Signed-off-by: Jeffrey Blank <[email protected]> --- RHEL6/input/profiles/STIG-server.xml | 26 ++++++++++++++++++++++++-- RHEL6/input/profiles/common.xml | 17 +++++++++++++++++ 2 files changed, 41 insertions(+), 2 deletions(-)
diff --git a/RHEL6/input/profiles/STIG-server.xml b/RHEL6/input/profiles/STIG-server.xml index 55bb934..08c8ddb 100644 --- a/RHEL6/input/profiles/STIG-server.xml +++ b/RHEL6/input/profiles/STIG-server.xml @@ -9,9 +9,31 @@ <select idref="no_files_unowned_by_user" selected="true"/> <select idref="aide_periodic_cron_checking" selected="true"/> <select idref="disable_users_coredumps" selected="true"/> +<select idref="no_insecure_locks_exports" selected="true" /> +<select idref="configure_auditd_space_left_action" selected="true" /> +<select idref="configure_auditd_action_mail_acct" selected="true" /> -<!-- Password history --> -<refine-value idref="password_history_retain_number" selector="5"/> +<select idref="kernel_module_bluetooth_disabled" selected="true"/> +<select idref="kernel_module_usb-storage_disabled" selected="true"/> + +<select idref="max_concurrent_login_sessions" selected="true"/> +<refine-value idref="max_concurrent_login_sessions_value" selector="10"/> + +<select idref="set_iptables_default_rule_forward" selected="true"/> + +<select idref="install_openswan" selected="true" /> +<select idref="enable_gdm_login_banner" selected="true" /> + +<select idref="set_gdm_login_banner_text" selected="true" /> +<refine-value idref="login_banner_text" selector="dod_default"/> + +<select idref="service_bluetooth_disabled" selected="true" /> +<select idref="account_disable_post_pw_expiration" selected="true" /> + +<select idref="ftp_present_banner" selected="true" /> + +<!-- from inherited Rule, limiting_password_reuse --> +<refine-value idref="password_history_retain_number" selector="24"/> <refine-value idref="var_password_max_age" selector="60"/> </Profile> diff --git a/RHEL6/input/profiles/common.xml b/RHEL6/input/profiles/common.xml index 6d77abc..cf96a35 100644 --- a/RHEL6/input/profiles/common.xml +++ b/RHEL6/input/profiles/common.xml @@ -164,6 +164,23 @@ these should likely be moved out of common. <select idref="service_rpcbind_disabled" selected="true"/>--> <select idref="service_nfs_disabled" selected="true"/> <select idref="service_rpcsvcgssd_disabled" selected="true"/> + +<select idref="set_screensaver_inactivity_timeout" selected="true"/> +<refine-value idref="inactivity_timeout_value" selector="15"/> + +<select idref="enable_screensaver_after_idle" selected="true"/> +<select idref="enable_screensaver_password_lock" selected="true"/> +<select idref="set_blank_screensaver" selected="true"/> + +<select idref="service_abrtd_disabled" selected="true"/> +<select idref="service_atd_disabled" selected="true"/> +<select idref="service_autofs_disabled" selected="true"/> +<select idref="service_ntpdate_disabled" selected="true"/> +<select idref="service_oddjobd_disabled" selected="true"/> +<select idref="service_qpidd_disabled" selected="true"/> +<select idref="service_rdisc_disabled" selected="true"/> +<select idref="service_sysstat_disabled" selected="true"/> + <select idref="use_nodev_option_on_nfs_mounts" selected="true"/> <select idref="use_nosuid_option_on_nfs_mounts" selected="true"/> <select idref="disable_dns_server" selected="true"/> -- 1.7.1 _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
