ssg-nondebian 0.1.31-5 / usr / share / scap-security-guide / RHEL / 5 / puppet-remediations.xml

This file is indexed.

/usr/share/scap-security-guide/RHEL/5/puppet-remediations.xml is in ssg-nondebian 0.1.31-5.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
<fix-content system="urn:xccdf:fix:script:sh" xmlns="http://checklists.nist.gov/xccdf/1.1">
  <fix-group id="puppet" system="urn:xccdf:fix:script:puppet" xmlns="http://checklists.nist.gov/xccdf/1.1">
    <fix rule="package_ypbind_removed" complexity="low" disruption="low" reboot="false" strategy="disable">include remove_ypbind

class remove_ypbind {
  package { 'ypbind':
    ensure =&gt; 'purged',
  }
}
</fix>
    <fix rule="package_samba-common_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_samba-common

class install_samba-common {
  package { 'samba-common':
    ensure =&gt; 'installed',
  }
}
</fix>
    <fix rule="package_telnet_removed" complexity="low" disruption="low" reboot="false" strategy="disable">include remove_telnet

class remove_telnet {
  package { 'telnet':
    ensure =&gt; 'purged',
  }
}
</fix>
    <fix rule="package_net-snmp_removed" complexity="low" disruption="low" reboot="false" strategy="disable">include remove_net-snmp

class remove_net-snmp {
  package { 'net-snmp':
    ensure =&gt; 'purged',
  }
}
</fix>
    <fix rule="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_aide

class install_aide {
  package { 'aide':
    ensure =&gt; 'installed',
  }
}
</fix>
    <fix rule="package_dovecot_removed" complexity="low" disruption="low" reboot="false" strategy="disable">include remove_dovecot

class remove_dovecot {
  package { 'dovecot':
    ensure =&gt; 'purged',
  }
}
</fix>
    <fix rule="package_vsftpd_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_vsftpd

class install_vsftpd {
  package { 'vsftpd':
    ensure =&gt; 'installed',
  }
}
</fix>
    <fix rule="package_rsh-server_removed" complexity="low" disruption="low" reboot="false" strategy="disable">include remove_rsh-server

class remove_rsh-server {
  package { 'rsh-server':
    ensure =&gt; 'purged',
  }
}
</fix>
    <fix rule="package_audit_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_audit

class install_audit {
  package { 'audit':
    ensure =&gt; 'installed',
  }
}
</fix>
    <fix rule="package_talk_removed" complexity="low" disruption="low" reboot="false" strategy="disable">include remove_talk

class remove_talk {
  package { 'talk':
    ensure =&gt; 'purged',
  }
}
</fix>
    <fix rule="package_httpd_removed" complexity="low" disruption="low" reboot="false" strategy="disable">include remove_httpd

class remove_httpd {
  package { 'httpd':
    ensure =&gt; 'purged',
  }
}
</fix>
    <fix rule="package_talk-server_removed" complexity="low" disruption="low" reboot="false" strategy="disable">include remove_talk-server

class remove_talk-server {
  package { 'talk-server':
    ensure =&gt; 'purged',
  }
}
</fix>
    <fix rule="package_rsh_removed" complexity="low" disruption="low" reboot="false" strategy="disable">include remove_rsh

class remove_rsh {
  package { 'rsh':
    ensure =&gt; 'purged',
  }
}
</fix>
    <fix rule="file_permissions_sshd_pub_key" complexity="low" disruption="low" reboot="false" strategy="disable">include ssh_public_key_perms

class ssh_public_key_perms {
  exec { 'sshd_pub_key':
    command =&gt; "chmod 0644 /etc/ssh/*.pub",
    path    =&gt; '/bin:/usr/bin'
  }
}
</fix>
    <fix rule="file_permissions_sshd_private_key" complexity="low" disruption="low" reboot="false" strategy="disable">include ssh_private_key_perms

class ssh_private_key_perms {
  exec { 'sshd_priv_key':
    command =&gt; "chmod 0640 /etc/ssh/*_key",
    path    =&gt; '/bin:/usr/bin'
  }
}
</fix>
    <fix rule="package_xinetd_removed" complexity="low" disruption="low" reboot="false" strategy="disable">include remove_xinetd

class remove_xinetd {
  package { 'xinetd':
    ensure =&gt; 'purged',
  }
}
</fix>
  </fix-group>
</fix-content>

APT Browse - Built by Thomas Orozco.