On 10/11/13 10:19 AM, David Smith wrote:
--- .../input/checks/iptables_default_policy_drop.xml | 1 + RHEL6/input/checks/service_ip6tables_enabled.xml | 1 + 2 files changed, 2 insertions(+), 0 deletions(-)diff --git a/RHEL6/input/checks/iptables_default_policy_drop.xml b/RHEL6/input/checks/iptables_default_policy_drop.xml index d6099e8..46edf9b 100644 --- a/RHEL6/input/checks/iptables_default_policy_drop.xml +++ b/RHEL6/input/checks/iptables_default_policy_drop.xml @@ -9,6 +9,7 @@ </affected> <description>Change the default policy to DROP (from ACCEPT) for the INPUT built-in chain.</description> + <reference source="DS" ref_id="20131011" ref_url="test_attestation" /> </metadata> <criteria> <criterion comment=":INPUT DROP [0:0]" diff --git a/RHEL6/input/checks/service_ip6tables_enabled.xml b/RHEL6/input/checks/service_ip6tables_enabled.xml index b2c750e..f0bbe99 100644 --- a/RHEL6/input/checks/service_ip6tables_enabled.xml +++ b/RHEL6/input/checks/service_ip6tables_enabled.xml @@ -8,6 +8,7 @@ <platform>Red Hat Enterprise Linux 6</platform> </affected> <description>The ip6tables service should be enabled if possible.</description> + <reference source="DS" ref_id="20131011" ref_url="test_attestation" /> </metadata> <criteria comment="package iptables-ipv6 installed and service ip6tables is configured to start" operator="AND"> <extend_definition comment="iptables-ipv6 installed" definition_ref="package_iptables-ipv6_installed" />
ack _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
