I raised a question on the call earlier noticing the absence of any ACL related checks in the RHEL6 STIG compared to the RHEL5 STIG. Someone (Shawn? - apologies if incorrect) that RPM would ensure correct settings. I was thinking about this afterward and wondered if there should be a line item requiring a periodic 'have rpm verify all installed packages' check. While RPM will make sure that things are setup correctly, I didn't see any checks to see if a change had been made to ACLs after the fact. AIDE might pick up on this also, but I've never used it so I don't know.
Sincerely, Rob Sanders =========================== Rob Sanders Sr. Secure Systems Engineer Raytheon Trusted Computer Solutions 12950 Worldgate Drive, Suite 600 Herndon, Virginia 20170 Security Blanket Support: 1-866-230-1317 Security Blanket Email: securityblan...@trustedcs.com Office: 703-896-4762 Fax: 703-318-5041 Email: rsand...@trustedcs.com _______________________________________________ scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
