File: shared.xml

package info (click to toggle)
scap-security-guide 0.1.78-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 114,600 kB
  • sloc: xml: 245,305; sh: 84,381; python: 33,093; makefile: 27
file content (42 lines) | stat: -rw-r--r-- 2,126 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
 
<def-group>
  <definition class="compliance" id="grub2_admin_username" version="1">
    {{{ oval_metadata(
              "The grub2 boot loader superuser should have a username that is hard to guess.", rule_title=rule_title) }}}

    <criteria operator="OR">
      <criterion comment="Superuser is defined in {{{ grub2_boot_path }}}/grub.cfg and it isn't
            root, admin, administrator nor equal to any system username"
            test_ref="test_bootloader_superuser_differ_from_other_users"/>
    </criteria>
  </definition>

  <unix:password_object id="object_user_accounts" version="1">
    <unix:username datatype="string" operation="pattern match">.*</unix:username>
  </unix:password_object>

  <local_variable id="var_user_accounts" datatype="string" version="1" comment="Variable
          including all system usernames">
    <object_component item_field="username" object_ref="object_user_accounts"/>
  </local_variable>

  <ind:textfilecontent54_state id="state_bootloader_superuser_differ_from_other_users" 
          version="1">
    <ind:subexpression datatype="string" operation="not equal" var_check="all"
          var_ref="var_user_accounts" />
  </ind:textfilecontent54_state>

  <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="superuser
          is defined in {{{ grub2_boot_path }}}/grub.cfg. Superuser is not
          equal to other system account nor root, admin, administrator"
          id="test_bootloader_superuser_differ_from_other_users" version="1">
    <ind:object object_ref="object_bootloader_unique_superuser" />
    <ind:state state_ref="state_bootloader_superuser_differ_from_other_users" />
  </ind:textfilecontent54_test>

  <ind:textfilecontent54_object id="object_bootloader_unique_superuser" version="1">
    <ind:filepath>{{{ grub2_boot_path }}}/grub.cfg</ind:filepath>
    <ind:pattern operation="pattern match"
          >^[\s]*set[\s]+superusers="(?i)\b(?!(?:root|admin|administrator)\b)(\w+)".*\n[\s]*export[\s]+superusers[\s]*$</ind:pattern>
    <ind:instance datatype="int">1</ind:instance>
  </ind:textfilecontent54_object>
</def-group>