RHEL 6 Benchmark and STIG errors
by Shuhart, Jordan P CIV DISA FSO (US)
I have been doing a full pass/fail test of the RHEL 6 Benchmark and listed below are some of the issues I have come across.
- V-38465 / SV-50265 - The benchmark check returns a passing result, but upon a manual check you can see that /lib/modules/2.6.32-358.el6.x86_64/source and /lib/modules/2.6.32-358.el6.x86_64/build both have group and write permissions.
- V-38476 / SV-50276 - Benchmark returns that this check is closed. Manually checking for gpg-pubkey shows that the package is not installed
- V-38477 / SV-50277 - This check has been returning a open finding even after the settings have been configured to pass.
- V-38499 / SV-50300 - Same as above
- V-38501 / SV-50302 - Unable to make this check pass. It appears that the STIG is missing some Fix text that the Benchmark is checking for.
- V-38512 / SV-50313 - This check passes but the STIG may need updating as the status does not return what the STIG suggests it should.
- V-38519 / SV-50320 - I am unable to get this check to run for some reason.
- V-38540 / SV-50341 - STIG may need updated. Benchmark is looking for "-a always,exit... " but the STIG is instructing me to configure it as "-a exit,always..." Check runs properly when I change the order but I am unsure which is the correct way.
Jordan Shuhart
DISA Field Security Operations
IA Standards & Analysis Division
(717)267-9078
jordan.p.shuhart.civ(a)mail.mil