You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
this test fails:
control "xccdf_org.cisecurity.benchmarks_rule_1.5.2_Set_Permissions_on_etcgrub.conf" do
title "Set Permissions on /etc/grub.conf"
desc "Set permission on the /etc/grub.conf file to read and write for root only."
impact 1.0
describe file("/etc/grub.conf") do
it { should exist }
end
describe file("/etc/grub.conf") do
it { should_not be_executable.by "group" }
end
describe file("/etc/grub.conf") do
it { should_not be_readable.by "group" }
end
describe file("/etc/grub.conf") do
it { should_not be_writable.by "group" }
end
describe file("/etc/grub.conf") do
it { should_not be_executable.by "other" }
end
describe file("/etc/grub.conf") do
it { should_not be_readable.by "other" }
end
describe file("/etc/grub.conf") do
it { should_not be_writable.by "other" }
end
end
because:
The text was updated successfully, but these errors were encountered:
@vjeffrey@srenatus Good use-case! the way that file currently works, is that it will check the item you are pointing to, without resolving any fancy links:
This is great for being specific and not wasting effort each time we need to resolve a file, but you may be pointing to an underlying difficulty in that model, which is: Users might be more interested in always testing the target, i.e. having it resolved. What are your thoughts?
If we decide to change this behavior, let's do it in train and make it applicable everywhere.
this test fails:
control "xccdf_org.cisecurity.benchmarks_rule_1.5.2_Set_Permissions_on_etcgrub.conf" do
title "Set Permissions on /etc/grub.conf"
desc "Set permission on the /etc/grub.conf file to read and write for root only."
impact 1.0
describe file("/etc/grub.conf") do
it { should exist }
end
describe file("/etc/grub.conf") do
it { should_not be_executable.by "group" }
end
describe file("/etc/grub.conf") do
it { should_not be_readable.by "group" }
end
describe file("/etc/grub.conf") do
it { should_not be_writable.by "group" }
end
describe file("/etc/grub.conf") do
it { should_not be_executable.by "other" }
end
describe file("/etc/grub.conf") do
it { should_not be_readable.by "other" }
end
describe file("/etc/grub.conf") do
it { should_not be_writable.by "other" }
end
end
because:
The text was updated successfully, but these errors were encountered: