On 2/15/13 4:28 PM, "Jeffrey Blank" <[email protected]> wrote:
> >> If a password exists for a service account its declared a finding and >> passwd -l <account name> should be done, but passwd -l only puts !! In >> front of the hash to lock the account and does not remove the hash. I'm >> assuming this is going to cause some false positives in scanning. So >> maybe some extra wording saying that if a has exists and !! Comes before >> it, then its not a finding? > >A patch would force the issue / be most helpful. >Thanks for the feedback! Happy to help, let me know if this is how you would like the feedback moving forward. > >> I'm keeping track of everything as I develop the STIG content, so will >> report back as I mow through everything. > >"Content" remains a confusingly overloaded word. If it's not too much >to ask, I'd request that everyone use it only to describe SCAP-formatted >content, such as the STIG itself or the other SCAP content on >scap-security-guide. Sorry, that¹s the Aqueduct side of me talking. By content I mean remediation content. > >> P.S. From the RHEL5 Beta STIG to the RHEL5 Final no change log or >> revision tracking was done, which makes updating content a >> nightmare--especially if there are dups of like checks. Maybe we can >>ping >> DISA to try and implement that? > >Yes -- we need to sync shortly. Ideally all changes would go through >SSG, and then the git log will provide a complete and transparent record >of all changes. I do not believe DISA's system includes version control >(but I'm open to correction). Agreed, there is an upcoming internal Aqueduct call happening next week in regards to Jboss STIG remediation content. Hopefully yourself and/or Shawn can attend. >_______________________________________________ >scap-security-guide mailing list >[email protected] >https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
