From f0ed8119271c8f465491a4f3a6a4e8d4f9d0698b Mon Sep 17 00:00:00 2001
From: Shawn Wells <shawn@redhat.com>
Date: Wed, 20 Aug 2014 00:26:04 -0400
Subject: [PATCH 1/2] xccdf rename sysctl_ipv4_all_send_redirects ->
 sysctl_net_ipv4_conf_all_send_redirects

Renamed to follow sysctl naming scheme. Alignment properly pulls in remediation now.
---
 RHEL/6/input/auxiliary/stig_overlay.xml             | 2 +-
 RHEL/6/input/auxiliary/transition_notes.xml         | 2 +-
 RHEL/6/input/profiles/C2S.xml                       | 2 +-
 RHEL/6/input/profiles/CS2.xml                       | 2 +-
 RHEL/6/input/profiles/CSCF-RHEL6-MLS.xml            | 2 +-
 RHEL/6/input/profiles/common.xml                    | 2 +-
 RHEL/6/input/profiles/fisma-medium-rhel6-server.xml | 2 +-
 RHEL/6/input/profiles/nist-CL-IL-AL.xml             | 2 +-
 RHEL/6/input/profiles/usgcb-rhel6-server.xml        | 2 +-
 RHEL/6/input/system/network/kernel.xml              | 2 +-
 10 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/RHEL/6/input/auxiliary/stig_overlay.xml b/RHEL/6/input/auxiliary/stig_overlay.xml
index 5570050c326f..5b88f198863b 100644
--- a/RHEL/6/input/auxiliary/stig_overlay.xml
+++ b/RHEL/6/input/auxiliary/stig_overlay.xml
@@ -256,7 +256,7 @@
 		<VMSinfo VKey="38600" SVKey="50401" VRelease="1" />
 		<title>The system must not send ICMPv4 redirects by default.</title>
 	</overlay>
-	<overlay owner="disastig" ruleid="sysctl_ipv4_all_send_redirects" ownerid="RHEL-06-000081" disa="366" severity="medium">
+	<overlay owner="disastig" ruleid="sysctl_net_ipv4_conf_all_send_redirects" ownerid="RHEL-06-000081" disa="366" severity="medium">
 		<VMSinfo VKey="38601" SVKey="50402" VRelease="1" />
 		<title>The system must not send ICMPv4 redirects from any interface.</title>
 	</overlay>
diff --git a/RHEL/6/input/auxiliary/transition_notes.xml b/RHEL/6/input/auxiliary/transition_notes.xml
index 4339ced6b015..d581d39397ce 100644
--- a/RHEL/6/input/auxiliary/transition_notes.xml
+++ b/RHEL/6/input/auxiliary/transition_notes.xml
@@ -1615,7 +1615,7 @@ sysctl_net_ipv4_conf_default_accept_redirects rule.
 <note ref="22417" auth="KS">
 Check does exist in the RHEL6 prose, it can be automated and OVAL for it does 
 exist.
-rule=sysctl_ipv4_all_send_redirects manual=no
+rule=sysctl_net_ipv4_conf_all_send_redirects manual=no
 This check is split in the RHEL6 prose into the above and the 
 sysctl_net_ipv4_conf_default_send_redirects rule.
 </note>
diff --git a/RHEL/6/input/profiles/C2S.xml b/RHEL/6/input/profiles/C2S.xml
index 729bc5a4079f..41f6dbdd792f 100644
--- a/RHEL/6/input/profiles/C2S.xml
+++ b/RHEL/6/input/profiles/C2S.xml
@@ -290,7 +290,7 @@ baseline.
 
 <!-- CIS4.1.2 Disable Send Packet Redirects (Scored) -->
 <select idref="sysctl_net_ipv4_conf_default_send_redirects" selected="true"/>
-<select idref="sysctl_ipv4_all_send_redirects" selected="true"/>
+<select idref="sysctl_net_ipv4_conf_all_send_redirects" selected="true"/>
 
 <!-- CIS 4.2 Modify Network Parameters (Host and Router) -->
 <!-- CIS 4.2.1 Disable Source Routed Packet Acceptance (Scored) -->
diff --git a/RHEL/6/input/profiles/CS2.xml b/RHEL/6/input/profiles/CS2.xml
index 717030aebce6..b9d50dc7c6da 100644
--- a/RHEL/6/input/profiles/CS2.xml
+++ b/RHEL/6/input/profiles/CS2.xml
@@ -194,7 +194,7 @@
 
