File: rule.yml

package info (click to toggle)
scap-security-guide 0.1.78-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 114,600 kB
  • sloc: xml: 245,305; sh: 84,381; python: 33,093; makefile: 27
file content (33 lines) | stat: -rw-r--r-- 963 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
documentation_complete: true


title: 'Verify Permissions on lastlog Command'

description: |-
    {{{ describe_file_permissions(file="/usr/bin/lastlog", perms="0750") }}}

rationale: |-
    Unauthorized disclosure of the contents of the /var/log/lastlog file can reveal system data to
    attackers, thus compromising its confidentiality.

severity: medium

references:
    nist: SI-11(b),SI-11(c),SI-11.1(iv)
    srg: SRG-OS-000206-GPOS-00084
    stigid@ol8: OL08-00-020262

ocil_clause: '{{{ ocil_clause_file_permissions(file="/usr/bin/lastlog", perms="-rwxr-x---") }}}'

ocil: |-
    {{{ ocil_file_permissions(file="/usr/bin/lastlog", perms="-rwxr-x---") }}}

fixtext: '{{{ fixtext_directory_permissions(file="/usr/bin/lastlog/", mode="0750") }}}'

srg_requirement: '{{{ srg_requirement_directory_permission(file="/usr/bin/lastlog", mode="0750") }}}'

template:
    name: file_permissions
    vars:
        filepath: /usr/bin/lastlog
        filemode: '0750'