This is a possibility, but for now the STIG profile is likely to move
forward with AIDE for verifying integrity periodically. The auditing
system will also detect changes in ACLs for you.
Interestingly, those using the STIG rules for CM purposes will likely
run the /entire/ STIG profile periodically, including the RPM verify check.
On 10/25/2012 03:36 PM, Robert Sanders wrote:
I raised a question on the call earlier noticing the absence of any
ACL related checks in the RHEL6 STIG compared to the RHEL5 STIG.
Someone (Shawn? - apologies if incorrect) that RPM would ensure
correct settings. I was thinking about this afterward and wondered
if there should be a line item requiring a periodic 'have rpm verify
all installed packages' check. While RPM will make sure that things
are setup correctly, I didn't see any checks to see if a change had
been made to ACLs after the fact. AIDE might pick up on this also,
but I've never used it so I don't know.
Sincerely, Rob Sanders =========================== Rob Sanders Sr.
Secure Systems Engineer Raytheon Trusted Computer Solutions 12950
Worldgate Drive, Suite 600 Herndon, Virginia 20170 Security Blanket
Support: 1-866-230-1317 Security Blanket Email:
SecurityBlanket(a)TrustedCS.com Office: 703-896-4762 Fax:
703-318-5041 Email: RSanders(a)TrustedCS.com
_______________________________________________ scap-security-guide
mailing list scap-security-guide(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide