[PATCH 3/5] Mapped CCI-000776 to sshd_allow_only_protocol2

CCI-000776 requires the use of replay-resistant authentication mechanisms for network access to non-priviledged accounts. Using SSH protocol version 2 satisfies this requirement.

Signed-off-by: Willy Santos wsantos@redhat.com --- rhel6/src/input/services/ssh.xml | 1 + 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/rhel6/src/input/services/ssh.xml b/rhel6/src/input/services/ssh.xml index 3f447f2..fb4d5f5 100644 --- a/rhel6/src/input/services/ssh.xml +++ b/rhel6/src/input/services/ssh.xml @@ -56,6 +56,7 @@ should not be used. </rationale> <ident cce="4325-7" /> <oval id="sshd_protocol_2" /> +<ref disa="776" /> </Rule>

<!-- FIXME: figure out whether/how to say something discrete here -->