Some of the patches in this set may conflict with what I've pushed. If not, feel free to push. If there are conflicts, there may be a need to hand-edit and re-commit.
Also, please use a cover sheet (-s). This is in the wiki with other commit instructions (such as validating before committing). Let's sync today on some of the remaining TODOs. We'll likely want to focus on providing credible explanations for SRG mapping choices. Thanks, Jeff On 12/16/2012 11:38 PM, Michele Newman wrote: > --- > RHEL6/input/services/ssh.xml | 8 +++----- > 1 files changed, 3 insertions(+), 5 deletions(-) > > diff --git a/RHEL6/input/services/ssh.xml b/RHEL6/input/services/ssh.xml > index 9069e30..576f9ac 100644 > --- a/RHEL6/input/services/ssh.xml > +++ b/RHEL6/input/services/ssh.xml > @@ -8,7 +8,6 @@ implementation included with the system is called OpenSSH, > and more > detailed documentation is available from its website, > http://www.openssh.org. Its server program is called <tt>sshd</tt> and > provided by the RPM package <tt>openssh-server</tt>.</description> > -<ref disa="1453,877" /> > > <Value id="sshd_idle_timeout_value" type="number" > operator="equals" interactive="0"> > @@ -59,7 +58,6 @@ certain changes should be made to the OpenSSH daemon > configuration > file <tt>/etc/ssh/sshd_config</tt>. The following recommendations can be > applied to this file. See the <tt>sshd_config(5)</tt> man page for more > detailed information.</description> > -<ref disa="68,197,888,1632,779,781" /> > > <Rule id="sshd_allow_only_protocol2" severity="high"> > <title>Allow Only SSH Protocol 2</title> > @@ -82,7 +80,7 @@ should not be used. > </rationale> > <ident cce="4325-7" /> > <oval id="sshd_protocol_2" /> > -<ref disa="776,774,1135,1436" /> > +<ref disa="68,776,774,1135,1436" /> > <tested by="DS" on="20121024"/> > </Rule> > > @@ -289,7 +287,7 @@ even in the event of misconfiguration elsewhere. > </rationale> > <ident cce="3660-8" /> > <oval id="sshd_permitemptypasswords_no" /> > -<ref disa="765,766"/> > +<ref disa="197,765,766,877"/> > <tested by="DS" on="20121024"/> > </Rule> > > @@ -362,7 +360,7 @@ implementation. These are also required for compliance. > </rationale> > <ident cce="14491-5" /> > <oval id="sshd_use_approved_ciphers" /> > -<ref disa="803,1144,1145,1146,196" /> > +<ref disa="779,781,803,888,1144,1145,1146,196,1453,1632" /> > <tested by="DS" on="20121024"/> > </Rule> > _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
