Per FSO feedback.
Jeffrey Blank (2): CCI ref fixup banner language fixup
RHEL6/input/auxiliary/srg_support.xml | 2 +- RHEL6/input/services/ssh.xml | 8 ++++---- RHEL6/input/system/accounts/banners.xml | 14 +++++++------- 3 files changed, 12 insertions(+), 12 deletions(-)
Signed-off-by: Jeffrey Blank blank@eclipse.ncsc.mil --- RHEL6/input/auxiliary/srg_support.xml | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/RHEL6/input/auxiliary/srg_support.xml b/RHEL6/input/auxiliary/srg_support.xml index f9c8705..acd2f67 100644 --- a/RHEL6/input/auxiliary/srg_support.xml +++ b/RHEL6/input/auxiliary/srg_support.xml @@ -71,7 +71,7 @@ This requirement is permanent not a finding. No fix is required. <!-- The CCI/SRG item listed here are: - satisfied (by Rules in the guidance, which include the reference) - not selected in DoD baseline --> -<!-- disa="26,27,32,771,772,831,884,888,1095,1115,1117,1250,1339,1348,1353,1464,1496" --> +<!-- disa="26,32,771,772,831,884,888,1095,1115,1117,1250,1339,1348,1353,1464,1496" -->
<!-- The CCI/SRG item referenced here are:
Signed-off-by: Jeffrey Blank blank@eclipse.ncsc.mil --- RHEL6/input/services/ssh.xml | 8 ++++---- RHEL6/input/system/accounts/banners.xml | 14 +++++++------- 2 files changed, 11 insertions(+), 11 deletions(-)
diff --git a/RHEL6/input/services/ssh.xml b/RHEL6/input/services/ssh.xml index 4851b82..23031cf 100644 --- a/RHEL6/input/services/ssh.xml +++ b/RHEL6/input/services/ssh.xml @@ -304,10 +304,10 @@ appropriate system-wide warning banner. <sshd-check-macro option="Banner" value="/etc/issue" default="no" /> </ocil> <rationale> -Although unlikely to dissuade a serious attacker, the warning message -reinforces policy awareness during the logon process. Alternatively, -systems whose ownership should not be obvious -should ensure usage of a banner that does not provide easy attribution. +The warning message reinforces policy awareness during the logon process and +facilitates possible legal action against attackers. Alternatively, systems +whose ownership should not be obvious should ensure usage of a banner that does +not provide easy attribution. </rationale> <ident cce="27112-2" /> <oval id="sshd_banner_set" /> diff --git a/RHEL6/input/system/accounts/banners.xml b/RHEL6/input/system/accounts/banners.xml index 6464c4d..157edc8 100644 --- a/RHEL6/input/system/accounts/banners.xml +++ b/RHEL6/input/system/accounts/banners.xml @@ -66,7 +66,7 @@ product are private and confidential. See User Agreement for details.</tt> <br /><br /> OR: <br /><br /> -<tt>I've read & consent to terms in IS user agreement.</tt> +<tt>I've read & consent to terms in IS user agreem't.</tt> </description> <ocil clause="it does not display the required banner"> To check if the system login banner is compliant, @@ -74,8 +74,8 @@ run the following command: <pre>$ cat /etc/issue</pre> </ocil> <rationale> -Although unlikely to dissuade a serious attacker, the warning message -reinforces policy awareness during the logon process. +An appropriate warning message reinforces policy awareness during the logon +process and facilitates possible legal action against attackers. </rationale> <ident cce="26974-6" /> <oval id="banner_etc_issue" value="login_banner_text"/> @@ -111,8 +111,8 @@ Search for the <tt>banner_message_enable</tt> schema. If properly configured, the <tt>default</tt> value should be <tt>true</tt>. </ocil> <rationale> -Although unlikely to dissuade a serious attacker, the warning message -reinforces policy awareness during the logon process. +An appropriate warning message reinforces policy awareness during the logon +process and facilitates possible legal action against attackers. </rationale> <ident cce="27195-7" /> <oval id="banner_gui_enabled" /> @@ -139,8 +139,8 @@ To ensure login warning banner text is properly set, run the following: If properly configured, the proper banner text will appear within this schema. </ocil> <rationale> -Although unlikely to dissuade a serious attacker, the warning message -reinforces policy awareness during the logon process. +An appropriate warning message reinforces policy awareness during the logon +process and facilitates possible legal action against attackers. </rationale> <ident cce="27017-3" /> <oval id="banner_gui_text_set" value="login_banner_text" />
scap-security-guide@lists.fedorahosted.org