rpms / scap-security-guide

Clone
Source Code
GIT

Files

  1.   fe0dde01a42673c3eda1933c38a8f78dbff6c1de
  2.   SOURCES
  3.   scap-security-guide-0.1.53-update_stig_RHEL_07_040160-PR_6085.patch
Blob Blame History Raw 
From f643b41c96c3551cdd6035f77e95c49c6f74e5ed Mon Sep 17 00:00:00 2001
From: Gabriel Becker <ggasparb@redhat.com>
Date: Tue, 15 Sep 2020 17:33:30 +0200
Subject: [PATCH] Update accounts_tmout rule with regards to latest RHEL7 STIG
 revision.

- Select 15 minutes as new timeout value.
- Fix CCI and SRG identifiers.
---
 .../system/accounts/accounts-session/accounts_tmout/rule.yml  | 4 ++--
 rhel7/profiles/stig.profile                                   | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml
index eb64b12e51..ef06735283 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml
@@ -26,11 +26,11 @@ identifiers:
 references:
     stigid@ol7: OL07-00-040160
     cui: 3.1.11
-    disa: CCI-000361,CCI-001133
+    disa: CCI-002361,CCI-001133
     nist: AC-12,SC-10,AC-2(5),CM-6(a)
     nist-csf: PR.AC-7
     ospp: FMT_MOF_EXT.1
-    srg: SRG-OS-000163-GPOS-00072
+    srg: SRG-OS-000163-GPOS-00072,SRG-OS-000029-GPOS-00010
     vmmsrg: SRG-OS-000163-VMM-000700,SRG-OS-000279-VMM-001010
     stigid@rhel7: RHEL-07-040160
     isa-62443-2013: 'SR 1.1,SR 1.10,SR 1.2,SR 1.5,SR 1.7,SR 1.8,SR 1.9'
diff --git a/rhel7/profiles/stig.profile b/rhel7/profiles/stig.profile
index bb4af878a7..93e14eecf6 100644
--- a/rhel7/profiles/stig.profile
+++ b/rhel7/profiles/stig.profile
@@ -47,7 +47,7 @@ selections:
     - var_accounts_user_umask=077
     - var_password_pam_retry=3
     - var_accounts_max_concurrent_login_sessions=10
-    - var_accounts_tmout=10_min
+    - var_accounts_tmout=15_min
     - var_time_service_set_maxpoll=system_default
     - sysctl_net_ipv4_conf_all_accept_source_route_value=disabled
     - sysctl_net_ipv4_conf_default_accept_source_route_value=disabled

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation