#174: False positive: enable_auditd_bootloader ------------------------------+------------------------------------- Reporter: Logan.Rodrian@… | Owner: mnewman23 Type: defect | Status: closed Priority: major | Milestone: RHEL6 STIG OVAL Content Component: OVAL content | Version: 0.5.0-InitialDraft Resolution: worksforme | Keywords: Blocked By: | Blocking: ------------------------------+------------------------------------- Changes (by shawndwells):
* cc: scap-security-guide@… (added) * status: new => closed * resolution: => worksforme
Comment:
[root@rhel6 checks]# grep audit=1 /etc/grub.conf (nodda)
[root@rhel6 checks]# ./testcheck.py bootloader_audit_argument.xml Evaluating with OVAL tempfile : /tmp/bootloader_audit_argumentCK9K2I.xml Definition oval:scap-security-guide.testing:def:247: false Evaluation done.
[root@rhel6 checks]# vim /etc/grub.conf [root@rhel6 checks]# grep audit=1 /etc/grub.conf kernel /vmlinuz-2.6.32-358.2.1.el6.x86_64 ro root=/dev/mapper/vg_rhel6-lv_root rd_LVM_LV=vg_rhel6/lv_root rd_LVM_LV=vg_rhel6/lv_swap rd_NO_LUKS rd_NO_MD rd_NO_DM LANG=en_US.UTF-8 SYSFONT=latarcyrheb-sun16 KEYBOARDTYPE=pc KEYTABLE=us crashkernel=auto rhgb quiet audit=1 [root@rhel6 checks]# ./testcheck.py bootloader_audit_argument.xml Evaluating with OVAL tempfile : /tmp/bootloader_audit_argumentafOktZ.xml Definition oval:scap-security-guide.testing:def:247: true Evaluation done.
Resolving as worksforme