On 7/27/14, 11:27 PM, Shawn Wells wrote:
From: Leland Steinke<[email protected]>
This is no longer a requirement
Signed-off-by: Leland Steinke<[email protected]>
---
RHEL/6/input/auxiliary/stig_overlay.xml | 4 ++--
.../input/profiles/stig-rhel6-server-upstream.xml | 2 --
RHEL/6/input/system/accounts/pam.xml | 2 +-
3 files changed, 3 insertions(+), 5 deletions(-)
diff --git a/RHEL/6/input/auxiliary/stig_overlay.xml
b/RHEL/6/input/auxiliary/stig_overlay.xml
index 958b119..9d90605 100644
--- a/RHEL/6/input/auxiliary/stig_overlay.xml
+++ b/RHEL/6/input/auxiliary/stig_overlay.xml
@@ -1247,10 +1247,10 @@
<VMSinfo VKey="38486" SVKey="50287" VRelease="1" />
<title>The operating system must conduct backups of system-level
information contained in the information system per organization defined frequency to
conduct backups that are consistent with recovery time and recovery point
objectives.</title>
</overlay>
- <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-06-000506" disa="52"
severity="medium">
+<!-- <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-06-000506" disa="52"
severity="medium">
<VMSinfo VKey="38485" SVKey="50286" VRelease="1" />
<title>The operating system, upon successful logon, must display to
the user the date and time of the last logon or access via a local console or
tty.</title>
- </overlay>
+ </overlay> -->
<overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-06-000507" disa="52"
severity="medium">
<VMSinfo VKey="38484" SVKey="50285" VRelease="1" />
<title>The operating system, upon successful logon, must display to
the user the date and time of the last logon or access via ssh.</title>
diff --git a/RHEL/6/input/profiles/stig-rhel6-server-upstream.xml
b/RHEL/6/input/profiles/stig-rhel6-server-upstream.xml
index 9b01757..518aa04 100644
--- a/RHEL/6/input/profiles/stig-rhel6-server-upstream.xml
+++ b/RHEL/6/input/profiles/stig-rhel6-server-upstream.xml
@@ -91,8 +91,6 @@ upstream project homepage
ishttps://fedorahosted.org/scap-security-guide/.
<select idref="smartcard_auth" selected="true" />
-<select idref="display_login_attempts" selected="true" />
-
<select idref="accounts_passwords_pam_faillock_unlock_time" selected="true" />
<refine-value idref="var_accounts_passwords_pam_faillock_unlock_time"
selector="604800"/>
<select idref="accounts_passwords_pam_fail_interval" selected="true" />
diff --git a/RHEL/6/input/system/accounts/pam.xml
b/RHEL/6/input/system/accounts/pam.xml
index 66f932d..69721be 100644
--- a/RHEL/6/input/system/accounts/pam.xml
+++ b/RHEL/6/input/system/accounts/pam.xml
@@ -76,7 +76,7 @@ and gives them an opportunity to notify administrators.
</rationale>
<ident cce="27291-4" />
<oval id="display_login_attempts" />
-<ref disa="53" />
+<ref disa="" />
</Rule>
<Group id="password_quality">
-- 1.7.1
--
ack (i see this was added back in via patch 15, and the original FSO
patch just updated the CCI mapping)
--
SCAP Security Guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
https://github.com/OpenSCAP/scap-security-guide/
