I'd like to see the audit -k field names match whatever we call the actual check. Right now they're (fairly arbitrary) strings from the stig.rules file. Any objection to changing them to match the rule name?
Hey Shawn,
I concur with your suggestion. Some of the field names I believe were carried over from older content so we have no pride of authorship.
What we might want to do is modify the audit checks so that they accept an arbitrary field name. I have done this with some of the checks.
Thanks,
Mike
MICHAEL W. MOSELEY, Capt, USAF I4221 Intern, Computer Network Operations Development Program 410-854-5173 michael@eclipse.ncsc.mil
On 02/28/2012 08:16 PM, Shawn Wells wrote:
I'd like to see the audit -k field names match whatever we call the actual check. Right now they're (fairly arbitrary) strings from the stig.rules file. Any objection to changing them to match the rule name? _______________________________________________ scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/scap-security-guide
On Tuesday, February 28, 2012 08:16:12 PM Shawn Wells wrote:
I'd like to see the audit -k field names match whatever we call the actual check.
As they currently are, they describe the exact STIG requirement they fulfill. There is a comment above the rule and you should be able to correlate the key with the comment in every case. The purpose of the keys is so that this makes sense:
aureport --start today --key --summary
This is the first step in any investigation. What policy violations do I currently have?
Right now they're (fairly arbitrary) strings from the stig.rules file. Any objection to changing them to match the rule name?
Yeah. I object. What would be the proposed change? How would it make the key report any more useful than it currently is?
-Steve
scap-security-guide@lists.fedorahosted.org