[PATCH 1/1] The sysctl_values.csv has values that don't match the text. For example allowing source redirects.
--- .../sysctl_net_ipv4_conf_all_accept_redirects.xml | 10 +++++----- ...ysctl_net_ipv4_conf_all_accept_source_route.xml | 10 +++++----- .../sysctl_net_ipv4_conf_all_secure_redirects.xml | 10 +++++----- .../sysctl_net_ipv4_conf_all_send_redirects.xml | 10 +++++----- ...sctl_net_ipv4_conf_default_accept_redirects.xml | 10 +++++----- ...l_net_ipv4_conf_default_accept_source_route.xml | 10 +++++----- ...sctl_net_ipv4_conf_default_secure_redirects.xml | 10 +++++----- ...sysctl_net_ipv4_conf_default_send_redirects.xml | 10 +++++----- ...sctl_net_ipv6_conf_default_accept_redirects.xml | 14 ++++++-------- rhel6/src/input/checks/templates/sysctl_values.csv | 18 +++++++++--------- 10 files changed, 55 insertions(+), 57 deletions(-)
diff --git a/rhel6/src/input/checks/sysctl_net_ipv4_conf_all_accept_redirects.xml b/rhel6/src/input/checks/sysctl_net_ipv4_conf_all_accept_redirects.xml index a11a8bd..eb21415 100644 --- a/rhel6/src/input/checks/sysctl_net_ipv4_conf_all_accept_redirects.xml +++ b/rhel6/src/input/checks/sysctl_net_ipv4_conf_all_accept_redirects.xml @@ -1,4 +1,5 @@ <def-group> + <!-- THIS FILE IS GENERATED by create_sysctl_checks.py. DO NOT EDIT. --> <definition class="compliance" id="sysctl_net_ipv4_conf_all_accept_redirects" version="1"> <metadata> <title>Kernel Runtime Parameter "net.ipv4.conf.all.accept_redirects" Check</title> @@ -6,15 +7,14 @@ <platform>Red Hat Enterprise Linux 6</platform> </affected> <reference ref_id="CCE-4217-6" source="CCE" /> - <description>The kernel runtime parameter "net.ipv4.conf.all.accept_redirects" should be set to "1".</description> - <!-- generated by create_sysctl_checks.py --> + <description>The kernel runtime parameter "net.ipv4.conf.all.accept_redirects" should be set to "0".</description> </metadata> <criteria> - <criterion comment="kernel runtime parameter net.ipv4.conf.all.accept_redirects set to 1" test_ref="test_sysctl_net_ipv4_conf_all_accept_redirects" /> + <criterion comment="kernel runtime parameter net.ipv4.conf.all.accept_redirects set to 0" test_ref="test_sysctl_net_ipv4_conf_all_accept_redirects" /> </criteria> </definition>
- <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter net.ipv4.conf.all.accept_redirects set to 1" id="test_sysctl_net_ipv4_conf_all_accept_redirects" version="1"> + <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter net.ipv4.conf.all.accept_redirects set to 0" id="test_sysctl_net_ipv4_conf_all_accept_redirects" version="1"> <unix:object object_ref="object_sysctl_net_ipv4_conf_all_accept_redirects" /> <unix:state state_ref="state_sysctl_net_ipv4_conf_all_accept_redirects" /> </unix:sysctl_test> @@ -24,6 +24,6 @@ </unix:sysctl_object>
<unix:sysctl_state id="state_sysctl_net_ipv4_conf_all_accept_redirects" version="1"> - <unix:value datatype="int" operation="equals">1</unix:value> + <unix:value datatype="int" operation="equals">0</unix:value> </unix:sysctl_state> </def-group> diff --git a/rhel6/src/input/checks/sysctl_net_ipv4_conf_all_accept_source_route.xml b/rhel6/src/input/checks/sysctl_net_ipv4_conf_all_accept_source_route.xml index 2753ef6..94f8766 100644 --- a/rhel6/src/input/checks/sysctl_net_ipv4_conf_all_accept_source_route.xml +++ b/rhel6/src/input/checks/sysctl_net_ipv4_conf_all_accept_source_route.xml @@ -1,4 +1,5 @@ <def-group> + <!-- THIS FILE IS GENERATED by create_sysctl_checks.py. DO NOT EDIT. --> <definition class="compliance" id="sysctl_net_ipv4_conf_all_accept_source_route" version="1"> <metadata> <title>Kernel Runtime Parameter "net.ipv4.conf.all.accept_source_route" Check</title> @@ -6,15 +7,14 @@ <platform>Red Hat Enterprise Linux 6</platform> </affected> <reference ref_id="CCE-4236-6" source="CCE" /> - <description>The kernel runtime parameter "net.ipv4.conf.all.accept_source_route" should be set to "1".</description> - <!-- generated by create_sysctl_checks.py --> + <description>The kernel runtime parameter "net.ipv4.conf.all.accept_source_route" should be set to "0".</description> </metadata> <criteria> - <criterion comment="kernel runtime parameter net.ipv4.conf.all.accept_source_route set to 1" test_ref="test_sysctl_net_ipv4_conf_all_accept_source_route" /> + <criterion comment="kernel runtime parameter net.ipv4.conf.all.accept_source_route set to 0" test_ref="test_sysctl_net_ipv4_conf_all_accept_source_route" /> </criteria> </definition>
- <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter net.ipv4.conf.all.accept_source_route set to 1" id="test_sysctl_net_ipv4_conf_all_accept_source_route" version="1"> + <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter net.ipv4.conf.all.accept_source_route set to 0" id="test_sysctl_net_ipv4_conf_all_accept_source_route" version="1"> <unix:object object_ref="object_sysctl_net_ipv4_conf_all_accept_source_route" /> <unix:state state_ref="state_sysctl_net_ipv4_conf_all_accept_source_route" /> </unix:sysctl_test> @@ -24,6 +24,6 @@ </unix:sysctl_object>
<unix:sysctl_state id="state_sysctl_net_ipv4_conf_all_accept_source_route" version="1"> - <unix:value datatype="int" operation="equals">1</unix:value> + <unix:value datatype="int" operation="equals">0</unix:value> </unix:sysctl_state> </def-group> diff --git a/rhel6/src/input/checks/sysctl_net_ipv4_conf_all_secure_redirects.xml b/rhel6/src/input/checks/sysctl_net_ipv4_conf_all_secure_redirects.xml index 2e48ff9..5ddfeec 100644 --- a/rhel6/src/input/checks/sysctl_net_ipv4_conf_all_secure_redirects.xml +++ b/rhel6/src/input/checks/sysctl_net_ipv4_conf_all_secure_redirects.xml @@ -1,4 +1,5 @@ <def-group> + <!-- THIS FILE IS GENERATED by create_sysctl_checks.py. DO NOT EDIT. --> <definition class="compliance" id="sysctl_net_ipv4_conf_all_secure_redirects" version="1"> <metadata> <title>Kernel Runtime Parameter "net.ipv4.conf.all.secure_redirects" Check</title> @@ -6,15 +7,14 @@ <platform>Red Hat Enterprise Linux 6</platform> </affected> <reference ref_id="CCE-3472-8" source="CCE" /> - <description>The kernel runtime parameter "net.ipv4.conf.all.secure_redirects" should be set to "1".</description> - <!-- generated by create_sysctl_checks.py --> + <description>The kernel runtime parameter "net.ipv4.conf.all.secure_redirects" should be set to "0".</description> </metadata> <criteria> - <criterion comment="kernel runtime parameter net.ipv4.conf.all.secure_redirects set to 1" test_ref="test_sysctl_net_ipv4_conf_all_secure_redirects" /> + <criterion comment="kernel runtime parameter net.ipv4.conf.all.secure_redirects set to 0" test_ref="test_sysctl_net_ipv4_conf_all_secure_redirects" /> </criteria> </definition>
- <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter net.ipv4.conf.all.secure_redirects set to 1" id="test_sysctl_net_ipv4_conf_all_secure_redirects" version="1"> + <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter net.ipv4.conf.all.secure_redirects set to 0" id="test_sysctl_net_ipv4_conf_all_secure_redirects" version="1"> <unix:object object_ref="object_sysctl_net_ipv4_conf_all_secure_redirects" /> <unix:state state_ref="state_sysctl_net_ipv4_conf_all_secure_redirects" /> </unix:sysctl_test> @@ -24,6 +24,6 @@ </unix:sysctl_object>
<unix:sysctl_state id="state_sysctl_net_ipv4_conf_all_secure_redirects" version="1"> - <unix:value datatype="int" operation="equals">1</unix:value> + <unix:value datatype="int" operation="equals">0</unix:value> </unix:sysctl_state> </def-group> diff --git a/rhel6/src/input/checks/sysctl_net_ipv4_conf_all_send_redirects.xml b/rhel6/src/input/checks/sysctl_net_ipv4_conf_all_send_redirects.xml index 8df01ac..8beb66f 100644 --- a/rhel6/src/input/checks/sysctl_net_ipv4_conf_all_send_redirects.xml +++ b/rhel6/src/input/checks/sysctl_net_ipv4_conf_all_send_redirects.xml @@ -1,4 +1,5 @@ <def-group> + <!-- THIS FILE IS GENERATED by create_sysctl_checks.py. DO NOT EDIT. --> <definition class="compliance" id="sysctl_net_ipv4_conf_all_send_redirects" version="1"> <metadata> <title>Kernel Runtime Parameter "net.ipv4.conf.all.send_redirects" Check</title> @@ -6,15 +7,14 @@ <platform>Red Hat Enterprise Linux 6</platform> </affected> <reference ref_id="CCE-4155-8" source="CCE" /> - <description>The kernel runtime parameter "net.ipv4.conf.all.send_redirects" should be set to "1".</description> - <!-- generated by create_sysctl_checks.py --> + <description>The kernel runtime parameter "net.ipv4.conf.all.send_redirects" should be set to "0".</description> </metadata> <criteria> - <criterion comment="kernel runtime parameter net.ipv4.conf.all.send_redirects set to 1" test_ref="test_sysctl_net_ipv4_conf_all_send_redirects" /> + <criterion comment="kernel runtime parameter net.ipv4.conf.all.send_redirects set to 0" test_ref="test_sysctl_net_ipv4_conf_all_send_redirects" /> </criteria> </definition>
