Thank you all for your responses. @Albrecht, Thomas C
Yes, the customer said -- We are using the profile DISA STIG for Red Hat Enterprise Linux 7 based on ssg-rhel7-ds security.xml as found on https://github.com/OpenSCAP/scap-security-guide/releases/download/v0.1.40/scap-security-guide-0.1.40-oval-510.zip and tried with the default openscap scanner from the RHEL 7.5 ISO as well as the latest version available on the redhat site (1.2.16.8.el7_5). Warm Regards, Dushyant Uge Red Hat Global Support On Thu, Sep 20, 2018 at 8:05 AM, Shawn Wells <[email protected]> wrote: > > > On 9/20/18 10:52 AM, Albrecht, Thomas C wrote: > > Ok, there’s an inconsistency then. The DISA STIG says that the private > keys need to be 0600. Looks like they set permissions to the DISA version > of the rule, but are scanning the SSG version of the rule. > > Can you provide a “proof of concept” that shows the key generation failing > if the permissions are set to 0600 so I have something in my back pocket to > show our customer? > > > It's a known issue in the DISA content. We let them know about it a few > years ago now. Have been told a fix is making it's way through their > release processes. > > _______________________________________________ > scap-security-guide mailing list -- scap-security-guide@lists. > fedorahosted.org > To unsubscribe send an email to scap-security-guide-leave@ > lists.fedorahosted.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedorahosted.org/archives/list/scap- > [email protected] > >
_______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
