>From ea70b025608bc2e83c308cf72a6b114e096abd9b Mon Sep 17 00:00:00 2001 From: Michael McConachie <[email protected]> Date: Tue, 2 Oct 2012 13:18:16 -0400 Subject: [PATCH] Testing and review of material for RHEL6/input/services/base.xml
--- RHEL6/input/services/base.xml | 26 +++++++++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) diff --git a/RHEL6/input/services/base.xml b/RHEL6/input/services/base.xml index eba13df..8e4107c 100644 --- a/RHEL6/input/services/base.xml +++ b/RHEL6/input/services/base.xml @@ -23,6 +23,7 @@ information from within a process's address space or registers.</rationale> <ident cce="TODO" /> <oval id="service_abrtd_disabled" /> <ref nist="CM-6, CM-7" disa="382" /> +<tested by="MM" on="20121002"/> </Rule> @@ -41,6 +42,7 @@ it may be prudent.</rationale> <ident cce="4298-6" /> <oval id="service_acpid_disabled" /> <ref nist="CM-6, CM-7" disa="382" /> +<tested by="MM" on="20121002"/> </Rule> @@ -63,6 +65,7 @@ accountability. Furthermore, the need to schedule tasks with <tt>at</tt> or <ident cce="TODO" /> <oval id="service_atd_disabled" /> <ref nist="CM-6, CM-7" disa="382" /> +<tested by="MM" on="20121002"/> </Rule> @@ -81,6 +84,7 @@ for many other use cases.</rationale> <ident cce="TODO" /> <oval id="service_certmonger_disabled" /> <ref nist="CM-6, CM-7" disa="382" /> +<tested by="MM" on="20121002"/> </Rule> @@ -98,6 +102,7 @@ service is not necessary. <ident cce="TODO" /> <oval id="service_cgconfig_disabled" /> <ref nist="CM-6, CM-7" disa="382" /> +<tested by="MM" on="20121002"/> </Rule> <Rule id="service_cgred_disabled"> @@ -113,6 +118,7 @@ service is not necessary. <ident cce="TODO" /> <oval id="service_cgred_disabled" /> <ref nist="CM-6, CM-7" disa="382" /> +<tested by="MM" on="20121002"/> </Rule> <Rule id="service_cpuspeed_disabled"> @@ -130,6 +136,7 @@ highly desirable or necessary. <ident cce="4051-9" /> <oval id="service_cpuspeed_disabled" /> <ref nist="CM-6, CM-7" disa="382" /> +<tested by="MM" on="20121002"/> </Rule> @@ -150,6 +157,7 @@ that do not require these. <ident cce="4364-6" /> <oval id="service_haldaemon_disabled" /> <ref nist="CM-6, CM-7" disa="382" /> +<tested by="MM" on="20121002"/> </Rule> @@ -166,6 +174,7 @@ provides potential speedups for handling interrupt requests.</rationale> <ident cce="4123-6" /> <oval id="service_irqbalance_enabled" /> <ref nist="CM-6, CM-7" /> +<tested by="MM" on="20121002"/> </Rule> <Rule id="service_kdump_disabled"> @@ -181,6 +190,7 @@ is little need to run the kdump service.</rationale> <ident cce="3425-6" /> <oval id="service_kdump_disabled" /> <ref nist="CM-6, CM-7" disa="382" /> +<tested by="MM" on="20121002"/> </Rule> <!-- @@ -215,6 +225,7 @@ there is no need to run the service.</rationale> <ident cce="3854-7" /> <oval id="service_mdmonitor_disabled" /> <ref nist="CM-6, CM-7" disa="382" /> +<tested by="MM" on="20121002"/> </Rule> @@ -236,6 +247,7 @@ a graphical login session. <ident cce="3822-4" /> <oval id="service_messagebus_disabled" /> <ref nist="CM-6, CM-7" disa="382" /> +<tested by="MM" on="20121002"/> </Rule> <Rule id="service_netconsole_disabled"> @@ -253,6 +265,7 @@ kernel panics, which is not common. <ident cce="TODO" /> <oval id="service_netconsole_disabled" /> <ref nist="CM-6, CM-7" disa="382" /> +<tested by="MM" on="20121002"/> </Rule> @@ -273,14 +286,15 @@ available in the ntpd program and should be considered deprecated.</rationale> <ident cce="TODO" /> <!--<oval id="service_ntpdate_disabled" /> --> <ref nist="AU-8, CM-6" disa="382" /> +<tested by="MM" on="20121002"/> </Rule> <Rule id="service_oddjobd_disabled"> <title>Disable Odd Job Daemon (oddjobd)</title> <description>The <tt>oddjobd</tt> service exists to provide an interface and -access control mechanism through which -specified privileged tasks can run tasks for unprivileged client -applications. Communication with <tt>oddjobd</tt> through the system message bus. +access control mechanism through which specified privileged tasks can run tasks +for unprivileged client applications. Communication with <tt>oddjobd</tt> +through the system message bus. <service-disable-macro service="oddjobd" /> </description> <ocil><service-disable-check-macro service="oddjobd" /></ocil> @@ -291,6 +305,7 @@ been a source of privilege escalation security issues.</rationale> <ident cce="TODO" /> <oval id="service_oddjobd_disabled" /> <ref nist="AC-6, CM-6, CM-7" disa="382" /> +<tested by="MM" on="20121002"/> </Rule> @@ -403,6 +418,7 @@ desirable for some environments.</rationale> <ident cce="3416-5" /> <oval id="service_rhnsd_disabled" /> <ref nist="CM-6, CM-7" disa="382" /> +<tested by="MM" on="20121002"/> </Rule> @@ -422,6 +438,7 @@ unnecessary and can be disabled.</rationale> <ident cce="TODO" /> <oval id="service_rhsmcertd_disabled" /> <ref nist="CM-6, CM-7" disa="382" /> +<tested by="MM" on="20121002"/> </Rule> @@ -442,6 +459,7 @@ consulted, it is not necessary and should be disabled.</rationale> <ident cce="TODO" /> <oval id="service_saslauthd_disabled" /> <ref nist="CM-6, CM-7" disa="382" /> +<tested by="MM" on="20121002"/> </Rule> @@ -460,6 +478,7 @@ disabled.</rationale> <ident cce="3455-3" /> <oval id="service_smartd_disabled" /> <ref nist="CM-6, CM-7" disa="382" /> +<tested by="MM" on="20121002"/> </Rule> <!-- @@ -498,6 +517,7 @@ operation, but unless used this service can be disabled.</rationale> <ident cce="TODO" /> <oval id="service_sysstat_disabled" /> <ref nist="CM-6, CM-7" disa="382" /> +<tested by="MM" on="20121002"/> </Rule> <!-- -- 1.7.11.4
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