- <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter net.ipv4.conf.all.send_redirects set to 1" id="test_sysctl_net_ipv4_conf_all_send_redirects" version="1"> + <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter net.ipv4.conf.all.send_redirects set to 0" id="test_sysctl_net_ipv4_conf_all_send_redirects" version="1"> <unix:object object_ref="object_sysctl_net_ipv4_conf_all_send_redirects" /> <unix:state state_ref="state_sysctl_net_ipv4_conf_all_send_redirects" /> </unix:sysctl_test> @@ -24,6 +24,6 @@ </unix:sysctl_object>
<unix:sysctl_state id="state_sysctl_net_ipv4_conf_all_send_redirects" version="1"> - <unix:value datatype="int" operation="equals">1</unix:value> + <unix:value datatype="int" operation="equals">0</unix:value> </unix:sysctl_state> </def-group> diff --git a/rhel6/src/input/checks/sysctl_net_ipv4_conf_default_accept_redirects.xml b/rhel6/src/input/checks/sysctl_net_ipv4_conf_default_accept_redirects.xml index 9c942a2..f14f6f2 100644 --- a/rhel6/src/input/checks/sysctl_net_ipv4_conf_default_accept_redirects.xml +++ b/rhel6/src/input/checks/sysctl_net_ipv4_conf_default_accept_redirects.xml @@ -1,4 +1,5 @@ <def-group> + <!-- THIS FILE IS GENERATED by create_sysctl_checks.py. DO NOT EDIT. --> <definition class="compliance" id="sysctl_net_ipv4_conf_default_accept_redirects" version="1"> <metadata> <title>Kernel Runtime Parameter "net.ipv4.conf.default.accept_redirects" Check</title> @@ -6,15 +7,14 @@ <platform>Red Hat Enterprise Linux 6</platform> </affected> <reference ref_id="CCE-4186-3" source="CCE" /> - <description>The kernel runtime parameter "net.ipv4.conf.default.accept_redirects" should be set to "1".</description> - <!-- generated by create_sysctl_checks.py --> + <description>The kernel runtime parameter "net.ipv4.conf.default.accept_redirects" should be set to "0".</description> </metadata> <criteria> - <criterion comment="kernel runtime parameter net.ipv4.conf.default.accept_redirects set to 1" test_ref="test_sysctl_net_ipv4_conf_default_accept_redirects" /> + <criterion comment="kernel runtime parameter net.ipv4.conf.default.accept_redirects set to 0" test_ref="test_sysctl_net_ipv4_conf_default_accept_redirects" /> </criteria> </definition>
- <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter net.ipv4.conf.default.accept_redirects set to 1" id="test_sysctl_net_ipv4_conf_default_accept_redirects" version="1"> + <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter net.ipv4.conf.default.accept_redirects set to 0" id="test_sysctl_net_ipv4_conf_default_accept_redirects" version="1"> <unix:object object_ref="object_sysctl_net_ipv4_conf_default_accept_redirects" /> <unix:state state_ref="state_sysctl_net_ipv4_conf_default_accept_redirects" /> </unix:sysctl_test> @@ -24,6 +24,6 @@ </unix:sysctl_object>
<unix:sysctl_state id="state_sysctl_net_ipv4_conf_default_accept_redirects" version="1"> - <unix:value datatype="int" operation="equals">1</unix:value> + <unix:value datatype="int" operation="equals">0</unix:value> </unix:sysctl_state> </def-group> diff --git a/rhel6/src/input/checks/sysctl_net_ipv4_conf_default_accept_source_route.xml b/rhel6/src/input/checks/sysctl_net_ipv4_conf_default_accept_source_route.xml index ce3f564..4c45bca 100644 --- a/rhel6/src/input/checks/sysctl_net_ipv4_conf_default_accept_source_route.xml +++ b/rhel6/src/input/checks/sysctl_net_ipv4_conf_default_accept_source_route.xml @@ -1,4 +1,5 @@ <def-group> + <!-- THIS FILE IS GENERATED by create_sysctl_checks.py. DO NOT EDIT. --> <definition class="compliance" id="sysctl_net_ipv4_conf_default_accept_source_route" version="1"> <metadata> <title>Kernel Runtime Parameter "net.ipv4.conf.default.accept_source_route" Check</title> @@ -6,15 +7,14 @@ <platform>Red Hat Enterprise Linux 6</platform> </affected> <reference ref_id="CCE-4091-5" source="CCE" /> - <description>The kernel runtime parameter "net.ipv4.conf.default.accept_source_route" should be set to "1".</description> - <!-- generated by create_sysctl_checks.py --> + <description>The kernel runtime parameter "net.ipv4.conf.default.accept_source_route" should be set to "0".</description> </metadata> <criteria> - <criterion comment="kernel runtime parameter net.ipv4.conf.default.accept_source_route set to 1" test_ref="test_sysctl_net_ipv4_conf_default_accept_source_route" /> + <criterion comment="kernel runtime parameter net.ipv4.conf.default.accept_source_route set to 0" test_ref="test_sysctl_net_ipv4_conf_default_accept_source_route" /> </criteria> </definition>
- <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter net.ipv4.conf.default.accept_source_route set to 1" id="test_sysctl_net_ipv4_conf_default_accept_source_route" version="1"> + <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter net.ipv4.conf.default.accept_source_route set to 0" id="test_sysctl_net_ipv4_conf_default_accept_source_route" version="1"> <unix:object object_ref="object_sysctl_net_ipv4_conf_default_accept_source_route" /> <unix:state state_ref="state_sysctl_net_ipv4_conf_default_accept_source_route" /> </unix:sysctl_test> @@ -24,6 +24,6 @@ </unix:sysctl_object>
<unix:sysctl_state id="state_sysctl_net_ipv4_conf_default_accept_source_route" version="1"> - <unix:value datatype="int" operation="equals">1</unix:value> + <unix:value datatype="int" operation="equals">0</unix:value> </unix:sysctl_state> </def-group> diff --git a/rhel6/src/input/checks/sysctl_net_ipv4_conf_default_secure_redirects.xml b/rhel6/src/input/checks/sysctl_net_ipv4_conf_default_secure_redirects.xml index 2e604ac..bf829cd 100644 --- a/rhel6/src/input/checks/sysctl_net_ipv4_conf_default_secure_redirects.xml +++ b/rhel6/src/input/checks/sysctl_net_ipv4_conf_default_secure_redirects.xml @@ -1,4 +1,5 @@ <def-group> + <!-- THIS FILE IS GENERATED by create_sysctl_checks.py. DO NOT EDIT. --> <definition class="compliance" id="sysctl_net_ipv4_conf_default_secure_redirects" version="1"> <metadata> <title>Kernel Runtime Parameter "net.ipv4.conf.default.secure_redirects" Check</title> @@ -6,15 +7,14 @@ <platform>Red Hat Enterprise Linux 6</platform> </affected> <reference ref_id="CCE-3339-9" source="CCE" /> - <description>The kernel runtime parameter "net.ipv4.conf.default.secure_redirects" should be set to "1".</description> - <!-- generated by create_sysctl_checks.py --> + <description>The kernel runtime parameter "net.ipv4.conf.default.secure_redirects" should be set to "0".</description> </metadata> <criteria> - <criterion comment="kernel runtime parameter net.ipv4.conf.default.secure_redirects set to 1" test_ref="test_sysctl_net_ipv4_conf_default_secure_redirects" /> + <criterion comment="kernel runtime parameter net.ipv4.conf.default.secure_redirects set to 0" test_ref="test_sysctl_net_ipv4_conf_default_secure_redirects" /> </criteria> </definition>
- <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter net.ipv4.conf.default.secure_redirects set to 1" id="test_sysctl_net_ipv4_conf_default_secure_redirects" version="1"> + <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter net.ipv4.conf.default.secure_redirects set to 0" id="test_sysctl_net_ipv4_conf_default_secure_redirects" version="1"> <unix:object object_ref="object_sysctl_net_ipv4_conf_default_secure_redirects" /> <unix:state state_ref="state_sysctl_net_ipv4_conf_default_secure_redirects" /> </unix:sysctl_test> @@ -24,6 +24,6 @@ </unix:sysctl_object>
<unix:sysctl_state id="state_sysctl_net_ipv4_conf_default_secure_redirects" version="1"> - <unix:value datatype="int" operation="equals">1</unix:value> + <unix:value datatype="int" operation="equals">0</unix:value> </unix:sysctl_state> </def-group> diff --git a/rhel6/src/input/checks/sysctl_net_ipv4_conf_default_send_redirects.xml b/rhel6/src/input/checks/sysctl_net_ipv4_conf_default_send_redirects.xml index b0784d9..a4594e8 100644 --- a/rhel6/src/input/checks/sysctl_net_ipv4_conf_default_send_redirects.xml +++ b/rhel6/src/input/checks/sysctl_net_ipv4_conf_default_send_redirects.xml @@ -1,4 +1,5 @@ <def-group> + <!-- THIS FILE IS GENERATED by create_sysctl_checks.py. DO NOT EDIT. --> <definition class="compliance" id="sysctl_net_ipv4_conf_default_send_redirects" version="1"> <metadata> <title>Kernel Runtime Parameter "net.ipv4.conf.default.send_redirects" Check</title> @@ -6,15 +7,14 @@ <platform>Red Hat Enterprise Linux 6</platform> </affected> <reference ref_id="CCE-4151-7" source="CCE" /> - <description>The kernel runtime parameter "net.ipv4.conf.default.send_redirects" should be set to "1".</description> - <!-- generated by create_sysctl_checks.py --> + <description>The kernel runtime parameter "net.ipv4.conf.default.send_redirects" should be set to "0".</description> </metadata> <criteria> - <criterion comment="kernel runtime parameter net.ipv4.conf.default.send_redirects set to 1" test_ref="test_sysctl_net_ipv4_conf_default_send_redirects" /> + <criterion comment="kernel runtime parameter net.ipv4.conf.default.send_redirects set to 0" test_ref="test_sysctl_net_ipv4_conf_default_send_redirects" /> </criteria> </definition>
- <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter net.ipv4.conf.default.send_redirects set to 1" id="test_sysctl_net_ipv4_conf_default_send_redirects" version="1"> + <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter net.ipv4.conf.default.send_redirects set to 0" id="test_sysctl_net_ipv4_conf_default_send_redirects" version="1"> <unix:object object_ref="object_sysctl_net_ipv4_conf_default_send_redirects" /> <unix:state state_ref="state_sysctl_net_ipv4_conf_default_send_redirects" /> </unix:sysctl_test> @@ -24,6 +24,6 @@ </unix:sysctl_object>
<unix:sysctl_state id="state_sysctl_net_ipv4_conf_default_send_redirects" version="1"> - <unix:value datatype="int" operation="equals">1</unix:value> + <unix:value datatype="int" operation="equals">0</unix:value> </unix:sysctl_state> </def-group> diff --git a/rhel6/src/input/checks/sysctl_net_ipv6_conf_default_accept_redirects.xml b/rhel6/src/input/checks/sysctl_net_ipv6_conf_default_accept_redirects.xml index ce710b9..7978ba7 100644 --- a/rhel6/src/input/checks/sysctl_net_ipv6_conf_default_accept_redirects.xml +++ b/rhel6/src/input/checks/sysctl_net_ipv6_conf_default_accept_redirects.xml @@ -1,4 +1,5 @@ <def-group> + <!-- THIS FILE IS GENERATED by create_sysctl_checks.py. DO NOT EDIT. --> <definition class="compliance" id="sysctl_net_ipv6_conf_default_accept_redirects" version="1"> <metadata> <title>Kernel Runtime Parameter "net.ipv6.conf.default.accept_redirects" Check</title> @@ -6,17 +7,14 @@ <platform>Red Hat Enterprise Linux 6</platform> </affected> <reference ref_id="CCE-4365-3" source="CCE" /> - <description>The kernel runtime parameter "net.ipv6.conf.default.accept_redirects" should be set to "1".</description> - <!-- generated by create_sysctl_checks.py --> + <description>The kernel runtime parameter "net.ipv6.conf.default.accept_redirects" should be set to "0".</description> </metadata> - <criteria operator="OR"> - <extend_definition comment="IPv6 disabled or..." - definition_ref="kernel_module_ipv6_option_disabled" /> - <criterion comment="kernel runtime parameter net.ipv6.conf.default.accept_redirects set to 1" test_ref="test_sysctl_net_ipv6_conf_default_accept_redirects" /> + <criteria> + <criterion comment="kernel runtime parameter net.ipv6.conf.default.accept_redirects set to 0" test_ref="test_sysctl_net_ipv6_conf_default_accept_redirects" /> </criteria> </definition>
- <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter net.ipv6.conf.default.accept_redirects set to 1" id="test_sysctl_net_ipv6_conf_default_accept_redirects" version="1"> + <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter net.ipv6.conf.default.accept_redirects set to 0" id="test_sysctl_net_ipv6_conf_default_accept_redirects" version="1"> <unix:object object_ref="object_sysctl_net_ipv6_conf_default_accept_redirects" /> <unix:state state_ref="state_sysctl_net_ipv6_conf_default_accept_redirects" /> </unix:sysctl_test> @@ -26,6 +24,6 @@ </unix:sysctl_object>
<unix:sysctl_state id="state_sysctl_net_ipv6_conf_default_accept_redirects" version="1"> - <unix:value datatype="int" operation="equals">1</unix:value> + <unix:value datatype="int" operation="equals">0</unix:value> </unix:sysctl_state> </def-group> diff --git a/rhel6/src/input/checks/templates/sysctl_values.csv b/rhel6/src/input/checks/templates/sysctl_values.csv index 549e847..75e2c6a 100644 --- a/rhel6/src/input/checks/templates/sysctl_values.csv +++ b/rhel6/src/input/checks/templates/sysctl_values.csv @@ -1,19 +1,19 @@ kernel.exec-shield,1,4168-1 kernel.randomize_va_space,1,4146-7 -net.ipv4.conf.all.accept_redirects,1,4217-6 -net.ipv4.conf.all.accept_source_route,1,4236-6 +net.ipv4.conf.all.accept_redirects,0,4217-6 +net.ipv4.conf.all.accept_source_route,0,4236-6 net.ipv4.conf.all.log_martians,1,4320-8 net.ipv4.conf.all.rp_filter,1,4080-8 -net.ipv4.conf.all.secure_redirects,1,3472-8 -net.ipv4.conf.all.send_redirects,1,4155-8 -net.ipv4.conf.default.accept_redirects,1,4186-3 -net.ipv4.conf.default.accept_source_route,1,4091-5 +net.ipv4.conf.all.secure_redirects,0,3472-8 +net.ipv4.conf.all.send_redirects,0,4155-8 +net.ipv4.conf.default.accept_redirects,0,4186-3 +net.ipv4.conf.default.accept_source_route,0,4091-5 net.ipv4.conf.default.rp_filter,1,3840-6 -net.ipv4.conf.default.secure_redirects,1,3339-9 -net.ipv4.conf.default.send_redirects,1,4151-7 +net.ipv4.conf.default.secure_redirects,0,3339-9 +net.ipv4.conf.default.send_redirects,0,4151-7 net.ipv4.icmp_echo_ignore_broadcasts,1,3644-2 net.ipv4.icmp_ignore_bogus_error_responses,1,4133-5 net.ipv4.ip_forward,0,3561-8 net.ipv4.tcp_syncookies,1,4265-5 net.ipv6.conf.all.disable_ipv6,1,4298-6 -net.ipv6.conf.default.accept_redirects,1,4365-3 +net.ipv6.conf.default.accept_redirects,0,4365-3
Sorry for the lack of context on this, first experiment with git send-email.
The checks being created by create_sysctl_checks.py from sysctl_values.csv don't match the prose because the csv values are incorrect. This patch fixes the csv and generated output.
joe
On May 22, 2012, at 11:08 AM, Joe Nall wrote:
.../sysctl_net_ipv4_conf_all_accept_redirects.xml | 10 +++++----- ...ysctl_net_ipv4_conf_all_accept_source_route.xml | 10 +++++----- .../sysctl_net_ipv4_conf_all_secure_redirects.xml | 10 +++++----- .../sysctl_net_ipv4_conf_all_send_redirects.xml | 10 +++++----- ...sctl_net_ipv4_conf_default_accept_redirects.xml | 10 +++++----- ...l_net_ipv4_conf_default_accept_source_route.xml | 10 +++++----- ...sctl_net_ipv4_conf_default_secure_redirects.xml | 10 +++++----- ...sysctl_net_ipv4_conf_default_send_redirects.xml | 10 +++++----- ...sctl_net_ipv6_conf_default_accept_redirects.xml | 14 ++++++-------- rhel6/src/input/checks/templates/sysctl_values.csv | 18 +++++++++--------- 10 files changed, 55 insertions(+), 57 deletions(-)
diff --git a/rhel6/src/input/checks/sysctl_net_ipv4_conf_all_accept_redirects.xml b/rhel6/src/input/checks/sysctl_net_ipv4_conf_all_accept_redirects.xml index a11a8bd..eb21415 100644 --- a/rhel6/src/input/checks/sysctl_net_ipv4_conf_all_accept_redirects.xml +++ b/rhel6/src/input/checks/sysctl_net_ipv4_conf_all_accept_redirects.xml @@ -1,4 +1,5 @@
<def-group> + <!-- THIS FILE IS GENERATED by create_sysctl_checks.py. DO NOT EDIT. --> <definition class="compliance" id="sysctl_net_ipv4_conf_all_accept_redirects" version="1"> <metadata> <title>Kernel Runtime Parameter "net.ipv4.conf.all.accept_redirects" Check</title> @@ -6,15 +7,14 @@ <platform>Red Hat Enterprise Linux 6</platform> </affected> <reference ref_id="CCE-4217-6" source="CCE" /> - <description>The kernel runtime parameter "net.ipv4.conf.all.accept_redirects" should be set to "1".</description> - <!-- generated by create_sysctl_checks.py --> + <description>The kernel runtime parameter "net.ipv4.conf.all.accept_redirects" should be set to "0".</description> </metadata> <criteria> - <criterion comment="kernel runtime parameter net.ipv4.conf.all.accept_redirects set to 1" test_ref="test_sysctl_net_ipv4_conf_all_accept_redirects" /> + <criterion comment="kernel runtime parameter net.ipv4.conf.all.accept_redirects set to 0" test_ref="test_sysctl_net_ipv4_conf_all_accept_redirects" /> </criteria> </definition>
- <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter net.ipv4.conf.all.accept_redirects set to 1" id="test_sysctl_net_ipv4_conf_all_accept_redirects" version="1">
- <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter net.ipv4.conf.all.accept_redirects set to 0" id="test_sysctl_net_ipv4_conf_all_accept_redirects" version="1"> <unix:object object_ref="object_sysctl_net_ipv4_conf_all_accept_redirects" /> <unix:state state_ref="state_sysctl_net_ipv4_conf_all_accept_redirects" /> </unix:sysctl_test>
@@ -24,6 +24,6 @@ </unix:sysctl_object>
<unix:sysctl_state id="state_sysctl_net_ipv4_conf_all_accept_redirects" version="1">
