Virtual machines -> Touche! I always forget about that. Are we going to have something like Facter on the system to be able to discover if they are virtual or not?
If we could do that, we might stand a shot but without it, I don't know of a good way of doing this across a VM cluster in terms of checking with OVAL rules. Trevor On Thu, Apr 17, 2014 at 2:57 PM, Shawn Wells <[email protected]> wrote: > On 4/17/14, 5:11 AM, Trevor Vaughan wrote: > > Just out of curiosity, is adding nousb to the grub command line actually > feasible for enforcement? > > > Virtual machines. > > I can't remember the last time I used a system where I didn't need a USB > keyboard at some point (can you even buy server class systems with PS/2 > support any more?) > > > Complete agreement, and acknowledgement in the rule's description: > > *WARNING: Disabling all kernel support for USB will cause problems for > systems with USB-based keyboards, mice, or printers. This configuration is > infeasible for systems which require USB devices, which is common.* > > > Patches welcome which clarify/balance physical deployments vs VMs. > > _______________________________________________ > scap-security-guide mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide > > -- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 [email protected] -- This account not approved for unencrypted proprietary information --
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
