From: Leland Steinke <[email protected]> - For some reason the set_ip6tables_default_rule was not enabled in common (whereas standard ip4 is); - Mapped set_ip6tables_default_rule to RHEL-06-000523
Signed-off-by: Leland Steinke <[email protected]> --- RHEL/6/input/auxiliary/stig_overlay.xml | 4 ++-- RHEL/6/input/profiles/common.xml | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/RHEL/6/input/auxiliary/stig_overlay.xml b/RHEL/6/input/auxiliary/stig_overlay.xml index e75aeaf..f78506e 100644 --- a/RHEL/6/input/auxiliary/stig_overlay.xml +++ b/RHEL/6/input/auxiliary/stig_overlay.xml @@ -1309,8 +1309,8 @@ <VMSinfo VKey="38445" SVKey="50245" VRelease="1" /> <title>Audit log files must be group-owned by root.</title> </overlay> - <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-06-000523" disa="66" severity="medium"> - <VMSinfo VKey="38444" SVKey="50244" VRelease="1" /> + <overlay owner="disastig" ruleid="set_ip6tables_default_rule" ownerid="RHEL-06-000523" disa="66" severity="medium"> + <VMSinfo VKey="38444" SVKey="50244" VRelease="2" /> <title>The system's local IPv6 firewall must implement a deny-all, allow-by-exception policy for inbound packets.</title> </overlay> <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-06-000524" disa="15" severity="low"> diff --git a/RHEL/6/input/profiles/common.xml b/RHEL/6/input/profiles/common.xml index ba46588..d3ec71b 100644 --- a/RHEL/6/input/profiles/common.xml +++ b/RHEL/6/input/profiles/common.xml @@ -94,6 +94,7 @@ <select idref="service_ip6tables_enabled" selected="true"/> <select idref="service_iptables_enabled" selected="true"/> <select idref="set_iptables_default_rule" selected="true"/> +<select idref="set_ip6tables_default_rule" selected="ture" /> <select idref="kernel_module_dccp_disabled" selected="true"/> <select idref="kernel_module_sctp_disabled" selected="true"/> <select idref="kernel_module_rds_disabled" selected="true"/> -- 1.7.1 -- SCAP Security Guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
