Signed-off-by: David Smith dsmith@secure-innovations.net --- RHEL/6/input/services/cron.xml | 14 ++++++++------ 1 files changed, 8 insertions(+), 6 deletions(-)
diff --git a/RHEL/6/input/services/cron.xml b/RHEL/6/input/services/cron.xml index 983d9ed..b859dc0 100644 --- a/RHEL/6/input/services/cron.xml +++ b/RHEL/6/input/services/cron.xml @@ -25,16 +25,18 @@ enabling the cron daemon is essential.
<Rule id="disable_anacron"> <title>Disable anacron Service</title> -<description>The <tt>cronie-anacron</tt> package which provides anacron -functionality is installed by default. To disable <tt>anacron</tt> support, -run the following commands: -<pre># yum install cronie-noanacron -# yum erase cronie-anacron</pre> +<description>The <tt>cronie-anacron</tt> package, which provides <tt>anacron</tt> +functionality, is installed by default. +<package-remove-macro package="cronie-anacron" /> +</description> +<ocil><package-check-macro package="cronie-anacron" /></ocil> +<rationale> The <tt>anacron</tt> service provides <tt>cron</tt> functionality for systems such as laptops and workstations that may be shut down during the normal times that <tt>cron</tt> jobs are scheduled to run. On systems which do not require this additional functionality, <tt>anacron</tt> could needlessly increase the possible -attack surface for an intruder.</description> +attack surface for an intruder. +</rationale> <ref nist="CM-7" /> <ident cce="27158-5" /> </Rule>
----- Original Message -----
From: "David Smith" dsmith@secure-innovations.net To: scap-security-guide@lists.fedorahosted.org Sent: Tuesday, June 3, 2014 12:41:15 AM Subject: [PATCH] modified remediation text for disabling anacron
Signed-off-by: David Smith dsmith@secure-innovations.net
RHEL/6/input/services/cron.xml | 14 ++++++++------ 1 files changed, 8 insertions(+), 6 deletions(-)
diff --git a/RHEL/6/input/services/cron.xml b/RHEL/6/input/services/cron.xml index 983d9ed..b859dc0 100644 --- a/RHEL/6/input/services/cron.xml +++ b/RHEL/6/input/services/cron.xml @@ -25,16 +25,18 @@ enabling the cron daemon is essential.
<Rule id="disable_anacron"> <title>Disable anacron Service</title> -<description>The <tt>cronie-anacron</tt> package which provides anacron -functionality is installed by default. To disable <tt>anacron</tt> support, -run the following commands: -<pre># yum install cronie-noanacron -# yum erase cronie-anacron</pre> +<description>The <tt>cronie-anacron</tt> package, which provides <tt>anacron</tt> +functionality, is installed by default. +<package-remove-macro package="cronie-anacron" /> +</description> +<ocil><package-check-macro package="cronie-anacron" /></ocil> +<rationale> The <tt>anacron</tt> service provides <tt>cron</tt> functionality for systems such as laptops and workstations that may be shut down during the normal times that <tt>cron</tt> jobs are scheduled to run. On systems which do not require this additional functionality, <tt>anacron</tt> could needlessly increase the possible -attack surface for an intruder.</description> +attack surface for an intruder. +</rationale> <ref nist="CM-7" /> <ident cce="27158-5" /> </Rule> -- 1.7.1
ACK. Makes sense.
Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Technologies Team
scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
scap-security-guide@lists.fedorahosted.org
-
David Smith -
Jan Lieskovsky