--- RHEL6/input/services/base.xml | 46 ++++++++++++++++++++-------------------- 1 files changed, 23 insertions(+), 23 deletions(-)
diff --git a/RHEL6/input/services/base.xml b/RHEL6/input/services/base.xml index 8d72299..037f7b7 100644 --- a/RHEL6/input/services/base.xml +++ b/RHEL6/input/services/base.xml @@ -21,7 +21,7 @@ vulnerablities in software executing on the local machine, as well as sensitive information from within a process's address space or registers.</rationale> <ident cce="TODO" /> <oval id="service_abrtd_disabled" /> -<ref nist="CM-6, CM-7" /> +<ref nist="CM-6, CM-7" disa="382" /> </Rule> @@ -38,7 +38,7 @@ accidental or trivially achievable denial of service situations and disabling it may be prudent.</rationale> <ident cce="4298-6" /> <oval id="service_acpid_disabled" /> -<ref nist="CM-6, CM-7" /> +<ref nist="CM-6, CM-7" disa="382" /> </Rule> @@ -59,7 +59,7 @@ accountability. Furthermore, the need to schedule tasks with <tt>at</tt> or </rationale> <ident cce="TODO" /> <oval id="service_atd_disabled" /> -<ref nist="CM-6, CM-7" /> +<ref nist="CM-6, CM-7" disa="382" /> </Rule> @@ -76,7 +76,7 @@ fulfilling some roles a PKI infrastructure, but its functionality is not necesss for many other use cases.</rationale> <ident cce="TODO" /> <oval id="service_certmonger_disabled" /> -<ref nist="CM-6, CM-7" /> +<ref nist="CM-6, CM-7" disa="382" /> </Rule> @@ -92,7 +92,7 @@ service is not necessary. </rationale> <ident cce="TODO" /> <oval id="service_cgconfig_disabled" /> -<ref nist="CM-6, CM-7" /> +<ref nist="CM-6, CM-7" disa="382" /> </Rule> <Rule id="service_cgred_disabled"> @@ -106,7 +106,7 @@ service is not necessary. </rationale> <ident cce="TODO" /> <oval id="service_cgred_disabled" /> -<ref nist="CM-6, CM-7" /> +<ref nist="CM-6, CM-7" disa="382" /> </Rule> <Rule id="service_cpuspeed_disabled"> @@ -122,7 +122,7 @@ highly desirable or necessary. </rationale> <ident cce="4051-9" /> <oval id="service_cpuspeed_disabled" /> -<ref nist="CM-6, CM-7" /> +<ref nist="CM-6, CM-7" disa="382" /> </Rule> @@ -141,7 +141,7 @@ that do not require these. </rationale> <ident cce="4364-6" /> <oval id="service_haldaemon_disabled" /> -<ref nist="CM-6, CM-7" /> +<ref nist="CM-6, CM-7" disa="382" /> </Rule> @@ -170,7 +170,7 @@ crash, which can load information from the crashed kernel for analysis. is little need to run the kdump service.</rationale> <ident cce="3425-6" /> <oval id="service_kdump_disabled" /> -<ref nist="CM-6, CM-7" /> +<ref nist="CM-6, CM-7" disa="382" /> </Rule> <!-- @@ -203,7 +203,7 @@ RAID setups do not use this service). there is no need to run the service.</rationale> <ident cce="3854-7" /> <oval id="service_mdmonitor_disabled" /> -<ref nist="CM-6, CM-7" /> +<ref nist="CM-6, CM-7" disa="382" /> </Rule> @@ -223,7 +223,7 @@ a graphical login session. </rationale> <ident cce="3822-4" /> <oval id="service_messagebus_disabled" /> -<ref nist="CM-6, CM-7" /> +<ref nist="CM-6, CM-7" disa="382" /> </Rule> <Rule id="service_netconsole_disabled"> @@ -239,7 +239,7 @@ kernel panics, which is not common. </rationale> <ident cce="TODO" /> <oval id="service_netconsole_disabled" /> -<ref nist="CM-6, CM-7" /> +<ref nist="CM-6, CM-7" disa="382" /> </Rule> @@ -258,7 +258,7 @@ reboots. In any event, the functionality of the ntpdate service is now available in the ntpd program and should be considered deprecated.