I have questions about the five checks shown below, are these known false positives?

Thanks, Rodney ---- Rodney Mercer Systems Administrator.

--------------------------------------------------------------------

Add noexec Option to Removable Media Partitions I don't know how to satisfy this to get a "pass" I have no removable media listed in /etc/fstab

--------------------------------------------------------------------

Ensure No Device Files are Unlabeled by SELinux shows: error I found a fix by substituting input/checks/selinux_all_devicefiles_labeled.xml with: http://oss.tresys.com/projects/clip/browser/packages/scap-security-guide/sca... Not sure if this is the correct fix?

--------------------------------------------------------------------

Implement Blank Screen Saver The Fix SAYS to do this: # gconftool-2 --direct \ --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory \ --type string \ --set /apps/gnome-screensaver/mode blank-only

The check: gconf_gnome_screensaver_mode_blank.xml requires that you would do this: gconftool-2 \ --direct \ --config-source xml:readwrite:/etc/gconf/gconf.xml.defaults \ --type string \ --set /apps/gnome-screensaver/mode blank-only

I believe that ALL of the gnome-screensaver checks should be against the gconf.xml.mandatory tree so that a user cannot change his individual settings.

--------------------------------------------------------------------

Enable GUI Warning Banner fails #gconftool-2 \ --config-source xml:readwrite:/etc/gconf/gconf.xml.defaults \ --get /apps/gdm/simple-greeter/banner_message_enable true # sudo -u gdm gconftool-2 \ --get /apps/gdm/simple-greeter/banner_message_enable true

# ./testcheck.py banner_gui_enabled.xml Evaluating with OVAL tempfile : /tmp/banner_gui_enabledkXi0PJ.xml Writing results to : /tmp/banner_gui_enabledkXi0PJ.xml-results Definition oval:scap-security-guide.testing:def:121: false Evaluation done.

--------------------------------------------------------------------

Disable Accepting IPv6 Redirects CCE-27166-8 fails # sysctl -w net.ipv6.conf.default.accept_redirects=0 error: "net.ipv6.conf.default.accept_redirects" is an unknown key The rule just above this CCE-27153-6 disables the IPV6 stack and causes this to fail. Both rules cannot co-exist and pass.