I just found the relevant code and have no worries. Thanks for the response!
Trevor On Sat, Oct 5, 2013 at 11:25 PM, <[email protected]> wrote: > Trevor, > > The hard and '-' (which sets both hard and soft) are the primary controls, > 'soft' is overruled by the 'hard' setting. > > That's why those are the most important to check. > > Regards, > > Frank > > > > > On 10/05/2013 09:35 PM, Trevor Vaughan wrote: > > Sorry for the double post. I just wanted to make sure that the presence of > the 'soft' line didn't throw an error. > > > On Sat, Oct 5, 2013 at 9:35 PM, Trevor Vaughan <[email protected]>wrote: > >> As a note, both: >> >> * - core 0 >> >> AND >> >> * hard core 0 >> * soft core 0 >> >> Should pass. >> >> Trevor >> >> >> On Mon, Sep 30, 2013 at 11:28 AM, <[email protected]> wrote: >> >>> All, >>> >>> Most of the guidance for RHEL security has suggested setting the >>> following in /etc/security/limits.conf: >>> >>> * hard core 0 >>> >>> I have generally set this to: >>> >>> * - core 0 >>> >>> Because this sets both the hard and soft limits on the system. Most SCAP >>> scanners are looking for very specific values there. I'm looking at >>> modifying the checks to pass either 'hard' or '-' for the value. >>> >>> I'd also to fix the maxlogins in the rule (* >>> max_concurrent_login_sessions*) in /etc/security/limits.conf to look >>> for the DOD default (10) and lower to satisfy the check. Security standards >>> are there as a baseline, why 'fail' the setting for exceeding the baseline >>> value? >>> >>> Regards, >>> >>> Frank Caviggia >>> >>> -- >>> Frank Caviggia >>> Consultant, Public [email protected] >>> (M) (571) 295-4560 >>> >>> >>> _______________________________________________ >>> scap-security-guide mailing list >>> [email protected] >>> https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide >>> >>> >> >> >> -- >> Trevor Vaughan >> Vice President, Onyx Point, Inc >> (410) 541-6699 >> [email protected] >> >> -- This account not approved for unencrypted proprietary information -- >> > > > > -- > Trevor Vaughan > Vice President, Onyx Point, Inc > (410) 541-6699 > [email protected] > > -- This account not approved for unencrypted proprietary information -- > > > > -- > Frank Caviggia > Consultant, Public [email protected] > (M) (571) 295-4560 > > -- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 [email protected] -- This account not approved for unencrypted proprietary information --
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
