On 2/21/13 9:34 AM, Shaw, Ray V CTR (US) wrote:
Thanks. I'll be sure to report anything where I would like to see a change in
the actual requirement to the DISA address.
As a "for instance" for other cases, the prose for the password_min_age check
appears to want this in login.defs:
PASS_MIN_DAYS 1
which is fine, and is what we have. But the actual check appears to be looking for a
value of "7 or higher", so it fails (using both tools; based on your comments
regarding SCC, I won't report anything that fails on SCC but passes with Open SCAP).
I'm running into similar issues with the "gconftool-2" type rules, where I've
run the indicated commands and they appear to have written to the appropriate places, but
the checks are still failing. Should I just report things like that here?
Any chance you could open a ticket (or two) on these?
https://fedorahosted.org/scap-security-guide/newticket
Under the "Milestone" piece please select "RHEL6 STIG - IntialDraft...."
This will help ensure we don't lose sight of it :)
_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
