On 4/22/13 8:59 AM, Rodrian, Logan P (IS) wrote:
Does this also work if the audit=1 is set somewhere other than the end of the
kernel list? I believe that is where I was seeing it not be caught.
Logan Rodrian
________________________________________
From: scap-security-guide [[email protected]]
Sent: Friday, April 19, 2013 22:26
Subject: EXT :Re: [scap-security-guide] #174: False positive:
enable_auditd_bootloader
#174: False positive: enable_auditd_bootloader
------------------------------+-------------------------------------
Reporter: Logan.Rodrian@… | Owner: mnewman23
Type: defect | Status: closed
Priority: major | Milestone: RHEL6 STIG OVAL Content
Component: OVAL content | Version: 0.5.0-InitialDraft
Resolution: worksforme | Keywords:
Blocked By: | Blocking:
------------------------------+-------------------------------------
Changes (by shawndwells):
* cc: scap-security-guide@… (added)
* status: new => closed
* resolution: => worksforme
Comment:
[root@rhel6 checks]# grep audit=1 /etc/grub.conf
(nodda)
[root@rhel6 checks]# ./testcheck.py bootloader_audit_argument.xml
Evaluating with OVAL tempfile : /tmp/bootloader_audit_argumentCK9K2I.xml
Definition oval:scap-security-guide.testing:def:247: false
Evaluation done.
[root@rhel6 checks]# vim /etc/grub.conf
[root@rhel6 checks]# grep audit=1 /etc/grub.conf
kernel /vmlinuz-2.6.32-358.2.1.el6.x86_64 ro
root=/dev/mapper/vg_rhel6-lv_root rd_LVM_LV=vg_rhel6/lv_root
rd_LVM_LV=vg_rhel6/lv_swap rd_NO_LUKS rd_NO_MD rd_NO_DM LANG=en_US.UTF-8
SYSFONT=latarcyrheb-sun16 KEYBOARDTYPE=pc KEYTABLE=us crashkernel=auto
rhgb quiet audit=1
[root@rhel6 checks]# ./testcheck.py bootloader_audit_argument.xml
Evaluating with OVAL tempfile : /tmp/bootloader_audit_argumentafOktZ.xml
Definition oval:scap-security-guide.testing:def:247: true
Evaluation done.
Resolving as worksforme
The location of audit=1 within the kernel line doesn't matter. Just
double checked, the following all pass:
kernel /vmlinuz-2.6.32-358.2.1.el6.x86_64 ro
root=/dev/mapper/vg_rhel6-lv_root rd_LVM_LV=vg_rhel6/lv_root
rd_LVM_LV=vg_rhel6/lv_swap rd_NO_LUKS rd_NO_MD rd_NO_DM LANG=en_US.UTF-8
SYSFONT=latarcyrheb-sun16 KEYBOARDTYPE=pc KEYTABLE=us audit=1
crashkernel=auto rhgb quiet
kernel /vmlinuz-2.6.32-358.2.1.el6.x86_64 ro
root=/dev/mapper/vg_rhel6-lv_root rd_LVM_LV=vg_rhel6/lv_root
rd_LVM_LV=vg_rhel6/lv_swap rd_NO_LUKS rd_NO_MD audit=1 rd_NO_DM
LANG=en_US.UTF-8 SYSFONT=latarcyrheb-sun16 KEYBOARDTYPE=pc KEYTABLE=us
crashkernel=auto rhgb quiet
kernel /vmlinuz-2.6.32-358.2.1.el6.x86_64 ro
root=/dev/mapper/vg_rhel6-lv_root rd_LVM_LV=vg_rhel6/lv_root
rd_LVM_LV=vg_rhel6/lv_swap rd_NO_LUKS rd_NO_MD rd_NO_DM LANG=en_US.UTF-8
SYSFONT=latarcyrheb-sun16 KEYBOARDTYPE=pc KEYTABLE=uscrashkernel=auto
rhgb quiet audit=1
_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
