[PATCH 4/5] Mapped CCI-000774 to sshd_allow_only_protocol2

CCI-000774 requires the use of replay-resistant authentication mechanisms for network access to priviledged accounts. Using SSH protocol version 2 satisfies this requirement.

Signed-off-by: Willy Santos wsantos@redhat.com --- rhel6/src/input/services/ssh.xml | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/rhel6/src/input/services/ssh.xml b/rhel6/src/input/services/ssh.xml index fb4d5f5..5b07857 100644 --- a/rhel6/src/input/services/ssh.xml +++ b/rhel6/src/input/services/ssh.xml @@ -56,7 +56,7 @@ should not be used. </rationale> <ident cce="4325-7" /> <oval id="sshd_protocol_2" /> -<ref disa="776" /> +<ref disa="776,774" /> </Rule>

<!-- FIXME: figure out whether/how to say something discrete here -->