Out of curiosity I did a quick search to see where else this typo might be:Date: Sun, 30 Sep 2012 14:50:15 -0400
From: Shawn Wells <shawn@redhat.com>
To: scap-security-guide@lists.fedorahosted.org
Subject: Re: [PATCH] Fixed typo in example iptables network/netmask
pair for limiting ssh port to trusted networks.
Message-ID: <50689467.5000400@redhat.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
On 9/28/12 1:21 PM, Andrew Gilmore wrote:
> -<pre>-A RH-Firewall-1-INPUT -s netwk /mask -m state --state NEW -p tcp --dport 22 -j ACCEPT</pre>
> +<pre>-A RH-Firewall-1-INPUT -s netwk/mask -m state --state NEW -p tcp --dport 22 -j ACCEPT</pre>
Thanks for the catch! Ack
Please push (or indicate you need someone to do so for you).
I don't have write access, this patch was mostly a drive by.
Please push.
If you haven't already, I highly recommend checking out the SecState tool: https://fedorahosted.org/secstate/My agency is attempting to STIG a CentOS 6 image themselves, and I both don't have time to wait, and thought someone else was probably doing it. I'm glad you all are, but seems like you're months out as well from production release. I know, I know, it is done when it is done. :)
And now you have 3 lines in the SCAP Security Guide, which is working itself to be the upstream source for RHEL6 STIG and USGCB content. Welcome to our community :)I should probably introduce myself, as well.I work for a Dept. of Interior agency on databases and hydrology, but sometimes dabble here and there. :) I have contributed to the CIS benchmarks for RHEL 5 and 6, and have all of two lines of code in the linux kernel. :)