I saw the periodic RPM verify in the RHEL5 STIG (GEN006565), but didn't see the equivalent in the draft RHEL 6.
-Rob > -----Original Message----- > From: scap-security-guide-boun...@lists.fedorahosted.org > [mailto:scap-security-guide-boun...@lists.fedorahosted.org] > On Behalf Of Jeffrey Blank > Sent: Thursday, October 25, 2012 3:41 PM > To: scap-security-guide@lists.fedorahosted.org > Subject: Re: RPM verification/file permission question > > This is a possibility, but for now the STIG profile is likely > to move forward with AIDE for verifying integrity > periodically. The auditing system will also detect changes > in ACLs for you. > > Interestingly, those using the STIG rules for CM purposes > will likely run the /entire/ STIG profile periodically, > including the RPM verify check. > > > > > On 10/25/2012 03:36 PM, Robert Sanders wrote: > > I raised a question on the call earlier noticing the absence of any > > ACL related checks in the RHEL6 STIG compared to the RHEL5 STIG. > > Someone (Shawn? - apologies if incorrect) that RPM would ensure > > correct settings. I was thinking about this afterward and > wondered if > > there should be a line item requiring a periodic 'have rpm > verify all > > installed packages' check. While RPM will make sure that > things are > > setup correctly, I didn't see any checks to see if a change > had been > > made to ACLs after the fact. AIDE might pick up on this also, but > > I've never used it so I don't know. > > > > Sincerely, Rob Sanders =========================== Rob Sanders Sr. > > Secure Systems Engineer Raytheon Trusted Computer Solutions 12950 > > Worldgate Drive, Suite 600 Herndon, Virginia 20170 Security Blanket > > Support: 1-866-230-1317 Security Blanket Email: > > securityblan...@trustedcs.com Office: 703-896-4762 Fax: > > 703-318-5041 Email: rsand...@trustedcs.com > > _______________________________________________ scap-security-guide > > mailing list scap-security-guide@lists.fedorahosted.org > > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide > _______________________________________________ > scap-security-guide mailing list > scap-security-guide@lists.fedorahosted.org > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide > _______________________________________________ scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
