Hello list,
I just wanted to know if it was on purpose that the xccdf rules "httpd_servertokens_prod" and "httpd_serversignature_off" have no OVAL checks defined/written?
I suppose it has something to do with the difficulty to write the most valid test. Considering that just testing for ServerToken and signature in httpd.conf might not be enough to guarantee that the setting is enabled. Correct?
Thanks in advance for your feedback.
Ronald
On 9/1/14, 7:24 AM, Ronald wrote:
Hello list,
I just wanted to know if it was on purpose that the xccdf rules "httpd_servertokens_prod" and "httpd_serversignature_off" have no OVAL checks defined/written?
I suppose it has something to do with the difficulty to write the most valid test. Considering that just testing for ServerToken and signature in httpd.conf might not be enough to guarantee that the setting is enabled. Correct?
Thanks in advance for your feedback.
Would wager you're correct.
There are some recent examples of recursive searching of conf.d/* files... e.g.: https://github.com/OpenSCAP/scap-security-guide/blob/master/RHEL/6/input/che...
Want to take this on? Doesn't appear to terrible, particularly given the template Maura setup in that rsyslog check.
scap-security-guide@lists.fedorahosted.org