This would make things consistent, but it seemed like Steve stated
While the command will accept either as input, this has caused so
much
confusion that I will probably add a warning at some point soon and then
in a
future release reject the wrong order."
It seems like he expects the current release to accept either for now. Do I
apply this and make everything more consistent and restrictive, or add
"(always,exit|exit,always)"
to the 5 tests that are restrictive already?
Steve?
Andrew
On Mon, Jul 22, 2013 at 12:28 PM, Shawn Wells <shawn(a)redhat.com> wrote:
On 7/19/13 3:59 PM, Andrew Gilmore wrote:
Signed-off-by: Andrew Gilmore <agilmore2(a)gmail.com> <agilmore2(a)gmail.com>
---
.../checks/audit_rules_dac_modification_chmod.xml | 4 ++--
.../checks/audit_rules_dac_modification_chown.xml | 4 ++--
.../checks/audit_rules_dac_modification_fchmod.xml | 4 ++--
.../audit_rules_dac_modification_fchmodat.xml | 4 ++--
.../checks/audit_rules_dac_modification_fchown.xml | 4 ++--
.../audit_rules_dac_modification_fchownat.xml | 4 ++--
.../audit_rules_dac_modification_fremovexattr.xml | 4 ++--
.../audit_rules_dac_modification_fsetxattr.xml | 4 ++--
.../checks/audit_rules_dac_modification_lchown.xml | 4 ++--
.../audit_rules_dac_modification_lremovexattr.xml | 4 ++--
.../audit_rules_dac_modification_lsetxattr.xml | 4 ++--
.../audit_rules_dac_modification_removexattr.xml | 4 ++--
.../audit_rules_dac_modification_setxattr.xml | 4 ++--
.../audit_rules_networkconfig_modification.xml | 2 +-
RHEL6/input/checks/audit_rules_time_adjtimex.xml | 4 ++--
.../checks/audit_rules_time_clock_settime.xml | 4 ++--
.../input/checks/audit_rules_time_settimeofday.xml | 4 ++--
RHEL6/input/checks/audit_rules_time_stime.xml | 2 +-
18 files changed, 34 insertions(+), 34 deletions(-)
Applied locally - looks like you sorted out all the rules to be
"always,exit" not "(always,exit|exit,always)":
$ grep -rin "(always" *
$ ./testchecl audit_* | grep error
Thanks for sorting these out! Ack
(and thanks sgrubb for chiming in!)
_______________________________________________
scap-security-guide mailing list
scap-security-guide(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide