>From d81c48dee7148c236aad8cac522841782ce8a97c Mon Sep 17 00:00:00 2001 From: Shawn Wells <[email protected]> Date: Thu, 17 Apr 2014 23:07:38 -0400 Subject: [PATCH 15/15] Adding sysctl_net_ipv6_conf_all_accept_ra_value for XCCDF calls
--- RHEL/6/input/system/network/ipv6.xml | 13 +++++++++++-- 1 files changed, 11 insertions(+), 2 deletions(-) diff --git a/RHEL/6/input/system/network/ipv6.xml b/RHEL/6/input/system/network/ipv6.xml index 626f8e5..a23d54b 100644 --- a/RHEL/6/input/system/network/ipv6.xml +++ b/RHEL/6/input/system/network/ipv6.xml @@ -113,6 +113,15 @@ operator="equals" interactive="0"> <value selector="disabled">0</value> </Value> +<Value id="sysctl_net_ipv6_conf_all_accept_ra_value" type="string" +operator="equals" interactive="0"> +<title>net.ipv6.conf.all.accept_ra</title> +<description>Accept all router advertisements?</description> +<value>0</value> +<value selector="enabled">1</value> +<value selector="disabled">0</value> +</Value> + <Value id="sysctl_net_ipv6_conf_default_accept_redirects_value" type="string" operator="equals" interactive="0"> <title>net.ipv6.conf.default.accept_redirects</title> @@ -146,11 +155,11 @@ An illicit router advertisement message could result in a man-in-the-middle atta <ocil> <sysctl-check-macro sysctl="net.ipv6.conf.all.accept_ra" value="0" /> </ocil> -<rational> +<rationale> An illicit router advertizement message could result in a man-in-the-middle attack. </rationale> <ident cce="" /> -<oval id="sysctl_net_ipv6_conf_all_accept_ra" value="0" /> +<oval id="sysctl_net_ipv6_conf_all_accept_ra" value="sysctl_net_ipv6_conf_all_accept_ra_value" /> <ref nist="CM-7" /> </Rule> -- 1.7.1
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
