>From 092fd5b51214b1160f8dd43a589ec7bf09e31f1c Mon Sep 17 00:00:00 2001 From: Michael McConachie <[email protected]> Date: Wed, 26 Sep 2012 13:51:51 -0400 Subject: [PATCH 2/4] OCIL clause changes for input/system/network/iptables.xml
--- RHEL6/input/system/network/iptables.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/RHEL6/input/system/network/iptables.xml b/RHEL6/input/system/network/iptables.xml index 7bc17b9..0f2aa45 100644 --- a/RHEL6/input/system/network/iptables.xml +++ b/RHEL6/input/system/network/iptables.xml @@ -135,7 +135,7 @@ add or correct the following line in <tt>/etc/sysconfig/iptables</tt>: <pre>:INPUT DROP [0:0]</pre> </description> -<ocil>Inspect the file <tt>/etc/sysconfig/iptables</tt> to determine +<ocil clause="the default policy for the INPUT chain isn't set to DROP">Inspect the file <tt>/etc/sysconfig/iptables</tt> to determine the default policy for the INPUT chain. It should be set to DROP. </ocil> <rationale>In <tt>iptables</tt> the default policy is applied only after all -- 1.7.11.4
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
