On 11/15/13, 7:06 PM, Steinke, Leland J Sr CTR DISA FSO (US) wrote:
>This is the only thing that caught my eye.
>
>By moving to nonselected, will it no longer be required to switch into
>single user mode when /var/log/audit fills up?
>
> From a code perspective, ack.
Pushed.
As it happens, CCI-001343 (derived from 800-53r3 AU-5 (4)) is not selected in CNSSI 1253.
The patch below backs out the "nonselected" updates. I hope to have a better
way to handle non-selected Rules early next week.
Thanks,
Leland
--
Leland Steinke, Security+
DISA FSO Technical Support Contractor
tapestry technologies, Inc
717-267-5797 (DSN 570)
[email protected] (gov't)
[email protected] (com'l)
---
RHEL6/input/auxiliary/stig_overlay.xml | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/RHEL6/input/auxiliary/stig_overlay.xml
b/RHEL6/input/auxiliary/stig_overlay.xml
index 8e89373..b2c7809 100644
--- a/RHEL6/input/auxiliary/stig_overlay.xml
+++ b/RHEL6/input/auxiliary/stig_overlay.xml
@@ -351,7 +351,7 @@
<overlay owner="disastig" ruleid="configure_auditd_max_log_file_action"
ownerid="RHEL-06-000161" disa="366" severity="medium">
<title>The system must rotate audit log files that reach the maximum
file size.</title>
</overlay>
- <overlay owner="disastig" ruleid="nonselected" ownerid="RHEL-06-000163" disa="1343"
severity="medium">
+ <overlay owner="disastig" ruleid="configure_auditd_admin_space_left_action"
ownerid="RHEL-06-000163" disa="1343" severity="medium">
<title>The audit system must switch the system to single-user mode
when available audit storage volume becomes dangerously low.</title>
</overlay>
<overlay owner="disastig" ruleid="audit_rules_time_adjtimex" ownerid="RHEL-06-000165"
disa="169" severity="low">
@@ -534,7 +534,7 @@
<overlay owner="disastig" ruleid="postfix_network_listening" ownerid="RHEL-06-000249"
disa="382" severity="medium">
<title>Mail relaying must be restricted.</title>
</overlay>
- <overlay owner="disastig" ruleid="nonselected" ownerid="RHEL-06-000251" disa="778"
severity="medium">
+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-06-000251" disa="778"
severity="medium">
<title>The operating system must uniquely identify and authenticate
an organization defined list of specific devices and/or types of devices before
establishing a connection.</title>
</overlay>
<overlay owner="disastig" ruleid="ldap_client_start_tls" ownerid="RHEL-06-000252"
disa="1453" severity="medium">
@@ -564,7 +564,7 @@
<overlay owner="disastig" ruleid="service_atd_disabled" ownerid="RHEL-06-000262"
disa="382" severity="low">
<title>The atd service must be disabled.</title>
</overlay>
- <overlay owner="disastig" ruleid="nonselected" ownerid="RHEL-06-000263" disa="1250"
severity="low">
+ <overlay owner="disastig" ruleid="service_autofs_disabled" ownerid="RHEL-06-000263"
disa="1250" severity="low">
<title>Automated file system mounting tools must not be enabled
unless needed.</title>
</overlay>
<overlay owner="disastig" ruleid="service_ntpdate_disabled" ownerid="RHEL-06-000265"
disa="382" severity="low">
--
Would it be simpler to remove the associated XCCDF rules from the STIG
profile?
_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