- <unix:value datatype="int" operation="equals">1</unix:value>
- <unix:value datatype="int" operation="equals">0</unix:value> </unix:sysctl_state>
</def-group> diff --git a/rhel6/src/input/checks/sysctl_net_ipv4_conf_all_accept_source_route.xml b/rhel6/src/input/checks/sysctl_net_ipv4_conf_all_accept_source_route.xml index 2753ef6..94f8766 100644 --- a/rhel6/src/input/checks/sysctl_net_ipv4_conf_all_accept_source_route.xml +++ b/rhel6/src/input/checks/sysctl_net_ipv4_conf_all_accept_source_route.xml @@ -1,4 +1,5 @@ <def-group> + <!-- THIS FILE IS GENERATED by create_sysctl_checks.py. DO NOT EDIT. --> <definition class="compliance" id="sysctl_net_ipv4_conf_all_accept_source_route" version="1"> <metadata> <title>Kernel Runtime Parameter "net.ipv4.conf.all.accept_source_route" Check</title> @@ -6,15 +7,14 @@ <platform>Red Hat Enterprise Linux 6</platform> </affected> <reference ref_id="CCE-4236-6" source="CCE" /> - <description>The kernel runtime parameter "net.ipv4.conf.all.accept_source_route" should be set to "1".</description> - <!-- generated by create_sysctl_checks.py --> + <description>The kernel runtime parameter "net.ipv4.conf.all.accept_source_route" should be set to "0".</description> </metadata> <criteria> - <criterion comment="kernel runtime parameter net.ipv4.conf.all.accept_source_route set to 1" test_ref="test_sysctl_net_ipv4_conf_all_accept_source_route" /> + <criterion comment="kernel runtime parameter net.ipv4.conf.all.accept_source_route set to 0" test_ref="test_sysctl_net_ipv4_conf_all_accept_source_route" /> </criteria> </definition>
- <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter net.ipv4.conf.all.accept_source_route set to 1" id="test_sysctl_net_ipv4_conf_all_accept_source_route" version="1">
- <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter net.ipv4.conf.all.accept_source_route set to 0" id="test_sysctl_net_ipv4_conf_all_accept_source_route" version="1"> <unix:object object_ref="object_sysctl_net_ipv4_conf_all_accept_source_route" /> <unix:state state_ref="state_sysctl_net_ipv4_conf_all_accept_source_route" /> </unix:sysctl_test>
@@ -24,6 +24,6 @@ </unix:sysctl_object>
<unix:sysctl_state id="state_sysctl_net_ipv4_conf_all_accept_source_route" version="1">
- <unix:value datatype="int" operation="equals">1</unix:value>
- <unix:value datatype="int" operation="equals">0</unix:value> </unix:sysctl_state>
</def-group> diff --git a/rhel6/src/input/checks/sysctl_net_ipv4_conf_all_secure_redirects.xml b/rhel6/src/input/checks/sysctl_net_ipv4_conf_all_secure_redirects.xml index 2e48ff9..5ddfeec 100644 --- a/rhel6/src/input/checks/sysctl_net_ipv4_conf_all_secure_redirects.xml +++ b/rhel6/src/input/checks/sysctl_net_ipv4_conf_all_secure_redirects.xml @@ -1,4 +1,5 @@ <def-group> + <!-- THIS FILE IS GENERATED by create_sysctl_checks.py. DO NOT EDIT. --> <definition class="compliance" id="sysctl_net_ipv4_conf_all_secure_redirects" version="1"> <metadata> <title>Kernel Runtime Parameter "net.ipv4.conf.all.secure_redirects" Check</title> @@ -6,15 +7,14 @@ <platform>Red Hat Enterprise Linux 6</platform> </affected> <reference ref_id="CCE-3472-8" source="CCE" /> - <description>The kernel runtime parameter "net.ipv4.conf.all.secure_redirects" should be set to "1".</description> - <!-- generated by create_sysctl_checks.py --> + <description>The kernel runtime parameter "net.ipv4.conf.all.secure_redirects" should be set to "0".</description> </metadata> <criteria> - <criterion comment="kernel runtime parameter net.ipv4.conf.all.secure_redirects set to 1" test_ref="test_sysctl_net_ipv4_conf_all_secure_redirects" /> + <criterion comment="kernel runtime parameter net.ipv4.conf.all.secure_redirects set to 0" test_ref="test_sysctl_net_ipv4_conf_all_secure_redirects" /> </criteria> </definition>
- <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter net.ipv4.conf.all.secure_redirects set to 1" id="test_sysctl_net_ipv4_conf_all_secure_redirects" version="1">
- <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter net.ipv4.conf.all.secure_redirects set to 0" id="test_sysctl_net_ipv4_conf_all_secure_redirects" version="1"> <unix:object object_ref="object_sysctl_net_ipv4_conf_all_secure_redirects" /> <unix:state state_ref="state_sysctl_net_ipv4_conf_all_secure_redirects" /> </unix:sysctl_test>
@@ -24,6 +24,6 @@ </unix:sysctl_object>
<unix:sysctl_state id="state_sysctl_net_ipv4_conf_all_secure_redirects" version="1">
- <unix:value datatype="int" operation="equals">1</unix:value>
- <unix:value datatype="int" operation="equals">0</unix:value> </unix:sysctl_state>
</def-group> diff --git a/rhel6/src/input/checks/sysctl_net_ipv4_conf_all_send_redirects.xml b/rhel6/src/input/checks/sysctl_net_ipv4_conf_all_send_redirects.xml index 8df01ac..8beb66f 100644 --- a/rhel6/src/input/checks/sysctl_net_ipv4_conf_all_send_redirects.xml +++ b/rhel6/src/input/checks/sysctl_net_ipv4_conf_all_send_redirects.xml @@ -1,4 +1,5 @@ <def-group> + <!-- THIS FILE IS GENERATED by create_sysctl_checks.py. DO NOT EDIT. --> <definition class="compliance" id="sysctl_net_ipv4_conf_all_send_redirects" version="1"> <metadata> <title>Kernel Runtime Parameter "net.ipv4.conf.all.send_redirects" Check</title> @@ -6,15 +7,14 @@ <platform>Red Hat Enterprise Linux 6</platform> </affected> <reference ref_id="CCE-4155-8" source="CCE" /> - <description>The kernel runtime parameter "net.ipv4.conf.all.send_redirects" should be set to "1".</description> - <!-- generated by create_sysctl_checks.py --> + <description>The kernel runtime parameter "net.ipv4.conf.all.send_redirects" should be set to "0".</description> </metadata> <criteria> - <criterion comment="kernel runtime parameter net.ipv4.conf.all.send_redirects set to 1" test_ref="test_sysctl_net_ipv4_conf_all_send_redirects" /> + <criterion comment="kernel runtime parameter net.ipv4.conf.all.send_redirects set to 0" test_ref="test_sysctl_net_ipv4_conf_all_send_redirects" /> </criteria> </definition>
- <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter net.ipv4.conf.all.send_redirects set to 1" id="test_sysctl_net_ipv4_conf_all_send_redirects" version="1">
- <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter net.ipv4.conf.all.send_redirects set to 0" id="test_sysctl_net_ipv4_conf_all_send_redirects" version="1"> <unix:object object_ref="object_sysctl_net_ipv4_conf_all_send_redirects" /> <unix:state state_ref="state_sysctl_net_ipv4_conf_all_send_redirects" /> </unix:sysctl_test>
@@ -24,6 +24,6 @@ </unix:sysctl_object>
<unix:sysctl_state id="state_sysctl_net_ipv4_conf_all_send_redirects" version="1">
- <unix:value datatype="int" operation="equals">1</unix:value>
- <unix:value datatype="int" operation="equals">0</unix:value> </unix:sysctl_state>
</def-group> diff --git a/rhel6/src/input/checks/sysctl_net_ipv4_conf_default_accept_redirects.xml b/rhel6/src/input/checks/sysctl_net_ipv4_conf_default_accept_redirects.xml index 9c942a2..f14f6f2 100644 --- a/rhel6/src/input/checks/sysctl_net_ipv4_conf_default_accept_redirects.xml +++ b/rhel6/src/input/checks/sysctl_net_ipv4_conf_default_accept_redirects.xml @@ -1,4 +1,5 @@ <def-group> + <!-- THIS FILE IS GENERATED by create_sysctl_checks.py. DO NOT EDIT. --> <definition class="compliance" id="sysctl_net_ipv4_conf_default_accept_redirects" version="1"> <metadata> <title>Kernel Runtime Parameter "net.ipv4.conf.default.accept_redirects" Check</title> @@ -6,15 +7,14 @@ <platform>Red Hat Enterprise Linux 6</platform> </affected> <reference ref_id="CCE-4186-3" source="CCE" /> - <description>The kernel runtime parameter "net.ipv4.conf.default.accept_redirects" should be set to "1".</description> - <!-- generated by create_sysctl_checks.py --> + <description>The kernel runtime parameter "net.ipv4.conf.default.accept_redirects" should be set to "0".</description> </metadata> <criteria> - <criterion comment="kernel runtime parameter net.ipv4.conf.default.accept_redirects set to 1" test_ref="test_sysctl_net_ipv4_conf_default_accept_redirects" /> + <criterion comment="kernel runtime parameter net.ipv4.conf.default.accept_redirects set to 0" test_ref="test_sysctl_net_ipv4_conf_default_accept_redirects" /> </criteria> </definition>
- <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter net.ipv4.conf.default.accept_redirects set to 1" id="test_sysctl_net_ipv4_conf_default_accept_redirects" version="1">
- <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter net.ipv4.conf.default.accept_redirects set to 0" id="test_sysctl_net_ipv4_conf_default_accept_redirects" version="1"> <unix:object object_ref="object_sysctl_net_ipv4_conf_default_accept_redirects" /> <unix:state state_ref="state_sysctl_net_ipv4_conf_default_accept_redirects" /> </unix:sysctl_test>
