Signed-off-by: Michael Palmiotto <mpalmiotto(a)tresys.com>
---
rhel6/src/input/system/network/uncommon.xml | 10 +++++-----
rhel6/src/input/system/network/wireless.xml | 2 +-
rhel6/src/input/system/permissions/mounting.xml | 20 ++++++++++----------
3 files changed, 16 insertions(+), 16 deletions(-)
diff --git a/rhel6/src/input/system/network/uncommon.xml
b/rhel6/src/input/system/network/uncommon.xml
index 1911b2e..75e35d7 100644
--- a/rhel6/src/input/system/network/uncommon.xml
+++ b/rhel6/src/input/system/network/uncommon.xml
@@ -15,7 +15,7 @@ prior to disabling them.
<Rule id="disable_protocol_dccp" severity="medium">
<title>Disable DCCP Support</title>
<description>To prevent the DCCP kernel module from being loaded,
-add the following line to <tt>/etc/modprobe.conf</tt>:
+add the following line to the appropriate <tt>/etc/modprobe.d</tt>
configuration file.:
<pre>install dccp /bin/true</pre>
The Datagram Congestion Control Protocol (DCCP) is a
relatively new transport layer protocol, designed to support
@@ -34,7 +34,7 @@ the system against exploitation of any flaws in its implementation.
<Rule id="disable_protocol_sctp" severity="medium">
<title>Disable SCTP Support</title>
<description>To prevent the SCTP kernel module from being loaded,
-add the following line to <tt>/etc/modprobe.conf</tt>:
+add the following line to the appropriate <tt>/etc/modprobe.d</tt>
configuration file.:
<pre>install sctp /bin/true</pre>
The Stream Control Transmission Protocol (SCTP) is a
transport layer protocol, designed to support the idea of
@@ -54,7 +54,7 @@ the system against exploitation of any flaws in its implementation.
<Rule id="disable_protocol_rds">
<title>Disable RDS Support</title>
<description>To prevent the RDS kernel module from being loaded,
-add the following line to <tt>/etc/modprobe.conf</tt>:
+add the following line to the appropriate <tt>/etc/modprobe.d</tt>
configuration file.:
<pre>install rds /bin/true</pre>
The Reliable Datagram Sockets (RDS) protocol is a transport
layer protocol designed to provide reliable high- bandwidth,
@@ -73,8 +73,8 @@ the system against exploitation of any flaws in its implementation.
<Rule id="disable_protocol_tipc" severity="medium">
<title>Disable TIPC Support</title>
<description>To prevent the TIPC kernel module from being loaded,
-add the following line to <tt>/etc/modprobe.conf</tt>:
-<pre>install rds /bin/true</pre>
+add the following line to the appropriate <tt>/etc/modprobe.d</tt>
configuration file.:
+<pre>install tipc /bin/true</pre>
The Transparent Inter-Process Communication (TIPC) protocol
is designed to provide communications between nodes in a
cluster.
diff --git a/rhel6/src/input/system/network/wireless.xml
b/rhel6/src/input/system/network/wireless.xml
index 7d22256..37cb5da 100644
--- a/rhel6/src/input/system/network/wireless.xml
+++ b/rhel6/src/input/system/network/wireless.xml
@@ -104,7 +104,7 @@ utility of Bluetooth connectivity and its limited
range.</rationale>
<title>Disable Bluetooth Kernel Modules</title>
<description>The kernel's module loading system can be configured to prevent
loading of the Bluetooth module. Add the following to
-<tt>/etc/modprobe.conf</tt> or a file inside the directory
<tt>/etc/modprobe.d</tt>
+the appropriate <tt>/etc/modprobe.d</tt> configuration file
to prevent the loading of the Bluetooth module:
<pre>install net-pf-31 /bin/true
install bluetooth /bin/true</pre>
diff --git a/rhel6/src/input/system/permissions/mounting.xml
b/rhel6/src/input/system/permissions/mounting.xml
index 1899858..d1aafae 100644
--- a/rhel6/src/input/system/permissions/mounting.xml
+++ b/rhel6/src/input/system/permissions/mounting.xml
@@ -12,7 +12,7 @@ to compromise the system.
This command can be used to list the types of filesystems that are
available to the currently executing kernel:
<pre># find /lib/modules/`uname -r`/kernel/fs -type f -name
'*.ko'</pre>
-If these filesystems are not required then they should be explicitly disabed
+If these filesystems are not required then they should be explicitly disabled
in the appropriate <tt>/etc/modprobe.d</tt> configuration file.