 <select idref="network_disable_zeroconf" selected="true" />
 <select idref="sysctl_net_ipv4_conf_default_send_redirects" selected="true"/>
-<select idref="sysctl_ipv4_all_send_redirects" selected="true"/>
+<select idref="sysctl_net_ipv4_conf_all_send_redirects" selected="true"/>
 <select idref="sysctl_ipv4_ip_forward" selected="true"/>
 <select idref="sysctl_net_ipv4_conf_all_accept_source_route" selected="true"/>
 <select idref="sysctl_net_ipv4_conf_all_accept_redirects" selected="true"/>
diff --git a/RHEL/6/input/profiles/CSCF-RHEL6-MLS.xml b/RHEL/6/input/profiles/CSCF-RHEL6-MLS.xml
index 0ea343ad6d48..77834feabcb0 100644
--- a/RHEL/6/input/profiles/CSCF-RHEL6-MLS.xml
+++ b/RHEL/6/input/profiles/CSCF-RHEL6-MLS.xml
@@ -92,7 +92,7 @@ for production deployment.</description>
 <select idref="disable_rlogin" selected="true" />
 <select idref="disable_rsh" selected="true" />
 <select idref="sysctl_net_ipv4_conf_default_send_redirects" selected="true" />
-<select idref="sysctl_ipv4_all_send_redirects" selected="true" />
+<select idref="sysctl_net_ipv4_conf_all_send_redirects" selected="true" />
 <select idref="sysctl_net_ipv4_conf_all_accept_source_route" selected="true" />
 <select idref="sysctl_net_ipv4_conf_all_accept_redirects" selected="true" />
 <select idref="sysctl_net_ipv4_conf_all_secure_redirects" selected="true" />
diff --git a/RHEL/6/input/profiles/common.xml b/RHEL/6/input/profiles/common.xml
index f4e5668b0f3c..c8d228e3bb48 100644
--- a/RHEL/6/input/profiles/common.xml
+++ b/RHEL/6/input/profiles/common.xml
@@ -75,7 +75,7 @@
 <select idref="sysctl_kernel_exec_shield" selected="true"/>
 
 <select idref="sysctl_net_ipv4_conf_default_send_redirects" selected="true"/>
-<select idref="sysctl_ipv4_all_send_redirects" selected="true"/>
+<select idref="sysctl_net_ipv4_conf_all_send_redirects" selected="true"/>
 <select idref="sysctl_ipv4_ip_forward" selected="true"/>
 <select idref="sysctl_net_ipv4_conf_all_accept_source_route" selected="true"/>
 <select idref="sysctl_net_ipv4_conf_all_accept_redirects" selected="true"/>
diff --git a/RHEL/6/input/profiles/fisma-medium-rhel6-server.xml b/RHEL/6/input/profiles/fisma-medium-rhel6-server.xml
index 48dc10092f4d..8718cfd347a3 100644
--- a/RHEL/6/input/profiles/fisma-medium-rhel6-server.xml
+++ b/RHEL/6/input/profiles/fisma-medium-rhel6-server.xml
@@ -252,7 +252,7 @@
 <select idref="kernel_module_hfsplus_disabled" selected="true" />
 <select idref="kernel_module_squashfs_disabled" selected="true" />
 <select idref="kernel_module_udf_disabled" selected="true" />
-<select idref="sysctl_ipv4_all_send_redirects" selected="true" />
+<select idref="sysctl_net_ipv4_conf_all_send_redirects" selected="true" />
 <select idref="sysctl_ipv4_ip_forward" selected="true" />
 <select idref="sysctl_net_ipv4_conf_all_accept_source_route" selected="true" />
 <select idref="sysctl_net_ipv4_icmp_echo_ignore_broadcasts" selected="true" />
diff --git a/RHEL/6/input/profiles/nist-CL-IL-AL.xml b/RHEL/6/input/profiles/nist-CL-IL-AL.xml
index 51c207b581b9..33b7672edb6f 100644
--- a/RHEL/6/input/profiles/nist-CL-IL-AL.xml
+++ b/RHEL/6/input/profiles/nist-CL-IL-AL.xml
@@ -311,7 +311,7 @@ assurance."</description>
 <select idref="kernel_module_tipc_disabled" selected="true" />
 <select idref="set_iptables_default_rule" selected="true" />
 <select idref="set_iptables_default_rule_forward" selected="true" />
-<select idref="sysctl_ipv4_all_send_redirects" selected="true" />
+<select idref="sysctl_net_ipv4_conf_all_send_redirects" selected="true" />
 <select idref="sysctl_ipv4_ip_forward" selected="true" />
 <select idref="sysctl_net_ipv4_conf_all_accept_source_route" selected="true" />
 <select idref="sysctl_net_ipv4_conf_all_accept_redirects" selected="true" />
diff --git a/RHEL/6/input/profiles/usgcb-rhel6-server.xml b/RHEL/6/input/profiles/usgcb-rhel6-server.xml
index b7d0b3802377..efbecb5ca48b 100644
--- a/RHEL/6/input/profiles/usgcb-rhel6-server.xml
+++ b/RHEL/6/input/profiles/usgcb-rhel6-server.xml
@@ -116,7 +116,7 @@
 <select idref="selinux_confinement_of_daemons" selected="true" />
 <select idref="selinux_all_devicefiles_labeled" selected="true" />
 <select idref="sysctl_ipv4_ip_forward" selected="true" />
-<select idref="sysctl_ipv4_all_send_redirects" selected="true" />
+<select idref="sysctl_net_ipv4_conf_all_send_redirects" selected="true" />
 <select idref="sysctl_net_ipv4_conf_default_send_redirects" selected="true" />
 <refine-value idref="sysctl_net_ipv4_conf_all_secure_redirects_value" selector="disabled" />
 <select idref="sysctl_net_ipv4_conf_all_secure_redirects" selected="true" />
diff --git a/RHEL/6/input/system/network/kernel.xml b/RHEL/6/input/system/network/kernel.xml
index 05756bed3683..7bef59199450 100644
--- a/RHEL/6/input/system/network/kernel.xml
+++ b/RHEL/6/input/system/network/kernel.xml
@@ -28,7 +28,7 @@ only appropriate for systems acting as routers.</rationale>
 <tested by="DS" on="20121024"/>
 </Rule>
 
