Thanks for the awesome release. I've been sitting back watching this
list with awe at the amount of activity and patches you wonderful people
have been pushing out!
It would be great if someone could look at the issue of headless
installs, and make 6 of my failures go away! I did have a quick search
on Trac and couldn't find Ray's ticket.
Cheers,
Stuart
Classification: UNCLASSIFIED
Caveats: NONE
I put a ticket in for this a while ago, but unfortunately I haven't done much with
it. For one, I don't know enough about GNOME to know which location is
"right" and/or will actually accomplish what the STIG wants (I recall testing
one and not seeing an effect). We actually handle some of these (like screensaver
timeout) in a way that's completely different from what either the fix text or the
OVAL check specify, so that adds to my confusion.
FWIW, the RHEL5 content seems to have the same issue; if X/GNOME aren't present, the
checks for automatic lock and 15 minute timeout are flagged as non-compliant.
--
Ray Shaw
Contractor, STG
Unix support, Army Research Labs
> -----Original Message-----
> From: scap-security-guide-bounces(a)lists.fedorahosted.org [mailto:scap-
> security-guide-bounces(a)lists.fedorahosted.org] On Behalf Of Andrew
> Gilmore
> Sent: Friday, August 02, 2013 10:52 AM
> To: stuart.green(a)doccentrics.com; scap-security-
> guide(a)lists.fedorahosted.org
> Subject: Re: Fishing with Gnome's
>
> I have different issues with the Gnome checks.
>
> The remediation I followed set the blank screensaver, timeout, banner,
> etc. in /etc/gconf/gconf.xml.mandatory/ but the SSG tests look for
> these values in /etc/gconf/gconf.xml.defaults
>
>
> Agreed, though, that if NO Gnome tools are installed at all, these
> checks should also pass. I've not seen that false positive, but it
> doesn't surprise me.
>
> Andrew
>
>
>
> On Fri, Aug 2, 2013 at 5:18 AM, Stuart Green
> <stuart.green(a)doccentrics.com> wrote:
>
>
>
> To add specifics:
> Set GNOME Login Inactivity Timeout - Failed
> GNOME Desktop Screensaver Mandatory Use - Failed
> Enable Screen Lock Activation After Idle Period - Failed
> Implement Blank Screen Saver - Failed
> Install the screen Package - Failed
> Enable GUI Warning Banner - Failed
>
>
>
> Hey All,
>
> Has there been any previous discussion on the Gnome checks?
>
> We run headless installations here so none of the checks
> are applicable to us, but the XCCDF raises fails. I'm not sure if its
> possible to add a check to see if x sessions are enabled perhaps?
>
> Cheers
> Stu
>
>
>
> _______________________________________________
> scap-security-guide mailing list
> scap-security-guide(a)lists.fedorahosted.org <mailto:scap-security-
> guide(a)lists.fedorahosted.org>
>
https://lists.fedorahosted.org/mailman/listinfo/scap-security-
> guide <
https://lists.fedorahosted.org/mailman/listinfo/scap-security-
> guide>
>
>
Classification: UNCLASSIFIED
Caveats: NONE
_______________________________________________
scap-security-guide mailing list
scap-security-guide(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide