This patch fixes couple of rule names typos present in RHEL-6's CS2
profile. Currently after finishing a scan, the oscap tool displays
a warning about the missing / non-existent five OVAL objects, listed
in the patch. After applying the change, there's no warning anymore &
particular rules work fine on RHEL-6 (confirmed by testing).
Please review [*].
Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Technologies Team
[*] Patch needs to be applied with git am --ignore-whitespace due
to different EOL characters present in the original file already.
With --ignore-whitespace application works fine.
P.S.: The remaining similar typos (in other profile files) have been corrected
within proposal:
https://lists.fedorahosted.org/pipermail/scap-security-guide/2014-March/005148.html
but that one is still pending feedback. Review on that one would
be appreciated as well.
From bfe1be6ad1ddc98e76664c6f0e2d942a190ce163 Mon Sep 17 00:00:00 2001
From: Jan Lieskovsky <[email protected]>
Date: Mon, 14 Apr 2014 16:03:58 +0200
Subject: [PATCH] [RHEL/6] Fix couple of typos in CS2 Example Server Profile
Signed-off-by: Jan Lieskovsky <[email protected]>
---
RHEL/6/input/profiles/CS2.xml | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/RHEL/6/input/profiles/CS2.xml b/RHEL/6/input/profiles/CS2.xml
index 8221e00..dbe8452 100644
--- a/RHEL/6/input/profiles/CS2.xml
+++ b/RHEL/6/input/profiles/CS2.xml
@@ -6,8 +6,8 @@
<refine-value idref="var_accounts_password_minlen_login_defs" selector="14"/>
<select idref="accounts_minimum_age_login_defs" selected="true"/>
<refine-value idref="var_accounts_minimum_age_login_defs" selector="1"/>
-<select idref="acounts_maximum_age_login_defs" selected="true"/>
-<refine-value idref="var_acounts_maximum_age_login_defs" selector="180"/>
+<select idref="accounts_maximum_age_login_defs" selected="true"/>
+<refine-value idref="var_accounts_maximum_age_login_defs" selector="180"/>
<select idref="accounts_password_pam_cracklib_dcredit" selected="true"/>
<select idref="accounts_password_pam_cracklib_ucredit" selected="true"/>
<select idref="accounts_password_pam_cracklib_ocredit" selected="true"/>
@@ -145,7 +145,7 @@
<select idref="audit_media_exports" selected="true"/>
<select idref="audit_file_deletions" selected="true"/>
-<select idref="securety_root_login_console_only" selected="true" />
+<select idref="securetty_root_login_console_only" selected="true" />
<select idref="no_direct_root_logins" selected="true" />
<select idref="userowner_shadow_file" selected="true"/>
@@ -194,9 +194,9 @@
<select idref="gconf_gnome_disable_automount" selected="true"/>
<select idref="network_disable_zeroconf" selected="true" />
-<select idref="disable_sysctl_ipv4_default_send_redirects" selected="true"/>
-<select idref="disable_sysctl_ipv4_all_send_redirects" selected="true"/>
-<select idref="disable_sysctl_ipv4_ip_forward" selected="true"/>
+<select idref="sysctl_net_ipv4_conf_default_send_redirects" selected="true"/>
+<select idref="sysctl_ipv4_all_send_redirects" selected="true"/>
+<select idref="sysctl_ipv4_ip_forward" selected="true"/>
<select idref="sysctl_net_ipv4_conf_all_accept_source_route" selected="true"/>
<select idref="sysctl_net_ipv4_conf_all_accept_redirects" selected="true"/>
<select idref="sysctl_net_ipv4_conf_all_secure_redirects" selected="true"/>
--
1.8.3.1
_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
