>From 26ecc844c47723a03c87bcdb3d0a8409f3e93356 Mon Sep 17 00:00:00 2001 From: Shawn Wells <[email protected]> Date: Sun, 13 Apr 2014 01:39:04 -0400 Subject: [PATCH 09/15] New RHEL6 Rule: package_telnet_removed
Added in support of CIS baseline requirements --- RHEL/6/input/checks/package_telnet_removed.xml | 26 ++++++++++++++++++++ RHEL/6/input/checks/templates/packages_removed.csv | 1 + RHEL/6/input/services/obsolete.xml | 15 +++++++++++ 3 files changed, 42 insertions(+), 0 deletions(-) create mode 100644 RHEL/6/input/checks/package_telnet_removed.xml diff --git a/RHEL/6/input/checks/package_telnet_removed.xml b/RHEL/6/input/checks/package_telnet_removed.xml new file mode 100644 index 0000000..f935edc --- /dev/null +++ b/RHEL/6/input/checks/package_telnet_removed.xml @@ -0,0 +1,26 @@ +<def-group> + <!-- THIS FILE IS GENERATED by create_package_removed.py. DO NOT EDIT. --> + <definition class="compliance" id="package_telnet_removed" + version="1"> + <metadata> + <title>Package telnet Removed</title> + <affected family="unix"> + <platform>Red Hat Enterprise Linux 6</platform> + </affected> + <description>The RPM package telnet should be removed.</description> + <reference source="swells" ref_id="20130829" ref_url="test_attestation"/> + </metadata> + <criteria> + <criterion comment="package telnet is removed" + test_ref="test_package_telnet_removed" /> + </criteria> + </definition> + <linux:rpminfo_test check="all" check_existence="none_exist" + id="test_package_telnet_removed" version="1" + comment="package telnet is removed"> + <linux:object object_ref="obj_package_telnet_removed" /> + </linux:rpminfo_test> + <linux:rpminfo_object id="obj_package_telnet_removed" version="1"> + <linux:name>telnet</linux:name> + </linux:rpminfo_object> +</def-group> diff --git a/RHEL/6/input/checks/templates/packages_removed.csv b/RHEL/6/input/checks/templates/packages_removed.csv index fe2df22..18d89bd 100644 --- a/RHEL/6/input/checks/templates/packages_removed.csv +++ b/RHEL/6/input/checks/templates/packages_removed.csv @@ -34,6 +34,7 @@ squid subscription-manager sysstat talk-server +telnet telnet-server tftp-server vsftpd diff --git a/RHEL/6/input/services/obsolete.xml b/RHEL/6/input/services/obsolete.xml index 1792120..cbeb91b 100644 --- a/RHEL/6/input/services/obsolete.xml +++ b/RHEL/6/input/services/obsolete.xml @@ -106,6 +106,21 @@ telnet service's accidental (or intentional) activation. <ref nist="AC-17(8),CM-7" disa="305,381"/> <tested by="DS" on="20121026"/> </Rule> + +<Rule id="package_telnet_removed" severity="low"> +<title>Remove telnet Clients</title> +<description>The telnet client allows users to start connections to other +systems via the telnet protocol.</description> +<ocil><package-remove-macro package="telnet" /> </ocil> +<rationale>The <tt>telnet</tt> protocol is insecure and unencrypted. The use +of an unencrypted transmission medium could allow an unauthorized user +to steal credentials. The <tt>ssh</tt> package provides an +encrypted session and stronger security and is included in Red Hat +Enterprise Linux.<rationale> +<ident cce="" /> +<oval id="package_telnet_removed" /> +</Rule> + </Group> <Group id="r_services"> -- 1.7.1
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
