> > Are the config-file-validation-engine’s config files under RPM control? ;-) >
Heh....sort of, but mostly git with mandatory 2 person review and CI. On Wed, Jan 9, 2019 at 2:43 PM Brent Kimberley <[email protected]> wrote: > One-size-fits-all vs tailored > > Are the config-file-validation-engine’s config files under RPM control? ;-) > > > > *From:* Watson Sato [mailto:[email protected]] > *Sent:* Wednesday, January 9, 2019 11:59 AM > *To:* SCAP Security Guide <[email protected]> > *Subject:* Re: Rule rpm_verify_file_hashes and config files > > > > > > > > On Wed, Jan 9, 2019 at 5:39 PM Gabe Alford <[email protected]> wrote: > > On Wed, Jan 9, 2019 at 9:09 AM Watson Sato <[email protected]> wrote: > > > > > > On Wed, Jan 9, 2019 at 3:28 AM Shawn Wells <[email protected]> wrote: > > > > The XCCDF currently has language stating that config files are expected to > change and should not be a finding. > > From following snippet I understand that a configuration file that changed > is a finding and should reviewed and fixed/waived. > > A "c" in the second column indicates that a file is a configuration file, > which > > may appropriately be expected to change. If the file was not expected to > > change, investigate the cause of the change using audit logs or other means. > > Which if that is the case, changing the OVAL code so that it ignores the > config files and passes doesn't make sense. > > Because how will you know if you need to investigate a config file that > has changed when it wasn't supposed to change? > > > > Well, that is one of my questions. > > In practice, are people expecting that configuration files which differ > from default shipped in package to be reported? > > Won't it just end up creating large amount of findings people don't care? > > > > And if config files should really be checked, why skip /etc in OVAL > definition? > > > > > > If the OVAL is flagging config files, wouldn't that would be a bug in the > existing OVAL code? > > Yes, my suggestion is to stop checking hash of config files in rule > "Verify file hashes with RPM". > > > > _______________________________________________ > scap-security-guide mailing list -- > [email protected] > To unsubscribe send an email to > [email protected] > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > > > > -- > > Watson Sato > Security Technologies | Red Hat, Inc > > _______________________________________________ > scap-security-guide mailing list -- > [email protected] > To unsubscribe send an email to > [email protected] > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > > _______________________________________________ > scap-security-guide mailing list -- > [email protected] > To unsubscribe send an email to > [email protected] > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > > > > -- > > Watson Sato > Security Technologies | Red Hat, Inc > THIS MESSAGE IS FOR THE USE OF THE INTENDED RECIPIENT(S) ONLY AND MAY > CONTAIN INFORMATION THAT IS PRIVILEGED, PROPRIETARY, CONFIDENTIAL, AND/OR > EXEMPT FROM DISCLOSURE UNDER ANY RELEVANT PRIVACY LEGISLATION. No rights to > any privilege have been waived. If you are not the intended recipient, you > are hereby notified that any review, re-transmission, dissemination, > distribution, copying, conversion to hard copy, taking of action in > reliance on or other use of this communication is strictly prohibited. If > you are not the intended recipient and have received this message in error, > please notify me by return e-mail and delete or destroy all copies of this > message. > _______________________________________________ > scap-security-guide mailing list -- > [email protected] > To unsubscribe send an email to > [email protected] > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > -- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 x788 -- This account not approved for unencrypted proprietary information --
_______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
