Signed-off-by: David Smith <[email protected]>
---
.../accounts_password_minclass_login_defs.xml | 2 +-
.../accounts_passwords_pam_fail_interval.xml | 2 +-
RHEL6/input/checks/disable_users_coredumps.xml | 2 +-
.../mount_option_nodev_remote_filesystems.xml | 1 +
.../mount_option_nosuid_remote_filesystems.xml | 1 +
RHEL6/input/checks/no_files_unowned_by_user.xml | 2 +-
RHEL6/input/checks/service_autofs_disabled.xml | 1 +
.../input/checks/service_avahi-daemon_disabled.xml | 1 +
RHEL6/input/checks/service_crond_enabled.xml | 1 +
RHEL6/input/checks/service_ntpd_enabled.xml | 1 +
RHEL6/input/checks/service_ntpdate_disabled.xml | 1 +
RHEL6/input/checks/service_oddjobd_disabled.xml | 1 +
RHEL6/input/checks/service_postfix_enabled.xml | 1 +
RHEL6/input/checks/service_qpidd_disabled.xml | 1 +
RHEL6/input/checks/service_rdisc_disabled.xml | 1 +
RHEL6/input/checks/service_ypbind_disabled.xml | 1 +
16 files changed, 16 insertions(+), 4 deletions(-)
diff --git a/RHEL6/input/checks/accounts_password_minclass_login_defs.xml
b/RHEL6/input/checks/accounts_password_minclass_login_defs.xml
index 539164b..a262f93 100644
--- a/RHEL6/input/checks/accounts_password_minclass_login_defs.xml
+++ b/RHEL6/input/checks/accounts_password_minclass_login_defs.xml
@@ -1,5 +1,5 @@
<def-group>
- <definition class="compliance" id="accounts_password_pam_cracklib_minclass"
version="1">
+ <definition class="compliance" id="accounts_password_minclass_login_defs"
version="1">
<metadata>
<title>Set Password minclass Requirements</title>
<affected family="unix">
diff --git a/RHEL6/input/checks/accounts_passwords_pam_fail_interval.xml
b/RHEL6/input/checks/accounts_passwords_pam_fail_interval.xml
index 59d29a1..58f73d3 100644
--- a/RHEL6/input/checks/accounts_passwords_pam_fail_interval.xml
+++ b/RHEL6/input/checks/accounts_passwords_pam_fail_interval.xml
@@ -1,5 +1,5 @@
<def-group>
- <definition class="compliance"
id="accounts_passwords_pam_faillock_fail_interval" version="1">
+ <definition class="compliance" id="accounts_passwords_pam_fail_interval"
version="1">
<metadata>
<title>Lock out account after failed login attempts</title>
<affected family="unix">
diff --git a/RHEL6/input/checks/disable_users_coredumps.xml
b/RHEL6/input/checks/disable_users_coredumps.xml
index 6732cdb..d8491cd 100644
--- a/RHEL6/input/checks/disable_users_coredumps.xml
+++ b/RHEL6/input/checks/disable_users_coredumps.xml
@@ -1,5 +1,5 @@
<def-group>
- <definition class="compliance" id="core_dumps_limitsconf" version="1">
+ <definition class="compliance" id="disable_users_coredumps" version="1">
<metadata>
<title>Disable Core Dumps</title>
<affected family="unix">
diff --git a/RHEL6/input/checks/mount_option_nodev_remote_filesystems.xml
b/RHEL6/input/checks/mount_option_nodev_remote_filesystems.xml
index 344c6fb..79d18e1 100644
--- a/RHEL6/input/checks/mount_option_nodev_remote_filesystems.xml
+++ b/RHEL6/input/checks/mount_option_nodev_remote_filesystems.xml
@@ -6,6 +6,7 @@
<platform>Red Hat Enterprise Linux 6</platform>
</affected>
<description>The nodev option should be enabled for all NFS mounts in
/etc/fstab.</description>
+ <reference source="DS" ref_id="20130918" ref_url="test_attestation" />
</metadata>
<criteria operator="XOR">
<!-- these tests are designed to be mutually exclusive; either no nfs
mounts exist in /etc/fstab -->
diff --git a/RHEL6/input/checks/mount_option_nosuid_remote_filesystems.xml
b/RHEL6/input/checks/mount_option_nosuid_remote_filesystems.xml
index 5a3baf2..9e4a12f 100644
--- a/RHEL6/input/checks/mount_option_nosuid_remote_filesystems.xml
+++ b/RHEL6/input/checks/mount_option_nosuid_remote_filesystems.xml
@@ -6,6 +6,7 @@
<platform>Red Hat Enterprise Linux 6</platform>
</affected>
<description>The nosuid option should be enabled for all NFS mounts in
