CCI-001118 requires the use of host-based boundary protection mechanisms, enable_iptables and enable_ip6tables rules meet this requirement
Signed-off-by: Willy Santos <[email protected]> --- rhel6/src/input/system/network/iptables.xml | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/rhel6/src/input/system/network/iptables.xml b/rhel6/src/input/system/network/iptables.xml index cdbf89a..eb53327 100644 --- a/rhel6/src/input/system/network/iptables.xml +++ b/rhel6/src/input/system/network/iptables.xml @@ -78,6 +78,7 @@ capability for IPv6 and ICMPv6. <ident cce="4167-3" /> <oval id="service_ip6tables_enabled" /> <ref nist="CM-6, CM-7" /> +<ident cci="CCI-001118" /> </Rule> <Rule id="enable_iptables"> @@ -95,6 +96,7 @@ capability for IPv4 and ICMP. <ident cce="4189-7" /> <oval id="service_iptables_enabled" /> <ref nist="CM-6, CM-7" /> +<ident cci="CCI-001118" /> </Rule> </Group><!--<Group id="iptables_activation">--> -- 1.7.7.6 _______________________________________________ scap-security-guide mailing list [email protected] https://fedorahosted.org/mailman/listinfo/scap-security-guide
