Disable: * no_root_webbrowsing * root_path_default * gid_passwd_group_same
rules in the Fedora common profile from running by default, since they don't have particular OVAL check / remediation implemented at all yet or the implementation wouldn't be that straigtforward. Pushed to master (since this is question just commenting of selected rules out). Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Technologies Team
From 9692ee1371636d9813cfc9596521e56edf1abe6a Mon Sep 17 00:00:00 2001 From: Jan Lieskovsky <[email protected]> Date: Thu, 28 Nov 2013 19:26:33 +0100 Subject: [PATCH] [Fedora] Disable selected rules in the common profile (those rules that don't have OVAL check / remediation implemented in RHEL6 at all yet) Signed-off-by: Jan Lieskovsky <[email protected]> --- Fedora/input/profiles/common.xml | 6 +++--- Fedora/scap-security-guide.spec | 1 + 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/Fedora/input/profiles/common.xml b/Fedora/input/profiles/common.xml index b345a37..e8bc78d 100644 --- a/Fedora/input/profiles/common.xml +++ b/Fedora/input/profiles/common.xml @@ -22,14 +22,14 @@ <select idref="no_direct_root_logins" selected="true"/> <select idref="securetty_root_login_console_only" selected="true"/> <select idref="restrict_serial_port_logins" selected="true"/> - <select idref="no_root_webbrowsing" selected="true"/> + <!-- <select idref="no_root_webbrowsing" selected="true"/> --> <select idref="no_shelllogin_for_systemaccounts" selected="true"/> <select idref="no_uidzero_except_root" selected="true"/> - <select idref="root_path_default" selected="true"/> + <!-- <select idref="root_path_default" selected="true"/> --> <!-- Verify Proper Storage and Existence of Password Hashes section rules --> <select idref="no_empty_passwords" selected="true"/> <select idref="no_hashes_outside_shadow" selected="true"/> - <select idref="gid_passwd_group_same" selected="true"/> + <!-- <select idref="gid_passwd_group_same" selected="true"/> --> <select idref="no_netrc_files" selected="true"/> <!-- Set Password Expiration Parameters section rules --> <refine-value idref="var_accounts_password_minlen_login_defs" selector="12"/> diff --git a/Fedora/scap-security-guide.spec b/Fedora/scap-security-guide.spec index e21aae4..470bee1 100644 --- a/Fedora/scap-security-guide.spec +++ b/Fedora/scap-security-guide.spec @@ -57,6 +57,7 @@ cp -a Fedora/input/auxiliary/scap-security-guide.8 %{buildroot}%{_mandir}/en/man * Thu Nov 28 2013 Jan iankko Lieskovsky <[email protected]> 0.1.4.rc7-1 - Include descriptions for permissions section, and rules for checking permissions and ownership of shared library files and system executables +- Disable selected rules by default * Tue Nov 26 2013 Jan iankko Lieskovsky <[email protected]> 0.1.4.rc6-1 - Adjust service-enable-macro, service-disable-macro XSLT transforms -- 1.8.3.1
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
