From Fedora Project Wiki

Revision as of 11:29, 25 August 2010 by Pvrabec (talk | contribs)

Description

Secstate is a tool that attempts to streamline the Certification and Accreditation process of Linux systems by providing a mechanism to verify, validate, and provide remediation to security relevant configuration items.

Setup

  1. Install the most recent version of secstate from https://fedorahosted.org/secstate/wiki/RecentBuilds
  2. Download and extract the file available at https://fedorahosted.org/secstate/attachment/wiki/TestContent/etcpasswd.tar.gz?format=raw
  3. Backup of /etc/passwd
  4. Have another root session open in case something goes wrong with /etc/passwd and the user is unable to authenticate

How to test

  1. Change the owner, group, and permissions on /etc/passwd.
     # sudo chown 500:500 /etc/passwd
     # sudo chmod 777 /etc/passwd
     # ls -ln /etc/passwd
    

    The user should see that the owner and group owner of /etc/passwd is UID and GID 500 and the permissions should be like -rwxrwxrwx.

  2. Import the downloaded content using secstate.
     # sudo secstate import etcpasswd/Passwd.xccdf.xml
     # sudo
    

    The user should see a listing like:

     [X]Benchmark - ID: Passwd, Title: 'PasswordFilePermissions', Profile: None
            [X]Rule - ID: Passwd-R-2-1, Title: 'Passwd_Ownership'
            [X]Rule - ID: Passwd-R-2-2, Title: 'Passwd_Group_Ownership'
            [X]Rule - ID: Passwd-R-2-3, Title: 'Passwd_Mode'
    
  3. Deselect the group ownership rule.
     # sudo secstate deselect Passwd Passwd-R-2-2
     # sudo secstate list -a -r
    

    The user should see the same listing as above, except the group ownership rule should not have an X.

  4. Audit before remediation.
     # sudo secstate audit
    

    The user should see output like:

     --Results for 'Passwd' (Profile: 'Custom')--
     Passed:         0
     Failed:         2
     Fixed:          0
     Not Selected:   1
     Not Checked:    0
     Not Applicable: 0
     Error:          0
     Informational:  0
     Unknown:        0
    
  5. Remediate everything except group ownership.
     # sudo secstate remediate -r etcpasswd/passwd.pp
    

    The user should see output similar to:

     notice: //passwd/File_perms[/etc/passwd]/uexec: uexec changed 'true' to 'false'
     notice: //passwd/File_perms[/etc/passwd]/gwrite: gwrite changed 'true' to 'false'
     notice: //passwd/File_perms[/etc/passwd]/gexec: gexec changed 'true' to 'false'
     notice: //passwd/File_perms[/etc/passwd]/owrite: owrite changed 'true' to 'false'
     notice: //passwd/File_perms[/etc/passwd]/oexec: oexec changed 'true' to 'false'
     notice: //passwd/File_perms[/etc/passwd]/owner: owner changed '500' to '0'
    
  6. Select the group ownership rule.
     # sudo secstate select Passwd Passwd-R-2-2
     # sudo secstate list -a -r
    

    The user should see the original listing with all rules selected.

  7. Remediate everything.
     # sudo secstate remediate -r etcpasswd/passwd.pp
    

    The user should see output like:

     notice: //passwd/File_perms[/etc/passwd]/group: group changed '500' to '0'
    
  8. Final audit.
    # sudo secstate audit
    

    The user should see output like:

     --Results for 'Passwd' (Profile: 'Custom')--
     Passed:         3
     Failed:         0
     Fixed:          0
     Not Selected:   0
     Not Checked:    0
     Not Applicable: 0
     Error:          0
     Informational:  0
     Unknown:        0
    
  9. Manually verify permissions of /etc/passwd.
        # ls -ln /etc/passwd
    

    The user should see that the owner and group UID and GID have been reset to 0 and the permissions on the file are now -rw-r--r--.

Expected Results

All the commands from previous section get expected results.