From: neo-aeon <[email protected]>
Signed-off-by: neo-aeon <[email protected]> --- RHEL/7/input/auxiliary/stig_overlay.xml | 2 +- .../fixes/bash/package_libreswan_installed.sh | 1 + RHEL/7/input/system/network/ipsec.xml | 14 +++++++------- 3 files changed, 9 insertions(+), 8 deletions(-) create mode 100644 RHEL/7/input/fixes/bash/package_libreswan_installed.sh diff --git a/RHEL/7/input/auxiliary/stig_overlay.xml b/RHEL/7/input/auxiliary/stig_overlay.xml index 4e6dfaf..2063d46 100644 --- a/RHEL/7/input/auxiliary/stig_overlay.xml +++ b/RHEL/7/input/auxiliary/stig_overlay.xml @@ -920,7 +920,7 @@ <VMSinfo VKey="38686" SVKey="50487" VRelease="1" /> <title>The system's local firewall must implement a deny-all, allow-by-exception policy for forwarded packets.</title> </overlay> - <overlay owner="disastig" ruleid="install_openswan" ownerid="RHEL-06-000321" disa="1130" severity="low"> + <overlay owner="disastig" ruleid="install_librewan" ownerid="RHEL-06-000321" disa="1130" severity="low"> <VMSinfo VKey="38687" SVKey="50488" VRelease="1" /> <title>The system must provide VPN connectivity for communications over untrusted networks.</title> </overlay> diff --git a/RHEL/7/input/fixes/bash/package_libreswan_installed.sh b/RHEL/7/input/fixes/bash/package_libreswan_installed.sh new file mode 100644 index 0000000..a9e7369 --- /dev/null +++ b/RHEL/7/input/fixes/bash/package_libreswan_installed.sh @@ -0,0 +1 @@ +yum -y install libreswan diff --git a/RHEL/7/input/system/network/ipsec.xml b/RHEL/7/input/system/network/ipsec.xml index d969a69..57e3e51 100644 --- a/RHEL/7/input/system/network/ipsec.xml +++ b/RHEL/7/input/system/network/ipsec.xml @@ -1,24 +1,24 @@ <Group id="network-ipsec"> <title>IPSec Support</title> <description>Support for Internet Protocol Security (IPsec) -is provided in RHEL 7 with Openswan. +is provided in RHEL 7 with Libreswan. </description> -<Rule id="package_openswan_installed"> -<title>Install openswan Package</title> -<description>The Openswan package provides an implementation of IPsec +<Rule id="package_libreswan_installed"> +<title>Install libreswan Package</title> +<description>The Libreswan package provides an implementation of IPsec and IKE, which permits the creation of secure tunnels over -untrusted networks. <package-install-macro package="openswan"/> +untrusted networks. <package-install-macro package="libreswan"/> </description> <ocil clause="the package is not installed" > -<package-check-macro package="openswan" /> +<package-check-macro package="libreswan" /> </ocil> <rationale>Providing the ability for remote users or systems to initiate a secure VPN connection protects information when it is transmitted over a wide area network. </rationale> <ident cce="RHEL7-CCE-TBD" /> -<oval id="package_openswan_installed" /> +<oval id="package_libreswan_installed" /> <ref nist="AC-17, MA-4, SC-9" disa="1130,1131" /> </Rule> </Group> -- 1.7.1 -- SCAP Security Guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
