On 9/1/14, 7:24 AM, Ronald wrote: > Hello list, > > I just wanted to know if it was on purpose that the xccdf rules > "httpd_servertokens_prod" and "httpd_serversignature_off" have no OVAL > checks defined/written? > > I suppose it has something to do with the difficulty to write the most > valid test. Considering that just testing for ServerToken and > signature in httpd.conf might not be enough to guarantee that the > setting is enabled. Correct? > > Thanks in advance for your feedback.
Would wager you're correct. There are some recent examples of recursive searching of conf.d/* files... e.g.: https://github.com/OpenSCAP/scap-security-guide/blob/master/RHEL/6/input/checks/rsyslog_remote_loghost.xml#L35#L40 Want to take this on? Doesn't appear to terrible, particularly given the template Maura setup in that rsyslog check. -- SCAP Security Guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
