rpms / scap-security-guide

Clone
Source Code
GIT

Files

  1.   dac76ab332cb6f7ca5cdbec311d2754a26f6d91e
  2.   SOURCES
  3.   scap-security-guide-0.1.50-warn_nonlocal_users_groups.patch
Blob Blame History Raw 
From 4fc0688db8f97d1ee10bfd5162764ffef57356c9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C4=9Bj=20T=C3=BD=C4=8D?= <matyc@redhat.com>
Date: Wed, 22 Apr 2020 16:58:12 +0200
Subject: [PATCH] Added a warning to rules about only local user backends being
 considered.

---
 .../permissions/files/file_permissions_ungroupowned/rule.yml | 5 +++++
 .../permissions/files/no_files_unowned_by_user/rule.yml      | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml
index dba303d0ed..e99d035831 100644
--- a/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml
+++ b/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml
@@ -53,3 +53,8 @@ ocil: |-
     Either remove all files and directories from the system that do not have a valid group,
     or assign a valid group with the chgrp command:
     <pre>$ sudo chgrp <i>group</i> <i>file</i></pre>
+
+warnings:
+    - general: |-
+        This rule only considers local groups.
+        If you have your groups defined outside <code>/etc/group</code>, the rule won't consider those.
diff --git a/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml b/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml
index 7cd9b787a4..72bf327519 100644
--- a/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml
+++ b/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml
@@ -54,3 +54,8 @@ ocil: |-
     valid user, or assign a valid user to all unowned files and directories on
     the system with the <tt>chown</tt> command:
     <pre>$ sudo chown <tt>user</tt> <tt>file</tt></pre>
+
+warnings:
+    - general: |-
+        This rule only considers local users.
+        If you have your users defined outside <code>/etc/passwd</code>, the rule won't consider those.

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation