Classification: UNCLASSIFIED Caveats: NONE There's more than one instance of things like this (e.g. /etc/security/limits.d versus limits.conf), and this applies to us too. I'd like both to be valid; when possible, we prefer to configuration-manage a small, unique file in a foo.d directory than make changes to existing config files. I'm not certain how best to do this in OVAL; write a check for each location, with a condition of "at least one of these must be true"?
-- Ray Shaw Contractor, STG Unix support, Army Research Labs > -----Original Message----- > From: [email protected] [mailto:scap- > [email protected]] On Behalf Of wm-lists > Sent: Friday, October 25, 2013 7:47 AM > To: [email protected] > Subject: CCE-26801-1 - rsyslog suggestion/question > > It appears the requirement check /etc/rsyslog.conf for an entry such as > > *.* @loghost.example.com <http://loghost.example.com/> > or > > > *.* @@loghost.example.com <http://loghost.example.com/> > > <ind:textfilecontent54_object id="oval:ssg:obj:1907" version="1"> > <ind:path>/etc</ind:path> > <ind:filename>rsyslog.conf</ind:filename> > <ind:pattern operation="pattern > match">^\*\.\*[\s]+(?:@|\:omrelp\:)</ind:pattern> > <ind:instance datatype="int">1</ind:instance> > </ind:textfilecontent54_object> > > > However in my case, we utilize multiple .conf files under > /etc/rsyslog.d for destinations (log aggregators, etc...) > > I'm guessing the scap software doesn't follow include Directives? Classification: UNCLASSIFIED Caveats: NONE _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
