ad25ac43 Mon Sep 17 00:00:00 2001
|
|
|
dac76a |
From: Watson Sato <wsato@redhat.com>
|
|
|
dac76a |
Date: Tue, 24 Mar 2020 09:50:54 +0100
|
|
|
dac76a |
Subject: [PATCH 2/4] Add rules to check owners of /etc/motd
|
|
|
dac76a |
|
|
|
dac76a |
---
|
|
|
dac76a |
.../file_groupowner_etc_motd/rule.yml | 35 +++++++++++++++++++
|
|
|
dac76a |
.../file_owner_etc_motd/rule.yml | 35 +++++++++++++++++++
|
|
|
dac76a |
.../file_permissions_etc_motd/rule.yml | 2 ++
|
|
|
dac76a |
shared/references/cce-redhat-avail.txt | 4 ---
|
|
|
dac76a |
4 files changed, 72 insertions(+), 4 deletions(-)
|
|
|
dac76a |
create mode 100644 linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_motd/rule.yml
|
|
|
dac76a |
create mode 100644 linux_os/guide/system/accounts/accounts-banners/file_owner_etc_motd/rule.yml
|
|
|
dac76a |
|
|
|
dac76a |
diff --git a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_motd/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_motd/rule.yml
|
|
|
dac76a |
new file mode 100644
|
|
|
dac76a |
index 0000000000..21ff3fb62a
|
|
|
dac76a |
--- /dev/null
|
|
|
dac76a |
+++ b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_motd/rule.yml
|
|
|
dac76a |
@@ -0,0 +1,35 @@
|
|
|
dac76a |
+documentation_complete: true
|
|
|
dac76a |
+
|
|
|
dac76a |
+prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8,rhv4,wrlinux1019
|
|
|
dac76a |
+
|
|
|
dac76a |
+title: 'Verify group ownership of Message of the Day Banner'
|
|
|
dac76a |
+
|
|
|
dac76a |
+description: |-
|
|
|
dac76a |
+ {{{ describe_file_group_owner(file="/etc/motd", group="root") }}}
|
|
|
dac76a |
+
|
|
|
dac76a |
+rationale: |-
|
|
|
dac76a |
+ Display of a standardized and approved use notification before granting
|
|
|
dac76a |
+ access to the operating system ensures privacy and security notification
|
|
|
dac76a |
+ verbiage used is consistent with applicable federal laws, Executive Orders,
|
|
|
dac76a |
+ directives, policies, regulations, standards, and guidance.
|
|
|
dac76a |
+ Proper group ownerhip will ensure that only root user can modify the banner.
|
|
|
dac76a |
+
|
|
|
dac76a |
+severity: medium
|
|
|
dac76a |
+
|
|
|
dac76a |
+identifiers:
|
|
|
dac76a |
+ cce@rhel7: 83727-8
|
|
|
dac76a |
+ cce@rhel8: 83728-6
|
|
|
dac76a |
+
|
|
|
dac76a |
+references:
|
|
|
dac76a |
+ cis@rhel7: 1.7.1.4
|
|
|
dac76a |
+ cis@rhel8: 1.8.1.4
|
|
|
dac76a |
+
|
|
|
dac76a |
+ocil_clause: '{{{ ocil_clause_file_group_owner(file="/etc/motd", group="root") }}}'
|
|
|
dac76a |
+
|
|
|
dac76a |
+ocil: '{{{ ocil_file_group_owner(file="/etc/motd", group="root") }}}'
|
|
|
dac76a |
+
|
|
|
dac76a |
+template:
|
|
|
dac76a |
+ name: file_groupowner
|
|
|
dac76a |
+ vars:
|
|
|
dac76a |
+ filepath: /etc/motd
|
|
|
dac76a |
+ filegid: '0'
|
|
|
dac76a |
diff --git a/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_motd/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_motd/rule.yml
|
|
|
dac76a |
new file mode 100644
|
|
|
dac76a |
index 0000000000..27fed965fb
|
|
|
dac76a |
--- /dev/null
|
|
|
dac76a |
+++ b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_motd/rule.yml
|
|
|
dac76a |
@@ -0,0 +1,35 @@
|
|
|
dac76a |
+documentation_complete: true
|
|
|
dac76a |
+
|
|
|
dac76a |
+prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8,rhv4,wrlinux1019
|
|
|
dac76a |
+
|
|
|
dac76a |
+title: 'Verify ownership of Message of the Day Banner'
|
|
|
dac76a |
+
|
|
|
dac76a |
+description: |-
|
|
|
dac76a |
+ {{{ describe_file_owner(file="/etc/motd", owner="root") }}}
|
|
|
dac76a |
+
|
|
|
dac76a |
+rationale: |-
|
|
|
dac76a |
+ Display of a standardized and approved use notification before granting
|
|
|
dac76a |
+ access to the operating system ensures privacy and security notification
|
|
|
dac76a |
+ verbiage used is consistent with applicable federal laws, Executive Orders,
|
|
|
dac76a |
+ directives, policies, regulations, standards, and guidance.
