On Wed, 2014-01-15 at 12:38 -0700, Andrew Gilmore wrote: > I did a fresh git pull on Monday, and ran the > stig-rhel6-server-upstream scan. > > > The set of false positives has shrunk, but is still not zero. > > > 1) mountopt_noexec_on_removable_partitions exits with error, when > there are no removable partitions configured in fstab > > 2) file_ownership_library_dirs complains about an /usr/libexec suid > abrt file > 3) no_files_unowned_by_* are still broken and looking for any files > in / -------------- I had committed a change for this back on 20131218
git commit RHEL6/input/checks/no_files_unowned_by_user.xml I never received an ack/nack back. From: Rodney L. Mercer <[email protected]> To: [email protected] Subject: fix CCE-27032-2 no_files_unowned_by_user.xml Date: Wed, 18 Dec 2013 10:45:21 -0500 -------------- > 4) enable_execshield and sysctl_kernel_randomize_va_space are failing, > although sysctl shows correct results > 5) selinux_all_devicefiles_labeled shows errors with the /dev/.udev > directories > > 6) enable_gdm_login_banner didn't get the gconf mandatory check fixed, > although all the rest did (YAY!) > 7) sysctl_ipv6_default_accept_redirects and service_ip6tables_enabled > fail when ipv6 has been disabled via modprobe.d entries ??? https://git.fedorahosted.org/cgit/scap-security-guide.git/commit/?id=6a271a5df50529dc0ee4800dfce0933114c4677b > > 8) install_openswan is obsoleted by libreswan > 9) audit_file_access does not check for open_by_handle_at, and fails > when the audit rules lines do not contain exactly the content > specified. > > > I was very glad to see almost all of the sysctl and gconf false > positives fixed! > > > Andrew Gilmore > _______________________________________________ > scap-security-guide mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
