Thanks to Michele for this patch; this helps with SRG-OS-000190 viewable in table-stig-rhel6-server-flat-srgs.html
Jeffrey Blank (2): language requiring establishment of automatic/regular updates per SRG adding ref to ip6tables to stay in sync with iptables
RHEL6/input/auxiliary/srg_support.xml | 17 +++++++++++++++++ RHEL6/input/system/network/iptables.xml | 2 +- 2 files changed, 18 insertions(+), 1 deletions(-)
Signed-off-by: Jeffrey Blank blank@eclipse.ncsc.mil --- RHEL6/input/auxiliary/srg_support.xml | 17 +++++++++++++++++ 1 files changed, 17 insertions(+), 0 deletions(-)
diff --git a/RHEL6/input/auxiliary/srg_support.xml b/RHEL6/input/auxiliary/srg_support.xml index 6386c76..f9c8705 100644 --- a/RHEL6/input/auxiliary/srg_support.xml +++ b/RHEL6/input/auxiliary/srg_support.xml @@ -137,5 +137,22 @@ This requirement is NA. No fix is required. <ref disa="15,27,371,372,535,537,539,1682,370,37,24,1112,1126,1143,1149,1157,1159,1210,1211,1274,1372,1376,1377,1352,1401,1555,1556,1150" /> </Rule>
+<Rule id="update_process"> +<title>A process for prompt installation of OS updates must exist.</title> +<rationale> +This is a manual inquiry about update procedure. +</rationale> +<ocil> +Ask an administrator if a process exists to promptly and automatically apply OS +software updates. If such a process does not exist, this is a finding. +</ocil> +<description> +Procedures to promptly apply software updates must be established and +executed. The Red Hat operating system provides support for automating such a +process, by running the yum program through a cron job or by managing the +system and its packages through the Red Hat Network or a Satellite Server. +</description> +<ref disa="1232" /> +</Rule>
</Group>
Signed-off-by: Jeffrey Blank blank@eclipse.ncsc.mil --- RHEL6/input/system/network/iptables.xml | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/RHEL6/input/system/network/iptables.xml b/RHEL6/input/system/network/iptables.xml index e07d953..30319ac 100644 --- a/RHEL6/input/system/network/iptables.xml +++ b/RHEL6/input/system/network/iptables.xml @@ -59,7 +59,7 @@ capability for IPv6 and ICMPv6. </rationale> <ident cce="4167-3" /> <oval id="service_ip6tables_enabled" /> -<ref nist="CM-6, CM-7" disa="66,1115,1118,1092,1117,1098,1100,1097,1414"/> +<ref nist="CM-6, CM-7" disa="32,66,1115,1118,1092,1117,1098,1100,1097,1414"/> <tested by="DS" on="20121024"/> </Rule>
scap-security-guide@lists.fedorahosted.org