[shawnw@ssg-rhel6-devbox input]$ grep -rin mountopt_noexec_on_removable_partitions * auxiliary/stig_overlay.xml:758: <overlay owner="disastig" ruleid="mountopt_noexec_on_removable_partitions" ownerid="RHEL-06-000271" disa="87" severity="low"> profiles/nist-CL-IL-AL.xml:260:<select idref="mountopt_noexec_on_removable_partitions" selected="true" \> profiles/CS2.xml:41:<select idref="mountopt_noexec_on_removable_partitions" selected="true"/> profiles/CSCF-RHEL6-MLS.xml:139:<select idref="mountopt_noexec_on_removable_partitions" selected="true" /> profiles/C2S.xml:67:<select idref="mountopt_noexec_on_removable_partitions" selected="true" /> profiles/fisma-medium-rhel6-server.xml:185:<select idref="mountopt_noexec_on_removable_partitions" selected="true" /> profiles/usgcb-rhel6-server.xml:20:<select idref="mountopt_noexec_on_removable_partitions" selected="true" /> profiles/common.xml:210:<select idref="mountopt_noexec_on_removable_partitions" selected="true"/> system/permissions/partitions.xml:54:<Rule id="mountopt_noexec_on_removable_partitions">
[shawnw@ssg-rhel6-devbox input]$ sed -i 's/mountopt_noexec_on_removable_partitions/mount_option_noexec_removable_partitions/g' auxiliary/stig_overlay.xml profiles/* system/permissions/partitions.xml [shawnw@ssg-rhel6-devbox input]$ grep -rin mountopt_noexec_on_removable_partitions * [shawnw@ssg-rhel6-devbox input]$ git commit auxiliary/stig_overlay.xml profiles/* system/permissions/partitions.xml Signed-off-by: Shawn Wells <[email protected]> --- RHEL/6/input/auxiliary/stig_overlay.xml | 2 +- RHEL/6/input/profiles/C2S.xml | 2 +- RHEL/6/input/profiles/CS2.xml | 2 +- RHEL/6/input/profiles/CSCF-RHEL6-MLS.xml | 2 +- RHEL/6/input/profiles/common.xml | 2 +- .../6/input/profiles/fisma-medium-rhel6-server.xml | 2 +- RHEL/6/input/profiles/nist-CL-IL-AL.xml | 2 +- RHEL/6/input/profiles/usgcb-rhel6-server.xml | 2 +- RHEL/6/input/system/permissions/partitions.xml | 2 +- 9 files changed, 9 insertions(+), 9 deletions(-) diff --git a/RHEL/6/input/auxiliary/stig_overlay.xml b/RHEL/6/input/auxiliary/stig_overlay.xml index 071b15e..097432d 100644 --- a/RHEL/6/input/auxiliary/stig_overlay.xml +++ b/RHEL/6/input/auxiliary/stig_overlay.xml @@ -755,7 +755,7 @@ <VMSinfo VKey="38654" SVKey="50455" VRelease="1" /> <title>Remote file systems must be mounted with the "nosuid" option.</title> </overlay> - <overlay owner="disastig" ruleid="mountopt_noexec_on_removable_partitions" ownerid="RHEL-06-000271" disa="87" severity="low"> + <overlay owner="disastig" ruleid="mount_option_noexec_removable_partitions" ownerid="RHEL-06-000271" disa="87" severity="low"> <VMSinfo VKey="38655" SVKey="50456" VRelease="1" /> <title>The noexec option must be added to removable media partitions.</title> </overlay> diff --git a/RHEL/6/input/profiles/C2S.xml b/RHEL/6/input/profiles/C2S.xml index 0a4afc4..6ceff9c 100644 --- a/RHEL/6/input/profiles/C2S.xml +++ b/RHEL/6/input/profiles/C2S.xml @@ -64,7 +64,7 @@ Patches would be most welcome! <select idref="mountopt_nodev_on_removable_partitions" selected="true" /> <!-- 1.1.12 Add noexec Option to Removable Media Partitions (Not Scored) --> -<select idref="mountopt_noexec_on_removable_partitions" selected="true" /> +<select idref="mount_option_noexec_removable_partitions" selected="true" /> <!-- 1.1.13 Add nosuid Option to Removable Media Partitions (Not Scored) --> <select idref="mountopt_nosuid_on_removable_partitions" selected="true" /> diff --git a/RHEL/6/input/profiles/CS2.xml b/RHEL/6/input/profiles/CS2.xml index 2bb233e..d0aa80e 100644 --- a/RHEL/6/input/profiles/CS2.xml +++ b/RHEL/6/input/profiles/CS2.xml @@ -38,7 +38,7 @@ <select idref="aide_build_database" selected="true"/> <select idref="mountopt_nodev_on_removable_partitions" selected="true"/> -<select idref="mountopt_noexec_on_removable_partitions" selected="true"/> +<select idref="mount_option_noexec_removable_partitions" selected="true"/> <select idref="mountopt_nosuid_on_removable_partitions" selected="true"/> <select idref="mount_option_tmp_nodev" selected="true"/> <select idref="mount_option_tmp_noexec" selected="true"/> diff --git a/RHEL/6/input/profiles/CSCF-RHEL6-MLS.xml b/RHEL/6/input/profiles/CSCF-RHEL6-MLS.xml index 42f5387..f163c87 100644 --- a/RHEL/6/input/profiles/CSCF-RHEL6-MLS.xml +++ b/RHEL/6/input/profiles/CSCF-RHEL6-MLS.xml @@ -136,7 +136,7 @@ for production deployment.