no logging of successful events?

[Brian LaMere]

> possible with a real life security target people have to meet. I don't have 
> any feedback from disa as to whether or not they like it. :)

I have an "official" position (SYSIAO) that requires I interact with
those darn things constantly.  Plus, the errors in the guides actually
cause me significant problems during scanning, with false positives and
such (because they exist in the automated scan tools too).

So, I've begun looking into getting feedback to/from the drafters of the
UNIX Checklist; I'll let you know if anything comes of it.

Brian