OVAL was checking for /bin/ping, not all SUID commands, and giving false positives. Disabling OVAL until fix developed. Tracking via https://github.com/OpenSCAP/scap-security-guide/issues/5
Signed-off-by: Shawn Wells <[email protected]> --- RHEL/6/input/system/auditing.xml | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/RHEL/6/input/system/auditing.xml b/RHEL/6/input/system/auditing.xml index 39196ec..9923680 100644 --- a/RHEL/6/input/system/auditing.xml +++ b/RHEL/6/input/system/auditing.xml @@ -1173,7 +1173,7 @@ limited capability. As such, motivation exists to monitor these programs for unusual activity. </rationale> <ident cce="26457-2" /> -<oval id="audit_rules_privileged_commands" /> +<!-- <oval id="audit_rules_privileged_commands" /> --> <ref nist="AC-17(7),AU-1(b),AU-2(a),AU-2(c),AU-2(d),AU-2(4),IR-5" disa="40" /> <tested by="DS" on="20121024"/> </Rule> -- 1.7.1 _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
