Signed-off-by: Jeffrey Blank <[email protected]> --- .../accounts/restrictions/account_expiration.xml | 2 ++ RHEL6/input/system/accounts/session.xml | 1 + RHEL6/input/system/permissions/execution.xml | 1 - RHEL6/input/system/permissions/mounting.xml | 2 -- 4 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/RHEL6/input/system/accounts/restrictions/account_expiration.xml b/RHEL6/input/system/accounts/restrictions/account_expiration.xml index 3d45d55..18b2396 100644 --- a/RHEL6/input/system/accounts/restrictions/account_expiration.xml +++ b/RHEL6/input/system/accounts/restrictions/account_expiration.xml @@ -58,6 +58,7 @@ Disabling inactive accounts ensures that accounts which may not have been responsibly removed are not available to attackers who may have compromised their credentials. </rationale> +<ident cce="27283-1"/> <oval id="accounts_disable_post_pw_expiration" value="var_account_disable_post_pw_expiration"/> <ref nist="AC-2(2), AC-2(3)" disa="16,17,795"/> </Rule> @@ -75,6 +76,7 @@ If there are no duplicate names, no line will be returned. <rationale> Unique usernames allow for accountability on the system. </rationale> +<ident cce="27609-7"/> <ref disa="770,804"/> </Rule> diff --git a/RHEL6/input/system/accounts/session.xml b/RHEL6/input/system/accounts/session.xml index eeeea6b..c980e45 100644 --- a/RHEL6/input/system/accounts/session.xml +++ b/RHEL6/input/system/accounts/session.xml @@ -43,6 +43,7 @@ You should receive output similar to the following: <pre>* hard maxlogins 10</pre> </ocil> <!-- <oval id="max_concurrent_login_sessions" value="max_concurrent_login_sessions_value" /> --> +<ident cce="27457-1" /> <ref disa="54"/> </Rule> diff --git a/RHEL6/input/system/permissions/execution.xml b/RHEL6/input/system/permissions/execution.xml index 7682d83..d742d60 100644 --- a/RHEL6/input/system/permissions/execution.xml +++ b/RHEL6/input/system/permissions/execution.xml @@ -195,7 +195,6 @@ under a Security section. Look for Execute Disable (XD) on Intel-based systems a on AMD-based systems.</description> <rationale>Computers with the ability to prevent this type of code execution frequently put an option in the BIOS that will allow users to turn the feature on or off at will.</rationale> -<ident cce="27012-4" /> <ref nist="" /> </Rule> diff --git a/RHEL6/input/system/permissions/mounting.xml b/RHEL6/input/system/permissions/mounting.xml index 636aee6..683a2f6 100644 --- a/RHEL6/input/system/permissions/mounting.xml +++ b/RHEL6/input/system/permissions/mounting.xml @@ -129,8 +129,6 @@ the section titled "Set BIOS Password" to prevent unauthorized configuration cha <rationale>Booting a system from a USB device would allow an attacker to circumvent any security measures offered by the native OS. Attackers could mount partitions and modify the configuration of the native OS. The BIOS should be configured to disallow booting from USB media.</rationale> -<ident cce="26952-2" /> -<!-- <oval id="bios_disable_usb_boot" /> --> <ref nist="AC-19(a),AC-19(d),AC-19(e)" disa="1250,85" /> </Rule> -- 1.7.1 _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
