[PATCH 2/3] changed appropriate macro references to reflect expected output for xinetd services
--- RHEL6/input/services/obsolete.xml | 8 ++++---- 1 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/RHEL6/input/services/obsolete.xml b/RHEL6/input/services/obsolete.xml index 41ee480..1792120 100644 --- a/RHEL6/input/services/obsolete.xml +++ b/RHEL6/input/services/obsolete.xml @@ -77,7 +77,7 @@ actively working to migrate to a more secure protocol.</description> <description> <service-disable-macro service="telnet" /> </description> -<ocil><service-disable-check-macro service="telnet" /></ocil> +<ocil><xinetd-service-disable-check-macro service="telnet" /></ocil> <rationale> The telnet protocol uses unencrypted network communication, which means that data from the login session, including passwords and @@ -139,7 +139,7 @@ the <tt>rsh-server</tt> package and runs as a service through xinetd, should be disabled. <service-disable-macro service="rexec" /> </description> -<ocil><service-disable-check-macro service="rexec" /></ocil> +<ocil><xinetd-service-disable-check-macro service="rexec" /></ocil> <rationale>The rexec service uses unencrypted network communications, which means that data from the login session, including passwords and all other information transmitted during the session, can be @@ -158,7 +158,7 @@ the <tt>rsh-server</tt> package and runs as a service through xinetd, should be disabled. <service-disable-macro service="rsh" /> </description> -<ocil><service-disable-check-macro service="rsh" /></ocil> +<ocil><xinetd-service-disable-check-macro service="rsh" /></ocil> <rationale>The rsh service uses unencrypted network communications, which means that data from the login session, including passwords and all other information transmitted during the session, can be @@ -177,7 +177,7 @@ the <tt>rsh-server</tt> package and runs as a service through xinetd, should be disabled. <service-disable-macro service="rlogin" /> </description> -<ocil><service-disable-check-macro service="rlogin" /></ocil> +<ocil><xinetd-service-disable-check-macro service="rlogin" /></ocil> <rationale>The rlogin service uses unencrypted network communications, which means that data from the login session, including passwords and all other information transmitted during the session, can be
--- RHEL6/transforms/shorthand2xccdf.xslt | 12 ++++++++++++ 1 files changed, 12 insertions(+), 0 deletions(-)
diff --git a/RHEL6/transforms/shorthand2xccdf.xslt b/RHEL6/transforms/shorthand2xccdf.xslt index 84a68ed..1008492 100644 --- a/RHEL6/transforms/shorthand2xccdf.xslt +++ b/RHEL6/transforms/shorthand2xccdf.xslt @@ -205,6 +205,7 @@ <xsl:if test="fileperms-check-macro or fileowner-check-macro or filegroupowner-check-macro">it does not</xsl:if> <xsl:if test="partition-check-macro">no line is returned</xsl:if> <xsl:if test="service-disable-check-macro">the service is running</xsl:if> + <xsl:if test="xinetd-service-disable-check-macro">the service is running</xsl:if> <xsl:if test="service-enable-check-macro">the service is not running</xsl:if> <xsl:if test="package-check-macro">the package is installed</xsl:if> <xsl:if test="module-disable-check-macro">no line is returned</xsl:if> @@ -406,6 +407,17 @@ xhtml:pre<xsl:value-of select="@service"/> is stopped</xhtml:pre> </xsl:template>
+ <xsl:template match="xinetd-service-disable-check-macro"> + To check that the xhtml:code<xsl:value-of select="@service"/></xhtml:code> service is disabled in system boot configuration, run the following command: + xhtml:pre# chkconfig xhtml:code<xsl:value-of select="@service"/></xhtml:code> --list</xhtml:pre> + Output should indicate the xhtml:code<xsl:value-of select="@service"/></xhtml:code> service has either not been installed, or has been disabled, as shown in the example below: + xhtml:pre# chkconfig xhtml:code<xsl:value-of select="@service"/></xhtml:code> --list +xhtml:code<xsl:value-of select="@service"/></xhtml:code> off</xhtml:pre> + </xsl:template> + + + + <xsl:template match="service-enable-check-macro"> Run the following command to determine the current status of the xhtml:code<xsl:value-of select="@service"/></xhtml:code> service:
On 10/26/13, 1:17 PM, David Smith wrote:
RHEL6/transforms/shorthand2xccdf.xslt | 12 ++++++++++++ 1 files changed, 12 insertions(+), 0 deletions(-)
diff --git a/RHEL6/transforms/shorthand2xccdf.xslt b/RHEL6/transforms/shorthand2xccdf.xslt index 84a68ed..1008492 100644 --- a/RHEL6/transforms/shorthand2xccdf.xslt +++ b/RHEL6/transforms/shorthand2xccdf.xslt @@ -205,6 +205,7 @@ <xsl:if test="fileperms-check-macro or fileowner-check-macro or filegroupowner-check-macro">it does not</xsl:if> <xsl:if test="partition-check-macro">no line is returned</xsl:if> <xsl:if test="service-disable-check-macro">the service is running</xsl:if>
<xsl:if test="xinetd-service-disable-check-macro">the service is running</xsl:if> <xsl:if test="service-enable-check-macro">the service is not running</xsl:if> <xsl:if test="package-check-macro">the package is installed</xsl:if> <xsl:if test="module-disable-check-macro">no line is returned</xsl:if>@@ -406,6 +407,17 @@ xhtml:pre<xsl:value-of select="@service"/> is stopped</xhtml:pre> </xsl:template>
- <xsl:template match="xinetd-service-disable-check-macro">
To check that the <xhtml:code><xsl:value-of select="@service"/></xhtml:code> service is disabled in system boot configuration, run the following command:<xhtml:pre># chkconfig <xhtml:code><xsl:value-of select="@service"/></xhtml:code> --list</xhtml:pre>Output should indicate the <xhtml:code><xsl:value-of select="@service"/></xhtml:code> service has either not been installed, or has been disabled, as shown in the example below:<xhtml:pre># chkconfig <xhtml:code><xsl:value-of select="@service"/></xhtml:code> --list+xhtml:code<xsl:value-of select="@service"/></xhtml:code> off</xhtml:pre>
- </xsl:template>
- <xsl:template match="service-enable-check-macro"> Run the following command to determine the current status of the xhtml:code<xsl:value-of select="@service"/></xhtml:code> service:
-- 1.7.1
applied locally -- this is nice work!
ack
scap-security-guide@lists.fedorahosted.org
-
David Smith -
Shawn Wells