Add: Verify File Permissions with RPM
On Thu, Sep 12, 2013 at 2:51 PM, leam hall <[email protected]> wrote: > Using the oscap from openscap 0.9.3-1 and the ssg content fresh from the > repo (0.1-12) I ran: > > oscap xccdf eval --profile stig-rhel6-server --results > `hostname`-ssg-results.xml --report `hostname`-ssg-results.html --cpe > /usr/share/xml/scap/ssg/content/ssg-rhel6-cpe-dictionary.xml > /usr/share/xml/scap/ssg/content/ssg-rhel6-xccdf.xml > > on my server. The output gave me stuff to work on and what seems to be a > list of false positives. I have not found these items in the STIG. Could > someone point me to them, or can we remove them from the scan if they are > not present? > > I'm looking at the git repo but having issues with builds. So some of > these might already be fixed. > > Thanks! > > Leam > > ##### > > Configure auditd admin_space_left Action on Low Disk Space > Disable IPv6 Networking Support Automatic Loading > Disable Kernel Parameter for Accepting ICMP Redirects By Default > Disable Kernel Parameter for Accepting Secure Redirects By Default > Disable Kernel Parameter for Accepting Secure Redirects for All Interfaces > > Disable Kernel Parameter for Sending ICMP Redirects by Default > Disable Modprobe Loading of USB Storage Driver > Ensure All Files Are Owned by a Group > Ensure All Files Are Owned by a User > Ensure auditd Collects Unauthorized Access Attempts to Files > (unsuccessful) > Ensure SELinux State is Enforcing > Implement Blank Screen Saver > Record Events that Modify User/Group Information > Set SSH Client Alive Count > > -- > Mind on a Mission <http://leamhall.blogspot.com/> > -- Mind on a Mission <http://leamhall.blogspot.com/>
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
