I'm jumping in here to restart this
conversation. I can see that this patch was not applied, but I can
also see that there was some discussion from Red Hat on whether a
rule swap should take place. Leland, it seemed like you agreed
with the proposed swap, but what wasn't clear was if your patch
would have to be edited to match the proposed changes from Red Hat
or if you were waiting for someone else to push something out.
As of right now, the Rule "Ensure that System Accounts Do Not Run
a Shell Upon Login" still exists, as does the OVAL check
no_shelllogin_for_systemaccounts.xml.
- Maura Dailey
On 12/16/2013 01:36 PM, Steinke, Leland J Sr CTR DISA FSO (US)
wrote:
Leland? Jeff?
.....Bueller? ;)
But really, what do you think of this approach Leland (+Jeff?)?
I submitted the patch, so I am for it. RHEL6's default operating system accounts are password-locked by default, so this just verifies what should already be in place.
Thanks,
Leland
_______________________________________________
scap-security-guide mailing list
scap-security-guide@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide