>From 462a22827abf70b1994a09eb9d25c7f8b40e7047 Mon Sep 17 00:00:00 2001
From: Shawn Wells <shawn@redhat.com>
Date: Sun, 15 Sep 2013 16:09:14 -0400
Subject: [PATCH 13/22] Updated kernel module naming schemes
 - Unified naming between XCCDF and OVAL namings for kernel module checks

---
 RHEL6/input/auxiliary/stig_overlay.xml             |    8 +++---
 RHEL6/input/profiles/CS2.xml                       |   24 ++++++++++----------
 RHEL6/input/profiles/common.xml                    |   10 ++++----
 RHEL6/input/profiles/fisma-medium-rhel6-server.xml |   24 ++++++++++----------
 RHEL6/input/profiles/nist-CL-IL-AL.xml             |   24 ++++++++++----------
 RHEL6/input/profiles/test.xml                      |    2 +-
 RHEL6/input/profiles/usgcb-rhel6-server.xml        |   24 ++++++++++----------
 RHEL6/input/system/network/ipv6.xml                |    2 +-
 RHEL6/input/system/network/uncommon.xml            |    8 +++---
 RHEL6/input/system/permissions/mounting.xml        |   14 +++++-----
 10 files changed, 70 insertions(+), 70 deletions(-)

diff --git a/RHEL6/input/auxiliary/stig_overlay.xml b/RHEL6/input/auxiliary/stig_overlay.xml
index 3a71a58..647b250 100644
--- a/RHEL6/input/auxiliary/stig_overlay.xml
+++ b/RHEL6/input/auxiliary/stig_overlay.xml
@@ -282,16 +282,16 @@
 	<overlay owner="disastig" ruleid="set_iptables_default_rule" ownerid="RHEL-06-000122" disa="1154" severity="medium">
 		<title>The system's local firewall must implement a deny-all, allow-by-exception policy for inbound packets.</title>
 	</overlay>
-	<overlay owner="disastig" ruleid="disable_protocol_dccp" ownerid="RHEL-06-000124" disa="382" severity="medium">
+	<overlay owner="disastig" ruleid="kernel_module_dccp_disabled" ownerid="RHEL-06-000124" disa="382" severity="medium">
 		<title>The Datagram Congestion Control Protocol (DCCP) must be disabled unless required.</title>
 	</overlay>
-	<overlay owner="disastig" ruleid="disable_protocol_sctp" ownerid="RHEL-06-000125" disa="382" severity="medium">
+	<overlay owner="disastig" ruleid="kernel_module_sctp_disabled" ownerid="RHEL-06-000125" disa="382" severity="medium">
 		<title>The Stream Control Transmission Protocol (SCTP) must be disabled unless required.</title>
 	</overlay>
-	<overlay owner="disastig" ruleid="disable_protocol_rds" ownerid="RHEL-06-000126" disa="382" severity="low">
+	<overlay owner="disastig" ruleid="kernel_module_rds_disabled" ownerid="RHEL-06-000126" disa="382" severity="low">
 		<title>The Reliable Datagram Sockets (RDS) protocol must be disabled unless required.</title>
 	</overlay>
-	<overlay owner="disastig" ruleid="disable_protocol_tipc" ownerid="RHEL-06-000127" disa="382" severity="medium">
+	<overlay owner="disastig" ruleid="kernel_module_tipc_disabled" ownerid="RHEL-06-000127" disa="382" severity="medium">
 		<title>The Transparent Inter-Process Communication (TIPC) protocol must be disabled unless required.</title>
 	</overlay>
 	<overlay owner="disastig" ruleid="userowner_rsyslog_files" ownerid="RHEL-06-000133" disa="1314" severity="medium">
diff --git a/RHEL6/input/profiles/CS2.xml b/RHEL6/input/profiles/CS2.xml
index 38b8c77..84329b4 100644
--- a/RHEL6/input/profiles/CS2.xml
+++ b/RHEL6/input/profiles/CS2.xml
@@ -52,13 +52,13 @@
 <select idref="bootloader_nousb_argument" selected="true"/>
 