|
|
|
dac76a |
+ Proper ownerhip will ensure that only root user can modify the banner.
|
|
|
dac76a |
+
|
|
|
dac76a |
+severity: medium
|
|
|
dac76a |
+
|
|
|
dac76a |
+identifiers:
|
|
|
dac76a |
+ cce@rhel7: 83737-7
|
|
|
dac76a |
+ cce@rhel8: 83738-5
|
|
|
dac76a |
+
|
|
|
dac76a |
+references:
|
|
|
dac76a |
+ cis@rhel7: 1.7.1.4
|
|
|
dac76a |
+ cis@rhel8: 1.8.1.4
|
|
|
dac76a |
+
|
|
|
dac76a |
+ocil_clause: '{{{ ocil_clause_file_owner(file="/etc/motd", owner="root") }}}'
|
|
|
dac76a |
+
|
|
|
dac76a |
+ocil: '{{{ ocil_file_owner(file="/etc/motd", owner="root") }}}'
|
|
|
dac76a |
+
|
|
|
dac76a |
+template:
|
|
|
dac76a |
+ name: file_owner
|
|
|
dac76a |
+ vars:
|
|
|
dac76a |
+ filepath: /etc/motd
|
|
|
dac76a |
+ fileuid: '0'
|
|
|
dac76a |
diff --git a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_motd/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_motd/rule.yml
|
|
|
dac76a |
index 6d81eb43d1..ca789dc6f8 100644
|
|
|
dac76a |
--- a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_motd/rule.yml
|
|
|
dac76a |
+++ b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_motd/rule.yml
|
|
|
dac76a |
@@ -1,5 +1,7 @@
|
|
|
dac76a |
documentation_complete: true
|
|
|
dac76a |
|
|
|
dac76a |
+prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8,rhv4,wrlinux1019
|
|
|
dac76a |
+
|
|
|
dac76a |
title: 'Verify permissions on Message of the Day Banner'
|
|
|
dac76a |
|
|
|
dac76a |
description: |-
|
|
|
dac76a |
diff --git a/shared/references/cce-redhat-avail.txt b/shared/references/cce-redhat-avail.txt
|
|
|
dac76a |
index 565be50dcf..5986154a5a 100644
|
|
|
dac76a |
--- a/shared/references/cce-redhat-avail.txt
|
|
|
dac76a |
+++ b/shared/references/cce-redhat-avail.txt
|
|
|
dac76a |
@@ -410,8 +410,6 @@ CCE-83723-7
|
|
|
dac76a |
CCE-83724-5
|
|
|
dac76a |
CCE-83725-2
|
|
|
dac76a |
CCE-83726-0
|
|
|
dac76a |
-CCE-83727-8
|
|
|
dac76a |
-CCE-83728-6
|
|
|
dac76a |
CCE-83729-4
|
|
|
dac76a |
CCE-83730-2
|
|
|
dac76a |
CCE-83731-0
|
|
|
dac76a |
@@ -420,8 +418,6 @@ CCE-83733-6
|
|
|
dac76a |
CCE-83734-4
|
|
|
dac76a |
CCE-83735-1
|
|
|
dac76a |
CCE-83736-9
|
|
|
dac76a |
-CCE-83737-7
|
|
|
dac76a |
-CCE-83738-5
|
|
|
dac76a |
CCE-83739-3
|
|
|
dac76a |
CCE-83740-1
|
|
|
dac76a |
CCE-83741-9
|
|
|
dac76a |
|
|
|
dac76a |
From 3f0c74420e052b6ea18cef45896a48f24cd3c5df Mon Sep 17 00:00:00 2001
|
|
|
dac76a |
From: Watson Yuuma Sato <wsato@redhat.com>
|
|
|
dac76a |
Date: Tue, 24 Mar 2020 13:32:34 +0100
|
|
|
dac76a |
Subject: [PATCH 3/4] Update
|
|
|
dac76a |
linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_motd/rule.yml
|
|
|
dac76a |
MIME-Version: 1.0
|
|
|
dac76a |
Content-Type: text/plain; charset=UTF-8
|
|
|
dac76a |
Content-Transfer-Encoding: 8bit
|
|
|
dac76a |
|
|
|
dac76a |
Co-Authored-By: Jan Černý <jcerny@redhat.com>
|
|
|
dac76a |
---
|
|
|
dac76a |
.../accounts/accounts-banners/file_groupowner_etc_motd/rule.yml | 2 +-
|
|
|
dac76a |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
dac76a |
|
|
|
dac76a |
diff --git a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_motd/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_motd/rule.yml
|
|
|
dac76a |
index 21ff3fb62a..9cebc074dd 100644
|
|
|
dac76a |
--- a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_motd/rule.yml
|
|
|
dac76a |
+++ b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_motd/rule.yml
|
|
|
dac76a |
@@ -12,7 +12,7 @@ rationale: |-
|
|
|
dac76a |
access to the operating system ensures privacy and security notification
|
|
|
dac76a |
verbiage used is consistent with applicable federal laws, Executive Orders,
|
|
|
dac76a |
directives, policies, regulations, standards, and guidance.
|
|
|
dac76a |
- Proper group ownerhip will ensure that only root user can modify the banner.
|
|
|
dac76a |
+ Proper group ownership will ensure that only root user can modify the banner.
|
|
|
dac76a |
|
|
|
dac76a |
severity: medium
|
|
|
dac76a |
|
|
|
dac76a |
|
|
|
dac76a |
From 3138bbcee2a997eb0c8f74eabdcac9f71944e191 Mon Sep 17 00:00:00 2001
|
|
|
dac76a |
From: Watson Yuuma Sato <wsato@redhat.com>
|
|
|
dac76a |
Date: Tue, 24 Mar 2020 13:33:40 +0100
|
|
|
dac76a |
Subject: [PATCH 4/4] Fix typo in title of rule
|
|
|
dac76a |
MIME-Version: 1.0
|
|
|
dac76a |
Content-Type: text/plain; charset=UTF-8
|
|
|
dac76a |
Content-Transfer-Encoding: 8bit
|
|
|
dac76a |
|
|
|
dac76a |
Co-Authored-By: Jan Černý <jcerny@redhat.com>
|
|
|
dac76a |
---
|
|
|
dac76a |
.../accounts-banners/file_groupowner_etc_issue/rule.yml | 2 +-
|
|
|
dac76a |
.../accounts/accounts-banners/file_groupowner_etc_motd/rule.yml | 2 +-
|
|
|
dac76a |
.../accounts/accounts-banners/file_owner_etc_motd/rule.yml | 2 +-
|
|
|
dac76a |
3 files changed, 3 insertions(+), 3 deletions(-)
|
|
|
dac76a |
|
|
|
dac76a |
diff --git a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue/rule.yml
|
|
|
dac76a |
index fe22c4ceda..6ff4e0a95a 100644
|
|
|
dac76a |
--- a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue/rule.yml
|
|
|
dac76a |
+++ b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue/rule.yml
|
|
|
dac76a |
@@ -2,7 +2,7 @@ documentation_complete: true
|
|
|
dac76a |
|
|
|
dac76a |
prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,wrlinux1019
|
|
|
dac76a |
|
|
|
dac76a |
-title: 'Verify group ownership of System Login Banner'
|
|
|
dac76a |
+title: 'Verify Group Ownership of System Login Banner'
|
|
|
dac76a |
|
|
|
dac76a |
description: |-
|
|
|
dac76a |
{{{ describe_file_group_owner(file="/etc/issue", group="root") }}}
|
|
|
dac76a |
diff --git a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_motd/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_motd/rule.yml
|
|
|
dac76a |
index 9cebc074dd..8c66e997ac 100644
|
|
|
dac76a |
--- a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_motd/rule.yml
|
|
|
dac76a |
+++ b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_motd/rule.yml
|
|
|
dac76a |
@@ -2,7 +2,7 @@ documentation_complete: true
|
|
|
dac76a |
|
|
|
dac76a |
prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8,rhv4,wrlinux1019
|
|
|
dac76a |
|
|
|
dac76a |
-title: 'Verify group ownership of Message of the Day Banner'
|
|
|
dac76a |
+title: 'Verify Group Ownership of Message of the Day Banner'
|
|
|
dac76a |
|
|
|
dac76a |
description: |-
|
|
|
dac76a |
{{{ describe_file_group_owner(file="/etc/motd", group="root") }}}
|
|
|
dac76a |
diff --git a/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_motd/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_motd/rule.yml
|
|
|
dac76a |
index 27fed965fb..8d963ae75d 100644
|
|
|
dac76a |
--- a/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_motd/rule.yml
|
|
|
dac76a |
+++ b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_motd/rule.yml
|
|
|
dac76a |
@@ -12,7 +12,7 @@ rationale: |-
|
|
|
dac76a |
access to the operating system ensures privacy and security notification
|
|
|
dac76a |
verbiage used is consistent with applicable federal laws, Executive Orders,
|
|
|
dac76a |
directives, policies, regulations, standards, and guidance.
|
|
|
dac76a |
- Proper ownerhip will ensure that only root user can modify the banner.
|
|
|
dac76a |
+ Proper ownership will ensure that only root user can modify the banner.
|
|
|
dac76a |
|
|
|
dac76a |
severity: medium
|
|
|
dac76a |
|