File: shared.xml

package info (click to toggle)
scap-security-guide 0.1.78-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 114,600 kB
  • sloc: xml: 245,305; sh: 84,381; python: 33,093; makefile: 27
file content (80 lines) | stat: -rw-r--r-- 5,148 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
 
<def-group>
  <definition class="compliance" id="sudoers_validate_passwd" version="1">
   {{{ oval_metadata("Ensure invoking user's password for privilege escalation when using sudo", rule_title=rule_title) }}}
      <criteria operator="AND">
      <criterion comment="Check Defaults !targetpw exists in /etc/sudoers file" test_ref="test_sudoers_targetpw_config" />
      <criterion comment="Check Defaults !rootpw exists in /etc/sudoers file" test_ref="test_sudoers_rootpw_config" />
      <criterion comment="Check Defaults !runaspw exists in /etc/sudoers file" test_ref="test_sudoers_runaspw_config" />
      <criterion comment="Check Defaults targetpw is not defined in /etc/sudoers file" test_ref="test_sudoers_targetpw_not_defined" />
      <criterion comment="Check Defaults rootpw is not defined in /etc/sudoers file" test_ref="test_sudoers_rootpw_not_defined" />
      <criterion comment="Check Defaults runaspw is not defined in /etc/sudoers file" test_ref="test_sudoers_runaspw_not_defined" />
      </criteria>
  </definition>

  <ind:textfilecontent54_test check="all" check_existence="at_least_one_exists" comment="Ensure invoking user's password for privilege escalation when using sudo"
  id="test_sudoers_targetpw_config" version="1">
    <ind:object object_ref="object_test_sudoers_targetpw_config" />
  </ind:textfilecontent54_test>

  <ind:textfilecontent54_test check="all" check_existence="at_least_one_exists" comment="Ensure invoking user's password for privilege escalation when using sudo"
  id="test_sudoers_rootpw_config" version="1">
    <ind:object object_ref="object_test_sudoers_rootpw_config" />
  </ind:textfilecontent54_test>

  <ind:textfilecontent54_test check="all" check_existence="at_least_one_exists" comment="Ensure invoking user's password for privilege escalation when using sudo"
  id="test_sudoers_runaspw_config" version="1">
    <ind:object object_ref="object_test_sudoers_runaspw_config" />
  </ind:textfilecontent54_test>

  <ind:textfilecontent54_object id="object_test_sudoers_targetpw_config" version="1">
    <ind:filepath operation="pattern match">^/etc/sudoers(\.d/.*)?$</ind:filepath>
    <ind:pattern operation="pattern match">^Defaults !targetpw$\r?\n</ind:pattern>
    <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
  </ind:textfilecontent54_object>

  <ind:textfilecontent54_object id="object_test_sudoers_rootpw_config" version="1">
    <ind:filepath operation="pattern match">^/etc/sudoers(\.d/.*)?$</ind:filepath>
    <ind:pattern operation="pattern match">^Defaults !rootpw$\r?\n</ind:pattern>
    <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
  </ind:textfilecontent54_object>

  <ind:textfilecontent54_object id="object_test_sudoers_runaspw_config" version="1">
    <ind:filepath operation="pattern match">^/etc/sudoers(\.d/.*)?$</ind:filepath>
    <ind:pattern operation="pattern match">^Defaults !runaspw$\r?\n</ind:pattern>
    <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
  </ind:textfilecontent54_object>

  <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="Ensure invoking user's password for privilege escalation when using sudo"
  id="test_sudoers_targetpw_not_defined" version="1">
    <ind:object object_ref="object_test_sudoers_targetpw_not_defined" />
  </ind:textfilecontent54_test>

  <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="Ensure invoking user's password for privilege escalation when using sudo"
  id="test_sudoers_rootpw_not_defined" version="1">
    <ind:object object_ref="object_test_sudoers_rootpw_not_defined" />
  </ind:textfilecontent54_test>

  <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="Ensure invoking user's password for privilege escalation when using sudo"
  id="test_sudoers_runaspw_not_defined" version="1">
    <ind:object object_ref="object_test_sudoers_runaspw_not_defined" />
  </ind:textfilecontent54_test>

  <ind:textfilecontent54_object id="object_test_sudoers_targetpw_not_defined" version="1">
    <ind:filepath operation="pattern match">^/etc/sudoers(\.d/.*)?$</ind:filepath>
    <ind:pattern operation="pattern match">^Defaults targetpw$\r?\n</ind:pattern>
    <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
  </ind:textfilecontent54_object>

  <ind:textfilecontent54_object id="object_test_sudoers_rootpw_not_defined" version="1">
    <ind:filepath operation="pattern match">^/etc/sudoers(\.d/.*)?$</ind:filepath>
    <ind:pattern operation="pattern match">^Defaults rootpw$\r?\n</ind:pattern>
    <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
  </ind:textfilecontent54_object>

  <ind:textfilecontent54_object id="object_test_sudoers_runaspw_not_defined" version="1">
    <ind:filepath operation="pattern match">^/etc/sudoers(\.d/.*)?$</ind:filepath>
    <ind:pattern operation="pattern match">^Defaults runaspw$\r?\n</ind:pattern>
    <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
  </ind:textfilecontent54_object>

</def-group>