--- RHEL/6/input/profiles/CS2.xml | 1 - .../6/input/profiles/fisma-medium-rhel6-server.xml | 1 - RHEL/6/input/profiles/nist-CL-IL-AL.xml | 1 - RHEL/6/input/profiles/usgcb-rhel6-server.xml | 1 - 4 files changed, 0 insertions(+), 4 deletions(-)
diff --git a/RHEL/6/input/profiles/CS2.xml b/RHEL/6/input/profiles/CS2.xml index 33c0395..aea380b 100644 --- a/RHEL/6/input/profiles/CS2.xml +++ b/RHEL/6/input/profiles/CS2.xml @@ -226,7 +226,6 @@ <select idref="kernel_module_bluetooth_disabled" selected="true"/>
<select idref="service_crond_enabled" selected="true"/> -<select idref="disable_anacron" selected="true" />
<select idref="service_abrtd_disabled" selected="true"/> <select idref="service_acpid_disabled" selected="true" /> diff --git a/RHEL/6/input/profiles/fisma-medium-rhel6-server.xml b/RHEL/6/input/profiles/fisma-medium-rhel6-server.xml index 9e639f1..b604924 100644 --- a/RHEL/6/input/profiles/fisma-medium-rhel6-server.xml +++ b/RHEL/6/input/profiles/fisma-medium-rhel6-server.xml @@ -235,7 +235,6 @@ <select idref="service_smartd_disabled" selected="true" /> <select idref="service_sysstat_disabled" selected="true" /> <select idref="service_crond_enabled" selected="true" /> -<select idref="disable_anacron" selected="true" /> <select idref="service_atd_disabled" selected="true" /> <select idref="disable_avahi" selected="true" /> <select idref="mountopt_nodev_on_nonroot_partitions" selected="true" /> diff --git a/RHEL/6/input/profiles/nist-CL-IL-AL.xml b/RHEL/6/input/profiles/nist-CL-IL-AL.xml index ccb1ae6..9e0dd40 100644 --- a/RHEL/6/input/profiles/nist-CL-IL-AL.xml +++ b/RHEL/6/input/profiles/nist-CL-IL-AL.xml @@ -341,7 +341,6 @@ assurance."</description> <select idref="disable_dhcp_client" selected="true" /> <select idref="disable_avahi" selected="true" /> <select idref="service_crond_enabled" selected="true" /> -<select idref="disable_anacron" selected="true" /> <select idref="disable_dns_server" selected="true" /> <select idref="uninstall_bind" selected="true" /> <select idref="package_openldap-servers_removed" selected="true" /> diff --git a/RHEL/6/input/profiles/usgcb-rhel6-server.xml b/RHEL/6/input/profiles/usgcb-rhel6-server.xml index 7fa82c7..c6bad6b 100644 --- a/RHEL/6/input/profiles/usgcb-rhel6-server.xml +++ b/RHEL/6/input/profiles/usgcb-rhel6-server.xml @@ -208,7 +208,6 @@ <select idref="service_kdump_disabled" selected="true" /> <select idref="network_disable_zeroconf" selected="true" /> <select idref="service_crond_enabled" selected="true" /> -<select idref="disable_anacron" selected="true" /> <!-- PLACEHOLDER: cron file perms go here when ready --> <select idref="sshd_allow_only_protocol2" selected="true" /> <select idref="service_atd_disabled" selected="true" />
On 6/2/14, 4:41 PM, David Smith wrote:
RHEL/6/input/profiles/CS2.xml | 1 - .../6/input/profiles/fisma-medium-rhel6-server.xml | 1 - RHEL/6/input/profiles/nist-CL-IL-AL.xml | 1 - RHEL/6/input/profiles/usgcb-rhel6-server.xml | 1 - 4 files changed, 0 insertions(+), 4 deletions(-)
diff --git a/RHEL/6/input/profiles/CS2.xml b/RHEL/6/input/profiles/CS2.xml index 33c0395..aea380b 100644 --- a/RHEL/6/input/profiles/CS2.xml +++ b/RHEL/6/input/profiles/CS2.xml @@ -226,7 +226,6 @@
<select idref="kernel_module_bluetooth_disabled" selected="true"/>
<select idref="service_crond_enabled" selected="true"/> -<select idref="disable_anacron" selected="true" />
<select idref="service_abrtd_disabled" selected="true"/> <select idref="service_acpid_disabled" selected="true" /> diff --git a/RHEL/6/input/profiles/fisma-medium-rhel6-server.xml b/RHEL/6/input/profiles/fisma-medium-rhel6-server.xml index 9e639f1..b604924 100644 --- a/RHEL/6/input/profiles/fisma-medium-rhel6-server.xml +++ b/RHEL/6/input/profiles/fisma-medium-rhel6-server.xml @@ -235,7 +235,6 @@ <select idref="service_smartd_disabled" selected="true" /> <select idref="service_sysstat_disabled" selected="true" /> <select idref="service_crond_enabled" selected="true" /> -<select idref="disable_anacron" selected="true" /> <select idref="service_atd_disabled" selected="true" /> <select idref="disable_avahi" selected="true" /> <select idref="mountopt_nodev_on_nonroot_partitions" selected="true" /> diff --git a/RHEL/6/input/profiles/nist-CL-IL-AL.xml b/RHEL/6/input/profiles/nist-CL-IL-AL.xml index ccb1ae6..9e0dd40 100644 --- a/RHEL/6/input/profiles/nist-CL-IL-AL.xml +++ b/RHEL/6/input/profiles/nist-CL-IL-AL.xml @@ -341,7 +341,6 @@ assurance."</description> <select idref="disable_dhcp_client" selected="true" /> <select idref="disable_avahi" selected="true" /> <select idref="service_crond_enabled" selected="true" /> -<select idref="disable_anacron" selected="true" /> <select idref="disable_dns_server" selected="true" /> <select idref="uninstall_bind" selected="true" /> <select idref="package_openldap-servers_removed" selected="true" /> diff --git a/RHEL/6/input/profiles/usgcb-rhel6-server.xml b/RHEL/6/input/profiles/usgcb-rhel6-server.xml index 7fa82c7..c6bad6b 100644 --- a/RHEL/6/input/profiles/usgcb-rhel6-server.xml +++ b/RHEL/6/input/profiles/usgcb-rhel6-server.xml @@ -208,7 +208,6 @@ <select idref="service_kdump_disabled" selected="true" /> <select idref="network_disable_zeroconf" selected="true" /> <select idref="service_crond_enabled" selected="true" /> -<select idref="disable_anacron" selected="true" /> <!-- PLACEHOLDER: cron file perms go here when ready --> <select idref="sshd_allow_only_protocol2" selected="true" /> <select idref="service_atd_disabled" selected="true" />
ack
this leaves C2S (where we aren't upstream yet, so we should leave the rule in the checklist), and CSCF (where Lockheed is really the upstream rule owner).
