scap-security-guide May 2013

scap-security-guide@lists.fedorahosted.org

12 participants
55 discussions

Start a nNew thread

[PATCH 07/21] Removed duplicate object_lib_files
by Shawn Wells 12 May '13

12 May '13

1 0

[PATCH 06/21] Removed duplicate object_lib_dir references
by Shawn Wells 12 May '13

12 May '13

1 0

[PATCH 05/21] Updated mount_option_* OVAL variable var_removable_partition
by Shawn Wells 12 May '13

12 May '13

1 0

[PATCH 04/21] Updated template_permissions to place FILEID into strings
by Shawn Wells 12 May '13

12 May '13

1 0

[PATCH 03/21] Updated state_gid_0 to reflect per check naming
by Shawn Wells 12 May '13

12 May '13

1 0

[PATCH 02/21] Updated state_uid_0 names within OVAL
by Shawn Wells 12 May '13

12 May '13

1 0

[PATCH 01/21] Updated rpm_verify_hashes for OVAL 5.10 compliance
by Shawn Wells 12 May '13

12 May '13

1 0

[PATCH] Updated rpm_verify_hashes for OVAL 5.10 compliance
by Shawn Wells 12 May '13

12 May '13

1 0

[PATCH] modified transform to only match test attestation
by David Smith 09 May '13

09 May '13

--- RHEL6/transforms/xccdf-removetested.xslt | 5 +---- 1 files changed, 1 insertions(+), 4 deletions(-) diff --git a/RHEL6/transforms/xccdf-removetested.xslt b/RHEL6/transforms/xccdf-removetested.xslt index e94f3da..eeb2049 100644 --- a/RHEL6/transforms/xccdf-removetested.xslt +++ b/RHEL6/transforms/xccdf-removetested.xslt @@ -6,12 +6,9 @@ xmlns:xhtml="http://www.w3.org/1999/xhtml" exclude-result-prefixes="xccdf">  - <xsl:template match="dc:contributor"> + <xsl:template match="xccdf:Rule/xccdf:reference[@href='test_attestation']"> </xsl:template> -  - <xsl:template match="dc:date"> - </xsl:template>  <xsl:template match="@*|node()"> -- 1.7.1

2 1

[PATCH 0/2] cleanup of Postfix section
by Jeffrey Blank 07 May '13

07 May '13

The excellent Postfix documentation on postfix.org now covers much of what was originally written in 2005. This re-write points to the security-relevant portions of that documentation. It is incomplete, but a large step forward. This also involves deleting OVAL checks that were not particularly informative or had seriously granularity issues. If there is a desire to query Postfix settings, OVAL can be re-written. Jeffrey Blank (2): simplification of Postfix service configuration deleting files for imprecise and obsolete OVAL checks, manual remediation RHEL6/input/checks/iptables_smtp_enabled.xml | 51 --- RHEL6/input/checks/postfix_certificate_files.xml | 242 ------------- .../checks/postfix_server_denial_of_service.xml | 140 ------- ...tfix_server_mail_relay_for_trusted_networks.xml | 28 -- ...server_mail_relay_require_tls_for_smtp_auth.xml | 117 ------ ...tfix_server_mail_relay_set_trusted_networks.xml | 64 ---- RHEL6/input/profiles/manual_remediation.xml | 31 -- RHEL6/input/services/mail.xml | 382 ++++++++------------ 8 files changed, 142 insertions(+), 913 deletions(-) delete mode 100644 RHEL6/input/checks/iptables_smtp_enabled.xml delete mode 100644 RHEL6/input/checks/postfix_certificate_files.xml delete mode 100644 RHEL6/input/checks/postfix_server_denial_of_service.xml delete mode 100644 RHEL6/input/checks/postfix_server_mail_relay_for_trusted_networks.xml delete mode 100644 RHEL6/input/checks/postfix_server_mail_relay_require_tls_for_smtp_auth.xml delete mode 100644 RHEL6/input/checks/postfix_server_mail_relay_set_trusted_networks.xml delete mode 100644 RHEL6/input/profiles/manual_remediation.xml

2 3

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

scap-security-guide May 2013