Signed-off-by: Mike Palmiotto mpalmiotto@tresys.com --- RHEL6/input/checks/kernel_module_bluetooth_disabled.xml | 4 ++-- RHEL6/input/checks/kernel_module_cramfs_disabled.xml | 2 +- RHEL6/input/checks/kernel_module_dccp_disabled.xml | 2 +- RHEL6/input/checks/kernel_module_freevxfs_disabled.xml | 2 +- RHEL6/input/checks/kernel_module_hfs_disabled.xml | 2 +- RHEL6/input/checks/kernel_module_hfsplus_disabled.xml | 2 +- RHEL6/input/checks/kernel_module_jffs2_disabled.xml | 2 +- RHEL6/input/checks/kernel_module_rds_disabled.xml | 2 +- RHEL6/input/checks/kernel_module_sctp_disabled.xml | 2 +- RHEL6/input/checks/kernel_module_squashfs_disabled.xml | 2 +- RHEL6/input/checks/kernel_module_tipc_disabled.xml | 2 +- RHEL6/input/checks/kernel_module_udf_disabled.xml | 2 +- RHEL6/input/checks/kernel_module_usb-storage_disabled.xml | 2 +- RHEL6/input/checks/templates/template_kernel_module_disabled | 2 +- RHEL6/input/system/network/wireless.xml | 4 ++-- 15 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/RHEL6/input/checks/kernel_module_bluetooth_disabled.xml b/RHEL6/input/checks/kernel_module_bluetooth_disabled.xml index fca0025..9b39085 100644 --- a/RHEL6/input/checks/kernel_module_bluetooth_disabled.xml +++ b/RHEL6/input/checks/kernel_module_bluetooth_disabled.xml @@ -20,7 +20,7 @@ <ind:textfilecontent54_object id="obj_kernmod_bluetooth_disabled" version="1" comment="kernel module bluetooth disabled"> ind:path/etc/modprobe.d</ind:path> <ind:filename operation="pattern match">^.*.conf$</ind:filename> - <ind:pattern operation="pattern match">^\s*alias\s+bluetooth\s+off$</ind:pattern> + <ind:pattern operation="pattern match">^\s*install\s+bluetooth\s+/bin/false$</ind:pattern> <ind:instance datatype="int">1</ind:instance> </ind:textfilecontent54_object>

@@ -31,7 +31,7 @@ <ind:textfilecontent54_object id="obj_kernmod_bluetooth_alias_disabled" version="1" comment="kernel module net-pf-31 disabled"> ind:path/etc/modprobe.d</ind:path> <ind:filename operation="pattern match">^.*.conf$</ind:filename> - <ind:pattern operation="pattern match">^\s*alias\s+net-pf-31\s+off$</ind:pattern> + <ind:pattern operation="pattern match">^\s*install\s+net-pf-31\s+/bin/false$</ind:pattern> <ind:instance datatype="int">1</ind:instance> </ind:textfilecontent54_object> </def-group> diff --git a/RHEL6/input/checks/kernel_module_cramfs_disabled.xml b/RHEL6/input/checks/kernel_module_cramfs_disabled.xml index ea284b0..5aeec48 100644 --- a/RHEL6/input/checks/kernel_module_cramfs_disabled.xml +++ b/RHEL6/input/checks/kernel_module_cramfs_disabled.xml @@ -23,7 +23,7 @@ version="1" comment="kernel module cramfs disabled"> ind:path/etc/modprobe.d</ind:path> <ind:filename operation="pattern match">^.*.conf$</ind:filename> - <ind:pattern operation="pattern match">^\s*install\s+cramfs\s+/bin/true$</ind:pattern> + <ind:pattern operation="pattern match">^\s*install\s+cramfs\s+/bin/false$</ind:pattern> <ind:instance datatype="int">1</ind:instance> </ind:textfilecontent54_object> </def-group> diff --git a/RHEL6/input/checks/kernel_module_dccp_disabled.xml b/RHEL6/input/checks/kernel_module_dccp_disabled.xml index 7ca7ddb..c32985e 100644 --- a/RHEL6/input/checks/kernel_module_dccp_disabled.xml +++ b/RHEL6/input/checks/kernel_module_dccp_disabled.xml @@ -23,7 +23,7 @@ version="1" comment="kernel module dccp disabled"> ind:path/etc/modprobe.d</ind:path> <ind:filename operation="pattern match">^.*.conf$</ind:filename> - <ind:pattern operation="pattern match">^\s*install\s+dccp\s+/bin/true$</ind:pattern> + <ind:pattern operation="pattern match">^\s*install\s+dccp\s+/bin/false$</ind:pattern> <ind:instance datatype="int">1</ind:instance> </ind:textfilecontent54_object> </def-group> diff --git a/RHEL6/input/checks/kernel_module_freevxfs_disabled.xml b/RHEL6/input/checks/kernel_module_freevxfs_disabled.xml index f9b5a60..54bd01e 100644 --- a/RHEL6/input/checks/kernel_module_freevxfs_disabled.xml +++ b/RHEL6/input/checks/kernel_module_freevxfs_disabled.xml @@ -23,7 +23,7 @@ version="1" comment="kernel module freevxfs disabled"> ind:path/etc/modprobe.d</ind:path> <ind:filename operation="pattern match">^.