Signed-off-by: David Smith <[email protected]> --- RHEL6/input/auxiliary/srg_support.xml | 35 +++++++++++++++++---------------- RHEL6/input/system/auditing.xml | 9 +++---- RHEL6/input/system/selinux.xml | 3 +- 3 files changed, 23 insertions(+), 24 deletions(-)
diff --git a/RHEL6/input/auxiliary/srg_support.xml b/RHEL6/input/auxiliary/srg_support.xml index 1eb687b..0682834 100644 --- a/RHEL6/input/auxiliary/srg_support.xml +++ b/RHEL6/input/auxiliary/srg_support.xml @@ -12,13 +12,29 @@ not clearly relate. Red Hat Enterprise Linux meets this requirement by design. <!-- We could include discussion of Common Criteria Testing if so desired here. --> </rationale> -<ocil> RHEL6 supports this requirement and cannot be configured to be out of +<ocil>RHEL6 supports this requirement and cannot be configured to be out of compliance. This is a permanent not a finding. </ocil> <description> This requirement is permanent not a finding. No fix is required. </description> -<ref disa="56,26,42,66,68,135,223,131,132,133,134,85,159,1694,770,804,162,163,164,345,346,872,1493,1494,1495,226,1096,1111,386,34,35,156,186,99,1083,1089,1082,804,1209,1214,1237,1248,1265,1269,1314,1362,1368,1310,1311,1328,1399,1400,1425,1427,1499,1693,1665,1670,1674,206,154" /> +<ref disa="56,1084,42,66,68,135,223,131,132,133,134,85,159,1694,770,804,162,163,164,345,346,872,1493,1494,1495,226,1096,1111,386,34,35,156,186,99,1083,1089,1082,804,1209,1214,1237,1248,1265,1269,1314,1362,1368,1310,1311,1328,1399,1400,1425,1427,1499,1693,1665,1670,1674,206,154" /> +</Rule> <!-- end met_inherently --> + + +<Rule id="met_inherently_nonselected"> +<title>Product Meets this Requirement</title> +<rationale> +Red Hat Enterprise Linux meets this requirement by design. +<!-- We could include discussion of Common Criteria Testing if so desired here. --> +</rationale> +<ocil>RHEL6 supports this requirement and cannot be configured to be out of +compliance. This is a permanent not a finding. +</ocil> +<description> +This requirement is permanent not a finding. No fix is required. +</description> +<ref disa="1086,1087,1090,1091,1424,1426,802" /> </Rule> <!-- end met_inherently --> <Rule id="unmet_impractical_guidance"> @@ -37,21 +53,6 @@ This requirement is NA. No fix is required. <ref disa="165,21,354,1094,371,372,535,537,539,780,1682,1383,370,37,221,25,28,29,30,24,1112,1126,1149,1157,1210,1211,1341,1372,1373,1374,1376,1377,1340,1352,1401,1555,1556,1150" /> </Rule> <!-- end unmet_impractical_guidance --> -<Rule id="unmet_impractical_product"> -<title>Product Does Not Meet this Requirement Due to Impracticality or Scope</title> -<rationale> -The product does not meet this requirement. The requirement is impractical or out of scope. -</rationale> -<ocil> -RHEL6 cannot support this requirement without assistance from an external -application or server. This requirement is NA. -</ocil> -<description> -This requirement is NA. No fix is required. -</description> -<ref disa="15,28,29,30,32,24,1695,1169,1170,1662,1395,553" /> -</Rule> <!-- end unmet_impractical_product --> - <Rule id="requirement_unclear"> <title>Implementation of the Requirement is Unclear</title> <rationale> diff --git a/RHEL6/input/system/auditing.xml b/RHEL6/input/system/auditing.xml index c14f3dc..9c254a0 100644 --- a/RHEL6/input/system/auditing.xml +++ b/RHEL6/input/system/auditing.xml @@ -78,7 +78,6 @@ the process, which in this case, is <tt>exe="/usr/sbin/httpd"</tt>. </li></ul> </li></ul> </description> -<ref disa="120,135,166,1338,1339,157" /> <Rule id="enable_auditd_service" severity="medium"> <title>Enable auditd Service</title> @@ -94,7 +93,7 @@ actions will be taken if other obstacles exist. </rationale> <ident cce="4292-9" /> <oval id="service_auditd_enabled" /> -<ref nist="CM-6, CM-7" disa="169,172,174,1353,1462,1487,1115,1454,067,158,831,1123,1190,1312,1263,130" /> +<ref nist="CM-6, CM-7" disa="169,157,172,174,1353,1462,1487,1115,1454,067,158,831,1123,1190,1312,1263,130,120" /> <tested by="DS" on="20121024"/> </Rule> @@ -355,7 +354,7 @@ disk space is starting to run low: <rationale>Notifying administrators of an impending disk space problem may allow them to take corrective action prior to any disruption.</rationale> <oval id="auditd_data_retention_space_left_action" value="var_auditd_space_left_action"/> -<ref disa="140,143,144" /> +<ref disa="140,143,144,1339" /> <tested by="DS" on="20121024"/> </Rule> @@ -673,7 +672,7 @@ Audit logs must be mode 0640 or less permissive. If users can write to audit logs, audit trails can be modified or destroyed. </rationale> <oval id="file_permissions_var_log_audit" /> -<ref disa="366" /> +<ref disa="166,1338" /> <tested by="DS" on="20121024"/> </Rule> @@ -688,7 +687,7 @@ If users can write to audit logs, audit trails can be modified or destroyed. <rationale>Failure to give ownership of the audit log file(s) to root allows the designated owner, and unauthorized users, potential access to sensitive information.</rationale> <oval id="file_ownership_var_log_audit" /> -<ref nist="AU-2" /> +<ref nist="AU-2" disa="166" /> <tested by="DS" on="20121024"/> </Rule> diff --git a/RHEL6/input/system/selinux.xml b/RHEL6/input/system/selinux.xml index f46d2c2..4ac37b3 100644 --- a/RHEL6/input/system/selinux.xml +++ b/RHEL6/input/system/selinux.xml @@ -57,7 +57,6 @@ overridden by command-line arguments passed to the kernel. It is necessary to check <tt>grub.conf</tt> to ensure that this has not been done and to protect the boot process. </description> -<ref disa="26,1084,1086,1087,1090,1091,1424,1426,802"/> <Value id="var_selinux_state_name" type="string" operator="equals" interactive="0"> <title>SELinux state</title> @@ -124,7 +123,7 @@ privileges. </rationale> <ident cce="3999-0" /> <oval id="selinux_mode" value="var_selinux_state_name"/> -<ref nist="CM-6, CM-7" disa="22,32"/> +<ref nist="CM-6, CM-7" disa="22,32,26"/> <tested by="DS" on="20121024"/> </Rule> -- 1.7.1 _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
