Hey all, Just ran oscap with the xml files available on the website (Benchmark version 0.9). Here are the issues that seem to be false positives. Prefix everything with "RHEL-06-000". These are all marked as fail but the server meets the STIG.
9 rhnsd can be on if configured to Satellite server or similar 57 ucredit 58 ocredit 59 lcredit 73 /etc/issue 98 No ipv6 installed 99 " 165 adjtimex 167 settimeofday 169 stime // Also, the STIG is wrong. There is no x86_64 stime syscall 171 clock_settime 184-196, 200 chmod, chown, etc... 206-211 No telnet installed or turned on 240 /etc/ssh/sshd_config Banner 271 If there are no removable partitions this is not a finding. 278 If the file permissions are more restrictive then it is not a finding. 324 No X running 326 " 346 Finding reported on umask 022 348 No vsftp installed, thus no file. 506 "hushlogin" 507 PrintLastLog Am I confused in thinking a system in run level 3 should net need to worry about X/Gnome findings? Leam -- Mind on a Mission <http://leamhall.blogspot.com/>
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