@@ -24,6 +24,6 @@ </unix:sysctl_object>
<unix:sysctl_state id="state_sysctl_net_ipv4_conf_default_accept_redirects" version="1">
- <unix:value datatype="int" operation="equals">1</unix:value>
- <unix:value datatype="int" operation="equals">0</unix:value> </unix:sysctl_state>
</def-group> diff --git a/rhel6/src/input/checks/sysctl_net_ipv4_conf_default_accept_source_route.xml b/rhel6/src/input/checks/sysctl_net_ipv4_conf_default_accept_source_route.xml index ce3f564..4c45bca 100644 --- a/rhel6/src/input/checks/sysctl_net_ipv4_conf_default_accept_source_route.xml +++ b/rhel6/src/input/checks/sysctl_net_ipv4_conf_default_accept_source_route.xml @@ -1,4 +1,5 @@ <def-group> + <!-- THIS FILE IS GENERATED by create_sysctl_checks.py. DO NOT EDIT. --> <definition class="compliance" id="sysctl_net_ipv4_conf_default_accept_source_route" version="1"> <metadata> <title>Kernel Runtime Parameter "net.ipv4.conf.default.accept_source_route" Check</title> @@ -6,15 +7,14 @@ <platform>Red Hat Enterprise Linux 6</platform> </affected> <reference ref_id="CCE-4091-5" source="CCE" /> - <description>The kernel runtime parameter "net.ipv4.conf.default.accept_source_route" should be set to "1".</description> - <!-- generated by create_sysctl_checks.py --> + <description>The kernel runtime parameter "net.ipv4.conf.default.accept_source_route" should be set to "0".</description> </metadata> <criteria> - <criterion comment="kernel runtime parameter net.ipv4.conf.default.accept_source_route set to 1" test_ref="test_sysctl_net_ipv4_conf_default_accept_source_route" /> + <criterion comment="kernel runtime parameter net.ipv4.conf.default.accept_source_route set to 0" test_ref="test_sysctl_net_ipv4_conf_default_accept_source_route" /> </criteria> </definition>
- <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter net.ipv4.conf.default.accept_source_route set to 1" id="test_sysctl_net_ipv4_conf_default_accept_source_route" version="1">
- <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter net.ipv4.conf.default.accept_source_route set to 0" id="test_sysctl_net_ipv4_conf_default_accept_source_route" version="1"> <unix:object object_ref="object_sysctl_net_ipv4_conf_default_accept_source_route" /> <unix:state state_ref="state_sysctl_net_ipv4_conf_default_accept_source_route" /> </unix:sysctl_test>
@@ -24,6 +24,6 @@ </unix:sysctl_object>
<unix:sysctl_state id="state_sysctl_net_ipv4_conf_default_accept_source_route" version="1">
- <unix:value datatype="int" operation="equals">1</unix:value>
- <unix:value datatype="int" operation="equals">0</unix:value> </unix:sysctl_state>
</def-group> diff --git a/rhel6/src/input/checks/sysctl_net_ipv4_conf_default_secure_redirects.xml b/rhel6/src/input/checks/sysctl_net_ipv4_conf_default_secure_redirects.xml index 2e604ac..bf829cd 100644 --- a/rhel6/src/input/checks/sysctl_net_ipv4_conf_default_secure_redirects.xml +++ b/rhel6/src/input/checks/sysctl_net_ipv4_conf_default_secure_redirects.xml @@ -1,4 +1,5 @@ <def-group> + <!-- THIS FILE IS GENERATED by create_sysctl_checks.py. DO NOT EDIT. --> <definition class="compliance" id="sysctl_net_ipv4_conf_default_secure_redirects" version="1"> <metadata> <title>Kernel Runtime Parameter "net.ipv4.conf.default.secure_redirects" Check</title> @@ -6,15 +7,14 @@ <platform>Red Hat Enterprise Linux 6</platform> </affected> <reference ref_id="CCE-3339-9" source="CCE" /> - <description>The kernel runtime parameter "net.ipv4.conf.default.secure_redirects" should be set to "1".</description> - <!-- generated by create_sysctl_checks.py --> + <description>The kernel runtime parameter "net.ipv4.conf.default.secure_redirects" should be set to "0".</description> </metadata> <criteria> - <criterion comment="kernel runtime parameter net.ipv4.conf.default.secure_redirects set to 1" test_ref="test_sysctl_net_ipv4_conf_default_secure_redirects" /> + <criterion comment="kernel runtime parameter net.ipv4.conf.default.secure_redirects set to 0" test_ref="test_sysctl_net_ipv4_conf_default_secure_redirects" /> </criteria> </definition>
- <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter net.ipv4.conf.default.secure_redirects set to 1" id="test_sysctl_net_ipv4_conf_default_secure_redirects" version="1">
- <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter net.ipv4.conf.default.secure_redirects set to 0" id="test_sysctl_net_ipv4_conf_default_secure_redirects" version="1"> <unix:object object_ref="object_sysctl_net_ipv4_conf_default_secure_redirects" /> <unix:state state_ref="state_sysctl_net_ipv4_conf_default_secure_redirects" /> </unix:sysctl_test>
@@ -24,6 +24,6 @@ </unix:sysctl_object>
<unix:sysctl_state id="state_sysctl_net_ipv4_conf_default_secure_redirects" version="1">
- <unix:value datatype="int" operation="equals">1</unix:value>
- <unix:value datatype="int" operation="equals">0</unix:value> </unix:sysctl_state>
</def-group> diff --git a/rhel6/src/input/checks/sysctl_net_ipv4_conf_default_send_redirects.xml b/rhel6/src/input/checks/sysctl_net_ipv4_conf_default_send_redirects.xml index b0784d9..a4594e8 100644 --- a/rhel6/src/input/checks/sysctl_net_ipv4_conf_default_send_redirects.xml +++ b/rhel6/src/input/checks/sysctl_net_ipv4_conf_default_send_redirects.xml @@ -1,4 +1,5 @@ <def-group> + <!-- THIS FILE IS GENERATED by create_sysctl_checks.py. DO NOT EDIT. --> <definition class="compliance" id="sysctl_net_ipv4_conf_default_send_redirects" version="1"> <metadata> <title>Kernel Runtime Parameter "net.ipv4.conf.default.send_redirects" Check</title> @@ -6,15 +7,14 @@ <platform>Red Hat Enterprise Linux 6</platform> </affected> <reference ref_id="CCE-4151-7" source="CCE" /> - <description>The kernel runtime parameter "net.ipv4.conf.default.send_redirects" should be set to "1".</description> - <!-- generated by create_sysctl_checks.py --> + <description>The kernel runtime parameter "net.ipv4.conf.default.send_redirects" should be set to "0".</description> </metadata> <criteria> - <criterion comment="kernel runtime parameter net.ipv4.conf.default.send_redirects set to 1" test_ref="test_sysctl_net_ipv4_conf_default_send_redirects" /> + <criterion comment="kernel runtime parameter net.ipv4.conf.default.send_redirects set to 0" test_ref="test_sysctl_net_ipv4_conf_default_send_redirects" /> </criteria> </definition>
- <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter net.ipv4.conf.default.send_redirects set to 1" id="test_sysctl_net_ipv4_conf_default_send_redirects" version="1">
- <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter net.ipv4.conf.default.send_redirects set to 0" id="test_sysctl_net_ipv4_conf_default_send_redirects" version="1"> <unix:object object_ref="object_sysctl_net_ipv4_conf_default_send_redirects" /> <unix:state state_ref="state_sysctl_net_ipv4_conf_default_send_redirects" /> </unix:sysctl_test>
@@ -24,6 +24,6 @@ </unix:sysctl_object>
<unix:sysctl_state id="state_sysctl_net_ipv4_conf_default_send_redirects" version="1">
- <unix:value datatype="int" operation="equals">1</unix:value>
- <unix:value datatype="int" operation="equals">0</unix:value> </unix:sysctl_state>
</def-group> diff --git a/rhel6/src/input/checks/sysctl_net_ipv6_conf_default_accept_redirects.xml b/rhel6/src/input/checks/sysctl_net_ipv6_conf_default_accept_redirects.xml index ce710b9..7978ba7 100644 --- a/rhel6/src/input/checks/sysctl_net_ipv6_conf_default_accept_redirects.xml +++ b/rhel6/src/input/checks/sysctl_net_ipv6_conf_default_accept_redirects.xml @@ -1,4 +1,5 @@ <def-group> + <!-- THIS FILE IS GENERATED by create_sysctl_checks.py. DO NOT EDIT. --> <definition class="compliance" id="sysctl_net_ipv6_conf_default_accept_redirects" version="1"> <metadata> <title>Kernel Runtime Parameter "net.ipv6.conf.default.accept_redirects" Check</title> @@ -6,17 +7,14 @@ <platform>Red Hat Enterprise Linux 6</platform> </affected> <reference ref_id="CCE-4365-3" source="CCE" /> - <description>The kernel runtime parameter "net.ipv6.conf.default.accept_redirects" should be set to "1".</description> - <!-- generated by create_sysctl_checks.py --> + <description>The kernel runtime parameter "net.ipv6.conf.default.accept_redirects" should be set to "0".</description> </metadata> - <criteria operator="OR"> - <extend_definition comment="IPv6 disabled or..." - definition_ref="kernel_module_ipv6_option_disabled" /> - <criterion comment="kernel runtime parameter net.ipv6.conf.default.accept_redirects set to 1" test_ref="test_sysctl_net_ipv6_conf_default_accept_redirects" /> + <criteria> + <criterion comment="kernel runtime parameter net.ipv6.conf.default.accept_redirects set to 0" test_ref="test_sysctl_net_ipv6_conf_default_accept_redirects" /> </criteria> </definition>