 
-<select idref="disable_module_cramfs" selected="true" />
-<select idref="disable_module_freevxfs" selected="true" />
-<select idref="disable_module_jffs2" selected="true" />
-<select idref="disable_module_hfs" selected="true" />
-<select idref="disable_module_hfsplus" selected="true" />
-<select idref="disable_module_squashfs" selected="true" />
-<select idref="disable_module_udf" selected="true" />
+<select idref="kernel_module_cramfs_disabled" selected="true" />
+<select idref="kernel_module_freevxfs_disabled" selected="true" />
+<select idref="kernel_module_jffs2_disabled" selected="true" />
+<select idref="kernel_module_hfs_disabled" selected="true" />
+<select idref="kernel_module_hfs_disabledplus" selected="true" />
+<select idref="kernel_module_squashfs_disabled" selected="true" />
+<select idref="kernel_module_udf_disabled" selected="true" />
 
 <select idref="sticky_world_writable_dirs" selected="true" />
 <select idref="world_writeable_files" selected="true" />
@@ -97,10 +97,10 @@
 <select idref="disable_interactive_boot" selected="true"/>
 <select idref="package_screen_installed" selected="true"/>
 
-<select idref="disable_protocol_dccp" selected="true"/>
-<select idref="disable_protocol_sctp" selected="true"/>
-<select idref="disable_protocol_rds" selected="true"/>
-<select idref="disable_protocol_tipc" selected="true"/>
+<select idref="kernel_module_dccp_disabled" selected="true"/>
+<select idref="kernel_module_sctp_disabled" selected="true"/>
+<select idref="kernel_module_rds_disabled" selected="true"/>
+<select idref="kernel_module_tipc_disabled" selected="true"/>
 
 <select idref="package_rsyslog_installed" selected="true"/>
 <select idref="service_rsyslog_enabled" selected="true"/>
@@ -210,7 +210,7 @@
 <select idref="sysctl_net_ipv4_conf_all_rp_filter" selected="true"/>
 <select idref="sysctl_net_ipv4_conf_default_rp_filter" selected="true"/>
 
-<select idref="disable_ipv6_module_loading" selected="true"/>
+<select idref="kernel_module_ipv6_option_disabled" selected="true"/>
 <select idref="network_ipv6_disable_interfaces" selected="true"/>
 <select idref="network_ipv6_disable_rpc" selected="true" />
 <select idref="network_ipv6_static_address" selected="true" />
diff --git a/RHEL6/input/profiles/common.xml b/RHEL6/input/profiles/common.xml
index 45ade0e..ab099be 100644
--- a/RHEL6/input/profiles/common.xml
+++ b/RHEL6/input/profiles/common.xml
@@ -89,15 +89,15 @@
 <select idref="sysctl_net_ipv4_tcp_syncookies" selected="true"/>
 <select idref="sysctl_net_ipv4_conf_all_rp_filter" selected="true"/>
 <select idref="sysctl_net_ipv4_conf_default_rp_filter" selected="true"/>
-<select idref="disable_ipv6_module_loading" selected="true"/>
+<select idref="kernel_module_ipv6_option_disabled" selected="true"/>
 <select idref="sysctl_ipv6_default_accept_redirects" selected="true"/>
 <select idref="service_ip6tables_enabled" selected="true"/>
 <select idref="service_iptables_enabled" selected="true"/>
 <select idref="set_iptables_default_rule" selected="true"/>
-<select idref="disable_protocol_dccp" selected="true"/>
-<select idref="disable_protocol_sctp" selected="true"/>
-<select idref="disable_protocol_rds" selected="true"/>
-<select idref="disable_protocol_tipc" selected="true"/>
+<select idref="kernel_module_dccp_disabled" selected="true"/>
+<select idref="kernel_module_sctp_disabled" selected="true"/>
+<select idref="kernel_module_rds_disabled" selected="true"/>
+<select idref="kernel_module_tipc_disabled" selected="true"/>
 <select idref="package_rsyslog_installed" selected="true"/>
 <select idref="service_rsyslog_enabled" selected="true"/>
 
