AFAIK, removable media is best identified via the UDEV subsystem and queries should probably follow that path.
On Tue, Mar 31, 2020 at 5:41 AM Matěj Týč <ma...@redhat.com> wrote: > > > On Čt, bře 26, 2020 at 13:30, Shawn Wells <sh...@redhat.com> wrote: > > On 3/26/20 1:18 PM, Gabe Alford wrote: > > We think the rule is expected to check for all types of removable devices. > Probably, they could be defined as the pretty common ones, like floppy > disks, CDs, DVDs or USB sticks. But we need to clarify all the requirements > before completing the fix. > > What specific questions / concerns can be clarified? > > > We definitely need to strike the right balance between difficulty of the > task and its worth. > Here are questions that I see in Jan's e-mail: > > 1. What is a removable medium? The description of the rule is quite > ambitious, if we aim for feasible implementation, we have to change it. > Should we determine removable media by their mount points? Or by device > names? Current status: We check only for the /dev/cdrom, so it is > relatively easy to come with incremental improvements. > 2. How to make the rule tailorable? Should we use a blacklists, or > rather a whitelists? Current status: The rule is formally tailorable, but > the usefulness of tailoring is nearly zero. > 3. Remediations don't work. Although they can be fixed easily to work > with /dev/cdrom, what about cases that are implied by the rule's > description? > 4. Should we check the run-time status as well? Runtime checks are not > implied by the rule description, and testing their correctness seems to be > a quite expensive task to me. > > _______________________________________________ > scap-security-guide mailing list -- > scap-security-guide@lists.fedorahosted.org > To unsubscribe send an email to > scap-security-guide-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedorahosted.org > -- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 x788 -- This account not approved for unencrypted proprietary information --
_______________________________________________ scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org To unsubscribe send an email to scap-security-guide-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedorahosted.org
