Only if we are positioning it as a compliance check. Which we can do
later, if we really wish to do so. And also break it apart into the 3 or
so individual (granular) Rules it should be, if we want that.
On Mon, May 13, 2013 at 11:09 PM, Shawn Wells <shawn(a)redhat.com> wrote:
On 5/13/13 9:01 PM, Jeffrey Blank wrote:
> -<Rule id="dns_server_chroot">
> +<Group id="dns_server_chroot">
> <title>Run DNS Software in a chroot Jail</title>
> <description>Install the <tt>bind-chroot</tt> package:
> <pre># yum install bind-chroot</pre>
> @@ -97,31 +94,10 @@ configuration file. That is, when this guide
> recommends editing
> <tt>/etc/named.conf</tt>, you should instead edit
> <tt>/var/named/chroot/etc/**named.conf</tt>.
> </warning>
> -<ident cce="26957-1" />
> -<ident cce="27127-0" />
> -<ident cce="26961-3" />
> -<!--<oval id="dns_server_chroot" />-->
> -<ref nist="CM-7" />
> -</Rule>
>
Since this gives specific guidance, wouldn't we want this as a <rule>?
______________________________**_________________
scap-security-guide mailing list
scap-security-guide@lists.**fedorahosted.org<scap-security-guide(a)lists.fedorahosted.org>
https://lists.fedorahosted.**org/mailman/listinfo/scap-**security-guide&l...