/etc/fstab.</description>
+ <reference source="DS" ref_id="20130918" ref_url="test_attestation" />
</metadata>
<criteria operator="XOR">
<!-- these tests are designed to be mutually exclusive; either no nfs
mounts exist in /etc/fstab -->
diff --git a/RHEL6/input/checks/no_files_unowned_by_user.xml
b/RHEL6/input/checks/no_files_unowned_by_user.xml
index 5fc8afc..a73183a 100644
--- a/RHEL6/input/checks/no_files_unowned_by_user.xml
+++ b/RHEL6/input/checks/no_files_unowned_by_user.xml
@@ -1,6 +1,6 @@
<def-group>
<definition class="compliance"
- id="file_permissions_unowned" version="1">
+ id="no_files_unowned_by_user" version="1">
<metadata>
<title>Find files unowned by a user</title>
<affected family="unix">
diff --git a/RHEL6/input/checks/service_autofs_disabled.xml
b/RHEL6/input/checks/service_autofs_disabled.xml
index 30b036b..d4ec792 100644
--- a/RHEL6/input/checks/service_autofs_disabled.xml
+++ b/RHEL6/input/checks/service_autofs_disabled.xml
@@ -8,6 +8,7 @@
<platform>Red Hat Enterprise Linux 6</platform>
</affected>
<description>The autofs service should be disabled if
possible.</description>
+ <reference source="DS" ref_id="20130918" ref_url="test_attestation" />
</metadata>
<criteria operator="AND" comment="service autofs is not configured to
start">
<criterion comment="autofs runlevel 0" test_ref="test_runlevel0_autofs"
/>
diff --git a/RHEL6/input/checks/service_avahi-daemon_disabled.xml
b/RHEL6/input/checks/service_avahi-daemon_disabled.xml
index 1a80fc1..3dfc1fa 100644
--- a/RHEL6/input/checks/service_avahi-daemon_disabled.xml
+++ b/RHEL6/input/checks/service_avahi-daemon_disabled.xml
@@ -8,6 +8,7 @@
<platform>Red Hat Enterprise Linux 6</platform>
</affected>
<description>The avahi-daemon service should be disabled if
possible.</description>
+ <reference source="DS" ref_id="20130918" ref_url="test_attestation" />
</metadata>
<criteria operator="AND" comment="service avahi-daemon is not configured
to start">
<criterion comment="avahi-daemon runlevel 0"
test_ref="test_runlevel0_avahi-daemon" />
diff --git a/RHEL6/input/checks/service_crond_enabled.xml
b/RHEL6/input/checks/service_crond_enabled.xml
index d2f5bef..7ce3989 100644
--- a/RHEL6/input/checks/service_crond_enabled.xml
+++ b/RHEL6/input/checks/service_crond_enabled.xml
@@ -8,6 +8,7 @@
<platform>Red Hat Enterprise Linux 6</platform>
</affected>
<description>The crond service should be enabled if
possible.</description>
+ <reference source="DS" ref_id="20130918" ref_url="test_attestation" />
</metadata>
<criteria comment="package cronie installed and service crond is
configured to start" operator="AND">
<extend_definition comment="cronie installed"
definition_ref="package_cronie_installed" />
diff --git a/RHEL6/input/checks/service_ntpd_enabled.xml
b/RHEL6/input/checks/service_ntpd_enabled.xml
index 66c876e..499b7ff 100644
--- a/RHEL6/input/checks/service_ntpd_enabled.xml
+++ b/RHEL6/input/checks/service_ntpd_enabled.xml
@@ -8,6 +8,7 @@
<platform>Red Hat Enterprise Linux 6</platform>
</affected>
<description>The ntpd service should be enabled if
possible.</description>
+ <reference source="DS" ref_id="20130918" ref_url="test_attestation" />
</metadata>
<criteria comment="package ntp installed and service ntpd is configured to
start" operator="AND">
<extend_definition comment="ntp installed"
definition_ref="package_ntp_installed" />
diff --git a/RHEL6/input/checks/service_ntpdate_disabled.xml
b/RHEL6/input/checks/service_ntpdate_disabled.xml
index 67fcbbd..5a9559e 100644
--- a/RHEL6/input/checks/service_ntpdate_disabled.xml
+++ b/RHEL6/input/checks/service_ntpdate_disabled.xml
@@ -8,6 +8,7 @@
<platform>Red Hat Enterprise Linux 6</platform>
</affected>
<description>The ntpdate service should be disabled if
