Also, moved Rule into desktop profile.
Jeffrey Blank (1): prose fixups for openswan * moved from common to desktop Profile * providing VPN tunnel availability for mobile devices was original rationale for inclusion in a Profile
rhel6/src/input/profiles/common.xml | 1 - rhel6/src/input/profiles/desktop.xml | 1 + rhel6/src/input/system/network/ipsec.xml | 21 +++++++++++++++------ 3 files changed, 16 insertions(+), 7 deletions(-)
Signed-off-by: Jeffrey Blank blank@eclipse.ncsc.mil --- rhel6/src/input/profiles/common.xml | 1 - rhel6/src/input/profiles/desktop.xml | 1 + rhel6/src/input/system/network/ipsec.xml | 21 +++++++++++++++------ 3 files changed, 16 insertions(+), 7 deletions(-)
diff --git a/rhel6/src/input/profiles/common.xml b/rhel6/src/input/profiles/common.xml index a28794e..80c6d68 100644 --- a/rhel6/src/input/profiles/common.xml +++ b/rhel6/src/input/profiles/common.xml @@ -72,7 +72,6 @@ <select idref="disable_protocol_sctp" selected="true"/> <select idref="disable_protocol_rds" selected="true"/> <select idref="disable_protocol_tipc" selected="true"/> -<select idref="install_openswan" selected="true"/> <select idref="package_rsyslog_installed" selected="true"/> <select idref="enable_rsyslog" selected="true"/>
diff --git a/rhel6/src/input/profiles/desktop.xml b/rhel6/src/input/profiles/desktop.xml index 1fb20f6..61f84a4 100644 --- a/rhel6/src/input/profiles/desktop.xml +++ b/rhel6/src/input/profiles/desktop.xml @@ -7,6 +7,7 @@ <select idref="enable_screensaver_after_idle" selected="true"/> <select idref="enable_screensaver_password_lock" selected="true"/> <select idref="set_blank_screensaver" selected="true"/> +<select idref="install_openswan" selected="true"/> <!-- Refine Values --> <!-- inactivity timeout for GNOME screensaver --> <refine-value idref="inactivity_timeout_value" selector="15_minutes"/> diff --git a/rhel6/src/input/system/network/ipsec.xml b/rhel6/src/input/system/network/ipsec.xml index b1004ed..32266a1 100644 --- a/rhel6/src/input/system/network/ipsec.xml +++ b/rhel6/src/input/system/network/ipsec.xml @@ -1,13 +1,22 @@ <Group id="network-ipsec"> -<title>Install the openswan Package</title> -<description>Ensure openswan is used for IPSec. -<pre>yum install openswan</pre> +<title>IPSec Support</title> +<description>Support for Internet Protocol Security (IPsec) +is provided in RHEL 6 with Openswan. </description>
<Rule id="install_openswan"> -<title>Install OpenSWAN</title> -<description>OpenSWAN should be installed.</description> -<ident cce="111111111" /> +<title>Install openswan Package</title> +<description>The Openswan package provides an implementation of IPsec +and IKE, which permits the creation of secure tunnels over +untrusted networks. The <tt>openswan</tt> package can be installed +with the following command: +<pre># yum install openswan</pre> +</description> +<rationale>Providing the ability for remote users or systems +to initiate a secure VPN connection protects information when it is +transmitted over a wide area network. +</rationale> +<!--<ident cce="TODO" />--> <oval id="package_openswan_installed" /> <ref nist="AC-17, MA-4, SC-9" /> </Rule>
On 5/24/12 8:02 PM, Jeffrey Blank wrote:
Signed-off-by: Jeffrey Blankblank@eclipse.ncsc.mil
rhel6/src/input/profiles/common.xml | 1 - rhel6/src/input/profiles/desktop.xml | 1 + rhel6/src/input/system/network/ipsec.xml | 21 +++++++++++++++------ 3 files changed, 16 insertions(+), 7 deletions(-)
diff --git a/rhel6/src/input/profiles/common.xml b/rhel6/src/input/profiles/common.xml index a28794e..80c6d68 100644 --- a/rhel6/src/input/profiles/common.xml +++ b/rhel6/src/input/profiles/common.xml @@ -72,7 +72,6 @@
<select idref="disable_protocol_sctp" selected="true"/> <select idref="disable_protocol_rds" selected="true"/> <select idref="disable_protocol_tipc" selected="true"/> -<select idref="install_openswan" selected="true"/> <select idref="package_rsyslog_installed" selected="true"/> <select idref="enable_rsyslog" selected="true"/>
diff --git a/rhel6/src/input/profiles/desktop.xml b/rhel6/src/input/profiles/desktop.xml index 1fb20f6..61f84a4 100644 --- a/rhel6/src/input/profiles/desktop.xml +++ b/rhel6/src/input/profiles/desktop.xml @@ -7,6 +7,7 @@
<select idref="enable_screensaver_after_idle" selected="true"/> <select idref="enable_screensaver_password_lock" selected="true"/> <select idref="set_blank_screensaver" selected="true"/> +<select idref="install_openswan" selected="true"/> <!-- Refine Values --> <!-- inactivity timeout for GNOME screensaver --> <refine-value idref="inactivity_timeout_value" selector="15_minutes"/> diff --git a/rhel6/src/input/system/network/ipsec.xml b/rhel6/src/input/system/network/ipsec.xml index b1004ed..32266a1 100644 --- a/rhel6/src/input/system/network/ipsec.xml +++ b/rhel6/src/input/system/network/ipsec.xml @@ -1,13 +1,22 @@ <Group id="network-ipsec"> -<title>Install the openswan Package</title> -<description>Ensure openswan is used for IPSec. -<pre>yum install openswan</pre> +<title>IPSec Support</title> +<description>Support for Internet Protocol Security (IPsec) +is provided in RHEL 6 with Openswan. </description>
<Rule id="install_openswan"> -<title>Install OpenSWAN</title> -<description>OpenSWAN should be installed.</description> -<ident cce="111111111" /> +<title>Install openswan Package</title> +<description>The Openswan package provides an implementation of IPsec +and IKE, which permits the creation of secure tunnels over +untrusted networks. The<tt>openswan</tt> package can be installed +with the following command: +<pre># yum install openswan</pre> +</description> +<rationale>Providing the ability for remote users or systems +to initiate a secure VPN connection protects information when it is +transmitted over a wide area network. +</rationale> +<!--<ident cce="TODO" />--> <oval id="package_openswan_installed" /> <ref nist="AC-17, MA-4, SC-9" /> </Rule>
Ack
scap-security-guide@lists.fedorahosted.org
-
Jeffrey Blank -
Shawn Wells