On 10/3/14, 5:32 PM, Nick Crawford wrote: > From: neo-aeon <[email protected]> > > > Signed-off-by: neo-aeon <[email protected]> > --- > RHEL/7/input/auxiliary/stig_overlay.xml | 2 +- > .../fixes/bash/package_libreswan_installed.sh | 1 + > RHEL/7/input/system/network/ipsec.xml | 14 +++++++------- > 3 files changed, 9 insertions(+), 8 deletions(-) > create mode 100644 RHEL/7/input/fixes/bash/package_libreswan_installed.sh > > diff --git a/RHEL/7/input/auxiliary/stig_overlay.xml > b/RHEL/7/input/auxiliary/stig_overlay.xml > index 4e6dfaf..2063d46 100644 > --- a/RHEL/7/input/auxiliary/stig_overlay.xml > +++ b/RHEL/7/input/auxiliary/stig_overlay.xml > @@ -920,7 +920,7 @@ > <VMSinfo VKey="38686" SVKey="50487" VRelease="1" /> > <title>The system's local firewall must implement a deny-all, > allow-by-exception policy for forwarded packets.</title> > </overlay> > - <overlay owner="disastig" ruleid="install_openswan" > ownerid="RHEL-06-000321" disa="1130" severity="low"> > + <overlay owner="disastig" ruleid="install_librewan" > ownerid="RHEL-06-000321" disa="1130" severity="low"> > <VMSinfo VKey="38687" SVKey="50488" VRelease="1" /> > <title>The system must provide VPN connectivity for > communications over untrusted networks.</title> > </overlay> > diff --git a/RHEL/7/input/fixes/bash/package_libreswan_installed.sh > b/RHEL/7/input/fixes/bash/package_libreswan_installed.sh > new file mode 100644 > index 0000000..a9e7369 > --- /dev/null > +++ b/RHEL/7/input/fixes/bash/package_libreswan_installed.sh > @@ -0,0 +1 @@ > +yum -y install libreswan > diff --git a/RHEL/7/input/system/network/ipsec.xml > b/RHEL/7/input/system/network/ipsec.xml > index d969a69..57e3e51 100644 > --- a/RHEL/7/input/system/network/ipsec.xml > +++ b/RHEL/7/input/system/network/ipsec.xml > @@ -1,24 +1,24 @@ > <Group id="network-ipsec"> > <title>IPSec Support</title> > <description>Support for Internet Protocol Security (IPsec) > -is provided in RHEL 7 with Openswan. > +is provided in RHEL 7 with Libreswan. > </description> > > -<Rule id="package_openswan_installed"> > -<title>Install openswan Package</title> > -<description>The Openswan package provides an implementation of IPsec > +<Rule id="package_libreswan_installed"> > +<title>Install libreswan Package</title> > +<description>The Libreswan package provides an implementation of IPsec > and IKE, which permits the creation of secure tunnels over > -untrusted networks. <package-install-macro package="openswan"/> > +untrusted networks. <package-install-macro package="libreswan"/> > </description> > <ocil clause="the package is not installed" > > -<package-check-macro package="openswan" /> > +<package-check-macro package="libreswan" /> > </ocil> > <rationale>Providing the ability for remote users or systems > to initiate a secure VPN connection protects information when it is > transmitted over a wide area network. > </rationale> > <ident cce="RHEL7-CCE-TBD" /> > -<oval id="package_openswan_installed" /> > +<oval id="package_libreswan_installed" /> > <ref nist="AC-17, MA-4, SC-9" disa="1130,1131" /> > </Rule> > </Group>
Nick re-submitted as a PR, merged @ https://github.com/OpenSCAP/scap-security-guide/pull/290 -- SCAP Security Guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