- <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter net.ipv6.conf.default.accept_redirects set to 1" id="test_sysctl_net_ipv6_conf_default_accept_redirects" version="1">
- <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter net.ipv6.conf.default.accept_redirects set to 0" id="test_sysctl_net_ipv6_conf_default_accept_redirects" version="1"> <unix:object object_ref="object_sysctl_net_ipv6_conf_default_accept_redirects" /> <unix:state state_ref="state_sysctl_net_ipv6_conf_default_accept_redirects" /> </unix:sysctl_test>
@@ -26,6 +24,6 @@ </unix:sysctl_object>
<unix:sysctl_state id="state_sysctl_net_ipv6_conf_default_accept_redirects" version="1">
- <unix:value datatype="int" operation="equals">1</unix:value>
- <unix:value datatype="int" operation="equals">0</unix:value> </unix:sysctl_state>
</def-group> diff --git a/rhel6/src/input/checks/templates/sysctl_values.csv b/rhel6/src/input/checks/templates/sysctl_values.csv index 549e847..75e2c6a 100644 --- a/rhel6/src/input/checks/templates/sysctl_values.csv +++ b/rhel6/src/input/checks/templates/sysctl_values.csv @@ -1,19 +1,19 @@ kernel.exec-shield,1,4168-1 kernel.randomize_va_space,1,4146-7 -net.ipv4.conf.all.accept_redirects,1,4217-6 -net.ipv4.conf.all.accept_source_route,1,4236-6 +net.ipv4.conf.all.accept_redirects,0,4217-6 +net.ipv4.conf.all.accept_source_route,0,4236-6 net.ipv4.conf.all.log_martians,1,4320-8 net.ipv4.conf.all.rp_filter,1,4080-8 -net.ipv4.conf.all.secure_redirects,1,3472-8 -net.ipv4.conf.all.send_redirects,1,4155-8 -net.ipv4.conf.default.accept_redirects,1,4186-3 -net.ipv4.conf.default.accept_source_route,1,4091-5 +net.ipv4.conf.all.secure_redirects,0,3472-8 +net.ipv4.conf.all.send_redirects,0,4155-8 +net.ipv4.conf.default.accept_redirects,0,4186-3 +net.ipv4.conf.default.accept_source_route,0,4091-5 net.ipv4.conf.default.rp_filter,1,3840-6 -net.ipv4.conf.default.secure_redirects,1,3339-9 -net.ipv4.conf.default.send_redirects,1,4151-7 +net.ipv4.conf.default.secure_redirects,0,3339-9 +net.ipv4.conf.default.send_redirects,0,4151-7 net.ipv4.icmp_echo_ignore_broadcasts,1,3644-2 net.ipv4.icmp_ignore_bogus_error_responses,1,4133-5 net.ipv4.ip_forward,0,3561-8 net.ipv4.tcp_syncookies,1,4265-5 net.ipv6.conf.all.disable_ipv6,1,4298-6 -net.ipv6.conf.default.accept_redirects,1,4365-3 +net.ipv6.conf.default.accept_redirects,0,4365-3 -- 1.7.1
I ACK this. Please push.
Thanks very much for the QA.
On 05/22/2012 11:45 AM, Joe Nall wrote:
Sorry for the lack of context on this, first experiment with git send-email.
The checks being created by create_sysctl_checks.py from sysctl_values.csv don't match the prose because the csv values are incorrect. This patch fixes the csv and generated output.
joe
On May 22, 2012, at 11:08 AM, Joe Nall wrote:
.../sysctl_net_ipv4_conf_all_accept_redirects.xml | 10 +++++----- ...ysctl_net_ipv4_conf_all_accept_source_route.xml | 10 +++++----- .../sysctl_net_ipv4_conf_all_secure_redirects.xml | 10 +++++----- .../sysctl_net_ipv4_conf_all_send_redirects.xml | 10 +++++----- ...sctl_net_ipv4_conf_default_accept_redirects.xml | 10 +++++----- ...l_net_ipv4_conf_default_accept_source_route.xml | 10 +++++----- ...sctl_net_ipv4_conf_default_secure_redirects.xml | 10 +++++----- ...sysctl_net_ipv4_conf_default_send_redirects.xml | 10 +++++----- ...sctl_net_ipv6_conf_default_accept_redirects.xml | 14 ++++++-------- rhel6/src/input/checks/templates/sysctl_values.csv | 18 +++++++++--------- 10 files changed, 55 insertions(+), 57 deletions(-)
diff --git a/rhel6/src/input/checks/sysctl_net_ipv4_conf_all_accept_redirects.xml b/rhel6/src/input/checks/sysctl_net_ipv4_conf_all_accept_redirects.xml index a11a8bd..eb21415 100644 --- a/rhel6/src/input/checks/sysctl_net_ipv4_conf_all_accept_redirects.xml +++ b/rhel6/src/input/checks/sysctl_net_ipv4_conf_all_accept_redirects.xml @@ -1,4 +1,5 @@
<def-group> + <!-- THIS FILE IS GENERATED by create_sysctl_checks.py. DO NOT EDIT. --> <definition class="compliance" id="sysctl_net_ipv4_conf_all_accept_redirects" version="1"> <metadata> <title>Kernel Runtime Parameter "net.ipv4.conf.all.accept_redirects" Check</title> @@ -6,15 +7,14 @@ <platform>Red Hat Enterprise Linux 6</platform> </affected> <reference ref_id="CCE-4217-6" source="CCE" /> - <description>The kernel runtime parameter "net.ipv4.conf.all.accept_redirects" should be set to "1".</description> - <!-- generated by create_sysctl_checks.py --> + <description>The kernel runtime parameter "net.ipv4.conf.all.accept_redirects" should be set to "0".</description> </metadata> <criteria> - <criterion comment="kernel runtime parameter net.ipv4.conf.all.accept_redirects set to 1" test_ref="test_sysctl_net_ipv4_conf_all_accept_redirects" /> + <criterion comment="kernel runtime parameter net.ipv4.conf.all.accept_redirects set to 0" test_ref="test_sysctl_net_ipv4_conf_all_accept_redirects" /> </criteria> </definition>
- <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter net.ipv4.conf.all.accept_redirects set to 1" id="test_sysctl_net_ipv4_conf_all_accept_redirects" version="1">
- <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter net.ipv4.conf.all.accept_redirects set to 0" id="test_sysctl_net_ipv4_conf_all_accept_redirects" version="1"> <unix:object object_ref="object_sysctl_net_ipv4_conf_all_accept_redirects" /> <unix:state state_ref="state_sysctl_net_ipv4_conf_all_accept_redirects" /> </unix:sysctl_test>
@@ -24,6 +24,6 @@ </unix:sysctl_object>
<unix:sysctl_state id="state_sysctl_net_ipv4_conf_all_accept_redirects" version="1">
- <unix:value datatype="int" operation="equals">1</unix:value>
- <unix:value datatype="int" operation="equals">0</unix:value> </unix:sysctl_state>
</def-group> diff --git a/rhel6/src/input/checks/sysctl_net_ipv4_conf_all_accept_source_route.xml b/rhel6/src/input/checks/sysctl_net_ipv4_conf_all_accept_source_route.xml index 2753ef6..94f8766 100644 --- a/rhel6/src/input/checks/sysctl_net_ipv4_conf_all_accept_source_route.xml +++ b/rhel6/src/input/checks/sysctl_net_ipv4_conf_all_accept_source_route.xml @@ -1,4 +1,5 @@ <def-group> + <!-- THIS FILE IS GENERATED by create_sysctl_checks.py. DO NOT EDIT. --> <definition class="compliance" id="sysctl_net_ipv4_conf_all_accept_source_route" version="1"> <metadata> <title>Kernel Runtime Parameter "net.ipv4.conf.all.accept_source_route" Check</title> @@ -6,15 +7,14 @@ <platform>Red Hat Enterprise Linux 6</platform> </affected> <reference ref_id="CCE-4236-6" source="CCE" /> - <description>The kernel runtime parameter "net.ipv4.conf.all.accept_source_route" should be set to "1".</description> - <!-- generated by create_sysctl_checks.py --> + <description>The kernel runtime parameter "net.ipv4.conf.all.accept_source_route" should be set to "0".</description> </metadata> <criteria> - <criterion comment="kernel runtime parameter net.ipv4.conf.all.accept_source_route set to 1" test_ref="test_sysctl_net_ipv4_conf_all_accept_source_route" /> + <criterion comment="kernel runtime parameter net.ipv4.conf.all.accept_source_route set to 0" test_ref="test_sysctl_net_ipv4_conf_all_accept_source_route" /> </criteria> </definition>
- <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter net.ipv4.conf.all.accept_source_route set to 1" id="test_sysctl_net_ipv4_conf_all_accept_source_route" version="1">
- <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter net.ipv4.conf.all.accept_source_route set to 0" id="test_sysctl_net_ipv4_conf_all_accept_source_route" version="1"> <unix:object object_ref="object_sysctl_net_ipv4_conf_all_accept_source_route" /> <unix:state state_ref="state_sysctl_net_ipv4_conf_all_accept_source_route" /> </unix:sysctl_test>
@@ -24,6 +24,6 @@ </unix:sysctl_object>
<unix:sysctl_state id="state_sysctl_net_ipv4_conf_all_accept_source_route" version="1">
- <unix:value datatype="int" operation="equals">1</unix:value>
- <unix:value datatype="int" operation="equals">0</unix:value> </unix:sysctl_state>
