diff --git a/linux_os/guide/system/software/sudo/sudo_dedicated_group/oval/shared.xml b/linux_os/guide/system/software/sudo/sudo_dedicated_group/oval/shared.xml index 2ecb1008b94..541de4a3bdf 100644 --- a/linux_os/guide/system/software/sudo/sudo_dedicated_group/oval/shared.xml +++ b/linux_os/guide/system/software/sudo/sudo_dedicated_group/oval/shared.xml @@ -1,7 +1,7 @@ <def-group> <definition class="compliance" id="{{{ rule_id }}}" version="1"> {{{- oval_metadata("This test makes sure that /usr/bin/sudo is owned by the group set in var_sudo_dedicated_group") }}} - <criteria> + <criteria operator="AND"> <criterion comment="Check if dedicated group exists" test_ref="test_dedicated_group_exists" /> <criterion comment="Check file group ownership of /usr/bin/sudo" test_ref="test_sudo_owned_by_dedicated_group" /> </criteria> @@ -14,19 +14,17 @@ <unix:file_object comment="Fetch /usr/bin/sudo" id="object_sudo_file" version="1"> <unix:filepath>/usr/bin/sudo</unix:filepath> </unix:file_object> + <unix:file_state id="state_sudo_file_gid_is_dedicated_group_gid" version="1"> - <unix:group_id datatype="int" var_ref="local_var_sudo_dedicated_group_gid" /> + <unix:group_id datatype="int" operation="not equal">0</unix:group_id> </unix:file_state> - <local_variable id="local_var_sudo_dedicated_group_gid" datatype="int" comment="GID of the dedicated group" version="1"> - <object_component object_ref="sudo_dedicated_group_gid" item_field="subexpression" /> - </local_variable> - <ind:textfilecontent54_test id="test_dedicated_group_exists" comment="Check if dedicated group is listed in /etc/group" check="all" check_existence="only_one_exists" version="1"> <ind:object object_ref="sudo_dedicated_group_gid" /> </ind:textfilecontent54_test> + <ind:textfilecontent54_object id="sudo_dedicated_group_gid" comment="Grab GID of group set in var_sudo_dedicated_group" version="1"> <ind:filepath operation="equals">/etc/group</ind:filepath> diff --git a/linux_os/guide/system/software/sudo/sudo_dedicated_group/tests/no_group.fail.sh b/linux_os/guide/system/software/sudo/sudo_dedicated_group/tests/no_group.fail.sh index 971e8ac271e..897e5ac3587 100644 --- a/linux_os/guide/system/software/sudo/sudo_dedicated_group/tests/no_group.fail.sh +++ b/linux_os/guide/system/software/sudo/sudo_dedicated_group/tests/no_group.fail.sh @@ -1,6 +1,6 @@ # platform = multi_platform_all # remediation = none -# value = var_sudo_dedicated_group=othergroup +# variables = var_sudo_dedicated_group=othergroup groupadd othergroup chown :othergroup /usr/bin/sudo diff --git a/linux_os/guide/system/software/sudo/sudo_dedicated_group/tests/other_group.fail.sh b/linux_os/guide/system/software/sudo/sudo_dedicated_group/tests/other_group.pass.sh similarity index 100% rename from linux_os/guide/system/software/sudo/sudo_dedicated_group/tests/other_group.fail.sh rename to linux_os/guide/system/software/sudo/sudo_dedicated_group/tests/other_group.pass.sh diff --git a/linux_os/guide/system/software/sudo/sudo_dedicated_group/tests/root_default.pass.sh b/linux_os/guide/system/software/sudo/sudo_dedicated_group/tests/root_default.fail.sh similarity index 100% rename from linux_os/guide/system/software/sudo/sudo_dedicated_group/tests/root_default.pass.sh rename to linux_os/guide/system/software/sudo/sudo_dedicated_group/tests/root_default.fail.sh