Re: [Open-scap] Stigviewer

Are you referring to the DISA tool or the COTS/freeware tool ? > On Apr 12, 2017, at 7:42 PM, Shawn Wells wrote: > > > >> On 4/12/17 7:08 PM, Matthew wrote: >> Curious, what's the best way to use openscap, and be able to get >> results for stigviewer? > > IIRC, stigviewer

[Open-scap] Using authconfig rather than hand editing files

I just messed up a baker’s dozen of RHEL 6 virtual machines by hand editing /etc/pam.d files system-auth-ac and password-auth-ac I was able to un-mess 8 of them with an authconfig command. The other 5 are in various stages of recovery. One had a snapshot but the other 4 are Oracle servers that

Re: [Open-scap] Using authconfig rather than hand editing files

Šimon's suggestion was not posted to the list. Long story short, he suggested I contact the software vendor - in this case Red Hat. Again, thank you all for your thoughts. On May 31, 2018, at 06:42 AM, Dan White wrote: Trimmed for readability On May 31, 2018, at 04:01 AM, Pavel

Re: [Open-scap] Using authconfig rather than hand editing files

On May 29, 2018, at 05:26 AM, Marek Haicman wrote: On 05/27/2018 08:45 PM, Dan White wrote: On May 27, 2018, at 12:02 PM, Šimon Lukašík mailto:sluka...@redhat.com>> wrote: On 05/25/2018 11:06 PM, Dan White wrote: I just messed up a baker’s dozen of RHEL 6 virtual machines by hand editin

Re: [Open-scap] Using authconfig rather than hand editing files

> On May 27, 2018, at 12:02 PM, Šimon Lukašík <sluka...@redhat.com> wrote: > > On 05/25/2018 11:06 PM, Dan White wrote: >> I just messed up a baker’s dozen of RHEL 6 virtual machines by hand editing >> /etc/pam.d files system-auth-ac and password-auth-ac >>

[Open-scap] RHEL 7 GRUB2 boot password

.2 Does the check need to be updated or do I need to do something other than stated in the Red Hat Documentation ? And y'all have a typo :) that I highlighted in red on the third line of the description. Dan White | d_e_wh...@icloud.com “S

[Open-scap] RHEL 6 - rsyslog vs rsyslog7

Another head-scratcher: RHEL 6 scan brings up findings saying rsyslog is not installed or configured. We are using the rsyslog7 package for compatibility with things like Splunk and LogStash and such. Is there a workaround or should I create a bug/issue about this ? Dan White | d_e_wh

Re: [Open-scap] RHEL 7 GRUB2 boot password

kconfig  and then the oscap scan passed. I can say for certain that the superuser should not be "root" What else shouldn't it be ? Dan White | d_e_wh...@icloud.com “Sometimes I think the surest sign that intelligent life exists elsew

Re: [Open-scap] RHEL 7 GRUB2 boot password

AM, Watson Yuuma Sato <ws...@redhat.com> wrote: > >> On 24/01/18 21:05, Dan White wrote: >> "superusers should be root, admin or administrator" >> >> Are you sure it shouldn't be "superusers should NOT be root, admin or >> administrat

Re: [Open-scap] RHEL 7 GRUB2 boot password

Running "grub2-mkconfig -o /boot/grub2/grub.cfg" without making any other changes made no difference Guess I need to tinker with the /etc/grub.d/01_users configuration file. Dan White | d_e_wh...@icloud.com “Sometimes I think the s

Re: [Open-scap] RHEL 7 GRUB2 boot password

_users ### ... But : Rule ID: xccdf_org.ssgproject.content_rule_bootloader_password Result: fail Identifiers: CCE-27309-4 What the heck ?! Dan White | d_e_wh...@icloud.com “Sometimes I think the surest sign that intelligent life exists elsew

Re: [Open-scap] RHEL 6 - rsyslog vs rsyslog7

In RHEL 6, yes In RHEL 7, they are already on rsyslog 8 Can the check look for either ? Dan White | d_e_wh...@icloud.com “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried