Signed-off-by: Jeffrey Blank <[email protected]> --- RHEL6/input/services/http.xml | 4 ++-- RHEL6/input/services/obsolete.xml | 6 +++--- RHEL6/input/services/ssh.xml | 5 ++--- 3 files changed, 7 insertions(+), 8 deletions(-)
diff --git a/RHEL6/input/services/http.xml b/RHEL6/input/services/http.xml index d1f396b..e484b12 100644 --- a/RHEL6/input/services/http.xml +++ b/RHEL6/input/services/http.xml @@ -121,7 +121,7 @@ to plan an attack on the given system. This information disclosure should be res </rationale> <ident cce="4474-3" /> <oval id="httpd_servertokens_prod" /> -<ref nist="CM-6, CM-7" disa="1124" /> +<ref nist="CM-6, CM-7" /> </Rule> <Rule id="httpd_serversignature_off"> @@ -139,7 +139,7 @@ to plan an attack on the given system. This information disclosure should be res </rationale> <ident cce="3756-4" /> <oval id="httpd_serversignature_off" /> -<ref nist="CM-6, CM-7" disa="1124" /> +<ref nist="CM-6, CM-7" /> </Rule> </Group> <!-- <Group id="httpd_restrict_info_leakage"> --> diff --git a/RHEL6/input/services/obsolete.xml b/RHEL6/input/services/obsolete.xml index 96ab924..49e93db 100644 --- a/RHEL6/input/services/obsolete.xml +++ b/RHEL6/input/services/obsolete.xml @@ -81,7 +81,7 @@ subject to man-in-the-middle attacks. </rationale> <ident cce="3390-2" /> <oval id="service_telnetd_disabled" /> -<ref disa="1436,196,197" /> +<ref disa="68,1436,196,197,877,888" /> <tested by="DS" on="20121026"/> </Rule> @@ -143,7 +143,7 @@ stolen by eavesdroppers on the network. </rationale> <ident cce="undefined" /> <oval id="service_rexec_disabled" /> -<ref disa="1436"/> +<ref disa="68,1436"/> <tested by="DS" on="20121026"/> </Rule> @@ -162,7 +162,7 @@ stolen by eavesdroppers on the network. </rationale> <ident cce="4141-8" /> <oval id="service_rsh_disabled" /> -<ref disa="1436" /> +<ref disa="68,1436" /> <tested by="DS" on="20121026"/> </Rule> diff --git a/RHEL6/input/services/ssh.xml b/RHEL6/input/services/ssh.xml index 9069e30..4976568 100644 --- a/RHEL6/input/services/ssh.xml +++ b/RHEL6/input/services/ssh.xml @@ -8,7 +8,6 @@ implementation included with the system is called OpenSSH, and more detailed documentation is available from its website, http://www.openssh.org. Its server program is called <tt>sshd</tt> and provided by the RPM package <tt>openssh-server</tt>.</description> -<ref disa="1453,877" /> <Value id="sshd_idle_timeout_value" type="number" operator="equals" interactive="0"> @@ -59,7 +58,7 @@ certain changes should be made to the OpenSSH daemon configuration file <tt>/etc/ssh/sshd_config</tt>. The following recommendations can be applied to this file. See the <tt>sshd_config(5)</tt> man page for more detailed information.</description> -<ref disa="68,197,888,1632,779,781" /> +<ref disa="68,197,1632,779,781" /> <Rule id="sshd_allow_only_protocol2" severity="high"> <title>Allow Only SSH Protocol 2</title> @@ -82,7 +81,7 @@ should not be used. </rationale> <ident cce="4325-7" /> <oval id="sshd_protocol_2" /> -<ref disa="776,774,1135,1436" /> +<ref disa="776,774,1436" /> <tested by="DS" on="20121024"/> </Rule> -- 1.7.1 _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
