----- Original Message ----- > From: "David Smith" <[email protected]> > To: [email protected] > Sent: Tuesday, June 3, 2014 12:41:15 AM > Subject: [PATCH] modified remediation text for disabling anacron > > > Signed-off-by: David Smith <[email protected]> > --- > RHEL/6/input/services/cron.xml | 14 ++++++++------ > 1 files changed, 8 insertions(+), 6 deletions(-) > > diff --git a/RHEL/6/input/services/cron.xml b/RHEL/6/input/services/cron.xml > index 983d9ed..b859dc0 100644 > --- a/RHEL/6/input/services/cron.xml > +++ b/RHEL/6/input/services/cron.xml > @@ -25,16 +25,18 @@ enabling the cron daemon is essential. > > <Rule id="disable_anacron"> > <title>Disable anacron Service</title> > -<description>The <tt>cronie-anacron</tt> package which provides anacron > -functionality is installed by default. To disable <tt>anacron</tt> support, > -run the following commands: > -<pre># yum install cronie-noanacron > -# yum erase cronie-anacron</pre> > +<description>The <tt>cronie-anacron</tt> package, which provides > <tt>anacron</tt> > +functionality, is installed by default. > +<package-remove-macro package="cronie-anacron" /> > +</description> > +<ocil><package-check-macro package="cronie-anacron" /></ocil> > +<rationale> > The <tt>anacron</tt> service provides <tt>cron</tt> functionality for > systems > such as laptops and workstations that may be shut down during the normal > times > that <tt>cron</tt> jobs are scheduled to run. On systems which do not > require this > additional functionality, <tt>anacron</tt> could needlessly increase the > possible > -attack surface for an intruder.</description> > +attack surface for an intruder. > +</rationale> > <ref nist="CM-7" /> > <ident cce="27158-5" /> > </Rule> > -- > 1.7.1
ACK. Makes sense. Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Technologies Team > > _______________________________________________ > scap-security-guide mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide > _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
