I'm trying to understand (as an example) the following results from an evaluation on a rhel6.3 box using the stig-rhel6-server profile. And I apologize if these questions are answered in a FAQ somewhere.
1) Ensure Log Files Are Owned By Appropriate Group unknown Ensure System Log Files Have Correct Permissions unknown 2) All GIDs referenced in /etc/passwd must be defined in /etc/group notchecked Ensure All Accounts on the System Have Unique Names notchecked I understand that the "notchecked" is because there is not an oval test defined and the "unknown" is a specific "I don't know", as in the rsyslog_files_groupownership.xml: <ind:unknown_test check="all" comment="use extended content to evaluated this test" id="test_20155" version="1" /> So I've been reading the oval language definitions and I cannot see how to address the "unknown" tests which require parsing a file to get parts out of it (rsyslog wants defined log paths). Q) How does one go about writing a test that takes the result from evaluating a script? What is the "extended content"?? Q) Are the "notchecked" tests because the check is too vague? Or just not written yet? Any documents I should be reading? Thanks. -- Brian Millett "Terrible to see places I grew up going up in flames." -- [ Sinclair, "A Voice in the Wilderness I"] _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
