On 7/27/14, 11:27 PM, Shawn Wells wrote:
From: Leland Steinke<[email protected]>
Remaps to CCI 366
Signed-off-by: Leland Steinke<[email protected]>
---
RHEL/6/input/auxiliary/stig_overlay.xml | 3 ++-
.../input/profiles/stig-rhel6-server-upstream.xml | 2 ++
RHEL/6/input/system/accounts/pam.xml | 2 +-
3 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/RHEL/6/input/auxiliary/stig_overlay.xml
b/RHEL/6/input/auxiliary/stig_overlay.xml
index 9d90605..53b9687 100644
--- a/RHEL/6/input/auxiliary/stig_overlay.xml
+++ b/RHEL/6/input/auxiliary/stig_overlay.xml
@@ -1028,7 +1028,8 @@
<overlay owner="disastig" ruleid="unselected" ownerid="RHEL-06-000371" disa="52"
severity="medium">
<title>The operating system, upon successful logon, must display to
the user the date and time of the last logon (access) via GUI.</title>
</overlay>
- <overlay owner="disastig" ruleid="display_login_attempts" ownerid="RHEL-06-000372"
disa="53" severity="medium">
+ <overlay owner="disastig" ruleid="display_login_attempts" ownerid="RHEL-06-000372"
disa="366" severity="medium">
+ <VMSinfo VKey="51875" SVKey="66089" VRelease="1" />
<title>The operating system, upon successful logon/access, must
display to the user the number of unsuccessful logon/access attempts since the last
successful logon/access.</title>
</overlay>
<overlay owner="disastig" ruleid="met_inherently_generic" ownerid="RHEL-06-000373"
disa="56" severity="medium">
diff --git a/RHEL/6/input/profiles/stig-rhel6-server-upstream.xml
b/RHEL/6/input/profiles/stig-rhel6-server-upstream.xml
index 518aa04..9b01757 100644
--- a/RHEL/6/input/profiles/stig-rhel6-server-upstream.xml
+++ b/RHEL/6/input/profiles/stig-rhel6-server-upstream.xml
@@ -91,6 +91,8 @@ upstream project homepage
ishttps://fedorahosted.org/scap-security-guide/.
<select idref="smartcard_auth" selected="true" />
+<select idref="display_login_attempts" selected="true" />
+
<select idref="accounts_passwords_pam_faillock_unlock_time" selected="true" />
<refine-value idref="var_accounts_passwords_pam_faillock_unlock_time"
selector="604800"/>
<select idref="accounts_passwords_pam_fail_interval" selected="true" />
diff --git a/RHEL/6/input/system/accounts/pam.xml
b/RHEL/6/input/system/accounts/pam.xml
index 69721be..d457e1b 100644
--- a/RHEL/6/input/system/accounts/pam.xml
+++ b/RHEL/6/input/system/accounts/pam.xml
@@ -76,7 +76,7 @@ and gives them an opportunity to notify administrators.
</rationale>
<ident cce="27291-4" />
<oval id="display_login_attempts" />
-<ref disa="" />
+<ref disa="366" />
</Rule>
<Group id="password_quality">
-- 1.7.1
--
ack
--
SCAP Security Guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
https://github.com/OpenSCAP/scap-security-guide/
