On 02/14/2014 02:17 PM, ssg fthfth wrote:
For SSGID Set GNOME Login Inactivity Timeout - (CCE-26828-4), with
either the stig-rhel6-server or usgcb-rhel6-server profiles selected from the SCAP stream,
when run with SCC 3.1.1.1, may produce a false-positive on a RHEL6V1R2 complaint
machine..
With the X Window System not installed, the configuration check will fail. Recommend
verifying if a windowing system is installed, then, if applicable, check the
configuration.
_______________________________________________
scap-security-guide mailing list
scap-security-guide(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
The check is essentially structured as: (Is GConf Installed? Negate
value.) OR (Is the GConf setting applied?)
The truth table is as follows:
Pass GConf Installed? (Negated): No GConf Value Set?: Yes
Fail GConf Installed? (Negated): No GConf Value Set?: No
Pass GConf Installed? (Negated): Yes GConf Value Set?: Yes
Pass GConf Installed? (Negated): Yes GConf Value Set?: No
Assuming I am reading this bug report/warning correctly, the false
positive probably refers to the last line, when GConf is not installed,
and the value is not set. Obviously, the meaning is still correct (users
should pass, because there is no utility that will even read the config
file). Is this a problem? There are several other checks that use the
same structure.
- Maura Dailey