Hello, I do a lot of work on making sure Linux meets various security standards. One of the better known security profiles is the DISA STIG. (STIG means Security Technical Information Guide.) Back in February, there was a big update to it. I have reviewed it and sent feedback to get some items corrected. But in the mean time, I wanted to check how far off we have gotten and wrote a script to do some checking. The guide requires a UMASK of 027 for users, so you may find that home dir file permissions are not right. However, if you just create a user and have never logged in...the file permissions should be right. In any event, I have uploaded the scripts so that file permission problems can be found and fixed. The original guide can be found here: http://iase.disa.mil/stigs/downloads/zip/unclassified_os-srg-unix_v1r1_finalsrg.zip We used openscap to translate the XCCDF content into html. The (uncorrected) settings can be found here: http://people.redhat.com/sgrubb/files/stig-2011/stig-2011-checklist.html and the test script can be found here: http://people.redhat.com/sgrubb/files/stig-2011/stig-file-test.sh I think we should realign some file permissions. -Steve -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
