>From 50a54d5b1f99f7ec715340689ad8cf94b86a7939 Mon Sep 17 00:00:00 2001
From: Shawn Wells <[email protected]>
Date: Fri, 27 Dec 2013 05:05:33 -0500
Subject: [PATCH 31/31] Updating RHEL7 CCP profile
- Enabling remaining XCCDF sections into guide.xslt
---
RHEL/7/input/guide.xslt | 15 ++++++---------
RHEL/7/input/profiles/rht-ccp.xml | 4 +---
2 files changed, 7 insertions(+), 12 deletions(-)
diff --git a/RHEL/7/input/guide.xslt b/RHEL/7/input/guide.xslt
index 9c2ee03..fa54d13 100644
--- a/RHEL/7/input/guide.xslt
+++ b/RHEL/7/input/guide.xslt
@@ -35,7 +35,7 @@
<xsl:apply-templates select="document('system/accounts/accounts.xml')" />
<xsl:apply-templates select="document('system/network/network.xml')" />
<xsl:apply-templates select="document('system/logging.xml')" />
-<!-- <xsl:apply-templates select="document('system/auditing.xml')" /> -->
+ <xsl:apply-templates select="document('system/auditing.xml')" />
</xsl:copy>
</xsl:template>
@@ -54,9 +54,9 @@
<xsl:copy-of select="@*|node()" />
<xsl:apply-templates
select="document('system/accounts/restrictions/restrictions.xml')" />
<xsl:apply-templates select="document('system/accounts/pam.xml')" />
-<!-- <xsl:apply-templates
select="document('system/accounts/session.xml')" />
+ <xsl:apply-templates select="document('system/accounts/session.xml')" />
<xsl:apply-templates select="document('system/accounts/physical.xml')" />
- <xsl:apply-templates select="document('system/accounts/banners.xml')" />
-->
+ <xsl:apply-templates select="document('system/accounts/banners.xml')" />
</xsl:copy>
</xsl:template>
@@ -75,13 +75,12 @@
<xsl:copy>
<xsl:copy-of select="@*|node()" />
<xsl:apply-templates
select="document('system/permissions/partitions.xml')" />
- <!-- <xsl:apply-templates
select="document('system/permissions/mounting.xml')" />
+ <xsl:apply-templates
select="document('system/permissions/mounting.xml')" />
<xsl:apply-templates select="document('system/permissions/files.xml')" />
- <xsl:apply-templates
select="document('system/permissions/execution.xml')" /> -->
+ <xsl:apply-templates
select="document('system/permissions/execution.xml')" />
</xsl:copy>
</xsl:template>
-<!--
<xsl:template match="Group[@id='network']">
<xsl:copy>
<xsl:copy-of select="@*|node()" />
@@ -94,9 +93,7 @@
<xsl:apply-templates select="document('system/network/ipsec.xml')" />
</xsl:copy>
</xsl:template>
--->
-<!--
<xsl:template match="Group[@id='services']">
<xsl:copy>
<xsl:copy-of select="@*|node()" />
@@ -120,7 +117,7 @@
<xsl:apply-templates select="document('services/squid.xml')" />
<xsl:apply-templates select="document('services/snmp.xml')" />
</xsl:copy>
- </xsl:template> -->
+ </xsl:template>
<!-- copy everything else through to final output -->
<xsl:template match="@*|node()">
diff --git a/RHEL/7/input/profiles/rht-ccp.xml
b/RHEL/7/input/profiles/rht-ccp.xml
index 6bb7698..7bf1318 100644
--- a/RHEL/7/input/profiles/rht-ccp.xml
+++ b/RHEL/7/input/profiles/rht-ccp.xml
@@ -34,14 +34,12 @@
<select idref="selinux_policytype" selected="true"/>
<!-- rhel7 broke: <select idref="selinux_all_devicefiles_labeled"
selected="true"/> -->
-
<!-- UPDATING CHECKS -->
<select idref="ensure_redhat_gpgkey_installed" selected="true"/>
<select idref="security_patches_up_to_date" selected="true"/>
<select idref="ensure_gpgcheck_globally_activated" selected="true"/>
<select idref="ensure_gpgcheck_never_disabled" selected="true"/>
-
<select idref="package_aide_installed" selected="true"/>
<!-- ACCOUNT MANAGEMENT CHECKS -->
@@ -65,7 +63,7 @@
<select idref="set_password_hashing_algorithm_libuserconf" selected="true"/>
<select idref="require_singleuser_auth" selected="true"/>
-FILE PERMISSION CHECKS
+<!-- FILE PERMISSION CHECKS -->
<select idref="userowner_shadow_file" selected="true"/>
<select idref="groupowner_shadow_file" selected="true"/>
<select idref="file_permissions_etc_shadow" selected="true"/>
--
1.8.3.1
_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
