Perhaps we should just remove this check and the associated Rule entirely. Disabling modules via /etc/modprobe.d is preferable to deleting them from an assurance perspective, as the configuration persists across updates.
On 08/28/2012 09:58 AM, Willem Bos wrote: > Sounds plausable. Should you or I create a patch? > > On Tue, Aug 28, 2012 at 3:23 PM, Gary Gapinski <gapin...@nasa.gov> wrote: >> Hello, Willem: >> >> On 08/28/2012 08:59 AM, Willem Bos wrote: >>> Hi Gary, >>> >>> Ah, should have thought about adding '^' myself, thanks. It works >>> fine. Should the ^ be necessary? >>> >> >> I /think/ so, but I cannot quickly determine this. >> >> http://oval.mitre.org/language/version5.8/ovaldefinition/documentation/unix-definitions-schema.html >> does not provide much guidance. I'd have to look at the source. >> >> In general, OVAL assumes a potentially unlimited set of "objects" over >> which <object> child elements perform a reduction. Since the regex had >> no anchor, it could be (and likely is) assumed to apply to all possible >> paths. Only the use of a LHS anchor would allow the OVAL implementation >> to perform an implicit reduction in system characteristic (object) >> gathering prior to the next reduction step. >> >> If the intended behavior of OVAL differs from this, it is not well >> documented, and would actually unduly constrain the use of "pattern >> matching". >> >> Regards, >> >> Gary >> > _______________________________________________ > scap-security-guide mailing list > scap-security-guide@lists.fedorahosted.org > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide _______________________________________________ scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
