Yes :) However, we may be able to do a bit better, even with OVAL if we consider that the Rules:
Ensure Log Files Are Owned By Appropriate Group unknown Ensure System Log Files Have Correct Permissions unknown may be reformulated to: Ensure Log Files Are stored in /var/log pass (if lucky) ...and I believe OVAL is capable of checking for this. Other, existing checks for permissions on all files in /var/log should then ensure that a non-compliant system will fail. So I ask the group: storing all log files in /var/log is a stronger requirement, but is this a problem? (Really, the Rule for having a separate partition for /var/log is already sort of assuming that we're doing this...) On 02/09/2013 09:26 AM, Brian Millett wrote: > On Sat, 9 Feb 2013 07:50:05 -0500 > Gary Gapinski <[email protected]> wrote: > >> SNIP of a great answer. > > Nicely done. Thanks for the answer. > _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
