>From 6311d55d5dbecac2e8fa10181b94cb4206abd412 Mon Sep 17 00:00:00 2001
From: Shawn Wells <[email protected]>
Date: Fri, 28 Sep 2012 00:03:21 -0400
Subject: [PATCH 3/8] Added persistent config test to sysctl-check-macro
Historically this macro only checked for runtime config, not persistent
configuration via /etc/sysctl.conf
---
RHEL6/transforms/shorthand2xccdf.xslt | 9 +++++----
1 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/RHEL6/transforms/shorthand2xccdf.xslt
b/RHEL6/transforms/shorthand2xccdf.xslt
index 11181c8..77b4587 100644
--- a/RHEL6/transforms/shorthand2xccdf.xslt
+++ b/RHEL6/transforms/shorthand2xccdf.xslt
@@ -246,12 +246,13 @@ exclude-result-prefixes="xccdf xhtml">
</xsl:template>
<xsl:template match="sysctl-check-macro">
- The status of the <xhtml:code><xsl:value-of
select="@sysctl"/></xhtml:code> kernel parameter can be queried
+ The runtime status of the <xhtml:code><xsl:value-of
select="@sysctl"/></xhtml:code> kernel parameter can be queried
by running the following command:
<xhtml:pre>$ sysctl <xsl:value-of select="@sysctl"/></xhtml:pre>
- The output of the command should indicate a value of
<xhtml:code><xsl:value-of select="@value"/></xhtml:code>.
- If this value is not the default value, investigate how it could have been
adjusted at runtime, and verify
- that it is not set improperly in <xhtml:code>/etc/sysctl.conf</xhtml:code>.
+ The output of the command should indicate a value of
<xhtml:code><xsl:value-of select="@value"/></xhtml:code>.<br />
+ To verify persistent configuration of the <xhtml:code><xsl:value-of
select="@sysctl"/></xhtml:code> kernel parameter,
+ verify that the following line is present in <tt>/etc/sysctl.conf</tt>:
+ <xhtml:pre>$ sysctl <xsl:value-of select="@sysctl"/></xhtml:pre>
</xsl:template>
<xsl:template match="fileperms-desc-macro">
--
1.7.1
_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