</def-group> diff --git a/rhel6/src/input/checks/sysctl_net_ipv4_conf_all_secure_redirects.xml b/rhel6/src/input/checks/sysctl_net_ipv4_conf_all_secure_redirects.xml index 2e48ff9..5ddfeec 100644 --- a/rhel6/src/input/checks/sysctl_net_ipv4_conf_all_secure_redirects.xml +++ b/rhel6/src/input/checks/sysctl_net_ipv4_conf_all_secure_redirects.xml @@ -1,4 +1,5 @@ <def-group> + <!-- THIS FILE IS GENERATED by create_sysctl_checks.py. DO NOT EDIT. --> <definition class="compliance" id="sysctl_net_ipv4_conf_all_secure_redirects" version="1"> <metadata> <title>Kernel Runtime Parameter "net.ipv4.conf.all.secure_redirects" Check</title> @@ -6,15 +7,14 @@ <platform>Red Hat Enterprise Linux 6</platform> </affected> <reference ref_id="CCE-3472-8" source="CCE" /> - <description>The kernel runtime parameter "net.ipv4.conf.all.secure_redirects" should be set to "1".</description> - <!-- generated by create_sysctl_checks.py --> + <description>The kernel runtime parameter "net.ipv4.conf.all.secure_redirects" should be set to "0".</description> </metadata> <criteria> - <criterion comment="kernel runtime parameter net.ipv4.conf.all.secure_redirects set to 1" test_ref="test_sysctl_net_ipv4_conf_all_secure_redirects" /> + <criterion comment="kernel runtime parameter net.ipv4.conf.all.secure_redirects set to 0" test_ref="test_sysctl_net_ipv4_conf_all_secure_redirects" /> </criteria> </definition>
- <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter net.ipv4.conf.all.secure_redirects set to 1" id="test_sysctl_net_ipv4_conf_all_secure_redirects" version="1">
- <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter net.ipv4.conf.all.secure_redirects set to 0" id="test_sysctl_net_ipv4_conf_all_secure_redirects" version="1"> <unix:object object_ref="object_sysctl_net_ipv4_conf_all_secure_redirects" /> <unix:state state_ref="state_sysctl_net_ipv4_conf_all_secure_redirects" /> </unix:sysctl_test>
@@ -24,6 +24,6 @@ </unix:sysctl_object>
<unix:sysctl_state id="state_sysctl_net_ipv4_conf_all_secure_redirects" version="1">
- <unix:value datatype="int" operation="equals">1</unix:value>
- <unix:value datatype="int" operation="equals">0</unix:value> </unix:sysctl_state>
</def-group> diff --git a/rhel6/src/input/checks/sysctl_net_ipv4_conf_all_send_redirects.xml b/rhel6/src/input/checks/sysctl_net_ipv4_conf_all_send_redirects.xml index 8df01ac..8beb66f 100644 --- a/rhel6/src/input/checks/sysctl_net_ipv4_conf_all_send_redirects.xml +++ b/rhel6/src/input/checks/sysctl_net_ipv4_conf_all_send_redirects.xml @@ -1,4 +1,5 @@ <def-group> + <!-- THIS FILE IS GENERATED by create_sysctl_checks.py. DO NOT EDIT. --> <definition class="compliance" id="sysctl_net_ipv4_conf_all_send_redirects" version="1"> <metadata> <title>Kernel Runtime Parameter "net.ipv4.conf.all.send_redirects" Check</title> @@ -6,15 +7,14 @@ <platform>Red Hat Enterprise Linux 6</platform> </affected> <reference ref_id="CCE-4155-8" source="CCE" /> - <description>The kernel runtime parameter "net.ipv4.conf.all.send_redirects" should be set to "1".</description> - <!-- generated by create_sysctl_checks.py --> + <description>The kernel runtime parameter "net.ipv4.conf.all.send_redirects" should be set to "0".</description> </metadata> <criteria> - <criterion comment="kernel runtime parameter net.ipv4.conf.all.send_redirects set to 1" test_ref="test_sysctl_net_ipv4_conf_all_send_redirects" /> + <criterion comment="kernel runtime parameter net.ipv4.conf.all.send_redirects set to 0" test_ref="test_sysctl_net_ipv4_conf_all_send_redirects" /> </criteria> </definition>
- <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter net.ipv4.conf.all.send_redirects set to 1" id="test_sysctl_net_ipv4_conf_all_send_redirects" version="1">
- <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter net.ipv4.conf.all.send_redirects set to 0" id="test_sysctl_net_ipv4_conf_all_send_redirects" version="1"> <unix:object object_ref="object_sysctl_net_ipv4_conf_all_send_redirects" /> <unix:state state_ref="state_sysctl_net_ipv4_conf_all_send_redirects" /> </unix:sysctl_test>
@@ -24,6 +24,6 @@ </unix:sysctl_object>
<unix:sysctl_state id="state_sysctl_net_ipv4_conf_all_send_redirects" version="1">
- <unix:value datatype="int" operation="equals">1</unix:value>
- <unix:value datatype="int" operation="equals">0</unix:value> </unix:sysctl_state>
</def-group> diff --git a/rhel6/src/input/checks/sysctl_net_ipv4_conf_default_accept_redirects.xml b/rhel6/src/input/checks/sysctl_net_ipv4_conf_default_accept_redirects.xml index 9c942a2..f14f6f2 100644 --- a/rhel6/src/input/checks/sysctl_net_ipv4_conf_default_accept_redirects.xml +++ b/rhel6/src/input/checks/sysctl_net_ipv4_conf_default_accept_redirects.xml @@ -1,4 +1,5 @@ <def-group> + <!-- THIS FILE IS GENERATED by create_sysctl_checks.py. DO NOT EDIT. --> <definition class="compliance" id="sysctl_net_ipv4_conf_default_accept_redirects" version="1"> <metadata> <title>Kernel Runtime Parameter "net.ipv4.conf.default.accept_redirects" Check</title> @@ -6,15 +7,14 @@ <platform>Red Hat Enterprise Linux 6</platform> </affected> <reference ref_id="CCE-4186-3" source="CCE" /> - <description>The kernel runtime parameter "net.ipv4.conf.default.accept_redirects" should be set to "1".</description> - <!-- generated by create_sysctl_checks.py --> + <description>The kernel runtime parameter "net.ipv4.conf.default.accept_redirects" should be set to "0".</description> </metadata> <criteria> - <criterion comment="kernel runtime parameter net.ipv4.conf.default.accept_redirects set to 1" test_ref="test_sysctl_net_ipv4_conf_default_accept_redirects" /> + <criterion comment="kernel runtime parameter net.ipv4.conf.default.accept_redirects set to 0" test_ref="test_sysctl_net_ipv4_conf_default_accept_redirects" /> </criteria> </definition>
- <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter net.ipv4.conf.default.accept_redirects set to 1" id="test_sysctl_net_ipv4_conf_default_accept_redirects" version="1">
- <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter net.ipv4.conf.default.accept_redirects set to 0" id="test_sysctl_net_ipv4_conf_default_accept_redirects" version="1"> <unix:object object_ref="object_sysctl_net_ipv4_conf_default_accept_redirects" /> <unix:state state_ref="state_sysctl_net_ipv4_conf_default_accept_redirects" /> </unix:sysctl_test>
@@ -24,6 +24,6 @@ </unix:sysctl_object>
<unix:sysctl_state id="state_sysctl_net_ipv4_conf_default_accept_redirects" version="1">
- <unix:value datatype="int" operation="equals">1</unix:value>
- <unix:value datatype="int" operation="equals">0</unix:value> </unix:sysctl_state>
</def-group> diff --git a/rhel6/src/input/checks/sysctl_net_ipv4_conf_default_accept_source_route.xml b/rhel6/src/input/checks/sysctl_net_ipv4_conf_default_accept_source_route.xml index ce3f564..4c45bca 100644 --- a/rhel6/src/input/checks/sysctl_net_ipv4_conf_default_accept_source_route.xml +++ b/rhel6/src/input/checks/sysctl_net_ipv4_conf_default_accept_source_route.xml @@ -1,4 +1,5 @@ <def-group> + <!-- THIS FILE IS GENERATED by create_sysctl_checks.py. DO NOT EDIT. --> <definition class="compliance" id="sysctl_net_ipv4_conf_default_accept_source_route" version="1"> <metadata> <title>Kernel Runtime Parameter "net.ipv4.conf.default.accept_source_route" Check</title> @@ -6,15 +7,14 @@ <platform>Red Hat Enterprise Linux 6</platform> </affected> <reference ref_id="CCE-4091-5" source="CCE" /> - <description>The kernel runtime parameter "net.ipv4.conf.default.accept_source_route" should be set to "1".</description> - <!-- generated by create_sysctl_checks.py --> + <description>The kernel runtime parameter "net.ipv4.conf.default.accept_source_route" should be set to "0".</description> </metadata> <criteria> - <criterion comment="kernel runtime parameter net.ipv4.conf.default.accept_source_route set to 1" test_ref="test_sysctl_net_ipv4_conf_default_accept_source_route" /> + <criterion comment="kernel runtime parameter net.ipv4.conf.default.accept_source_route set to 0" test_ref="test_sysctl_net_ipv4_conf_default_accept_source_route" /> </criteria> </definition>
- <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter net.ipv4.conf.default.accept_source_route set to 1" id="test_sysctl_net_ipv4_conf_default_accept_source_route" version="1">
- <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter net.ipv4.conf.default.accept_source_route set to 0" id="test_sysctl_net_ipv4_conf_default_accept_source_route" version="1"> <unix:object object_ref="object_sysctl_net_ipv4_conf_default_accept_source_route" /> <unix:state state_ref="state_sysctl_net_ipv4_conf_default_accept_source_route" /> </unix:sysctl_test>
@@ -24,6 +24,6 @@ </unix:sysctl_object>
<unix:sysctl_state id="state_sysctl_net_ipv4_conf_default_accept_source_route" version="1">
- <unix:value datatype="int" operation="equals">1</unix:value>
- <unix:value datatype="int" operation="equals">0</unix:value> </unix:sysctl_state>
