Hi, I'm getting false results on 'sysctl_net_ipv6_conf_default_accept_ra' on systems that don't have ipv6 module at all. I think this also applies to any undefined sys variables. Suggested change:
RHEL6/input/checks/templates/template_sysctl - <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter SYSCTLVAR set to SYSCTLVAL" id="test_runtime_sysctl_SYSCTLID" version="1"> + <unix:sysctl_test check="all" check_existence="any_exist" comment="kernel runtime parameter SYSCTLVAR set to SYSCTLVAL" id="test_runtime_sysctl_SYSCTLID" version="1"> Does this make sense? regards -- Rui Pedro Bernardino CTE2/Tecnologias e Desenvolvimento PT Inovação
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
