On Wed, Sep 5, 2012 at 5:09 PM, Kenneth Stailey kstailey.lists@gmail.com wrote:
On Wed, Sep 5, 2012 at 4:40 PM, Jeffrey Blank blank@eclipse.ncsc.mil wrote:
good to chat with you -- as we discussed, let's try updating the checks/templates/file_dir_permissions templates file for this (and for future file permission checks). (and then commit changes from the template list and also the resultant OVAL.)
Nice to talk with you too. Thanks for pointing out the templates directory. I've redone the change by updating the file_dir_permissions.csv file and generating the file_permissions_etc_gshadow.xml from that. I'll send this out as email.
Regarding templates, I noticed that RHEL6/input/checks/templates/file_dir_permissions.csv used to have /var/log,cron,0,0,0600, in it but not now, yet RHEL6/input/checks/file_permissions_var_log_cron.xml still exists and has a comment that it was generated from a template.
The same seems true for RHEL6/input/checks/templates/sysctl_values.csv once having net.ipv6.conf.default.accept_redirects but no more, yet generated file RHEL6/input/checks/templates/sysctl_net_ipv6_conf_default_accept_redirects.xml still exists.