ssg-nondebian 0.1.31-5 / usr / share / scap-security-guide / RHEL / 6 / anaconda-remediations.xml

This file is indexed.

/usr/share/scap-security-guide/RHEL/6/anaconda-remediations.xml is in ssg-nondebian 0.1.31-5.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
<fix-content system="urn:xccdf:fix:script:sh" xmlns="http://checklists.nist.gov/xccdf/1.1">
  <fix-group id="anaconda" system="urn:redhat:anaconda:pre" xmlns="http://checklists.nist.gov/xccdf/1.1">
    <fix rule="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
package --add=aide
</fix>
    <fix rule="package_rsh_removed" complexity="low" disruption="low" reboot="false" strategy="disable">
package -remove=rsh
</fix>
    <fix rule="package_dovecot_removed" complexity="low" disruption="low" reboot="false" strategy="disable">
package -remove=dovecot
</fix>
    <fix rule="package_ypbind_removed" complexity="low" disruption="low" reboot="false" strategy="disable">
package -remove=ypbind
</fix>
    <fix rule="package_net-snmp_removed" complexity="low" disruption="low" reboot="false" strategy="disable">
package -remove=net-snmp
</fix>
    <fix rule="package_telnet_removed" complexity="low" disruption="low" reboot="false" strategy="disable">
package -remove=telnet
</fix>
    <fix rule="package_samba-common_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
package --add=samba-common
</fix>
    <fix rule="package_talk-server_removed" complexity="low" disruption="low" reboot="false" strategy="disable">
package -remove=talk-server
</fix>
    <fix rule="package_rsh-server_removed" complexity="low" disruption="low" reboot="false" strategy="disable">
package -remove=rsh-server
</fix>
    <fix rule="package_audit_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
package --add=audit
</fix>
    <fix rule="package_talk_removed" complexity="low" disruption="low" reboot="false" strategy="disable">
package -remove=talk
</fix>
    <fix rule="package_httpd_removed" complexity="low" disruption="low" reboot="false" strategy="disable">
package -remove=httpd
</fix>
    <fix rule="package_vsftpd_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
package --add=vsftpd
</fix>
    <fix rule="mount_option_tmp_nodev" complexity="low" disruption="high" reboot="false" strategy="enable">
part /tmp -mountoptions="nodev"
</fix>
    <fix rule="package_iptables-ipv6_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
package --add=iptables-ipv6
</fix>
    <fix rule="package_cronie_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
package --add=cronie
</fix>
    <fix rule="package_xinetd_removed" complexity="low" disruption="low" reboot="false" strategy="disable">
package -remove=xinetd
</fix>
    <fix rule="package_policycoreutils_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
package --add=policycoreutils
</fix>
    <fix rule="package_ypserv_removed" complexity="low" disruption="low" reboot="false" strategy="disable">
package -remove=ypserv
</fix>
    <fix rule="package_telnet-server_removed" complexity="low" disruption="low" reboot="false" strategy="disable">
package -remove=telnet-server
</fix>
    <fix rule="package_postfix_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
package --add=postfix
</fix>
    <fix rule="package_iptables_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
package --add=iptables
</fix>
    <fix rule="package_GConf2_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
package --add=GConf2
</fix>
    <fix rule="package_samba_removed" complexity="low" disruption="low" reboot="false" strategy="disable">
package -remove=samba
</fix>
    <fix rule="package_screen_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
package --add=screen
</fix>
    <fix rule="package_rsyslog_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
package --add=rsyslog
</fix>
    <fix rule="package_irqbalance_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
package --add=irqbalance
</fix>
    <fix rule="package_gdm_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
package --add=gdm
</fix>
    <fix rule="package_psacct_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
package --add=psacct
</fix>
    <fix rule="package_openswan_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
package --add=openswan
</fix>
  </fix-group>
</fix-content>

APT Browse - Built by Thomas Orozco.