On Wed, Jun 7, 2017 at 1:41 PM, Shawn Wells <[email protected]> wrote:
> OVAL has the ability to do conditional clauses, e.g. most of the SSH > checks will be notapplicable/pass if sshd is not installed. > This is great, and on a cloud server in a fedramp certified facility one might think it enough, as how would someone log in other than by using SSH? Can evaluate password access in sshd configs, but that's only for ssh > server.... what do we check to see if password access is disabled for the > entire system? > I can't remember the process offhand, but I believe disabling pam_unix will prevent access to /etc/passwd or /etc/shadow. =Fen
_______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected]
