From Fedora Project Wiki

No edit summary
No edit summary
 
Line 2: Line 2:
|description=  
|description=  
Secstate is a tool that attempts to streamline the Certification and Accreditation process of Linux systems by providing a mechanism to '''verify''', '''validate''', and provide '''remediation''' to security relevant configuration items.
Secstate is a tool that attempts to streamline the Certification and Accreditation process of Linux systems by providing a mechanism to '''verify''', '''validate''', and provide '''remediation''' to security relevant configuration items.
{{admon/important|This test case touches core system files|This test modifies core system files. Nothing should go wrong, but still it is not recommended for Linux beginners.}}


|setup=
|setup=

Latest revision as of 12:48, 25 August 2010

Description

Secstate is a tool that attempts to streamline the Certification and Accreditation process of Linux systems by providing a mechanism to verify, validate, and provide remediation to security relevant configuration items.

Important.png
This test case touches core system files
This test modifies core system files. Nothing should go wrong, but still it is not recommended for Linux beginners.

Setup

  1. Install the most recent version of secstate from https://fedorahosted.org/secstate/wiki/RecentBuilds
  2. Download and extract the file available at https://fedorahosted.org/secstate/attachment/wiki/TestContent/etcpasswd.tar.gz?format=raw
  3. Backup your /etc/passwd
  4. Have another root session open in case something goes wrong with /etc/passwd and the user is unable to authenticate

How to test

  1. Change the owner, group, and permissions on /etc/passwd.
     # sudo chown 500:500 /etc/passwd
     # sudo chmod 777 /etc/passwd
     # ls -ln /etc/passwd
    

    The user should see that the owner and group owner of /etc/passwd is UID and GID 500 and the permissions should be like -rwxrwxrwx.

  2. Import the downloaded content using secstate.
     # sudo secstate import etcpasswd/Passwd.xccdf.xml
     # sudo secstate list -a -r
    

    The user should see a listing like:

     [X]Benchmark - ID: Passwd, Title: 'PasswordFilePermissions', Profile: None
            [X]Rule - ID: Passwd-R-2-1, Title: 'Passwd_Ownership'
            [X]Rule - ID: Passwd-R-2-2, Title: 'Passwd_Group_Ownership'
            [X]Rule - ID: Passwd-R-2-3, Title: 'Passwd_Mode'
    
  3. Deselect the group ownership rule.
     # sudo secstate deselect Passwd Passwd-R-2-2
     # sudo secstate list -a -r
    

    The user should see the same listing as above, except the group ownership rule should not have an X.

  4. Audit before remediation.
     # sudo secstate audit
    

    The user should see output like:

     --Results for 'Passwd' (Profile: 'Custom')--
     Passed:         0
     Failed:         2
     Fixed:          0
     Not Selected:   1
     Not Checked:    0
     Not Applicable: 0
     Error:          0
     Informational:  0
     Unknown:        0
    
  5. Remediate everything except group ownership.
     # sudo secstate remediate -r etcpasswd/passwd.pp
    

    The user should see output similar to:

     notice: //passwd/File_perms[/etc/passwd]/uexec: uexec changed 'true' to 'false'
     notice: //passwd/File_perms[/etc/passwd]/gwrite: gwrite changed 'true' to 'false'
     notice: //passwd/File_perms[/etc/passwd]/gexec: gexec changed 'true' to 'false'
     notice: //passwd/File_perms[/etc/passwd]/owrite: owrite changed 'true' to 'false'
     notice: //passwd/File_perms[/etc/passwd]/oexec: oexec changed 'true' to 'false'
     notice: //passwd/File_perms[/etc/passwd]/owner: owner changed '500' to '0'
    
  6. Select the group ownership rule.
     # sudo secstate select Passwd Passwd-R-2-2
     # sudo secstate list -a -r
    

    The user should see the original listing with all rules selected.

  7. Remediate everything.
     # sudo secstate remediate -r etcpasswd/passwd.pp
    

    The user should see output like:

     notice: //passwd/File_perms[/etc/passwd]/group: group changed '500' to '0'
    
  8. Final audit.
    # sudo secstate audit
    

    The user should see output like:

     --Results for 'Passwd' (Profile: 'Custom')--
     Passed:         3
     Failed:         0
     Fixed:          0
     Not Selected:   0
     Not Checked:    0
     Not Applicable: 0
     Error:          0
     Informational:  0
     Unknown:        0
    
  9. Manually verify permissions of /etc/passwd.
        # ls -ln /etc/passwd
    

    The user should see that the owner and group UID and GID have been reset to 0 and the permissions on the file are now -rw-r--r--.

Expected Results

All the commands from previous section get expected results.