-<Rule id="sysctl_ipv4_all_send_redirects" severity="medium">
+<Rule id="sysctl_net_ipv4_conf_all_send_redirects" severity="medium">
 <title>Disable Kernel Parameter for Sending ICMP Redirects for All Interfaces</title>
 <description>
 <sysctl-desc-macro sysctl="net.ipv4.conf.all.send_redirects" value="0" />

From 99bd608ebea53236361af536297b8bbd0a58acac Mon Sep 17 00:00:00 2001
From: Shawn Wells <shawn@redhat.com>
Date: Wed, 20 Aug 2014 00:30:28 -0400
Subject: [PATCH 2/2] XCCDF rename, sysctl_ipv6_default_accept_redirects ->
 sysctl_net_ipv6_conf_default_accept_redirects

Renamed to follow sysctl naming standards. Change properly pulls in remediation content as well.
---
 RHEL/6/input/auxiliary/stig_overlay.xml             | 2 +-
 RHEL/6/input/profiles/C2S.xml                       | 2 +-
 RHEL/6/input/profiles/CS2.xml                       | 2 +-
 RHEL/6/input/profiles/common.xml                    | 2 +-
 RHEL/6/input/profiles/fisma-medium-rhel6-server.xml | 2 +-
 RHEL/6/input/profiles/nist-CL-IL-AL.xml             | 2 +-
 RHEL/6/input/profiles/usgcb-rhel6-server.xml        | 2 +-
 RHEL/6/input/system/network/ipv6.xml                | 2 +-
 8 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/RHEL/6/input/auxiliary/stig_overlay.xml b/RHEL/6/input/auxiliary/stig_overlay.xml
index 5b88f198863b..34fca6dc4b25 100644
--- a/RHEL/6/input/auxiliary/stig_overlay.xml
+++ b/RHEL/6/input/auxiliary/stig_overlay.xml
@@ -316,7 +316,7 @@
 		<VMSinfo VKey="38546" SVKey="50347" VRelease="1" />
 		<title>The IPv6 protocol handler must not be bound to the network stack unless needed.</title>
 	</overlay>
-	<overlay owner="disastig" ruleid="sysctl_ipv6_default_accept_redirects" ownerid="RHEL-06-000099" disa="366" severity="medium">
+	<overlay owner="disastig" ruleid="sysctl_net_ipv6_conf_default_accept_redirects" ownerid="RHEL-06-000099" disa="366" severity="medium">
 		<VMSinfo VKey="38548" SVKey="50349" VRelease="2" />
 		<title>The system must ignore ICMPv6 redirects by default.</title>
 	</overlay>
diff --git a/RHEL/6/input/profiles/C2S.xml b/RHEL/6/input/profiles/C2S.xml
index 41f6dbdd792f..6283021a67fc 100644
--- a/RHEL/6/input/profiles/C2S.xml
+++ b/RHEL/6/input/profiles/C2S.xml
@@ -333,7 +333,7 @@ baseline.
 <!-- NEEDS: net.ipv6.conf.all.accept_ra -->
 
