>From ec91408a4d124f9645982a436da039f774896387 Mon Sep 17 00:00:00 2001
From: Shawn Wells <[email protected]>
Date: Sat, 20 Apr 2013 00:02:12 -0400
Subject: [PATCH] [bugfix] Ticket 170 - False Positive -
postfix_server_denial_of_service
Test should first check if Postfix is installed and running
---
.../checks/postfix_server_denial_of_service.xml | 21 ++++++++++++-------
1 files changed, 13 insertions(+), 8 deletions(-)
diff --git a/RHEL6/input/checks/postfix_server_denial_of_service.xml
b/RHEL6/input/checks/postfix_server_denial_of_service.xml
index dbcae5c..f863800 100644
--- a/RHEL6/input/checks/postfix_server_denial_of_service.xml
+++ b/RHEL6/input/checks/postfix_server_denial_of_service.xml
@@ -8,14 +8,19 @@
</affected>
<description>Protect against attempts to reduce availability of network
resources.</description>
</metadata>
- <criteria operator="AND">
- <criterion comment="Limit smtp recipients"
test_ref="test_postfix_server_denial_of_service_smtpd_recipient_limit" />
- <criterion comment="Limit message size"
test_ref="test_postfix_server_denial_of_service_message_size_limit" />
- <criterion comment="Limit header size"
test_ref="test_postfix_server_denial_of_service_header_size_limit" />
- <criterion comment="Limit queue"
test_ref="test_postfix_server_denial_of_service_queue_minfree" />
- <criterion comment="Limit connection rate"
test_ref="test_postfix_server_denial_of_service_smtpd_client_connection_rate_limit"
/>
- <criterion comment="Limit connection count"
test_ref="test_postfix_server_denial_of_service_smtpd_client_connection_count_limit"
/>
- <criterion comment="Limit proc count"
test_ref="test_postfix_server_denial_of_service_default_process_limit" />
+ <criteria comment="Postfix installed and service is configured to start"
operator="AND">
+ <!-- NOTE: The package install check is inherited from
service_postfix_enabled -->
+ <extend_definition comment="postfix configured to start"
definition_ref="service_postfix_enabled" />
+
+ <criteria operator="AND">
+ <criterion comment="Limit smtp recipients"
test_ref="test_postfix_server_denial_of_service_smtpd_recipient_limit" />
+ <criterion comment="Limit message size"
test_ref="test_postfix_server_denial_of_service_message_size_limit" />
+ <criterion comment="Limit header size"
test_ref="test_postfix_server_denial_of_service_header_size_limit" />
+ <criterion comment="Limit queue"
test_ref="test_postfix_server_denial_of_service_queue_minfree" />
+ <criterion comment="Limit connection rate"
test_ref="test_postfix_server_denial_of_service_smtpd_client_connection_rate_limit"
/>
+ <criterion comment="Limit connection count"
test_ref="test_postfix_server_denial_of_service_smtpd_client_connection_count_limit"
/>
+ <criterion comment="Limit proc count"
test_ref="test_postfix_server_denial_of_service_default_process_limit" />
+ </criteria>
</criteria>
</definition>
--
1.7.1
_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
