We have been using OSCAP 1.31. In that version, this rule, xccdf_org.ssgproject.content_rule_bootloader_password, is checked by searching the grub.cfg file for the hash of the password, instead of checking for the existence of user.cfg and its contents containing the hash. I see in https://github.com/OpenSCAP/scap-security-guide/pull/2619/files that there is a change related to checking user.cfg. I cannot quite tell what it is doing. Is it saying that checking the user.cfg file is sufficient?
Thanks, Greg Silverman Veritas Technologies Mountain View, CA
_______________________________________________ Open-scap-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/open-scap-list
