Signed-off-by: Jeffrey Blank <[email protected]> --- RHEL6/input/system/network/wireless.xml | 4 ++-- RHEL6/input/system/permissions/mounting.xml | 4 +++- 2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/RHEL6/input/system/network/wireless.xml b/RHEL6/input/system/network/wireless.xml index f386a36..689fe69 100644 --- a/RHEL6/input/system/network/wireless.xml +++ b/RHEL6/input/system/network/wireless.xml @@ -67,7 +67,7 @@ protocols which were not designed with security in mind. <oval id="wireless_disable_interfaces" /> <ref nist="CM-7" disa="85" /> </Rule> - +<!-- <Rule id="wireless_disable_drivers"> <title>Disable Wireless Network Drivers</title> <description>Removing the kernel drivers that provide support for wireless @@ -84,7 +84,7 @@ the need to install such a driver first. <oval id="wireless_disable_drivers" /> <ref nist="CM-7" disa="85" /> </Rule> - +--> <Rule id="service_bluetooth_disabled"> <title>Disable Bluetooth Service</title> <description> diff --git a/RHEL6/input/system/permissions/mounting.xml b/RHEL6/input/system/permissions/mounting.xml index ed270ed..6dc1fbc 100644 --- a/RHEL6/input/system/permissions/mounting.xml +++ b/RHEL6/input/system/permissions/mounting.xml @@ -59,6 +59,7 @@ the devices themselves should be tightly controlled.</rationale> <oval id="kernel_module_usb-storage_disabled" /> <ref nist="CM-6, CM-7" disa="1250,85" /> </Rule> +<!-- Considering removal of this entirely, in favor of previous Rule <Rule id="kernel_module_usb-storage_removed"> <title>Remove USB Storage Driver</title> @@ -66,7 +67,7 @@ the devices themselves should be tightly controlled.</rationale> supporting driver can be permanently removed. Though more effective than disabling the module within modprobe, this solution is less elegant than the modprobe method described in "Disable Modprobe Loading of USB". The technique described here will cause the -command <tt>rpm -q --verify kernel</tt> to fail which may be an undesirable side effect. +command <tt>rpm -V kernel</tt> to fail which may be an undesirable side effect. <br /><br /> To permanently remove the USB storage driver from the system execute this command: <pre># rm /lib/modules/<i>KERNEL-VERSION</i>/kernel/drivers/usb/storage/usb-storage.ko</pre> @@ -80,6 +81,7 @@ the devices themselves should be tightly controlled.</rationale> <oval id="kernel_module_usb-storage_removed" /> <ref nist="CM-6, CM-7" disa="1250,85" /> </Rule> +--> <Rule id="bootloader_nousb_argument"> <title>Disable Kernel Support for USB via Bootloader Configuration</title> -- 1.7.1 _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