possible.</description>
+ <reference source="DS" ref_id="20130918" ref_url="test_attestation" />
</metadata>
<criteria comment="package ntpdate removed or service ntpdate is not
configured to start" operator="OR">
<extend_definition comment="ntpdate removed"
definition_ref="package_ntpdate_removed" />
diff --git a/RHEL6/input/checks/service_oddjobd_disabled.xml
b/RHEL6/input/checks/service_oddjobd_disabled.xml
index a918238..e6f52a1 100644
--- a/RHEL6/input/checks/service_oddjobd_disabled.xml
+++ b/RHEL6/input/checks/service_oddjobd_disabled.xml
@@ -8,6 +8,7 @@
<platform>Red Hat Enterprise Linux 6</platform>
</affected>
<description>The oddjobd service should be disabled if
possible.</description>
+ <reference source="DS" ref_id="20130918" ref_url="test_attestation" />
</metadata>
<criteria comment="package oddjob removed or service oddjobd is not
configured to start" operator="OR">
<extend_definition comment="oddjob removed"
definition_ref="package_oddjob_removed" />
diff --git a/RHEL6/input/checks/service_postfix_enabled.xml
b/RHEL6/input/checks/service_postfix_enabled.xml
index 73f2891..e356a47 100644
--- a/RHEL6/input/checks/service_postfix_enabled.xml
+++ b/RHEL6/input/checks/service_postfix_enabled.xml
@@ -8,6 +8,7 @@
<platform>Red Hat Enterprise Linux 6</platform>
</affected>
<description>The postfix service should be enabled if
possible.</description>
+ <reference source="DS" ref_id="20130918" ref_url="test_attestation" />
</metadata>
<criteria comment="package postfix installed and service postfix is
configured to start" operator="AND">
<extend_definition comment="postfix installed"
definition_ref="package_postfix_installed" />
diff --git a/RHEL6/input/checks/service_qpidd_disabled.xml
b/RHEL6/input/checks/service_qpidd_disabled.xml
index 102e058..f214a65 100644
--- a/RHEL6/input/checks/service_qpidd_disabled.xml
+++ b/RHEL6/input/checks/service_qpidd_disabled.xml
@@ -8,6 +8,7 @@
<platform>Red Hat Enterprise Linux 6</platform>
</affected>
<description>The qpidd service should be disabled if
possible.</description>
+ <reference source="DS" ref_id="20130918" ref_url="test_attestation" />
</metadata>
<criteria comment="package qpid-cpp-server removed or service qpidd is not
configured to start" operator="OR">
<extend_definition comment="qpid-cpp-server removed"
definition_ref="package_qpid-cpp-server_removed" />
diff --git a/RHEL6/input/checks/service_rdisc_disabled.xml
b/RHEL6/input/checks/service_rdisc_disabled.xml
index 36c49b3..cb26da4 100644
--- a/RHEL6/input/checks/service_rdisc_disabled.xml
+++ b/RHEL6/input/checks/service_rdisc_disabled.xml
@@ -8,6 +8,7 @@
<platform>Red Hat Enterprise Linux 6</platform>
</affected>
<description>The rdisc service should be disabled if
possible.</description>
+ <reference source="DS" ref_id="20130918" ref_url="test_attestation" />
</metadata>
<criteria comment="package iputils removed or service rdisc is not
configured to start" operator="OR">
<extend_definition comment="iputils removed"
definition_ref="package_iputils_removed" />
diff --git a/RHEL6/input/checks/service_ypbind_disabled.xml
b/RHEL6/input/checks/service_ypbind_disabled.xml
index 8c70f24..e32cfa5 100644
--- a/RHEL6/input/checks/service_ypbind_disabled.xml
+++ b/RHEL6/input/checks/service_ypbind_disabled.xml
@@ -8,6 +8,7 @@
<platform>Red Hat Enterprise Linux 6</platform>
</affected>
<description>The ypbind service should be disabled if
possible.</description>
+ <reference source="DS" ref_id="20130918" ref_url="test_attestation" />
</metadata>
<criteria comment="package ypbind removed or service ypbind is not
configured to start" operator="OR">
<extend_definition comment="ypbind removed"
definition_ref="package_ypbind_removed" />
--
1.7.1
_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
