---
.../checks/kernel_module_ipv6_option_disabled.xml | 1 +
RHEL6/input/checks/ldap_client_start_tls.xml | 1 +
RHEL6/input/checks/service_rexec_disabled.xml | 1 +
RHEL6/input/checks/service_rlogin_disabled.xml | 1 +
RHEL6/input/checks/service_rsh_disabled.xml | 1 +
RHEL6/input/checks/service_telnetd_disabled.xml | 1 +
RHEL6/input/checks/service_xinetd_disabled.xml | 1 +
RHEL6/input/services/obsolete.xml | 8 ++++----
8 files changed, 11 insertions(+), 4 deletions(-)
diff --git a/RHEL6/input/checks/kernel_module_ipv6_option_disabled.xml b/RHEL6/input/checks/kernel_module_ipv6_option_disabled.xml
index a1203bf..cb61e74 100644
--- a/RHEL6/input/checks/kernel_module_ipv6_option_disabled.xml
+++ b/RHEL6/input/checks/kernel_module_ipv6_option_disabled.xml
@@ -6,6 +6,7 @@
<platform>Red Hat Enterprise Linux 6</platform>
</affected>
<description>The disable option will allow the IPv6 module to be inserted, but prevent address assignment and activation of the network stack.</description>
+ <reference source="DS" ref_id="20131018" ref_url="test_attestation" />
</metadata>
<criteria>
<criterion test_ref="test_kernel_module_ipv6_option_disabled" comment="ipv6 disabled any modprobe conf file"/>
diff --git a/RHEL6/input/checks/ldap_client_start_tls.xml b/RHEL6/input/checks/ldap_client_start_tls.xml
index 75f636d..184b9c2 100644
--- a/RHEL6/input/checks/ldap_client_start_tls.xml
+++ b/RHEL6/input/checks/ldap_client_start_tls.xml
@@ -7,6 +7,7 @@
<platform>Red Hat Enterprise Linux 6</platform>
</affected>
<description>Require the use of TLS for ldap clients.</description>
+ <reference source="DS" ref_id="20131018" ref_url="test_attestation" />
</metadata>
<criteria comment="package pam_ldap is not present" operator="OR">
<extend_definition comment="pam_ldap not present or not in use"
diff --git a/RHEL6/input/checks/service_rexec_disabled.xml b/RHEL6/input/checks/service_rexec_disabled.xml
index 9e1ee78..205b567 100644
--- a/RHEL6/input/checks/service_rexec_disabled.xml
+++ b/RHEL6/input/checks/service_rexec_disabled.xml
@@ -6,6 +6,7 @@
<platform>Red Hat Enterprise Linux 6</platform>
</affected>
<description>The rexec service should be disabled if possible.</description>
+ <reference source="DS" ref_id="20131018" ref_url="test_attestation" />
</metadata>
<criteria comment="package rsh-server removed or service rexec is not configured to start" operator="OR">
<extend_definition comment="rpm package rsh-server removed" definition_ref="package_rsh-server_removed" />
diff --git a/RHEL6/input/checks/service_rlogin_disabled.xml b/RHEL6/input/checks/service_rlogin_disabled.xml
index 6318c9a..ed95c27 100644
--- a/RHEL6/input/checks/service_rlogin_disabled.xml
+++ b/RHEL6/input/checks/service_rlogin_disabled.xml
@@ -6,6 +6,7 @@
<platform>Red Hat Enterprise Linux 6</platform>
</affected>
<description>The rlogin service should be disabled if possible.</description>
+ <reference source="DS" ref_id="20131018" ref_url="test_attestation" />
</metadata>
<criteria comment="package rsh-server removed or service rlogin is not configured to start" operator="OR">
<extend_definition comment="rpm package rsh-server removed" definition_ref="package_rsh-server_removed" />
diff --git a/RHEL6/input/checks/service_rsh_disabled.xml b/RHEL6/input/checks/service_rsh_disabled.xml
index 71bc9ff..54e9136 100644
--- a/RHEL6/input/checks/service_rsh_disabled.xml
+++ b/RHEL6/input/checks/service_rsh_disabled.xml
@@ -6,6 +6,7 @@
<platform>Red Hat Enterprise Linux 6</platform>
</affected>
<description>The rsh service should be disabled if possible.</description>
+ <reference source="DS" ref_id="20131018" ref_url="test_attestation" />
</metadata>