</def-group> diff --git a/rhel6/src/input/checks/sysctl_net_ipv4_conf_default_secure_redirects.xml b/rhel6/src/input/checks/sysctl_net_ipv4_conf_default_secure_redirects.xml index 2e604ac..bf829cd 100644 --- a/rhel6/src/input/checks/sysctl_net_ipv4_conf_default_secure_redirects.xml +++ b/rhel6/src/input/checks/sysctl_net_ipv4_conf_default_secure_redirects.xml @@ -1,4 +1,5 @@ <def-group> + <!-- THIS FILE IS GENERATED by create_sysctl_checks.py. DO NOT EDIT. --> <definition class="compliance" id="sysctl_net_ipv4_conf_default_secure_redirects" version="1"> <metadata> <title>Kernel Runtime Parameter "net.ipv4.conf.default.secure_redirects" Check</title> @@ -6,15 +7,14 @@ <platform>Red Hat Enterprise Linux 6</platform> </affected> <reference ref_id="CCE-3339-9" source="CCE" /> - <description>The kernel runtime parameter "net.ipv4.conf.default.secure_redirects" should be set to "1".</description> - <!-- generated by create_sysctl_checks.py --> + <description>The kernel runtime parameter "net.ipv4.conf.default.secure_redirects" should be set to "0".</description> </metadata> <criteria> - <criterion comment="kernel runtime parameter net.ipv4.conf.default.secure_redirects set to 1" test_ref="test_sysctl_net_ipv4_conf_default_secure_redirects" /> + <criterion comment="kernel runtime parameter net.ipv4.conf.default.secure_redirects set to 0" test_ref="test_sysctl_net_ipv4_conf_default_secure_redirects" /> </criteria> </definition>
- <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter net.ipv4.conf.default.secure_redirects set to 1" id="test_sysctl_net_ipv4_conf_default_secure_redirects" version="1">
- <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter net.ipv4.conf.default.secure_redirects set to 0" id="test_sysctl_net_ipv4_conf_default_secure_redirects" version="1"> <unix:object object_ref="object_sysctl_net_ipv4_conf_default_secure_redirects" /> <unix:state state_ref="state_sysctl_net_ipv4_conf_default_secure_redirects" /> </unix:sysctl_test>
@@ -24,6 +24,6 @@ </unix:sysctl_object>
<unix:sysctl_state id="state_sysctl_net_ipv4_conf_default_secure_redirects" version="1">
- <unix:value datatype="int" operation="equals">1</unix:value>
- <unix:value datatype="int" operation="equals">0</unix:value> </unix:sysctl_state>
</def-group> diff --git a/rhel6/src/input/checks/sysctl_net_ipv4_conf_default_send_redirects.xml b/rhel6/src/input/checks/sysctl_net_ipv4_conf_default_send_redirects.xml index b0784d9..a4594e8 100644 --- a/rhel6/src/input/checks/sysctl_net_ipv4_conf_default_send_redirects.xml +++ b/rhel6/src/input/checks/sysctl_net_ipv4_conf_default_send_redirects.xml @@ -1,4 +1,5 @@ <def-group> + <!-- THIS FILE IS GENERATED by create_sysctl_checks.py. DO NOT EDIT. --> <definition class="compliance" id="sysctl_net_ipv4_conf_default_send_redirects" version="1"> <metadata> <title>Kernel Runtime Parameter "net.ipv4.conf.default.send_redirects" Check</title> @@ -6,15 +7,14 @@ <platform>Red Hat Enterprise Linux 6</platform> </affected> <reference ref_id="CCE-4151-7" source="CCE" /> - <description>The kernel runtime parameter "net.ipv4.conf.default.send_redirects" should be set to "1".</description> - <!-- generated by create_sysctl_checks.py --> + <description>The kernel runtime parameter "net.ipv4.conf.default.send_redirects" should be set to "0".</description> </metadata> <criteria> - <criterion comment="kernel runtime parameter net.ipv4.conf.default.send_redirects set to 1" test_ref="test_sysctl_net_ipv4_conf_default_send_redirects" /> + <criterion comment="kernel runtime parameter net.ipv4.conf.default.send_redirects set to 0" test_ref="test_sysctl_net_ipv4_conf_default_send_redirects" /> </criteria> </definition>
- <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter net.ipv4.conf.default.send_redirects set to 1" id="test_sysctl_net_ipv4_conf_default_send_redirects" version="1">
- <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter net.ipv4.conf.default.send_redirects set to 0" id="test_sysctl_net_ipv4_conf_default_send_redirects" version="1"> <unix:object object_ref="object_sysctl_net_ipv4_conf_default_send_redirects" /> <unix:state state_ref="state_sysctl_net_ipv4_conf_default_send_redirects" /> </unix:sysctl_test>
@@ -24,6 +24,6 @@ </unix:sysctl_object>
<unix:sysctl_state id="state_sysctl_net_ipv4_conf_default_send_redirects" version="1">
- <unix:value datatype="int" operation="equals">1</unix:value>
- <unix:value datatype="int" operation="equals">0</unix:value> </unix:sysctl_state>
</def-group> diff --git a/rhel6/src/input/checks/sysctl_net_ipv6_conf_default_accept_redirects.xml b/rhel6/src/input/checks/sysctl_net_ipv6_conf_default_accept_redirects.xml index ce710b9..7978ba7 100644 --- a/rhel6/src/input/checks/sysctl_net_ipv6_conf_default_accept_redirects.xml +++ b/rhel6/src/input/checks/sysctl_net_ipv6_conf_default_accept_redirects.xml @@ -1,4 +1,5 @@ <def-group> + <!-- THIS FILE IS GENERATED by create_sysctl_checks.py. DO NOT EDIT. --> <definition class="compliance" id="sysctl_net_ipv6_conf_default_accept_redirects" version="1"> <metadata> <title>Kernel Runtime Parameter "net.ipv6.conf.default.accept_redirects" Check</title> @@ -6,17 +7,14 @@ <platform>Red Hat Enterprise Linux 6</platform> </affected> <reference ref_id="CCE-4365-3" source="CCE" /> - <description>The kernel runtime parameter "net.ipv6.conf.default.accept_redirects" should be set to "1".</description> - <!-- generated by create_sysctl_checks.py --> + <description>The kernel runtime parameter "net.ipv6.conf.default.accept_redirects" should be set to "0".</description> </metadata> - <criteria operator="OR"> - <extend_definition comment="IPv6 disabled or..." - definition_ref="kernel_module_ipv6_option_disabled" /> - <criterion comment="kernel runtime parameter net.ipv6.conf.default.accept_redirects set to 1" test_ref="test_sysctl_net_ipv6_conf_default_accept_redirects" /> + <criteria> + <criterion comment="kernel runtime parameter net.ipv6.conf.default.accept_redirects set to 0" test_ref="test_sysctl_net_ipv6_conf_default_accept_redirects" /> </criteria> </definition>
- <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter net.ipv6.conf.default.accept_redirects set to 1" id="test_sysctl_net_ipv6_conf_default_accept_redirects" version="1">
- <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter net.ipv6.conf.default.accept_redirects set to 0" id="test_sysctl_net_ipv6_conf_default_accept_redirects" version="1"> <unix:object object_ref="object_sysctl_net_ipv6_conf_default_accept_redirects" /> <unix:state state_ref="state_sysctl_net_ipv6_conf_default_accept_redirects" /> </unix:sysctl_test>
@@ -26,6 +24,6 @@ </unix:sysctl_object>
<unix:sysctl_state id="state_sysctl_net_ipv6_conf_default_accept_redirects" version="1">
- <unix:value datatype="int" operation="equals">1</unix:value>
- <unix:value datatype="int" operation="equals">0</unix:value> </unix:sysctl_state>
</def-group> diff --git a/rhel6/src/input/checks/templates/sysctl_values.csv b/rhel6/src/input/checks/templates/sysctl_values.csv index 549e847..75e2c6a 100644 --- a/rhel6/src/input/checks/templates/sysctl_values.csv +++ b/rhel6/src/input/checks/templates/sysctl_values.csv @@ -1,19 +1,19 @@ kernel.exec-shield,1,4168-1 kernel.randomize_va_space,1,4146-7 -net.ipv4.conf.all.accept_redirects,1,4217-6 -net.ipv4.conf.all.accept_source_route,1,4236-6 +net.ipv4.conf.all.accept_redirects,0,4217-6 +net.ipv4.conf.all.accept_source_route,0,4236-6 net.ipv4.conf.all.log_martians,1,4320-8 net.ipv4.conf.all.rp_filter,1,4080-8 -net.ipv4.conf.all.secure_redirects,1,3472-8 -net.ipv4.conf.all.send_redirects,1,4155-8 -net.ipv4.conf.default.accept_redirects,1,4186-3 -net.ipv4.conf.default.accept_source_route,1,4091-5 +net.ipv4.conf.all.secure_redirects,0,3472-8 +net.ipv4.conf.all.send_redirects,0,4155-8 +net.ipv4.conf.default.accept_redirects,0,4186-3 +net.ipv4.conf.default.accept_source_route,0,4091-5 net.ipv4.conf.default.rp_filter,1,3840-6 -net.ipv4.conf.default.secure_redirects,1,3339-9 -net.ipv4.conf.default.send_redirects,1,4151-7 +net.ipv4.conf.default.secure_redirects,0,3339-9 +net.ipv4.conf.default.send_redirects,0,4151-7 net.ipv4.icmp_echo_ignore_broadcasts,1,3644-2 net.ipv4.icmp_ignore_bogus_error_responses,1,4133-5 net.ipv4.ip_forward,0,3561-8 net.ipv4.tcp_syncookies,1,4265-5 net.ipv6.conf.all.disable_ipv6,1,4298-6 -net.ipv6.conf.default.accept_redirects,1,4365-3 +net.ipv6.conf.default.accept_redirects,0,4365-3 -- 1.7.1
scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/scap-security-guide
scap-security-guide@lists.fedorahosted.org
-
Jeffrey Blank -
Joe Nall