Hi All,
I'm in the process of implementing a lockdown of RHEL6 based on the STIG found in your
packages.
I'm moving through each failure but I'd like to find out if there's a way to
see what checks are actually being performed for each RuleID so that I can perform them on
the command line to understand what they are looking for.
I'm also seeing 2 errors and I'd like to understand and fix those so turning on
debug or verbose logging would really be useful to find out why both of these error:
* mountopt_noexec_on_removeable_partitions
* selinux_all_devicefiles_labeled
Can anyone help?
Thanks,
Steve
Show replies by date
I've been having the same issues with the selinux_all_devicefiles_labeled and
we're running selinux under the mls policy. (Yes I've already refined the rule to
look for mls). When you run the oscap command to generate the result and report add
--oval-results and it should list a slew of files for which it cannot get the context. I
haven't had the time to look into the results yet but if I figure anything out
I'll let you know.
Hopefully that helps.
Luke K
________________________________________
From: scap-security-guide-bounces(a)lists.fedorahosted.org
[scap-security-guide-bounces(a)lists.fedorahosted.org] on behalf of Steve Thomas
[sthomas(a)rpstechnologysolutions.co.uk]
Sent: Friday, April 04, 2014 5:24 AM
To: scap-security-guide(a)lists.fedorahosted.org
Subject: EXTERNAL: RHEL6 & STIG
Hi All,
I’m in the process of implementing a lockdown of RHEL6 based on the STIG found in your
packages.
I’m moving through each failure but I’d like to find out if there’s a way to see what
checks are actually being performed for each RuleID so that I can perform them on the
command line to understand what they are looking for.
I’m also seeing 2 errors and I’d like to understand and fix those so turning on debug or
verbose logging would really be useful to find out why both of these error:
* mountopt_noexec_on_removeable_partitions
* selinux_all_devicefiles_labeled
Can anyone help?
Thanks,
Steve