*.conf$</ind:filename> - <ind:pattern operation="pattern match">^\s*install\s+freevxfs\s+/bin/true$</ind:pattern> + <ind:pattern operation="pattern match">^\s*install\s+freevxfs\s+/bin/false$</ind:pattern> <ind:instance datatype="int">1</ind:instance> </ind:textfilecontent54_object> </def-group> diff --git a/RHEL6/input/checks/kernel_module_hfs_disabled.xml b/RHEL6/input/checks/kernel_module_hfs_disabled.xml index f9c8c9a..1b0facc 100644 --- a/RHEL6/input/checks/kernel_module_hfs_disabled.xml +++ b/RHEL6/input/checks/kernel_module_hfs_disabled.xml @@ -23,7 +23,7 @@ version="1" comment="kernel module hfs disabled"> ind:path/etc/modprobe.d</ind:path> <ind:filename operation="pattern match">^.*.conf$</ind:filename> - <ind:pattern operation="pattern match">^\s*install\s+hfs\s+/bin/true$</ind:pattern> + <ind:pattern operation="pattern match">^\s*install\s+hfs\s+/bin/false$</ind:pattern> <ind:instance datatype="int">1</ind:instance> </ind:textfilecontent54_object> </def-group> diff --git a/RHEL6/input/checks/kernel_module_hfsplus_disabled.xml b/RHEL6/input/checks/kernel_module_hfsplus_disabled.xml index b3ac3ab..1bcc587 100644 --- a/RHEL6/input/checks/kernel_module_hfsplus_disabled.xml +++ b/RHEL6/input/checks/kernel_module_hfsplus_disabled.xml @@ -23,7 +23,7 @@ version="1" comment="kernel module hfsplus disabled"> ind:path/etc/modprobe.d</ind:path> <ind:filename operation="pattern match">^.*.conf$</ind:filename> - <ind:pattern operation="pattern match">^\s*install\s+hfsplus\s+/bin/true$</ind:pattern> + <ind:pattern operation="pattern match">^\s*install\s+hfsplus\s+/bin/false$</ind:pattern> <ind:instance datatype="int">1</ind:instance> </ind:textfilecontent54_object> </def-group> diff --git a/RHEL6/input/checks/kernel_module_jffs2_disabled.xml b/RHEL6/input/checks/kernel_module_jffs2_disabled.xml index e743d9c..0bcbdef 100644 --- a/RHEL6/input/checks/kernel_module_jffs2_disabled.xml +++ b/RHEL6/input/checks/kernel_module_jffs2_disabled.xml @@ -23,7 +23,7 @@ version="1" comment="kernel module jffs2 disabled"> ind:path/etc/modprobe.d</ind:path> <ind:filename operation="pattern match">^.*.conf$</ind:filename> - <ind:pattern operation="pattern match">^\s*install\s+jffs2\s+/bin/true$</ind:pattern> + <ind:pattern operation="pattern match">^\s*install\s+jffs2\s+/bin/false$</ind:pattern> <ind:instance datatype="int">1</ind:instance> </ind:textfilecontent54_object> </def-group> diff --git a/RHEL6/input/checks/kernel_module_rds_disabled.xml b/RHEL6/input/checks/kernel_module_rds_disabled.xml index 2e502e2..e398dda 100644 --- a/RHEL6/input/checks/kernel_module_rds_disabled.xml +++ b/RHEL6/input/checks/kernel_module_rds_disabled.xml @@ -23,7 +23,7 @@ version="1" comment="kernel module rds disabled"> ind:path/etc/modprobe.d</ind:path> <ind:filename operation="pattern match">^.*.conf$</ind:filename> - <ind:pattern operation="pattern match">^\s*install\s+rds\s+/bin/true$</ind:pattern> + <ind:pattern operation="pattern match">^\s*install\s+rds\s+/bin/false$</ind:pattern> <ind:instance datatype="int">1</ind:instance> </ind:textfilecontent54_object> </def-group> diff --git a/RHEL6/input/checks/kernel_module_sctp_disabled.xml b/RHEL6/input/checks/kernel_module_sctp_disabled.xml index a3efa33..a9c83be 100644 --- a/RHEL6/input/checks/kernel_module_sctp_disabled.xml +++ b/RHEL6/input/checks/kernel_module_sctp_disabled.xml @@ -23,7 +23,7 @@ version="1" comment="kernel module sctp disabled"> ind:path/etc/modprobe.d</ind:path> <ind:filename operation="pattern match">^.*.conf$</ind:filename> - <ind:pattern operation="pattern match">^\s*install\s+sctp\s+/bin/true$</ind:pattern> + <ind:pattern operation="pattern match">^\s*install\s+sctp\s+/bin/false$</ind:pattern> <ind:instance datatype="int">1</ind:instance> </ind:textfilecontent54_object> </def-group> diff --git a/RHEL6/input/checks/kernel_module_squashfs_disabled.xml b/RHEL6/input/checks/kernel_module_squashfs_disabled.xml index 2629d29..84b0a46 100644 --- a/RHEL6/input/checks/kernel_module_squashfs_disabled.xml +++ b/RHEL6/input/checks/kernel_module_squashfs_disabled.xml @@ -23,7 +23,7 @@ version="1" comment="kernel module squashfs disabled"> ind:path/etc/modprobe.d</ind:path> <ind:filename operation="pattern match">^.