</description> <select idref="mount_option_var_tmp_bind_var" selected="true" /> <select idref="mountopt_nodev_on_nonroot_partitions" selected="true" /> <!-- we do not have any removable media that has a mount point defined in fstab <select idref="mountopt_nodev_on_removable_partitions" selected="true" /> --> -<select idref="mountopt_noexec_on_removable_partitions" selected="true" /> +<select idref="mount_option_noexec_removable_partitions" selected="true" /> <select idref="mountopt_nosuid_on_removable_partitions" selected="true" /> <select idref="accounts_max_concurrent_login_sessions" selected="true" /> <select idref="network_disable_zeroconf" selected="true" /> diff --git a/RHEL/6/input/profiles/common.xml b/RHEL/6/input/profiles/common.xml index fa70480..85a0097 100644 --- a/RHEL/6/input/profiles/common.xml +++ b/RHEL/6/input/profiles/common.xml @@ -207,7 +207,7 @@ these should likely be moved out of common. <select idref="use_nodev_option_on_nfs_mounts" selected="true"/> <select idref="use_nosuid_option_on_nfs_mounts" selected="true"/> -<select idref="mountopt_noexec_on_removable_partitions" selected="true"/> +<select idref="mount_option_noexec_removable_partitions" selected="true"/> <!-- <select idref="disable_dns_server" selected="true"/> --> <!-- <select idref="uninstall_bind" selected="true"/> --> diff --git a/RHEL/6/input/profiles/fisma-medium-rhel6-server.xml b/RHEL/6/input/profiles/fisma-medium-rhel6-server.xml index 0a4e6bf..fe339a4 100644 --- a/RHEL/6/input/profiles/fisma-medium-rhel6-server.xml +++ b/RHEL/6/input/profiles/fisma-medium-rhel6-server.xml @@ -182,7 +182,7 @@ <!-- AC-19 --> <select idref="mountopt_nodev_on_removable_partitions" selected="true" /> -<select idref="mountopt_noexec_on_removable_partitions" selected="true" /> +<select idref="mount_option_noexec_removable_partitions" selected="true" /> <select idref="mountopt_nosuid_on_removable_partitions" selected="true" /> <select idref="kernel_module_usb" selected="true" /> <select idref="bootloader_nousb_argument" selected="true" /> diff --git a/RHEL/6/input/profiles/nist-CL-IL-AL.xml b/RHEL/6/input/profiles/nist-CL-IL-AL.xml index 55d9bc9..007b2e0 100644 --- a/RHEL/6/input/profiles/nist-CL-IL-AL.xml +++ b/RHEL/6/input/profiles/nist-CL-IL-AL.xml @@ -257,7 +257,7 @@ assurance."</description> <!-- AC-19(a), AC-19(d), AC-19(e) --> <select idref="mountopt_nodev_on_removable_partitions" selected="true" \> -<select idref="mountopt_noexec_on_removable_partitions" selected="true" \> +<select idref="mount_option_noexec_removable_partitions" selected="true" \> <select idref="mountopt_nosuid_on_removable_partitions" selected="true" \> <select idref="kernel_module_usb-storage_disabled" selected="true" \> <select idref="bootloader_nousb_argument" selected="true" \> diff --git a/RHEL/6/input/profiles/usgcb-rhel6-server.xml b/RHEL/6/input/profiles/usgcb-rhel6-server.xml index 7ab7f7c..3227b41 100644 --- a/RHEL/6/input/profiles/usgcb-rhel6-server.xml +++ b/RHEL/6/input/profiles/usgcb-rhel6-server.xml @@ -17,7 +17,7 @@ <select idref="rpm_verify_hashes" selected="true" /> <select idref="mountopt_nodev_on_nonroot_partitions" selected="true" /> <select idref="mountopt_nodev_on_removable_partitions" selected="true" /> -<select idref="mountopt_noexec_on_removable_partitions" selected="true" /> +<select idref="mount_option_noexec_removable_partitions" selected="true" /> <select idref="mountopt_nosuid_on_removable_partitions" selected="true" /> <select idref="mount_option_tmp_nodev" selected="true" /> <select idref="mount_option_tmp_nosuid" selected="true" /> diff --git a/RHEL/6/input/system/permissions/partitions.xml b/RHEL/6/input/system/permissions/partitions.xml index f74423b..7b38b93 100644 --- a/RHEL/6/input/system/permissions/partitions.xml +++ b/RHEL/6/input/system/permissions/partitions.xml @@ -51,7 +51,7 @@ filesystems. </rationale> <ref nist="AC-19(a),AC-19(d),AC-19(e),CM-7,MP-2"/> </Rule> -<Rule id="mountopt_noexec_on_removable_partitions"> +<Rule id="mount_option_noexec_removable_partitions"> <title>Add noexec Option to Removable Media Partitions</title> <description>The <tt>noexec</tt> mount option prevents the direct execution of binaries on the mounted filesystem. -- 1.7.1 _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
