On 10/25/13, 8:25 AM, Shaw, Ray V CTR USARMY ARL (US) wrote:
Classification: UNCLASSIFIED
Caveats: NONE
There's more than one instance of things like this (e.g. /etc/security/limits.d versus
limits.conf), and this applies to us too. I'd like both to be valid; when possible, we
prefer to configuration-manage a small, unique file in a foo.d directory than make
changes to existing config files. I'm not certain how best to do this in OVAL; write a
check for each location, with a condition of "at least one of these must be
true"?
Good find. Just submitted a patch to address this, pending ack will be
picked up in next build:
https://lists.fedorahosted.org/pipermail/scap-security-guide/2013-October/004387.html
Ray - Perhaps you could use this as a template for limits.conf vs limits.d?
-----Original Message-----
From: [email protected] [mailto:scap-
[email protected]] On Behalf Of wm-lists
Sent: Friday, October 25, 2013 7:47 AM
To: [email protected]
Subject: CCE-26801-1 - rsyslog suggestion/question
It appears the requirement check /etc/rsyslog.conf for an entry such as
*.* @loghost.example.com <http://loghost.example.com/>
or
*.* @@loghost.example.com <http://loghost.example.com/>
<ind:textfilecontent54_object id="oval:ssg:obj:1907" version="1">
<ind:path>/etc</ind:path>
<ind:filename>rsyslog.conf</ind:filename>
<ind:pattern operation="pattern
match">^\*\.\*[\s]+(?:@|\:omrelp\:)</ind:pattern>
<ind:instance datatype="int">1</ind:instance>
</ind:textfilecontent54_object>
However in my case, we utilize multiple .conf files under
/etc/rsyslog.d for destinations (log aggregators, etc...)
I'm guessing the scap software doesn't follow include Directives?
_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
