This Rule verifies that there is an NTP server configured in /etc/ntpd.conf. The supporting OVAL performs this check as well as verifying that ntpd is enabled, by extending RHEL-06-000247/service_ntpd_enabled. Arguments could be made that these Rules should pass or fail independently or that, if ntpd (or ntpdate) is not enabled or used, it does not matter whether a server is configured in /etc/ntpd.conf.
There is a patch below my signature block to remove the dependency entirely. Regards, -- Leland Steinke, Security+ DISA FSO Technical Support Contractor tapestry technologies, Inc 717-267-5797 (DSN 570) [email protected] (gov't) [email protected] (com'l) 8<==================== Subject: [PATCH] remove dependency between ntpd service and /etc/ntpd.conf server configuration --- RHEL6/input/checks/ntp_remote_server.xml | 4 +--- 1 files changed, 1 insertions(+), 3 deletions(-) diff --git a/RHEL6/input/checks/ntp_remote_server.xml b/RHEL6/input/checks/ntp_remote_server.xml index b630ae4..750d640 100644 --- a/RHEL6/input/checks/ntp_remote_server.xml +++ b/RHEL6/input/checks/ntp_remote_server.xml @@ -9,9 +9,7 @@ specified (and dependencies are met)</description> <reference source="MED" ref_id="20130819" ref_url="test_attestation" /> </metadata> - <criteria comment="ntpd is enabled and conditions are met" operator="AND"> - <extend_definition comment="ntpd is enabled" - definition_ref="service_ntpd_enabled" /> + <criteria comment="ntp.conf conditions are met"> <criterion test_ref="test_ntp_remote_server" /> </criteria> </definition> -- 1.7.1
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