Thanks Shawn - pushed. I'm glad the OVAL patch came up and forced us to take another look at this particular rule.
On Mon, Jun 2, 2014 at 5:19 PM, Shawn Wells shawn@redhat.com wrote:
On 6/2/14, 4:41 PM, David Smith wrote:
RHEL/6/input/profiles/CS2.xml | 1 - .../6/input/profiles/fisma-medium-rhel6-server.xml | 1 - RHEL/6/input/profiles/nist-CL-IL-AL.xml | 1 - RHEL/6/input/profiles/usgcb-rhel6-server.xml | 1 - 4 files changed, 0 insertions(+), 4 deletions(-)
diff --git a/RHEL/6/input/profiles/CS2.xml b/RHEL/6/input/profiles/CS2. xml index 33c0395..aea380b 100644 --- a/RHEL/6/input/profiles/CS2.xml +++ b/RHEL/6/input/profiles/CS2.xml @@ -226,7 +226,6 @@
<select idref="kernel_module_bluetooth_disabled" selected="true"/> <select idref="service_crond_enabled" selected="true"/> -<select idref="disable_anacron" selected="true" /> <select idref="service_abrtd_disabled" selected="true"/> <select idref="service_acpid_disabled" selected="true" /> diff --git a/RHEL/6/input/profiles/fisma-medium-rhel6-server.xml b/RHEL/6/input/profiles/fisma-medium-rhel6-server.xml index 9e639f1..b604924 100644 --- a/RHEL/6/input/profiles/fisma-medium-rhel6-server.xml +++ b/RHEL/6/input/profiles/fisma-medium-rhel6-server.xml @@ -235,7 +235,6 @@ <select idref="service_smartd_disabled" selected="true" /> <select idref="service_sysstat_disabled" selected="true" /> <select idref="service_crond_enabled" selected="true" /> -<select idref="disable_anacron" selected="true" /> <select idref="service_atd_disabled" selected="true" /> <select idref="disable_avahi" selected="true" /> <select idref="mountopt_nodev_on_nonroot_partitions" selected="true" /> diff --git a/RHEL/6/input/profiles/nist-CL-IL-AL.xml b/RHEL/6/input/profiles/nist-CL-IL-AL.xml index ccb1ae6..9e0dd40 100644 --- a/RHEL/6/input/profiles/nist-CL-IL-AL.xml +++ b/RHEL/6/input/profiles/nist-CL-IL-AL.xml @@ -341,7 +341,6 @@ assurance."</description> <select idref="disable_dhcp_client" selected="true" /> <select idref="disable_avahi" selected="true" /> <select idref="service_crond_enabled" selected="true" /> -<select idref="disable_anacron" selected="true" /> <select idref="disable_dns_server" selected="true" /> <select idref="uninstall_bind" selected="true" /> <select idref="package_openldap-servers_removed" selected="true" /> diff --git a/RHEL/6/input/profiles/usgcb-rhel6-server.xml b/RHEL/6/input/profiles/usgcb-rhel6-server.xml index 7fa82c7..c6bad6b 100644 --- a/RHEL/6/input/profiles/usgcb-rhel6-server.xml +++ b/RHEL/6/input/profiles/usgcb-rhel6-server.xml @@ -208,7 +208,6 @@ <select idref="service_kdump_disabled" selected="true" /> <select idref="network_disable_zeroconf" selected="true" /> <select idref="service_crond_enabled" selected="true" /> -<select idref="disable_anacron" selected="true" /> <!-- PLACEHOLDER: cron file perms go here when ready --> <select idref="sshd_allow_only_protocol2" selected="true" /> <select idref="service_atd_disabled" selected="true" />
ack
this leaves C2S (where we aren't upstream yet, so we should leave the rule in the checklist), and CSCF (where Lockheed is really the upstream rule owner). _______________________________________________ scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
scap-security-guide@lists.fedorahosted.org
-
David Smith -
Shawn Wells