*.conf$</ind:filename> - <ind:pattern operation="pattern match">^\s*install\s+squashfs\s+/bin/true$</ind:pattern> + <ind:pattern operation="pattern match">^\s*install\s+squashfs\s+/bin/false$</ind:pattern> <ind:instance datatype="int">1</ind:instance> </ind:textfilecontent54_object> </def-group> diff --git a/RHEL6/input/checks/kernel_module_tipc_disabled.xml b/RHEL6/input/checks/kernel_module_tipc_disabled.xml index 5ef76f0..bdcab24 100644 --- a/RHEL6/input/checks/kernel_module_tipc_disabled.xml +++ b/RHEL6/input/checks/kernel_module_tipc_disabled.xml @@ -23,7 +23,7 @@ version="1" comment="kernel module tipc disabled"> ind:path/etc/modprobe.d</ind:path> <ind:filename operation="pattern match">^.*.conf$</ind:filename> - <ind:pattern operation="pattern match">^\s*install\s+tipc\s+/bin/true$</ind:pattern> + <ind:pattern operation="pattern match">^\s*install\s+tipc\s+/bin/false$</ind:pattern> <ind:instance datatype="int">1</ind:instance> </ind:textfilecontent54_object> </def-group> diff --git a/RHEL6/input/checks/kernel_module_udf_disabled.xml b/RHEL6/input/checks/kernel_module_udf_disabled.xml index acd7a27..9bb0cd4 100644 --- a/RHEL6/input/checks/kernel_module_udf_disabled.xml +++ b/RHEL6/input/checks/kernel_module_udf_disabled.xml @@ -23,7 +23,7 @@ version="1" comment="kernel module udf disabled"> ind:path/etc/modprobe.d</ind:path> <ind:filename operation="pattern match">^.*.conf$</ind:filename> - <ind:pattern operation="pattern match">^\s*install\s+udf\s+/bin/true$</ind:pattern> + <ind:pattern operation="pattern match">^\s*install\s+udf\s+/bin/false$</ind:pattern> <ind:instance datatype="int">1</ind:instance> </ind:textfilecontent54_object> </def-group> diff --git a/RHEL6/input/checks/kernel_module_usb-storage_disabled.xml b/RHEL6/input/checks/kernel_module_usb-storage_disabled.xml index fff1e08..867557d 100644 --- a/RHEL6/input/checks/kernel_module_usb-storage_disabled.xml +++ b/RHEL6/input/checks/kernel_module_usb-storage_disabled.xml @@ -23,7 +23,7 @@ version="1" comment="kernel module usb-storage disabled"> ind:path/etc/modprobe.d</ind:path> <ind:filename operation="pattern match">^.*.conf$</ind:filename> - <ind:pattern operation="pattern match">^\s*install\s+usb-storage\s+/bin/true$</ind:pattern> + <ind:pattern operation="pattern match">^\s*install\s+usb-storage\s+/bin/false$</ind:pattern> <ind:instance datatype="int">1</ind:instance> </ind:textfilecontent54_object> </def-group> diff --git a/RHEL6/input/checks/templates/template_kernel_module_disabled b/RHEL6/input/checks/templates/template_kernel_module_disabled index 8385a76..83e0076 100644 --- a/RHEL6/input/checks/templates/template_kernel_module_disabled +++ b/RHEL6/input/checks/templates/template_kernel_module_disabled @@ -23,7 +23,7 @@ version="1" comment="kernel module KERNMODULE disabled"> ind:path/etc/modprobe.d</ind:path> <ind:filename operation="pattern match">^.*.conf$</ind:filename> - <ind:pattern operation="pattern match">^\s*install\s+KERNMODULE\s+/bin/true$</ind:pattern> + <ind:pattern operation="pattern match">^\s*install\s+KERNMODULE\s+/bin/false$</ind:pattern> <ind:instance datatype="int">1</ind:instance> </ind:textfilecontent54_object> </def-group> diff --git a/RHEL6/input/system/network/wireless.xml b/RHEL6/input/system/network/wireless.xml index fef9973..ee568cb 100644 --- a/RHEL6/input/system/network/wireless.xml +++ b/RHEL6/input/system/network/wireless.xml @@ -111,8 +111,8 @@ utility of Bluetooth connectivity and its limited range.</rationale> loading of the Bluetooth module. Add the following to the appropriate <tt>/etc/modprobe.d</tt> configuration file to prevent the loading of the Bluetooth module: -<pre>install net-pf-31 /bin/true -install bluetooth /bin/true</pre> +<pre>install net-pf-31 /bin/false +install bluetooth /bin/false</pre> </description> <ocil> <module-disable-check-macro module="bluetooth" />