</rationale> <ident cce="TODO" /> <!--<oval id="service_ntpdate_disabled" /> --> -<ref nist="AU-8, CM-6" /> +<ref nist="AU-8, CM-6" disa="382" /> </Rule> <Rule id="service_oddjobd_disabled"> @@ -275,7 +275,7 @@ tasks by privileged programs, on behalf of unprivileged ones, has traditionally been a source of privilege escalation security issues.</rationale> <ident cce="TODO" /> <oval id="service_oddjobd_disabled" /> -<ref nist="AC-6, CM-6, CM-7" /> +<ref nist="AC-6, CM-6, CM-7" disa="382" /> </Rule> @@ -291,7 +291,7 @@ preventing conflicting usage of ports in the reserved port range, but it can be disabled if not needed.</rationale> <ident cce="TODO" /> <oval id="service_portreserve_disabled" /> -<ref nist="CM-6, CM-7" /> +<ref nist="CM-6, CM-7" disa="382" /> </Rule> @@ -346,7 +346,7 @@ disk quota violation is not desired then there is no need to run this service.</rationale> <ident cce="TODO" /> <oval id="service_quota_nld_disabled" /> -<ref nist="CM-6, CM-7" /> +<ref nist="CM-6, CM-7" disa="382" /> </Rule> @@ -364,7 +364,7 @@ some special-purpose systems often use DHCP (instead of IRDP) to retrieve dynamic network configuration information.</rationale> <ident cce="TODO" /> <oval id="service_rdisc_disabled" /> -<ref nist="AC-4, CM-6, CM-7" /> +<ref nist="AC-4, CM-6, CM-7" disa="382" /> </Rule> @@ -381,7 +381,7 @@ system security, management by a system outside the enterprise enclave is not desirable for some environments.</rationale> <ident cce="3416-5" /> <oval id="service_rhnsd_disabled" /> -<ref nist="CM-6, CM-7" /> +<ref nist="CM-6, CM-7" disa="382" /> </Rule> @@ -399,7 +399,7 @@ expected to require remote changes to their subscription status, it is unnecessary and can be disabled.</rationale> <ident cce="TODO" /> <oval id="service_rhsmcertd_disabled" /> -<ref nist="CM-6, CM-7" /> +<ref nist="CM-6, CM-7" disa="382" /> </Rule> @@ -418,7 +418,7 @@ use Kerberos and LDAP. For others, however, in which only local files may be consulted, it is not necessary and should be disabled.</rationale> <ident cce="TODO" /> <oval id="service_saslauthd_disabled" /> -<ref nist="CM-6, CM-7" /> +<ref nist="CM-6, CM-7" disa="382" /> </Rule> @@ -435,7 +435,7 @@ system's drives are not SMART-capable (such as solid state drives), it can be disabled.</rationale> <ident cce="3455-3" /> <oval id="service_smartd_disabled" /> -<ref nist="CM-6, CM-7" /> +<ref nist="CM-6, CM-7" disa="382" /> </Rule> <!-- @@ -455,7 +455,7 @@ authentication is only necessary against local account databases (such as passwd and shadow), it is not needed. </rationale> <ident cce="TODO" /> <oval id="service_sssd_disabled" /> -<ref nist="CM-6, CM-7" /> +<ref nist="CM-6, CM-7" disa="382" /> </Rule> --> @@ -472,7 +472,7 @@ boot to reset the statistics, which can be retrieved using programs such as operation, but unless used this service can be disabled.</rationale> <ident cce="TODO" /> <oval id="service_sysstat_disabled" /> -<ref nist="CM-6, CM-7" /> +<ref nist="CM-6, CM-7" disa="382" /> </Rule> <!-- -- 1.7.7.6 _______________________________________________ scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/scap-security-guide
