On 1/8/19 1:39 PM, Gabe Alford wrote:
On Tue, Jan 8, 2019 at 7:08 AM Watson Sato <[email protected]
<mailto:[email protected]>> wrote:
On Tue, Jan 8, 2019 at 2:57 PM Trevor Vaughan
<[email protected] <mailto:[email protected]>> wrote:
Personally, I think that anything marked as %config should not
be checked because they are allowed to vary anyway.
I'm leaning towards ignoring config files in OVAL check, and
making it explicit in rule description.
And add a note with command that would output list of config files
that do not match their rpm hash,
in case you would like to review altered config files manually.
This isn't a great fix and is more of a bandaid. It would be better
for us to open BZs and fix this in the troublesome RPMsĀ spec files.
The XCCDF currently has language stating that config files are expected
to change and should not be a finding.
If the OVAL is flagging config files, wouldn't that would be a bug in
the existing OVAL code?
_______________________________________________
scap-security-guide mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
