Closed samcornwell closed 6 years ago
samcornwell
commented
6 years ago @trevor-vaughan for these finds, they are not global exactly. -xautofs is basically a bypass for the control if the home directory can be on autofs like you say. Do we really want to do that?
trevor-vaughan
commented
6 years ago @samcornwell Yes, we 100% NEVER want to scan autofs directories. Home directories should be scanned on the local home directory server. Otherwise you could literally take down the home directory server and/or network with the amount of traffic generated.
samcornwell
commented
6 years ago @trevor-vaughan Ok I went ahead and added those and addressed your other concerns as well. Should be good to go.
These are all the changes we have made in our repo at https://github.com/djhaynes/inspec-profile-disa_stig-el7 relating to interactive user controls. This includes updates of these controls to RHEL7 STIG Rev4, as well as various fixes.