On 1/9/19 8:54 PM, Trevor Vaughan wrote:
DoD refined as requiring audit of all
success/failed attempts to create/access/delete/modify files [2]
Ugh... this thing *destroys* systems on a regular basis along with the
chmod/chown rules. I get it but I've seen *so* many systems tanked by
those rules.
Way the current Configuration Annex is written is that CNSSI 1253 and
DoD systems will need to audit every file I/O.
They have a reasonably responsive team behind these. Can open a ticket
through GitHub, or even submit a PR, to start the conversation to have
these changed:
https://github.com/commoncriteria/operatingsystem/blob/master/input/configannex.xml#L212#L223
_______________________________________________
scap-security-guide mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