diff --git a/RHEL6/input/profiles/fisma-medium-rhel6-server.xml b/RHEL6/input/profiles/fisma-medium-rhel6-server.xml
index 8c49a9c..649a7c2 100644
--- a/RHEL6/input/profiles/fisma-medium-rhel6-server.xml
+++ b/RHEL6/input/profiles/fisma-medium-rhel6-server.xml
@@ -246,13 +246,13 @@
 <select idref="mount_option_dev_shm_noexec" selected="true" />
 <select idref="mount_option_dev_shm_nosuid" selected="true" />
 <select idref="mount_option_var_tmp_bind_var" selected="true" />
-<select idref="disable_module_cramfs" selected="true" />
-<select idref="disable_module_freevxfs" selected="true" />
-<select idref="disable_module_jffs2" selected="true" />
-<select idref="disable_module_hfs" selected="true" />
-<select idref="disable_module_hfsplus" selected="true" />
-<select idref="disable_module_squashfs" selected="true" />
-<select idref="disable_module_udf" selected="true" />
+<select idref="kernel_module_cramfs_disabled" selected="true" />
+<select idref="kernel_module_freevxfs_disabled" selected="true" />
+<select idref="kernel_module_jffs2_disabled" selected="true" />
+<select idref="kernel_module_hfs_disabled" selected="true" />
+<select idref="kernel_module_hfs_disabledplus" selected="true" />
+<select idref="kernel_module_squashfs_disabled" selected="true" />
+<select idref="kernel_module_udf_disabled" selected="true" />
 <select idref="sysctl_ipv4_all_send_redirects" selected="true" />
 <select idref="sysctl_ipv4_ip_forward" selected="true" />
 <select idref="sysctl_net_ipv4_conf_all_accept_source_route" selected="true" />
@@ -261,13 +261,13 @@
 <select idref="set_ip6tables_default_rule" selected="true" />
 <select idref="set_iptables_default_rule" selected="true" />
 <select idref="set_iptables_default_rule_forward" selected="true" />
-<select idref="disable_protocol_dccp" selected="true" />
-<select idref="disable_protocol_sctp" selected="true" />
-<select idref="disable_protocol_rds" selected="true" />
-<select idref="disable_protocol_tipc" selected="true" />
+<select idref="kernel_module_dccp_disabled" selected="true" />
+<select idref="kernel_module_sctp_disabled" selected="true" />
+<select idref="kernel_module_rds_disabled" selected="true" />
+<select idref="kernel_module_tipc_disabled" selected="true" />
 <select idref="network_disable_zeroconf" selected="true" />
 <select idref="network_sniffer_disabled" selected="true" />
-<select idref="disable_ipv6_module_loading" selected="true" />
+<select idref="kernel_module_ipv6_option_disabled" selected="true" />
 <select idref="network_ipv6_disable_rpc" selected="true" />
 <select idref="sysctl_net_ipv6_conf_default_accept_ra" selected="true" />
 <select idref="sysctl_ipv6_default_accept_redirects" selected="true" />
diff --git a/RHEL6/input/profiles/nist-CL-IL-AL.xml b/RHEL6/input/profiles/nist-CL-IL-AL.xml
index 5ab5bb6..f28611d 100644
--- a/RHEL6/input/profiles/nist-CL-IL-AL.xml
+++ b/RHEL6/input/profiles/nist-CL-IL-AL.xml
@@ -299,17 +299,17 @@ assurance."</description>
 <select idref="rpm_verify_hashes" selected="true" \>
 
