On 6/29/12 5:45 PM, Willy Santos wrote:
CCI-001092 requires limiting the effects of a DoS attack. The referenced rules
provide some protection agains these type of attacks.
Signed-off-by: Willy Santos <[email protected]>
---
rhel6/src/input/system/network/iptables.xml | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/rhel6/src/input/system/network/iptables.xml
b/rhel6/src/input/system/network/iptables.xml
index d5ae221..df8f390 100644
--- a/rhel6/src/input/system/network/iptables.xml
+++ b/rhel6/src/input/system/network/iptables.xml
@@ -79,7 +79,7 @@ capability for IPv6 and ICMPv6.
</rationale>
<ident cce="4167-3" />
<oval id="service_ip6tables_enabled" />
-<ref nist="CM-6, CM-7" disa="1115,1118"/>
+<ref nist="CM-6, CM-7" disa="1115,1118,1092"/>
</Rule>
<Rule id="enable_iptables">
@@ -95,7 +95,7 @@ capability for IPv4 and ICMP.
</rationale>
<ident cce="4189-7" />
<oval id="service_iptables_enabled" />
-<ref nist="CM-6, CM-7" disa="1115,1118" />
+<ref nist="CM-6, CM-7" disa="1115,1118,1092" />
</Rule>
</Group><!--<Group id="iptables_activation">-->
@@ -188,7 +188,7 @@ could add another IPv6 address to the interface or alter important network setti
ation of IPv6 depends heavily on ICMPv6. Thus, more care must be taken when
blocking ICMPv6 types.</rationale>
<!--<ident cce="14264-6" />-->
<oval id="iptables_icmp_disabled" />
-<ref nist="AC-4, CM-6" />
+<ref nist="AC-4, CM-6" disa="1092" />
</Rule>
<Rule id="iptables_log_and_drop_suspicious">
Ack
_______________________________________________
scap-security-guide mailing list
[email protected]
https://fedorahosted.org/mailman/listinfo/scap-security-guide
