One-size-fits-all vs tailored Are the config-file-validation-engine’s config files under RPM control? ;-)
From: Watson Sato [mailto:[email protected]] Sent: Wednesday, January 9, 2019 11:59 AM To: SCAP Security Guide <[email protected]> Subject: Re: Rule rpm_verify_file_hashes and config files On Wed, Jan 9, 2019 at 5:39 PM Gabe Alford <[email protected]<mailto:[email protected]>> wrote: On Wed, Jan 9, 2019 at 9:09 AM Watson Sato <[email protected]<mailto:[email protected]>> wrote: On Wed, Jan 9, 2019 at 3:28 AM Shawn Wells <[email protected]<mailto:[email protected]>> wrote: The XCCDF currently has language stating that config files are expected to change and should not be a finding. From following snippet I understand that a configuration file that changed is a finding and should reviewed and fixed/waived. A "c" in the second column indicates that a file is a configuration file, which may appropriately be expected to change. If the file was not expected to change, investigate the cause of the change using audit logs or other means. Which if that is the case, changing the OVAL code so that it ignores the config files and passes doesn't make sense. Because how will you know if you need to investigate a config file that has changed when it wasn't supposed to change? Well, that is one of my questions. In practice, are people expecting that configuration files which differ from default shipped in package to be reported? Won't it just end up creating large amount of findings people don't care? And if config files should really be checked, why skip /etc in OVAL definition? If the OVAL is flagging config files, wouldn't that would be a bug in the existing OVAL code? Yes, my suggestion is to stop checking hash of config files in rule "Verify file hashes with RPM". _______________________________________________ scap-security-guide mailing list -- [email protected]<mailto:[email protected]> To unsubscribe send an email to [email protected]<mailto:[email protected]> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] -- Watson Sato Security Technologies | Red Hat, Inc _______________________________________________ scap-security-guide mailing list -- [email protected]<mailto:[email protected]> To unsubscribe send an email to [email protected]<mailto:[email protected]> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] _______________________________________________ scap-security-guide mailing list -- [email protected]<mailto:[email protected]> To unsubscribe send an email to [email protected]<mailto:[email protected]> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] -- Watson Sato Security Technologies | Red Hat, Inc THIS MESSAGE IS FOR THE USE OF THE INTENDED RECIPIENT(S) ONLY AND MAY CONTAIN INFORMATION THAT IS PRIVILEGED, PROPRIETARY, CONFIDENTIAL, AND/OR EXEMPT FROM DISCLOSURE UNDER ANY RELEVANT PRIVACY LEGISLATION. No rights to any privilege have been waived. If you are not the intended recipient, you are hereby notified that any review, re-transmission, dissemination, distribution, copying, conversion to hard copy, taking of action in reliance on or other use of this communication is strictly prohibited. If you are not the intended recipient and have received this message in error, please notify me by return e-mail and delete or destroy all copies of this message.
_______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
