Re: [PATCH] DISA FSO requested updates to RHEL6/input/system/selinux.xml

Mon, 03 Dec 2012 16:27:35 -0800 

On 12/3/12 7:13 PM, Shawn Wells wrote:


0002-DISA-FSO-requested-updates-to-RHEL6-input-system-sel.patch


 From 0572166a383b68ad56ef5234d0e859de8dc7af87 Mon Sep 17 00:00:00 2001
From: Shawn Wells<[email protected]>
Date: Mon, 3 Dec 2012 19:12:30 -0500
Subject: [PATCH] DISA FSO requested updates to RHEL6/input/system/selinux.xml
  DISA FSO requested updates to RHEL6/input/system/selinux.xml
  Closing tickethttps://fedorahosted.org/scap-security-guide/ticket/160

---
  RHEL6/input/system/selinux.xml |    7 +++----
  1 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/RHEL6/input/system/selinux.xml b/RHEL6/input/system/selinux.xml
index 58c4c5c..f46d2c2 100644
--- a/RHEL6/input/system/selinux.xml
+++ b/RHEL6/input/system/selinux.xml
@@ -117,7 +117,7 @@ Check the file <tt>/etc/selinux/config</tt> and ensure the 
following line appear
  <pre>SELINUX=enforcing</pre>
  </ocil>
  <rationale>
-Setting the SELinux state to enforcing ensures that SELinux is able to confine
+Setting the SELinux state to enforcing ensures SELinux is able to confine
  potentially compromised processes to the security policy, which is designed to
  prevent them from causing damage to the system or further elevating their
  privileges.
@@ -145,7 +145,7 @@ Check the file <tt>/etc/selinux/config</tt> and ensure the 
following line appear
  </ocil>
  <rationale>
  Setting the SELinux policy to <tt>targeted</tt> or a more specialized policy
-ensures that the system will confine processes that are likely to be
+ensures the system will confine processes that are likely to be
  targeted for exploitation, such as network or system services.
  </rationale>
  <ident cce="3624-4" />
@@ -155,13 +155,12 @@ targeted for exploitation, such as network or system 
services.
  </Rule>
  </Group>

  
-

  <Rule id="service_restorecond_enabled">
  <title>Enable the SELinux Context Restoration Service (restorecond)</title>
  <description>The <tt>restorecond</tt> service utilizes <tt>inotify</tt> to 
look
  for the creation of new files listed in the
  <tt>/etc/selinux/restorecond.conf</tt> configuration file. When a file is
-created, <tt>restorecond</tt> ensures that the file receives the proper SELinux
+created, <tt>restorecond</tt> ensures the file receives the proper SELinux
  security context.
  <service-enable-macro service="restorecond" />
  </description>
-- 1.7.1

Ack & pushed


--
Shawn Wells
Technical Director,
U.S. Intelligence Programs
(e) [email protected]
(c) 443.534.0130


_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide






















					Reply via email to