On 6/29/12 5:45 PM, Willy Santos wrote:
CCI-000085 requires monitoring for unauthorized connections of mobile devices.
The referenced rule disables all USB support in the kernel by the bootloader.
Signed-off-by: Willy Santos <[email protected]>
---
rhel6/src/input/system/permissions/mounting.xml | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/rhel6/src/input/system/permissions/mounting.xml
b/rhel6/src/input/system/permissions/mounting.xml
index 7df811a..f913f4b 100644
--- a/rhel6/src/input/system/permissions/mounting.xml
+++ b/rhel6/src/input/system/permissions/mounting.xml
@@ -96,7 +96,7 @@ disable USB storage devices if they are plugged into the
sytem. Support for thes
should be disabled and the devices themselves should be tightly
controlled.</rationale>
<ident cce="4173-1" />
<oval id="bootloader_nousb_argument" />
-<ref nist="CM-6, CM-7" disa="1250" />
+<ref nist="CM-6, CM-7" disa="1250,85" />
</Rule>
<Rule id="bios_disable_usb_boot">
Ack
_______________________________________________
scap-security-guide mailing list
[email protected]
https://fedorahosted.org/mailman/listinfo/scap-security-guide
