|
 |
cf78db |
diff -uNrp scap-security-guide-0.1.30.orig/RHEL/7/input/guide.xml scap-security-guide-0.1.30/RHEL/7/input/guide.xml
|
|
|
cf78db |
--- scap-security-guide-0.1.30.orig/RHEL/7/input/guide.xml 2016-06-22 12:56:46.000000000 +0000
|
|
|
cf78db |
+++ scap-security-guide-0.1.30/RHEL/7/input/guide.xml 2016-12-04 12:58:05.537287951 +0000
|
|
|
cf78db |
@@ -2,9 +2,9 @@
|
|
|
cf78db |
<Benchmark xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xhtml="http://www.w3.org/1999/xhtml" xmlns:dc="http://purl.org/dc/elements/1.1/" id="RHEL-7" xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.1 xccdf-1.1.4.xsd" style="SCAP_1.1" resolved="false" xml:lang="en-US" >
|
|
|
cf78db |
|
|
|
cf78db |
<status date="2011-12-20">draft</status>
|
|
|
cf78db |
-<title>Guide to the Secure Configuration of Red Hat Enterprise Linux 7</title>
|
|
|
cf78db |
+<title>Guide to the Secure Configuration of CentOS Linux 7</title>
|
|
|
cf78db |
<description>This guide presents a catalog of security-relevant
|
|
|
cf78db |
-configuration settings for Red Hat Enterprise Linux 7 formatted in the
|
|
|
cf78db |
+configuration settings for CentOS Linux 7 formatted in the
|
|
|
cf78db |
eXtensible Configuration Checklist Description Format (XCCDF).
|
|
|
cf78db |
|
|
|
cf78db |
|
|
|
cf78db |
@@ -22,7 +22,7 @@ providing baselines that meet a diverse
|
|
|
cf78db |
XCCDF Profiles, which are selections of items that form checklists and
|
|
|
cf78db |
can be used as baselines, are available with this guide. They can be
|
|
|
cf78db |
processed, in an automated fashion, with tools that support the Security
|
|
|
cf78db |
-Content Automation Protocol (SCAP). The DISA STIG for Red Hat Enterprise Linux 7 is one example of
|
|
|
cf78db |
+Content Automation Protocol (SCAP). The DISA STIG for CentOS Linux 7 is one example of
|
|
|
cf78db |
a baseline created from this guidance.
|
|
|
cf78db |
</description>
|
|
|
cf78db |
<notice id="terms_of_use">Do not attempt to implement any of the settings in
|
|
|
cf78db |
@@ -32,7 +32,7 @@ other parties, and makes no guarantees,
|
|
|
cf78db |
quality, reliability, or any other characteristic.</notice>
|
|
|
cf78db |
|
|
|
cf78db |
<front-matter>The SCAP Security Guide Project
https://fedorahosted.org/scap-security-guide</front-matter>
|
|
|
cf78db |
-<rear-matter>Red Hat and Red Hat Enterprise Linux are either registered
|
|
|
cf78db |
+<rear-matter>Red Hat and Red Hat Enterprise Linux are either registered
|
|
|
cf78db |
trademarks or trademarks of Red Hat, Inc. in the United States and other
|
|
|
cf78db |
countries. All other names are registered trademarks or trademarks of their
|
|
|
cf78db |
respective companies.</rear-matter>
|
|
|
cf78db |
diff -uNrp scap-security-guide-0.1.30.orig/RHEL/7/input/intro/intro.xml scap-security-guide-0.1.30/RHEL/7/input/intro/intro.xml
|
|
|
cf78db |
--- scap-security-guide-0.1.30.orig/RHEL/7/input/intro/intro.xml 2016-06-22 12:56:46.000000000 +0000
|
|
|
cf78db |
+++ scap-security-guide-0.1.30/RHEL/7/input/intro/intro.xml 2016-12-04 13:02:13.903282198 +0000
|
|
|
cf78db |
@@ -3,7 +3,7 @@
|
|
|
cf78db |
<description>
|
|
|
cf78db |
|
|
|
cf78db |
The purpose of this guidance is to provide security configuration
|
|
|
cf78db |
-recommendations and baselines for the Red Hat Enterprise Linux (RHEL) 7 operating
|
|
|
cf78db |
+recommendations and baselines for the CentOS Linux 7 operating
|
|
|
cf78db |
system. The guidance provided here should be applicable to all variants
|
|
|
cf78db |
(Desktop, Server, Advanced Platform) of the product. Recommended
|
|
|
cf78db |
settings for the basic operating system are provided, as well as for many
|
|
|
cf78db |
@@ -33,7 +33,7 @@ to passive monitoring. Whenever practica
|
|
|
cf78db |
such data exist, they should be applied. Even if data is expected to
|
|
|
cf78db |
be transmitted only over a local network, it should still be encrypted.
|
|
|
cf78db |
Encrypting authentication data, such as passwords, is particularly
|
|
|
cf78db |
-important. Networks of Red Hat Enterprise Linux 7 machines can and should be configured
|
|
|
cf78db |
+important. Networks of CentOS Linux 7 machines can and should be configured
|
|
|
cf78db |
so that no unencrypted authentication data is ever transmitted between
|
|
|
cf78db |
machines.
|
|
|
cf78db |
</description>
|
|
|
cf78db |
@@ -44,7 +44,7 @@ machines.
|
|
|
cf78db |
<title>Minimize Software to Minimize Vulnerability</title>
|
|
|
cf78db |
<description>
|
|
|
cf78db |
The simplest way to avoid vulnerabilities in software is to avoid
|
|
|
cf78db |
-installing that software. On RHEL, the RPM Package Manager (originally
|
|
|
cf78db |
+installing that software. On CentOS, the RPM Package Manager (originally
|
|
|
cf78db |
Red Hat Package Manager, abbreviated RPM) allows for careful management of
|
|
|
cf78db |
the set of software packages installed on a system. Installed software
|
|
|
cf78db |
contributes to system vulnerability in several ways. Packages that
|