On Wed, Jan 9, 2019 at 5:39 PM Gabe Alford <[email protected]> wrote:
> On Wed, Jan 9, 2019 at 9:09 AM Watson Sato <[email protected]> wrote: > >> >> >> On Wed, Jan 9, 2019 at 3:28 AM Shawn Wells <[email protected]> wrote: >> >>> >>> The XCCDF currently has language stating that config files are expected >>> to change and should not be a finding. >>> >> From following snippet I understand that a configuration file that >> changed is a finding and should reviewed and fixed/waived. >> >> A "c" in the second column indicates that a file is a configuration file, >> which >> may appropriately be expected to change. If the file was not expected to >> change, investigate the cause of the change using audit logs or other means. >> >> Which if that is the case, changing the OVAL code so that it ignores the > config files and passes doesn't make sense. > Because how will you know if you need to investigate a config file that > has changed when it wasn't supposed to change? > Well, that is one of my questions. In practice, are people expecting that configuration files which differ from default shipped in package to be reported? Won't it just end up creating large amount of findings people don't care? And if config files should really be checked, why skip /etc in OVAL definition? > >> If the OVAL is flagging config files, wouldn't that would be a bug in the >>> existing OVAL code? >>> >> Yes, my suggestion is to stop checking hash of config files in rule >> "Verify file hashes with RPM". >> >> _______________________________________________ >>> scap-security-guide mailing list -- >>> [email protected] >>> To unsubscribe send an email to >>> [email protected] >>> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html >>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >>> List Archives: >>> https://lists.fedorahosted.org/archives/list/[email protected] >>> >> >> >> -- >> Watson Sato >> Security Technologies | Red Hat, Inc >> _______________________________________________ >> scap-security-guide mailing list -- >> [email protected] >> To unsubscribe send an email to >> [email protected] >> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: >> https://lists.fedorahosted.org/archives/list/[email protected] >> > _______________________________________________ > scap-security-guide mailing list -- > [email protected] > To unsubscribe send an email to > [email protected] > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > -- Watson Sato Security Technologies | Red Hat, Inc
_______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