 <!-- CM-7 -->
-<select idref="disable_ipv6_module_loading" selected="true" \>
+<select idref="kernel_module_ipv6_option_disabled" selected="true" \>
 <select idref="network_ipv6_disable_rpc" selected="true" \>
 <select idref="sysctl_net_ipv6_conf_default_accept_ra" selected="true" \>
 <select idref="sysctl_ipv6_default_accept_redirects" selected="true" \>
 <select idref="network_disable_unused_interfaces" selected="true" \>
 <select idref="network_disable_zeroconf" selected="true" \>
 <select idref="network_sniffer_disabled" selected="true" \>
-<select idref="disable_protocol_dccp" selected="true" \>
-<select idref="disable_protocol_sctp" selected="true" \>
-<select idref="disable_protocol_rds" selected="true" \>
-<select idref="disable_protocol_tipc" selected="true" \>
+<select idref="kernel_module_dccp_disabled" selected="true" \>
+<select idref="kernel_module_sctp_disabled" selected="true" \>
+<select idref="kernel_module_rds_disabled" selected="true" \>
+<select idref="kernel_module_tipc_disabled" selected="true" \>
 <select idref="set_iptables_default_rule" selected="true" \>
 <select idref="set_iptables_default_rule_forward" selected="true" \>
 <select idref="sysctl_ipv4_all_send_redirects" selected="true" \>
@@ -318,13 +318,13 @@ assurance."</description>
 <select idref="sysctl_net_ipv4_conf_all_accept_redirects" selected="true" \>
 <select idref="sysctl_net_ipv4_icmp_echo_ignore_broadcasts" selected="true" \>
 <select idref="sysctl_net_ipv4_icmp_ignore_bogus_error_responses" selected="true" \>
-<select idref="disable_module_cramfs" selected="true" \>
-<select idref="disable_module_freevxfs" selected="true" \>
-<select idref="disable_module_jffs2" selected="true" \>
-<select idref="disable_module_hfs" selected="true" \>
-<select idref="disable_module_hfsplus" selected="true" \>
-<select idref="disable_module_squashfs" selected="true" \>
-<select idref="disable_module_udf" selected="true" \>
+<select idref="kernel_module_cramfs_disabled" selected="true" \>
+<select idref="kernel_module_freevxfs_disabled" selected="true" \>
+<select idref="kernel_module_jffs2_disabled" selected="true" \>
+<select idref="kernel_module_hfs_disabled" selected="true" \>
+<select idref="kernel_module_hfs_disabledplus" selected="true" \>
+<select idref="kernel_module_squashfs_disabled" selected="true" \>
+<select idref="kernel_module_udf_disabled" selected="true" \>
 <select idref="disable_gnome_thumbnailers" selected="true" \>
 <select idref="mountopt_nodev_on_nonroot_partitions" selected="true" \>
 <select idref="mount_option_tmp_nodev" selected="true" \>
diff --git a/RHEL6/input/profiles/test.xml b/RHEL6/input/profiles/test.xml
index e487eee..bad88f5 100644
--- a/RHEL6/input/profiles/test.xml
+++ b/RHEL6/input/profiles/test.xml
@@ -18,7 +18,7 @@
 <select idref="enable_screensaver_after_idle" selected="true"/>
 <select idref="enable_screensaver_password_lock" selected="true"/>
 <select idref="use_nodev_option_on_nfs_mounts" selected="true"/>
-<select idref="disable_module_cramfs" selected="true"/>
+<select idref="kernel_module_cramfs_disabled" selected="true"/>
 <select idref="packagegroup_xwindows_remove" selected="true"/>
 <refine-value idref="login_banner_text" selector="usgcb_default"/>
 <refine-value idref="var_umask_for_daemons" selector="027"/>