<br /><br />
Use caution when enabling any such facility, and find out
@@ -45,8 +45,8 @@ solve the same problem with less risk.</description>
<description>
If USB storage devices should not be used, the <tt>modprobe</tt> program
used for automatic kernel module loading should be configured to not load
-the USB storage driver upon demand. Add the following line to
-<tt>/etc/modprobe.conf</tt> to prevent loading of the
<tt>usb-storage</tt>
+the USB storage driver upon demand. Add the following line to the appropriate
+file in <tt>/etc/modprobe.d/</tt> to prevent loading of the
<tt>usb-storage</tt>
kernel module:
<pre>install usb-storage /bin/true</pre>
This will prevent the <tt>modprobe</tt> program from loading the
<tt>usb-storage</tt>
@@ -167,7 +167,7 @@ DVDs.
<Rule id="disable_module_cramfs">
<title>Disable Mounting of <tt>cramfs</tt></title>
-<description>Using the <tt>install</tt> command inside
<tt>/etc/modprobe.conf</tt>
+<description>Using the <tt>install</tt> command inside the appropriate
.conf file inside<tt>/etc/modprobe.d</tt>
instructs the kernel module loading system to run the command
specified (here, <tt>/bin/true</tt>) instead of inserting the module in the
kernel as normal. This effectively prevents usage of these uncommon
@@ -181,7 +181,7 @@ local system should be disabled.</rationale>
<Rule id="disable_module_freevxfs">
<title>Disable Mounting of <tt>freevxfs</tt></title>
-<description>Using the <tt>install</tt> command inside
<tt>/etc/modprobe.conf</tt>
+<description>Using the <tt>install</tt> command inside the appropriate
<tt>/etc/modprobe.d</tt> configuration file.
instructs the kernel module loading system to run the command
specified (here, <tt>/bin/true</tt>) instead of inserting the module in the
kernel as normal. This effectively prevents usage of these uncommon
@@ -195,7 +195,7 @@ local system should be disabled.</rationale>
<Rule id="disable_module_jffs2">
<title>Disable Mounting of <tt>jffs2</tt></title>
-<description>Using the <tt>install</tt> command inside
<tt>/etc/modprobe.conf</tt>
+<description>Using the <tt>install</tt> command inside the appropriate
<tt>/etc/modprobe.d</tt> configuration file.
instructs the kernel module loading system to run the command
specified (here, <tt>/bin/true</tt>) instead of inserting the module in the
kernel as normal. This effectively prevents usage of these uncommon
@@ -209,7 +209,7 @@ local system should be disabled.</rationale>
<Rule id="disable_module_hfs">
<title>Disable Mounting of <tt>hfs</tt></title>
-<description>Using the <tt>install</tt> command inside
<tt>/etc/modprobe.conf</tt>
+<description>Using the <tt>install</tt> command inside the appropriate
<tt>/etc/modprobe.d</tt> configuration file.
instructs the kernel module loading system to run the command
specified (here, <tt>/bin/true</tt>) instead of inserting the module in the
kernel as normal. This effectively prevents usage of these uncommon
@@ -223,7 +223,7 @@ local system should be disabled.</rationale>
<Rule id="disable_module_hfsplus">
<title>Disable Mounting of <tt>hfsplus</tt></title>
-<description>Using the <tt>install</tt> command inside
<tt>/etc/modprobe.conf</tt>
+<description>Using the <tt>install</tt> command inside the appropriate
<tt>/etc/modprobe.d</tt> configuration file.
instructs the kernel module loading system to run the command
specified (here, <tt>/bin/true</tt>) instead of inserting the module in the
kernel as normal. This effectively prevents usage of these uncommon
@@ -237,7 +237,7 @@ local system should be disabled.</rationale>
<Rule id="disable_module_squashfs">
<title>Disable Mounting of <tt>squashfs</tt></title>
-<description>Using the <tt>install</tt> command inside
<tt>/etc/modprobe.conf</tt>
+<description>Using the <tt>install</tt> command inside the appropriate
<tt>/etc/modprobe.d</tt> configuration file.
instructs the kernel module loading system to run the command
specified (here, <tt>/bin/true</tt>) instead of inserting the module in the
kernel as normal. This effectively prevents usage of these uncommon
@@ -251,7 +251,7 @@ local system should be disabled.</rationale>
<Rule id="disable_module_udf">
<title>Disable Mounting of <tt>udf</tt></title>
-<description>Using the <tt>install</tt> command inside
<tt>/etc/modprobe.conf</tt>
+<description>Using the <tt>install</tt> command inside the appropriate
<tt>/etc/modprobe.d</tt> configuration file.
instructs the kernel module loading system to run the command
specified (here, <tt>/bin/true</tt>) instead of inserting the module in the
kernel as normal. This effectively prevents usage of these uncommon
--
1.7.1