----- Original Message -----
From: "David Smith" <dsmith(a)secure-innovations.net>
To: scap-security-guide(a)lists.fedorahosted.org
Sent: Tuesday, June 3, 2014 12:41:15 AM
Subject: [PATCH] modified remediation text for disabling anacron
Signed-off-by: David Smith <dsmith(a)secure-innovations.net>
---
RHEL/6/input/services/cron.xml | 14 ++++++++------
1 files changed, 8 insertions(+), 6 deletions(-)
diff --git a/RHEL/6/input/services/cron.xml b/RHEL/6/input/services/cron.xml
index 983d9ed..b859dc0 100644
--- a/RHEL/6/input/services/cron.xml
+++ b/RHEL/6/input/services/cron.xml
@@ -25,16 +25,18 @@ enabling the cron daemon is essential.
<Rule id="disable_anacron">
<title>Disable anacron Service</title>
-<description>The <tt>cronie-anacron</tt> package which provides
anacron
-functionality is installed by default. To disable <tt>anacron</tt> support,
-run the following commands:
-<pre># yum install cronie-noanacron
-# yum erase cronie-anacron</pre>
+<description>The <tt>cronie-anacron</tt> package, which provides
<tt>anacron</tt>
+functionality, is installed by default.
+<package-remove-macro package="cronie-anacron" />
+</description>
+<ocil><package-check-macro package="cronie-anacron"
/></ocil>
+<rationale>
The <tt>anacron</tt> service provides <tt>cron</tt>
functionality for
systems
such as laptops and workstations that may be shut down during the normal
times
that <tt>cron</tt> jobs are scheduled to run. On systems which do not
require this
additional functionality, <tt>anacron</tt> could needlessly increase the
possible
-attack surface for an intruder.</description>
+attack surface for an intruder.
+</rationale>
<ref nist="CM-7" />
<ident cce="27158-5" />
</Rule>
--
1.7.1
ACK. Makes sense.
Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Technologies Team
_______________________________________________
scap-security-guide mailing list
scap-security-guide(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide