Merge pull request #12929 from vojtapolasek/umask_interactive_users_l…

…imit_depth Umask interactive users limit depth
ComplianceAsCode · Jan 29, 2025 · d7e934c · d7e934c
2 parents 1bd83d3 + d0f6923
commit d7e934c
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 6 deletions.
diff --git a/...tem/accounts/accounts-session/user_umask/accounts_umask_interactive_users/oval/shared.xml b/...tem/accounts/accounts-session/user_umask/accounts_umask_interactive_users/oval/shared.xml
@@ -19,6 +19,7 @@
   <!-- #### creation of object #### -->
   <ind:textfilecontent54_object id="object_accounts_umask_interactive_users"
                                 comment="Umask value from initialization files" version="1">
+    <ind:behaviors max_depth="0" recurse_direction="down" />
     <ind:path var_ref="var_accounts_umask_interactive_users_dirs" var_check="at least one"/>
     <ind:filename operation="pattern match">^\..*</ind:filename>
     <ind:pattern operation="pattern match">^[\s]*umask\s*</ind:pattern>

diff --git a/...ounts/accounts-session/user_umask/accounts_umask_interactive_users/policy/stig/shared.yml b/...ounts/accounts-session/user_umask/accounts_umask_interactive_users/policy/stig/shared.yml
@@ -13,10 +13,10 @@ checktext: |-
 
     Note: The example is for a system that is configured to create users home directories in the "/home" directory.
 
-    $ sudo grep -ir umask /home
+    $ sudo find /home -maxdepth 2 -type f -name ".[^.]*" -exec grep -iH -d skip --exclude=.bash_history umask {} \;
 
-    /home/smithj/.bash_history:grep -i umask /etc/bashrc /etc/csh.cshrc /etc/profile
-    /home/smithj/.bash_history:grep -i umask /etc/login.defs
+    /home/wadea/.bash_history:grep -i umask /etc/bashrc /etc/csh.cshrc /etc/profile
+    /home/wadea/.bash_history:grep -i umask /etc/login.defs
 
     If any local interactive user initialization files are found to have a umask statement that sets a value less restrictive than "077", this is a finding.
 

diff --git a/...ide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/rule.yml b/...ide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/rule.yml
@@ -40,10 +40,10 @@ ocil: |-
 
     Note: The example is for a system that is configured to create users home directories in the "/home" directory.
 
-    # grep -ri umask /home/
+    $ sudo find /home -maxdepth 2 -type f -name ".[^.]*" -exec grep -iH -d skip --exclude=.bash_history umask {} \;
 
-    /home/smithj/.bash_history:grep -i umask /etc/bashrc /etc/csh.cshrc /etc/profile
-    /home/smithj/.bash_history:grep -i umask /etc/login.defs
+    /home/wadea/.bash_history:grep -i umask /etc/bashrc /etc/csh.cshrc /etc/profile
+    /home/wadea/.bash_history:grep -i umask /etc/login.defs
 
 fixtext: |-
     Remove the umask statement from all local interactive user's initialization files.

diff --git a/.../user_umask/accounts_umask_interactive_users/tests/deeper_than_two_levels_ignored.pass.sh b/.../user_umask/accounts_umask_interactive_users/tests/deeper_than_two_levels_ignored.pass.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+USER="cac_user"
+useradd -m $USER
+mkdir -p /home/"${USER}"/folder
+echo "umask 022" > /home/"${USER}"/folder/.bashrc