diff --git a/RHEL6/input/profiles/usgcb-rhel6-server.xml b/RHEL6/input/profiles/usgcb-rhel6-server.xml
index e4deed8..fd2c857 100644
--- a/RHEL6/input/profiles/usgcb-rhel6-server.xml
+++ b/RHEL6/input/profiles/usgcb-rhel6-server.xml
@@ -28,13 +28,13 @@
 <select idref="mount_option_dev_shm_nosuid" selected="true" />
 <select idref="mount_option_dev_shm_noexec" selected="true" />
 <select idref="mount_option_var_tmp_bind_var" selected="true" />
-<select idref="disable_module_cramfs" selected="true" />
-<select idref="disable_module_freevxfs" selected="true" />
-<select idref="disable_module_hfs" selected="true" />
-<select idref="disable_module_hfsplus" selected="true" />
-<select idref="disable_module_jffs2" selected="true" />
-<select idref="disable_module_squashfs" selected="true" />
-<select idref="disable_module_udf" selected="true" />
+<select idref="kernel_module_cramfs_disabled" selected="true" />
+<select idref="kernel_module_freevxfs_disabled" selected="true" />
+<select idref="kernel_module_hfs_disabled" selected="true" />
+<select idref="kernel_module_hfs_disabledplus" selected="true" />
+<select idref="kernel_module_jffs2_disabled" selected="true" />
+<select idref="kernel_module_squashfs_disabled" selected="true" />
+<select idref="kernel_module_udf_disabled" selected="true" />
 <select idref="perms_gshadow_file" selected="true" /> <!-- RHEL5 had this as chmod 400, RHEL6 as 0000 -->
 <select idref="userowner_gshadow_file" selected="true" />
 <select idref="groupowner_gshadow_file" selected="true" />
@@ -147,7 +147,7 @@
 <select idref="wireless_disable_in_bios" selected="true" />
 <select idref="deactivate_wireless_interfaces" selected="true" />
 <select idref="service_bluetooth_disabled" selected="true" />
-<select idref="disable_ipv6_module_loading" selected="true" />
+<select idref="kernel_module_ipv6_option_disabled" selected="true" />
 <select idref="network_ipv6_disable_rpc" selected="true" />
 <refine-value idref="sysctl_net_ipv6_conf_default_accept_ra_value" selector="disabled" />
 <select idref="sysctl_net_ipv6_conf_default_accept_ra" selected="true" />
@@ -156,10 +156,10 @@
 <select idref="service_iptables_enabled" selected="true" />
 <select idref="set_iptables_default_rule" selected="true" />
 <select idref="set_iptables_default_rule_forward" selected="true" />
-<select idref="disable_protocol_dccp" selected="true" />
-<select idref="disable_protocol_sctp" selected="true" />
-<select idref="disable_protocol_rds" selected="true" />
-<select idref="disable_protocol_tipc" selected="true" />
+<select idref="kernel_module_dccp_disabled" selected="true" />
+<select idref="kernel_module_sctp_disabled" selected="true" />
+<select idref="kernel_module_rds_disabled" selected="true" />
+<select idref="kernel_module_tipc_disabled" selected="true" />
 <select idref="package_rsyslog_installed" selected="true" />
 <select idref="service_rsyslog_enabled" selected="true" />
 <select idref="rsyslog_file_permissions" selected="true" />
diff --git a/RHEL6/input/system/network/ipv6.xml b/RHEL6/input/system/network/ipv6.xml
index 0dc0245..8a7a82c 100644
--- a/RHEL6/input/system/network/ipv6.xml
+++ b/RHEL6/input/system/network/ipv6.xml
@@ -16,7 +16,7 @@ effectively prevent execution of the IPv6 networking stack is to
 instruct the system not to activate the IPv6 kernel module.
 </description>
 
