diff options
Diffstat (limited to 'xml/SCAP/gentoo-xccdf.xml')
-rw-r--r-- | xml/SCAP/gentoo-xccdf.xml | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/xml/SCAP/gentoo-xccdf.xml b/xml/SCAP/gentoo-xccdf.xml index 3c3afcd..732bde3 100644 --- a/xml/SCAP/gentoo-xccdf.xml +++ b/xml/SCAP/gentoo-xccdf.xml @@ -103,6 +103,8 @@ <select idref="xccdf_org.gentoo.dev.swift_rule_securetty-limitentries" selected="true" /> <!-- Make sure /proc is mounted with hidepid=1 or hidepid=2 --> <select idref="xccdf_org.gentoo.dev.swift_rule_proc-hidepid" selected="true" /> + <!-- Make sure /boot/grub/grub.conf has a password entry with md5 hash --> + <select idref="xccdf_org.gentoo.dev.swift_rule_grubconf-password-md5" selected="true" /> </Profile> <Profile id="xccdf_org.gentoo.dev.swift_profile_default" extends="xccdf_org.gentoo.dev.swift_profile_default-oval"> <title>Default server setup settings</title> @@ -1513,6 +1515,15 @@ grub> <h:b>quit</h:b></h:pre> using <h:code>password --md5 $1$18u.M0$J8VbOsGXuoG9Fh3n7ZkqY.</h:code>. </h:p> </description> + <Rule id="xccdf_org.gentoo.dev.swift_rule_grubconf-password-md5" selected="false" severity="low" weight="6.9"> + <title>Grub legacy has a password entry with md5 hash</title> + <fixtext fixref="xccdf_org.gentoo.dev.swift_fix_grubconf-password-md5"> + Edit /boot/grub/grub.conf and set a password entry with md5 hash + </fixtext> + <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"> + <check-content-ref name="oval:org.gentoo.dev.swift:def:34" href="gentoo-oval.xml" /> + </check> + </Rule> </Group> <Group id="xccdf_org.gentoo.dev.swift_group_system-bootloader-lilopass"> <title>Password protect LILO</title> |