scap-security-guide@lists.fedorahosted.org

23 participants
61 discussions

Start a nNew thread

[PATCH 8/8] Removed unreferenced OVAL rsyslog_files_exist_permissions.xml

by Shawn Wells

10 years, 9 months

1
0
0 / 0

[PATCH 7/8] Removing unreferenced OVAL file_ssh_host_keys_public_permissions.xml

by Shawn Wells

10 years, 9 months

1
0
0 / 0

[PATCH 6/8] Removing unreferenced file_ssh_host_keys_private_permissions.xml

by Shawn Wells

10 years, 9 months

1
0
0 / 0

[PATCH 4/8] Added OVAL mapping to world_writeable_files

by Shawn Wells

10 years, 9 months

1
0
0 / 0

[PATCH 3/8] Corrected naming of set_sysctl_ipv6_default_accept_redirects

by Shawn Wells

10 years, 9 months

1
0
0 / 0

[PATCH 2/8] Added OVAL + remediation for sysctl_net_ipv6_conf_default_accept_ra

by Shawn Wells

10 years, 9 months

1
0
0 / 0

[PATCH 1/8] Created OVAL + remediation for sysctl_net_ipv6_conf_default_accept_redirects

by Shawn Wells

10 years, 9 months

1
0
0 / 0

zipfile sync to EPEL repo

by Shawn Wells

While the build system has created zip files since February [1], the script used to copy RPMs over to the EPEL repo didn't pick them up. That's now updated. The EPEL update script now drops RPMs here: http://repos.fedorapeople.org/repos/scap-security-guide/epel-6/ZIPs/ This is also reflected in the Downloads section: https://fedorahosted.org/scap-security-guide/wiki/downloads [1] https://lists.fedorahosted.org/pipermail/scap-security-guide/2013-Februar...

10 years, 9 months

1
0
0 / 0

SSG Workbook updated

by Shawn Wells

Based off feedback from the 26-JUNE event, I've updated the workbook to fix numerous command-line syntax bugs. New version on the wiki: https://fedorahosted.org/scap-security-guide/ Reference the "See a workbook...." bullet. Those familiar with the v1 will notice few content changes, except copy/pasting the command-line examples should work without issue. Thanks to everyone who gave feedback, and for putting up with the wifi at the hotel!

10 years, 9 months

1
0
0 / 0

Bug in pam_faillock.so Section

by Maura Dailey

The guidance given in the pam_faillock.so section is probably wrong and misleading. "Set Deny For Failed Password Attempts" says to insert the two lines after the pam_unix.so auth line. However, "Set Lockout Time for Failed Password Attempts" and "Set Interval For Counting Failed Password Attempts" says to insert the same two lines after the pam_env.so line. Not only is this a contradiction, it implies that the same two lines much be added over and over again. The STIG has the same problem, except the STIG refers to /etc/pam.d/system-auth-ac while our guide refers to /etc/pam.d/system-auth. Red Hat's guidance shows four faillock lines, one after pam_env.so, two after pam_unix.so, and one at the beginning of account: https://access.redhat.com/site/solutions/62949 The Red Hat solution also suggests editing /etc/pam.d/password-auth in addition to /etc/pam.d/system-auth. Has anyone actually tested this guidance? I've made my own attempts on our own RHEL network with only moderate success. - Maura Dailey

10 years, 9 months

2
3
0 / 0

← Newer
1
2
3
4
5
6
7
Older →

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

scap-security-guide July 2013