There was some discussion a while back about the proper method for doing
kernel module checking. (see:
https://lists.fedorahosted.org/pipermail/scap-security-guide/2012-August/001384.html)
The OVAL checks for disabling kernel modules are currently checking for
`install [module] /bin/true`.
I'm sure there is a reason for doing this as opposed to `install
[module] /bin/false`. Just a shot in the dark: we want the install to
fail and return as if a failure is expected? Would it make more sense
to run /bin/false, as the actual install is failing to install?
Additionally, it seems the checks are using a mixture of `install
[module] /bin/true` and `alias [module] off`. Should these be made
uniform, or is there a reason for the variation in method?
Any and all insight is greatly appreciated.
Thanks,
--Mike
_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
