On 5/24/12 8:02 PM, Jeffrey Blank wrote:
Signed-off-by: Jeffrey Blank<blank(a)eclipse.ncsc.mil>
---
rhel6/src/input/profiles/common.xml | 1 -
rhel6/src/input/profiles/desktop.xml | 1 +
rhel6/src/input/system/network/ipsec.xml | 21 +++++++++++++++------
3 files changed, 16 insertions(+), 7 deletions(-)
diff --git a/rhel6/src/input/profiles/common.xml b/rhel6/src/input/profiles/common.xml
index a28794e..80c6d68 100644
--- a/rhel6/src/input/profiles/common.xml
+++ b/rhel6/src/input/profiles/common.xml
@@ -72,7 +72,6 @@
<select idref="disable_protocol_sctp" selected="true"/>
<select idref="disable_protocol_rds" selected="true"/>
<select idref="disable_protocol_tipc" selected="true"/>
-<select idref="install_openswan" selected="true"/>
<select idref="package_rsyslog_installed" selected="true"/>
<select idref="enable_rsyslog" selected="true"/>
diff --git a/rhel6/src/input/profiles/desktop.xml b/rhel6/src/input/profiles/desktop.xml
index 1fb20f6..61f84a4 100644
--- a/rhel6/src/input/profiles/desktop.xml
+++ b/rhel6/src/input/profiles/desktop.xml
@@ -7,6 +7,7 @@
<select idref="enable_screensaver_after_idle"
selected="true"/>
<select idref="enable_screensaver_password_lock"
selected="true"/>
<select idref="set_blank_screensaver" selected="true"/>
+<select idref="install_openswan" selected="true"/>
<!-- Refine Values -->
<!-- inactivity timeout for GNOME screensaver -->
<refine-value idref="inactivity_timeout_value"
selector="15_minutes"/>
diff --git a/rhel6/src/input/system/network/ipsec.xml
b/rhel6/src/input/system/network/ipsec.xml
index b1004ed..32266a1 100644
--- a/rhel6/src/input/system/network/ipsec.xml
+++ b/rhel6/src/input/system/network/ipsec.xml
@@ -1,13 +1,22 @@
<Group id="network-ipsec">
-<title>Install the openswan Package</title>
-<description>Ensure openswan is used for IPSec.
-<pre>yum install openswan</pre>
+<title>IPSec Support</title>
+<description>Support for Internet Protocol Security (IPsec)
+is provided in RHEL 6 with Openswan.
</description>
<Rule id="install_openswan">
-<title>Install OpenSWAN</title>
-<description>OpenSWAN should be installed.</description>
-<ident cce="111111111" />
+<title>Install openswan Package</title>
+<description>The Openswan package provides an implementation of IPsec
+and IKE, which permits the creation of secure tunnels over
+untrusted networks. The<tt>openswan</tt> package can be installed
+with the following command:
+<pre># yum install openswan</pre>
+</description>
+<rationale>Providing the ability for remote users or systems
+to initiate a secure VPN connection protects information when it is
+transmitted over a wide area network.
+</rationale>
+<!--<ident cce="TODO" />-->
<oval id="package_openswan_installed" />
<ref nist="AC-17, MA-4, SC-9" />
</Rule>
Ack