On 7/5/12 4:52 PM, Willy Santos wrote:
CCI-001356 requires monitoring of atypical usage of operating system accounts.
This mapping is a request for input/discussion.
Signed-off-by: Willy Santos <[email protected]>
---
rhel6/src/input/auxiliary/srg_support.xml | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/rhel6/src/input/auxiliary/srg_support.xml
b/rhel6/src/input/auxiliary/srg_support.xml
index 6241599..04cb602 100644
--- a/rhel6/src/input/auxiliary/srg_support.xml
+++ b/rhel6/src/input/auxiliary/srg_support.xml
@@ -38,7 +38,7 @@ The requirement is impractical or out of scope.
<description>
It is unclear how to satisfy this requirement.
</description>
-<ref disa="20,31,218,219,224,1097,1158,1239,1291,1294,1295,1310,1311,1328,1340"
/>
+<ref
disa="20,31,218,219,224,1097,1158,1239,1291,1294,1295,1310,1311,1328,1340,1356" />
</Group> <!-- end requirement_unclear -->
<Group id="new_rule_needed">
I'd map to our audit rules.
We *monitor* for it via our customized audit rules. We provide that
monitoring data to a central repository (rsyslog) for action by someone
else (splunk, arcsight, etc)
_______________________________________________
scap-security-guide mailing list
[email protected]
https://fedorahosted.org/mailman/listinfo/scap-security-guide
