> > This is the only thing that caught my eye. > > By moving to nonselected, will it no longer be required to switch into > single user mode when /var/log/audit fills up? > > From a code perspective, ack.
Pushed. As it happens, CCI-001343 (derived from 800-53r3 AU-5 (4)) is not selected in CNSSI 1253. The patch below backs out the "nonselected" updates. I hope to have a better way to handle non-selected Rules early next week. Thanks, Leland -- Leland Steinke, Security+ DISA FSO Technical Support Contractor tapestry technologies, Inc 717-267-5797 (DSN 570) [email protected] (gov't) [email protected] (com'l) --- RHEL6/input/auxiliary/stig_overlay.xml | 6 +++--- 1 files changed, 3 insertions(+), 3 deletions(-) diff --git a/RHEL6/input/auxiliary/stig_overlay.xml b/RHEL6/input/auxiliary/stig_overlay.xml index 8e89373..b2c7809 100644 --- a/RHEL6/input/auxiliary/stig_overlay.xml +++ b/RHEL6/input/auxiliary/stig_overlay.xml @@ -351,7 +351,7 @@ <overlay owner="disastig" ruleid="configure_auditd_max_log_file_action" ownerid="RHEL-06-000161" disa="366" severity="medium"> <title>The system must rotate audit log files that reach the maximum file size.</title> </overlay> - <overlay owner="disastig" ruleid="nonselected" ownerid="RHEL-06-000163" disa="1343" severity="medium"> + <overlay owner="disastig" ruleid="configure_auditd_admin_space_left_action" ownerid="RHEL-06-000163" disa="1343" severity="medium"> <title>The audit system must switch the system to single-user mode when available audit storage volume becomes dangerously low.</title> </overlay> <overlay owner="disastig" ruleid="audit_rules_time_adjtimex" ownerid="RHEL-06-000165" disa="169" severity="low"> @@ -534,7 +534,7 @@ <overlay owner="disastig" ruleid="postfix_network_listening" ownerid="RHEL-06-000249" disa="382" severity="medium"> <title>Mail relaying must be restricted.</title> </overlay> - <overlay owner="disastig" ruleid="nonselected" ownerid="RHEL-06-000251" disa="778" severity="medium"> + <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-06-000251" disa="778" severity="medium"> <title>The operating system must uniquely identify and authenticate an organization defined list of specific devices and/or types of devices before establishing a connection.</title> </overlay> <overlay owner="disastig" ruleid="ldap_client_start_tls" ownerid="RHEL-06-000252" disa="1453" severity="medium"> @@ -564,7 +564,7 @@ <overlay owner="disastig" ruleid="service_atd_disabled" ownerid="RHEL-06-000262" disa="382" severity="low"> <title>The atd service must be disabled.</title> </overlay> - <overlay owner="disastig" ruleid="nonselected" ownerid="RHEL-06-000263" disa="1250" severity="low"> + <overlay owner="disastig" ruleid="service_autofs_disabled" ownerid="RHEL-06-000263" disa="1250" severity="low"> <title>Automated file system mounting tools must not be enabled unless needed.</title> </overlay> <overlay owner="disastig" ruleid="service_ntpdate_disabled" ownerid="RHEL-06-000265" disa="382" severity="low"> -- 1.7.1
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
