its because the XCCDF test ensure_gpgcheck_globally_activated (in file "system/software/updating.xml") references an unknown/non-existent OVAL check (yum_gpgcheck_global_activation).
I solved this by changing yum_gpgcheck_global_activation to "ensure_gpgcheck_globally_activated" (which is the valid OVAL check ref id in checks/ensure_gpgcheck_globally_activated.xml) in file "system/software/updating.xml" Find diff file in attachment. krs, Ronald On Mon, Mar 31, 2014 at 7:32 PM, Delorenzo, Michael A CIV USARMY ARDEC (US) <[email protected]> wrote: > Hello everyone, > > > > I noticed that after a newer git pull this referenced check is now set as > not checked, when it previously was checked. I can't seem to find an > explanation in the mailing list emails. Does anyone have any explanation? > > > > Thanks, > > > > Michael DeLorenzo > > Computer Scientist > > Picatinny Arsenal > > Business Transformation & E-Systems Office, RDAR-WSE, Building 93 > > W: (973)-724-1370 > > BB: (862)-432-6071 > > > > _______________________________________________ > scap-security-guide mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide > >
diff --git a/RHEL/6/input/system/software/updating.xml b/RHEL/6/input/system/software/updating.xml index aef22ec..46832a6 100644 --- a/RHEL/6/input/system/software/updating.xml +++ b/RHEL/6/input/system/software/updating.xml @@ -69,7 +69,7 @@ installation ensures the authenticity of the software and protects against malicious tampering. </rationale> <ident cce="26709-6" /> -<oval id="yum_gpgcheck_global_activation" /> +<oval id="ensure_gpgcheck_globally_activated" /> <ref nist="SI-7,MA-1(b)" disa="352,663" /> <tested by="MM" on="20120928"/> </Rule>
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
