great, please push.
On 04/30/2013 04:21 PM, David Smith wrote:
Signed-off-by: David Smith <dsmith(a)eclipse.ncsc.mil>
---
RHEL6/input/system/permissions/mounting.xml | 39 ---------------------------
1 files changed, 0 insertions(+), 39 deletions(-)
diff --git a/RHEL6/input/system/permissions/mounting.xml
b/RHEL6/input/system/permissions/mounting.xml
index 683a2f6..60ff0a3 100644
--- a/RHEL6/input/system/permissions/mounting.xml
+++ b/RHEL6/input/system/permissions/mounting.xml
@@ -19,45 +19,6 @@ Use caution when enabling any such facility, and find out
whether better configuration management or user education might
solve the same problem with less risk.</description>
-<Rule id="console_device_restrict_access_desktop">
-<title>Restrict Console Device Access to Desktop Workstations</title>
-<description>If the display manager has been altered to allow remote users to
-log in and the host is configured to run at runlevel 5, change console as well
-as the xconsole directive in the <tt>/etc/security/console.perms</tt> to
the
-following:
-<pre><console>=tty[0-9][0-9]* vc/[0-9][0-9]* :0\.[0-9] :0
-<xconsole>=:0\.[0-9] :0</pre></description>
-<rationale>When a user logs in, the module pam_console.so called via the
-command login, or by some of the graphics program of logging, such as gdm, kdm,
-and xdm. If this user is the first to log into the physical console
-- called the console user - the user module assures the mastery of a wide
-variety of devices normally belong to root. Administrative privileges should be
-limited for non-root users. Review the man page for <tt>pam_console</tt>
for
-more information</rationale>
-<ident cce="27192-4" />
-<oval id="console_device_restrict_access_desktop" />
-<ref nist="" />
-</Rule>
-
-<Rule id="console_device_restrict_access_server">
-<title>Restrict Console Device Access to Servers</title>
-<description>If the display manager has been altered to allow remote users to
-log in and the host is configured to run at runlevel 5, change console as well
-as the xconsole directive in the <tt>/etc/security/console.perms</tt> to
the
-following:
-<pre><console>=tty[0-9][0-9]*
vc/[0-9][0-9]*</pre></description>
-<rationale>When a user logs in, the module pam_console.so called via the
-command login, or by some of the graphics program of logging, such as gdm, kdm,
-and xdm. If this user is the first to log into the physical console
-- called the console user - the user module assures the mastery of a wide
-variety of devices normally belong to root. Administrative privileges should be
-limited for non-root users. Review the man page for <tt>pam_console</tt>
for
-more information</rationale>
-<ident cce="26892-0" />
-<oval id="console_device_restrict_access_server" />
-<ref nist="" />
-</Rule>
-
<Rule id="kernel_module_usb-storage_disabled">
<title>Disable Modprobe Loading of USB Storage Driver</title>
<description>
--
___________________________
Jeffrey Blank
410-854-8675
Technology and Systems Analysis / Network Components
NSA Information Assurance