<criteria comment="package rsh-server removed or service rsh is not configured to start" operator="OR">
<extend_definition comment="rpm package rsh-server removed" definition_ref="package_rsh-server_removed" />
diff --git a/RHEL6/input/checks/service_telnetd_disabled.xml b/RHEL6/input/checks/service_telnetd_disabled.xml
index b02fe67..095f7ad 100644
--- a/RHEL6/input/checks/service_telnetd_disabled.xml
+++ b/RHEL6/input/checks/service_telnetd_disabled.xml
@@ -7,6 +7,7 @@
<platform>Red Hat Enterprise Linux 6</platform>
</affected>
<description>Disable telnet Service</description>
+ <reference source="DS" ref_id="20131018" ref_url="test_attestation" />
</metadata>
<criteria comment="package telnet-server removed or service telnetd is not configured to start" operator="OR">
<extend_definition comment="rpm package telnet-server removed" definition_ref="package_telnet-server_removed" />
diff --git a/RHEL6/input/checks/service_xinetd_disabled.xml b/RHEL6/input/checks/service_xinetd_disabled.xml
index 24ad0ef..c162e23 100644
--- a/RHEL6/input/checks/service_xinetd_disabled.xml
+++ b/RHEL6/input/checks/service_xinetd_disabled.xml
@@ -8,6 +8,7 @@
<platform>Red Hat Enterprise Linux 6</platform>
</affected>
<description>The xinetd service should be disabled if possible.</description>
+ <reference source="DS" ref_id="20131018" ref_url="test_attestation" />
</metadata>
<criteria comment="package xinetd removed or service xinetd is not configured to start" operator="OR">
<extend_definition comment="xinetd removed" definition_ref="package_xinetd_removed" />
diff --git a/RHEL6/input/services/obsolete.xml b/RHEL6/input/services/obsolete.xml
index 41ee480..1792120 100644
--- a/RHEL6/input/services/obsolete.xml
+++ b/RHEL6/input/services/obsolete.xml
@@ -77,7 +77,7 @@ actively working to migrate to a more secure protocol.</description>
<description>
<service-disable-macro service="telnet" />
</description>
-<ocil><service-disable-check-macro service="telnet" /></ocil>
+<ocil><xinetd-service-disable-check-macro service="telnet" /></ocil>
<rationale>
The telnet protocol uses unencrypted network communication, which
means that data from the login session, including passwords and
@@ -139,7 +139,7 @@ the <tt>rsh-server</tt> package and runs as a service through xinetd,
should be disabled.
<service-disable-macro service="rexec" />
</description>
-<ocil><service-disable-check-macro service="rexec" /></ocil>
+<ocil><xinetd-service-disable-check-macro service="rexec" /></ocil>
<rationale>The rexec service uses unencrypted network communications, which
means that data from the login session, including passwords and
all other information transmitted during the session, can be
@@ -158,7 +158,7 @@ the <tt>rsh-server</tt> package and runs as a service through xinetd,
should be disabled.
<service-disable-macro service="rsh" />
</description>
-<ocil><service-disable-check-macro service="rsh" /></ocil>
+<ocil><xinetd-service-disable-check-macro service="rsh" /></ocil>
<rationale>The rsh service uses unencrypted network communications, which
means that data from the login session, including passwords and
all other information transmitted during the session, can be
@@ -177,7 +177,7 @@ the <tt>rsh-server</tt> package and runs as a service through xinetd,
should be disabled.
<service-disable-macro service="rlogin" />
</description>
-<ocil><service-disable-check-macro service="rlogin" /></ocil>
+<ocil><xinetd-service-disable-check-macro service="rlogin" /></ocil>
<rationale>The rlogin service uses unencrypted network communications, which
means that data from the login session, including passwords and
all other information transmitted during the session, can be
--
1.7.1