'[PATCH 13/13] DISA FSO provided copy editing of RHEL6/input/services/obsolete.xml'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       scap-security-guide
Subject:    [PATCH 13/13] DISA FSO provided copy editing of RHEL6/input/services/obsolete.xml
From:       shawn () redhat ! com (Shawn Wells)
Date:       2012-11-16 23:16:32
Message-ID: 50A6C950.60009 () redhat ! com
[Download RAW message or body]

On 11/16/12 5:55 PM, Shawn Wells wrote:
> 
> 0013-DISA-FSO-provided-copy-editing-of-RHEL6-input-servic.patch
> 
> 
> From 9f6a7e0333417c5125addb9a655a54ca976605a1 Mon Sep 17 00:00:00 2001
> From: Shawn Wells<shawn at redhat.com>
> Date: Fri, 16 Nov 2012 07:41:50 -0500
> Subject: [PATCH 13/13] DISA FSO provided copy editing of \
> RHEL6/input/services/obsolete.xml DISA FSO provided copy editing of \
> RHEL6/input/services/obsolete.xml 
> ---
> RHEL6/input/services/obsolete.xml |   20 ++++++++++----------
> 1 files changed, 10 insertions(+), 10 deletions(-)
> 
> diff --git a/RHEL6/input/services/obsolete.xml b/RHEL6/input/services/obsolete.xml
> index 00529d3..96ab924 100644
> --- a/RHEL6/input/services/obsolete.xml
> +++ b/RHEL6/input/services/obsolete.xml
> @@ -44,7 +44,7 @@ attacks against xinetd itself.
> 
> <Rule id="uninstall_xinetd">
> <title>Uninstall xinetd Package</title>
> -<description>The <tt>xinetd</tt> package can be uninstalled with the following \
> command: +<description>The <tt>xinetd</tt> package can be uninstalled with the \
> following command. <pre># yum erase xinetd</pre>
> </description>
> <ocil><package-check-macro package="xinetd" /> </ocil>
> @@ -88,7 +88,7 @@ subject to man-in-the-middle attacks.
> <Rule id="uninstall_telnet_server" severity="high">
> <title>Uninstall telnet-server Package</title>
> <description>The <tt>telnet-server</tt> package can be uninstalled with
> -the following command:
> +the following command.
> <pre># yum erase telnet-server</pre></description>
> <ocil><package-check-macro package="telnet-server" /> </ocil>
> <rationale>
> @@ -113,7 +113,7 @@ model.</description>
> <Rule id="uninstall_rsh-server" severity="high">
> <title>Uninstall rsh-server Package</title>
> <description>The <tt>rsh-server</tt> package can be uninstalled with
> -the following command:
> +the following command.
> <pre># yum erase rsh-server</pre>
> </description>
> <ocil><package-check-macro package="rsh-server" /> </ocil>
> @@ -191,7 +191,7 @@ stolen by eavesdroppers on the network.
> each user's home directory) list remote hosts and users that are trusted by the
> local system when using the rshd daemon.
> To remove these files, run the following command to delete them from any
> -location:
> +location.
> <pre># rm /etc/hosts.equiv</pre>
> <pre>$ rm ~/.rhosts</pre>
> </description>
> @@ -221,7 +221,7 @@ important authentication information.</description>
> <Rule id="uninstall_ypserv" severity="medium">
> <title>Uninstall ypserv Package</title>
> <description>The <tt>ypserv</tt> package can be uninstalled with
> -the following command:
> +the following command.
> <pre># yum erase ypserv</pre>
> </description>
> <ocil><package-check-macro package="ypserv" /> </ocil>
> @@ -300,20 +300,20 @@ accidental (or intentional) activation of tftp services.
> <Rule id="tftpd_uses_secure_mode" severity="high">
> <title>Ensure <tt>tftp</tt> Daemon Uses Secure Mode</title>
> <description>If running the <tt>tftp</tt> service is necessary, it should be \
>                 configured
> -to change its root directory at startup. To do so, ensure that
> +to change its root directory at startup. To do so, ensure
> <tt>/etc/xinetd.d/tftp</tt> includes <tt>-s</tt> as a command line argument, as \
>                 shown in
> -the following example (which is also the default):
> +the following example (which is also the default).
> <pre>server_args = -s /var/lib/tftpboot</pre>
> </description>
> <rationale>Using the <tt>-s</tt> option causes the TFTP service to only serve files \
> from the given directory. Serving files from an intentionally-specified directory
> reduces the risk of sharing files which should remain private.
> </rationale>
> -<ocil>Verify that <tt>tftp</tt> is configured by with the <tt>-s</tt> option by \
>                 running the
> -following command:
> +<ocil>Verify <tt>tftp</tt> is configured by with the <tt>-s</tt> option by running \
> the +following command.
> <pre>grep "server_args" /etc/xinetd.d/tftp</pre>
> The output should indicate the <tt>server_args</tt> variable is configured with the \
>                 <tt>-s</tt>
> -flag, matching the example below:
> +flag, matching the example below.
> <pre> # grep "server_args" /etc/xinetd.d/tftp
> server_args = -s /var/lib/tftpboot</pre>
> </ocil>
> -- 1.7.1

Ack

(note these patches were created by FSO, not myself. I only posted 
publicly.)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.fedorahosted.org/pipermail/scap-security-guide/attachments/20121116/d792204e/attachment-0001.html>



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic