On 1/23/13 8:12 PM, Shawn Wells wrote:
--- a/RHEL6/input/system/network/kernel.xml +++ b/RHEL6/input/system/network/kernel.xml @@ -277,7 +277,7 @@ to be detected.</rationale> <rationale>Accepting source-routed packets in the IPv4 protocol has few legitimate uses. It should be disabled unless it is absolutely required.</rationale> <ident cce="26983-7" /> -<oval id="sysctl_net_ipv4_conf_all_accept_source_route" value="sysctl_net_ipv4_conf_all_accept_source_route_value" /> +<oval id="sysctl_net_ipv4_conf_all_accept_source_route" value="sysctl_net_ipv4_conf_default_accept_source_route_value" /> <ref nist="AC-4,CM-7,SC-5,SC-7" disa="1551"/> <tested by="DS" on="20121024"/> </Rule>
Also, for this, the set_sysctl_net_ipv4_conf_default_accept_source_route rule was mapped to the wrong OVAL check. Now fixed.
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
