Hello experts! I've noticed SSSD configuration rules implemented without verification if SSSD package/service installed/enabled. To be added, remediation part doesn't install sssd in case it is missing on the system, thus fix doesn't work for systems with no sssd on board. Rules: - sssd_enable_pam_services - sssd_ldap_configure_tls_ca_dir - sssd_ldap_start_tls
So I have couple questions for clarification on the above: Shouldn't SSSD presence test criteria be added for mentioned rules and just mark them as passed if no SSSD observed? With regard to STIG profile, should service_sssd_enabled rule be added as a requirement? Regards, Ilya.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
