Signed-off-by: Jeffrey Blank <bl...@eclipse.ncsc.mil>
---
RHEL6/input/guide.xslt | 1 -
RHEL6/input/profiles/common.xml | 3 -
.../accounts/restrictions/nis_inclusions.xml | 67 --------------------
3 files changed, 0 insertions(+), 71 deletions(-)
delete mode 100644 RHEL6/input/system/accounts/restrictions/nis_inclusions.xml
diff --git a/RHEL6/input/guide.xslt b/RHEL6/input/guide.xslt
index 0475f04..5a0de5e 100644
--- a/RHEL6/input/guide.xslt
+++ b/RHEL6/input/guide.xslt
@@ -52,7 +52,6 @@
<xsl:apply-templates
select="document('system/accounts/restrictions/password_storage.xml')" />
<xsl:apply-templates
select="document('system/accounts/restrictions/password_expiration.xml')" />
<xsl:apply-templates
select="document('system/accounts/restrictions/account_expiration.xml')" />
- <xsl:apply-templates
select="document('system/accounts/restrictions/nis_inclusions.xml')" />
</xsl:copy>
</xsl:template>
diff --git a/RHEL6/input/profiles/common.xml b/RHEL6/input/profiles/common.xml
index 543d772..72324e3 100644
--- a/RHEL6/input/profiles/common.xml
+++ b/RHEL6/input/profiles/common.xml
@@ -47,9 +47,6 @@
<select idref="password_min_age" selected="true"/>
<select idref="password_max_age" selected="true"/>
<select idref="password_warn_age" selected="true"/>
-<select idref="no_nis_inclusions_shadow" selected="true"/>
-<select idref="no_nis_inclusions_group" selected="true"/>
-<select idref="no_nis_inclusions_passwd" selected="true"/>
<select idref="password_retry" selected="true"/>
<select idref="password_require_digits" selected="true"/>
<select idref="password_require_uppercases" selected="true"/>
diff --git a/RHEL6/input/system/accounts/restrictions/nis_inclusions.xml
b/RHEL6/input/system/accounts/restrictions/nis_inclusions.xml
deleted file mode 100644
index 4187b99..0000000
--- a/RHEL6/input/system/accounts/restrictions/nis_inclusions.xml
+++ /dev/null
@@ -1,67 +0,0 @@
-<Group id="nis_inclusions">
-<title>Remove Legacy + Entries from Password Files</title>
-<description>
-The + symbol could be used by systems to include data from NIS
-maps into existing files. However, a certain configuration error in
-which a NIS inclusion line appears in <tt>/etc/passwd</tt>, but NIS
-is not running, could lead to anyone being able to access the system with
-the username + and no password. Therefore, it is important to
-verify that no such line appears in any of the relevant system
-files.
-<br /><br />
-The command:
-<pre># grep "^+:" /etc/passwd /etc/shadow /etc/group</pre>
-should produce no output.
-<br /><br />
-The correct way to tell the local system to consult network
-databases such as LDAP or NIS for user information is to make
-appropriate modifications to <tt>/etc/nsswitch.conf</tt>.</description>
-
-<Rule id="no_nis_inclusions_shadow">
-<title>Remove Legacy + Entries From /etc/shadow</title>
-<description>
-The <tt>/etc/shadow</tt> file should include no NIS inclusions,
-which are lines beginning with '+:'.
-</description>
-<rationale>
-NIS is obsolete and should not be used. Furthermore,
-presence of '+' entries can lead to
-unauthenticated login.
-</rationale>
-<ident cce="14071-5" />
-<oval id="accounts_no_nis_inclusions_etc_shadow" />
-<ref nist="CM-6, CM-7" />
-</Rule>
-
-<Rule id="no_nis_inclusions_group">
-<title>Remove Legacy + Entries From /etc/group</title>
-<description>
-The <tt>/etc/group</tt> file should include no NIS inclusions,
-which are lines beginning with '+:'.
-</description>
-<rationale>
-NIS is obsolete and should not be used. Furthermore,
-presence of '+' entries can lead to
-unauthenticated login.
-</rationale>
-<ident cce="14675-3" />
-<oval id="accounts_no_nis_inclusions_etc_group" />
-<ref nist="CM-6, CM-7" />
-</Rule>
-
-<Rule id="no_nis_inclusions_passwd">
-<title>Remove Legacy + Entries From /etc/passwd</title>
-<description>
-The <tt>/etc/password</tt> file should include no NIS inclusions,
-which are lines beginning with '+:'.
-</description>
-<rationale>
-NIS is obsolete and should not be used. Furthermore,
-presence of '+' entries can lead to
-unauthenticated login.
-</rationale>
-<ident cce="4114-5" />
-<oval id="accounts_no_nis_inclusions_etc_passwd" />
-<ref nist="CM-6, CM-7" />
-</Rule>
-</Group>
--
1.7.1
_______________________________________________
scap-security-guide mailing list
scap-security-guide@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