-<Rule id="disable_ipv6_module_loading" severity="medium">
+<Rule id="kernel_module_ipv6_option_disabled" severity="medium">
 <title>Disable IPv6 Networking Support Automatic Loading</title>
 <description>To prevent the IPv6 kernel module (<tt>ipv6</tt>) from loading the
 IPv6 networking stack, add the following line to
diff --git a/RHEL6/input/system/network/uncommon.xml b/RHEL6/input/system/network/uncommon.xml
index ad6daf8..da41c4d 100644
--- a/RHEL6/input/system/network/uncommon.xml
+++ b/RHEL6/input/system/network/uncommon.xml
@@ -12,7 +12,7 @@ in your network environment by ensuring they are not needed
 prior to disabling them.
 </warning>
 
-<Rule id="disable_protocol_dccp" severity="medium">
+<Rule id="kernel_module_dccp_disabled" severity="medium">
 <title>Disable DCCP Support</title>
 <description>
 The Datagram Congestion Control Protocol (DCCP) is a
@@ -33,7 +33,7 @@ the system against exploitation of any flaws in its implementation.
 <tested by="DS" on="20121024"/>
 </Rule>
 
-<Rule id="disable_protocol_sctp" severity="medium">
+<Rule id="kernel_module_sctp_disabled" severity="medium">
 <title>Disable SCTP Support</title>
 <description>
 The Stream Control Transmission Protocol (SCTP) is a
@@ -55,7 +55,7 @@ the system against exploitation of any flaws in its implementation.
 <tested by="DS" on="20121024"/>
 </Rule>
 
-<Rule id="disable_protocol_rds">
+<Rule id="kernel_module_rds_disabled">
 <title>Disable RDS Support</title>
 <description>
 The Reliable Datagram Sockets (RDS) protocol is a transport
@@ -76,7 +76,7 @@ the system against exploitation of any flaws in its implementation.
 <tested by="DS" on="20121024"/>
 </Rule>
 
-<Rule id="disable_protocol_tipc" severity="medium">
+<Rule id="kernel_module_tipc_disabled" severity="medium">
 <title>Disable TIPC Support</title>
 <description>
 The Transparent Inter-Process Communication (TIPC) protocol
diff --git a/RHEL6/input/system/permissions/mounting.xml b/RHEL6/input/system/permissions/mounting.xml
index 897d45f..6191a0a 100644
--- a/RHEL6/input/system/permissions/mounting.xml
+++ b/RHEL6/input/system/permissions/mounting.xml
@@ -152,7 +152,7 @@ DVDs.
 <ref nist="AC-19(a),AC-19(d),AC-19(e)" disa="1250,85" />
 </Rule>
 
-<Rule id="disable_module_cramfs">
+<Rule id="kernel_module_cramfs_disabled">
 <title>Disable Mounting of <tt>cramfs</tt></title>
 <description>
 <module-disable-macro module="cramfs" />
@@ -165,7 +165,7 @@ local system should be disabled.</rationale>
 <ref nist="CM-7" />
 </Rule>
 
-<Rule id="disable_module_freevxfs">
+<Rule id="kernel_module_freevxfs_disabled">
 <title>Disable Mounting of <tt>freevxfs</tt></title>
 <description>
 <module-disable-macro module="freevxfs" />
@@ -178,7 +178,7 @@ local system should be disabled.</rationale>
 <ref nist="CM-7" />
 </Rule>
 
-<Rule id="disable_module_jffs2">
+<Rule id="kernel_module_jffs2_disabled">
 <title>Disable Mounting of <tt>jffs2</tt></title>
 <description>
 <module-disable-macro module="jffs2" />
@@ -191,7 +191,7 @@ local system should be disabled.</rationale>
 <ref nist="CM-7" />
 </Rule>
 
-<Rule id="disable_module_hfs">
+<Rule id="kernel_module_hfs_disabled">
 <title>Disable Mounting of <tt>hfs</tt></title>
 <description>
 <module-disable-macro module="hfs" />
@@ -204,7 +204,7 @@ local system should be disabled.</rationale>
 <ref nist="CM-7" />
 </Rule>
 
-<Rule id="disable_module_hfsplus">
+<Rule id="kernel_module_hfsplus_disabled">
 <title>Disable Mounting of <tt>hfsplus</tt></title>
 <description>
 <module-disable-macro module="hfsplus" />
@@ -217,7 +217,7 @@ local system should be disabled.</rationale>
 <ref nist="CM-7" />
 </Rule>
 
-<Rule id="disable_module_squashfs">
+<Rule id="kernel_module_squashfs_disabled">
 <title>Disable Mounting of <tt>squashfs</tt></title>
 <description>
 <module-disable-macro module="squashfs" />
@@ -230,7 +230,7 @@ local system should be disabled.</rationale>
 <ref nist="CM-7" />
 </Rule>
 
-<Rule id="disable_module_udf">
+<Rule id="kernel_module_udf_disabled">
 <title>Disable Mounting of <tt>udf</tt></title>
 <description>
 <module-disable-macro module="udf" />
-- 
1.7.1