On 7/27/14, 11:26 PM, Shawn Wells wrote:
From: Leland Steinke <[email protected]>
- Update VRelease key
- Add OCIL applicability statement
Signed-off-by: Leland Steinke <[email protected]>
---
RHEL/6/input/auxiliary/stig_overlay.xml | 2 +-
RHEL/6/input/system/auditing.xml | 1 +
2 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/RHEL/6/input/auxiliary/stig_overlay.xml
b/RHEL/6/input/auxiliary/stig_overlay.xml
index bc540d6..86a5b5e 100644
--- a/RHEL/6/input/auxiliary/stig_overlay.xml
+++ b/RHEL/6/input/auxiliary/stig_overlay.xml
@@ -469,7 +469,7 @@
<title>The audit system must be configured to audit all attempts to
alter system time through settimeofday.</title>
</overlay>
<overlay owner="disastig" ruleid="audit_rules_time_stime" ownerid="RHEL-06-000169"
disa="169" severity="low">
- <VMSinfo VKey="38525" SVKey="50326" VRelease="2" />
+ <VMSinfo VKey="38525" SVKey="50326" VRelease="3" />
<title>The audit system must be configured to audit all attempts to
alter system time through stime.</title>
</overlay>
<overlay owner="disastig" ruleid="audit_rules_time_clock_settime" ownerid="RHEL-06-000171"
disa="169" severity="low">
diff --git a/RHEL/6/input/system/auditing.xml b/RHEL/6/input/system/auditing.xml
index 6c9f696..fbad0a9 100644
--- a/RHEL/6/input/system/auditing.xml
+++ b/RHEL/6/input/system/auditing.xml
@@ -556,6 +556,7 @@ See an example of multiple combined syscalls:
-k audit_time_rules</pre>
</description>
<ocil clause="the system is not configured to audit time changes">
+if the system is 64-bit only, this is not applicable.<br />
<audit-syscall-check-macro syscall="stime" />
</ocil>
<rationale>Arbitrary changes to the system time can be used to obfuscate
I see the case was fixed in patch 19.
ack
--
SCAP Security Guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
https://github.com/OpenSCAP/scap-security-guide/
