>From 1e3fdd4951197482e0fa3e78632bff708451a48f Mon Sep 17 00:00:00 2001 From: Shawn Wells <[email protected]> Date: Sun, 13 Apr 2014 01:44:55 -0400 Subject: [PATCH 10/26] New RHEL6 rule: package_rsh_removed
Added to support CIS baseline requirements --- RHEL/6/input/checks/package_rsh_removed.xml | 26 ++++++++++++++++++++ RHEL/6/input/checks/templates/packages_removed.csv | 1 + RHEL/6/input/services/obsolete.xml | 15 +++++++++++ 3 files changed, 42 insertions(+), 0 deletions(-) create mode 100644 RHEL/6/input/checks/package_rsh_removed.xml diff --git a/RHEL/6/input/checks/package_rsh_removed.xml b/RHEL/6/input/checks/package_rsh_removed.xml new file mode 100644 index 0000000..11ae275 --- /dev/null +++ b/RHEL/6/input/checks/package_rsh_removed.xml @@ -0,0 +1,26 @@ +<def-group> + <!-- THIS FILE IS GENERATED by create_package_removed.py. DO NOT EDIT. --> + <definition class="compliance" id="package_rsh_removed" + version="1"> + <metadata> + <title>Package rsh Removed</title> + <affected family="unix"> + <platform>Red Hat Enterprise Linux 6</platform> + </affected> + <description>The RPM package rsh should be removed.</description> + <reference source="swells" ref_id="20130829" ref_url="test_attestation"/> + </metadata> + <criteria> + <criterion comment="package rsh is removed" + test_ref="test_package_rsh_removed" /> + </criteria> + </definition> + <linux:rpminfo_test check="all" check_existence="none_exist" + id="test_package_rsh_removed" version="1" + comment="package rsh is removed"> + <linux:object object_ref="obj_package_rsh_removed" /> + </linux:rpminfo_test> + <linux:rpminfo_object id="obj_package_rsh_removed" version="1"> + <linux:name>rsh</linux:name> + </linux:rpminfo_object> +</def-group> diff --git a/RHEL/6/input/checks/templates/packages_removed.csv b/RHEL/6/input/checks/templates/packages_removed.csv index 18d89bd..3bd9afc 100644 --- a/RHEL/6/input/checks/templates/packages_removed.csv +++ b/RHEL/6/input/checks/templates/packages_removed.csv @@ -25,6 +25,7 @@ portreserve qpid-cpp-server quota rhnsd +rsh rsh-server samba-common sendmail diff --git a/RHEL/6/input/services/obsolete.xml b/RHEL/6/input/services/obsolete.xml index cbeb91b..337e2b3 100644 --- a/RHEL/6/input/services/obsolete.xml +++ b/RHEL/6/input/services/obsolete.xml @@ -185,6 +185,21 @@ stolen by eavesdroppers on the network. <tested by="DS" on="20121026"/> </Rule> +<Rule id="package_rsh_removed"> +<title>Remove rsh</title> +<description>The <tt>rsh</tt> package contains the client commands +for the rsh services</description> +<ocil><package-remove-macro package="rsh"/></ocil> +<rationale>These legacy clients contain numerous security exposures and have +been replaced with the more secure SSH package. Even if the server is removed, +it is best to ensure the clients are also removed to prevent users from +inadvertently attempting to use these commands and therefore exposing +their credentials. Note that removing the <tt>rsh</tt> package removes +the clients for <tt>rsh</tt>,<tt>rcp</tt>, and <tt>rlogin</tt>. +</rationale> +<ident cce="" /> +</Rule> + <Rule id="disable_rlogin" severity="high"> <title>Disable rlogin Service</title> <description>The <tt>rlogin</tt> service, which is available with -- 1.7.1
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
