12:17 p.m.
---
RHEL6/input/services/obsolete.xml | 8 ++++----
1 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/RHEL6/input/services/obsolete.xml b/RHEL6/input/services/obsolete.xml
index 41ee480..1792120 100644
--- a/RHEL6/input/services/obsolete.xml
+++ b/RHEL6/input/services/obsolete.xml
@@ -77,7 +77,7 @@ actively working to migrate to a more secure
protocol.</description>
<description>
<service-disable-macro service="telnet" />
</description>
-<ocil><service-disable-check-macro service="telnet"
/></ocil>
+<ocil><xinetd-service-disable-check-macro service="telnet"
/></ocil>
<rationale>
The telnet protocol uses unencrypted network communication, which
means that data from the login session, including passwords and
@@ -139,7 +139,7 @@ the <tt>rsh-server</tt> package and runs as a service
through xinetd,
should be disabled.
<service-disable-macro service="rexec" />
</description>
-<ocil><service-disable-check-macro service="rexec" /></ocil>
+<ocil><xinetd-service-disable-check-macro service="rexec"
/></ocil>
<rationale>The rexec service uses unencrypted network communications, which
means that data from the login session, including passwords and
all other information transmitted during the session, can be
@@ -158,7 +158,7 @@ the <tt>rsh-server</tt> package and runs as a service
through xinetd,
should be disabled.
<service-disable-macro service="rsh" />
</description>
-<ocil><service-disable-check-macro service="rsh" /></ocil>
+<ocil><xinetd-service-disable-check-macro service="rsh"
/></ocil>
<rationale>The rsh service uses unencrypted network communications, which
means that data from the login session, including passwords and
all other information transmitted during the session, can be
@@ -177,7 +177,7 @@ the <tt>rsh-server</tt> package and runs as a service
through xinetd,
should be disabled.
<service-disable-macro service="rlogin" />
</description>
-<ocil><service-disable-check-macro service="rlogin"
/></ocil>
+<ocil><xinetd-service-disable-check-macro service="rlogin"
/></ocil>
<rationale>The rlogin service uses unencrypted network communications, which
means that data from the login session, including passwords and
all other information transmitted during the session, can be
--
1.7.1
12:17 p.m.
New subject: [PATCH 3/3] added macro to address services managed by xinetd
---
RHEL6/transforms/shorthand2xccdf.xslt | 12 ++++++++++++
1 files changed, 12 insertions(+), 0 deletions(-)
diff --git a/RHEL6/transforms/shorthand2xccdf.xslt
b/RHEL6/transforms/shorthand2xccdf.xslt
index 84a68ed..1008492 100644
--- a/RHEL6/transforms/shorthand2xccdf.xslt
+++ b/RHEL6/transforms/shorthand2xccdf.xslt
@@ -205,6 +205,7 @@
<xsl:if test="fileperms-check-macro or fileowner-check-macro or
filegroupowner-check-macro">it does not</xsl:if>
<xsl:if test="partition-check-macro">no line is
returned</xsl:if>
<xsl:if test="service-disable-check-macro">the service is
running</xsl:if>
+ <xsl:if test="xinetd-service-disable-check-macro">the service
is running</xsl:if>
<xsl:if test="service-enable-check-macro">the service is not
running</xsl:if>
<xsl:if test="package-check-macro">the package is
installed</xsl:if>
<xsl:if test="module-disable-check-macro">no line is
returned</xsl:if>
@@ -406,6 +407,17 @@
<xhtml:pre><xsl:value-of select="@service"/> is
stopped</xhtml:pre>
</xsl:template>
+ <xsl:template match="xinetd-service-disable-check-macro">
+ To check that the <xhtml:code><xsl:value-of
select="@service"/></xhtml:code> service is disabled in system boot
configuration, run the following command:
+ <xhtml:pre># chkconfig <xhtml:code><xsl:value-of
select="@service"/></xhtml:code> --list</xhtml:pre>
+ Output should indicate the <xhtml:code><xsl:value-of
select="@service"/></xhtml:code> service has either not been installed,
or has been disabled, as shown in the example below:
+ <xhtml:pre># chkconfig <xhtml:code><xsl:value-of
select="@service"/></xhtml:code> --list
+<xhtml:code><xsl:value-of select="@service"/></xhtml:code>
off</xhtml:pre>
+ </xsl:template>
+
+
+
+
<xsl:template match="service-enable-check-macro">
Run the following command to determine the current status of the
<xhtml:code><xsl:value-of select="@service"/></xhtml:code>
service:
--
1.7.1
1:08 p.m.
New subject: [PATCH 3/3] added macro to address services managed by xinetd
On 10/26/13, 1:17 PM, David Smith wrote:
---
RHEL6/transforms/shorthand2xccdf.xslt | 12 ++++++++++++
1 files changed, 12 insertions(+), 0 deletions(-)
diff --git a/RHEL6/transforms/shorthand2xccdf.xslt
b/RHEL6/transforms/shorthand2xccdf.xslt
index 84a68ed..1008492 100644
--- a/RHEL6/transforms/shorthand2xccdf.xslt
+++ b/RHEL6/transforms/shorthand2xccdf.xslt
@@ -205,6 +205,7 @@
<xsl:if test="fileperms-check-macro or fileowner-check-macro or
filegroupowner-check-macro">it does not</xsl:if>
<xsl:if test="partition-check-macro">no line is
returned</xsl:if>
<xsl:if test="service-disable-check-macro">the service is
running</xsl:if>
+ <xsl:if test="xinetd-service-disable-check-macro">the
service is running</xsl:if>
<xsl:if test="service-enable-check-macro">the service is
not running</xsl:if>
<xsl:if test="package-check-macro">the package is
installed</xsl:if>
<xsl:if test="module-disable-check-macro">no line is
returned</xsl:if>
@@ -406,6 +407,17 @@
<xhtml:pre><xsl:value-of select="@service"/> is
stopped</xhtml:pre>
</xsl:template>
+ <xsl:template match="xinetd-service-disable-check-macro">
+ To check that the <xhtml:code><xsl:value-of
select="@service"/></xhtml:code> service is disabled in system boot
configuration, run the following command:
+ <xhtml:pre># chkconfig <xhtml:code><xsl:value-of
select="@service"/></xhtml:code> --list</xhtml:pre>
+ Output should indicate the <xhtml:code><xsl:value-of
select="@service"/></xhtml:code> service has either not been installed,
or has been disabled, as shown in the example below:
+ <xhtml:pre># chkconfig <xhtml:code><xsl:value-of
select="@service"/></xhtml:code> --list
+<xhtml:code><xsl:value-of select="@service"/></xhtml:code>
off</xhtml:pre>
+ </xsl:template>
+
+
+
+
<xsl:template match="service-enable-check-macro">
Run the following command to determine the current status of the
<xhtml:code><xsl:value-of select="@service"/></xhtml:code>
service:
-- 1.7.1
applied locally -- this is nice work!
ack
3835
days inactive
3835
days old
scap-security-guide@lists.fedorahosted.org
2 comments
2 participants
participants (2)
-
David Smith -
Shawn Wells