Elaborating the rule descriptions to reenforce default behaviors would be very beneficial at my sites at least. The manual checks are being failed by the IV&E-type staff if disabled settings are not explicitly configured as they either don't understand that the default configuration settings are disabled or they really like having the explicit configuration settings.
On Tue, Aug 5, 2014 at 12:39 PM, Shawn Wells <[email protected]> wrote: > > On 8/5/14, 2:36 PM, Gabe Alford wrote: > >> Got it. So if the default behavior is disabled, then the scan passes. >> Ignore this patch and the disable_rhosts patch then. >> >> General question though: Are sites failing manual checks by IV&E-type > staff if these things are not explicitly configured? Technically the OCIL > should highlight failure conditions, but we could look at elaborating the > rule descriptions to reenforce such things are default behaviors (and thus > need not be explicitly configured). > > -- > SCAP Security Guide mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide > https://github.com/OpenSCAP/scap-security-guide/ >
-- SCAP Security Guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