 <!-- CIS 4.4.1.2 Disable IPv6 Redirect Acceptance (Not Scored) -->
-<select idref="sysctl_ipv6_default_accept_redirects" selected="true" />
+<select idref="sysctl_net_ipv6_conf_default_accept_redirects" selected="true" />
 <!-- NEEDS: net.ipv6.conf.default.accept_redirects -->
 
 <!-- CIS 4.4.2 Disable IPv6 (Not Scored) -->
diff --git a/RHEL/6/input/profiles/CS2.xml b/RHEL/6/input/profiles/CS2.xml
index b9d50dc7c6da..5638b0efacb0 100644
--- a/RHEL/6/input/profiles/CS2.xml
+++ b/RHEL/6/input/profiles/CS2.xml
@@ -217,7 +217,7 @@
 <select idref="network_ipv6_default_gateway" selected="true" />
 <select idref="network_ipv6_limit_requests" selected="true" />
 <select idref="sysctl_net_ipv6_conf_default_accept_ra" selected="true" />
-<select idref="sysctl_ipv6_default_accept_redirects" selected="true" />
+<select idref="sysctl_net_ipv6_conf_default_accept_redirects" selected="true" />
 
 <select idref="network_sniffer_disabled" selected="true" />
 <select idref="wireless_disable_in_bios" selected="true" />
diff --git a/RHEL/6/input/profiles/common.xml b/RHEL/6/input/profiles/common.xml
index c8d228e3bb48..85da4daef1c2 100644
--- a/RHEL/6/input/profiles/common.xml
+++ b/RHEL/6/input/profiles/common.xml
@@ -90,7 +90,7 @@
 <select idref="sysctl_net_ipv4_conf_all_rp_filter" selected="true"/>
 <select idref="sysctl_net_ipv4_conf_default_rp_filter" selected="true"/>
 <select idref="kernel_module_ipv6_option_disabled" selected="true"/>
-<select idref="sysctl_ipv6_default_accept_redirects" selected="true"/>
+<select idref="sysctl_net_ipv6_conf_default_accept_redirects" selected="true"/>
 <select idref="service_ip6tables_enabled" selected="true"/>
 <select idref="service_iptables_enabled" selected="true"/>
 <select idref="set_iptables_default_rule" selected="true"/>
diff --git a/RHEL/6/input/profiles/fisma-medium-rhel6-server.xml b/RHEL/6/input/profiles/fisma-medium-rhel6-server.xml
index 8718cfd347a3..431545223c65 100644
--- a/RHEL/6/input/profiles/fisma-medium-rhel6-server.xml
+++ b/RHEL/6/input/profiles/fisma-medium-rhel6-server.xml
@@ -269,7 +269,7 @@
 <select idref="kernel_module_ipv6_option_disabled" selected="true" />
 <select idref="network_ipv6_disable_rpc" selected="true" />
 <select idref="sysctl_net_ipv6_conf_default_accept_ra" selected="true" />
-<select idref="sysctl_ipv6_default_accept_redirects" selected="true" />
+<select idref="sysctl_net_ipv6_conf_default_accept_redirects" selected="true" />
 
 <!--	IA-2(1) -->
 <select idref="bootloader_password" selected="true" />
diff --git a/RHEL/6/input/profiles/nist-CL-IL-AL.xml b/RHEL/6/input/profiles/nist-CL-IL-AL.xml
index 33b7672edb6f..3c176b79e997 100644
--- a/RHEL/6/input/profiles/nist-CL-IL-AL.xml
+++ b/RHEL/6/input/profiles/nist-CL-IL-AL.xml
@@ -301,7 +301,7 @@ assurance."</description>
 <select idref="kernel_module_ipv6_option_disabled" selected="true" />
 <select idref="network_ipv6_disable_rpc" selected="true" />
 <select idref="sysctl_net_ipv6_conf_default_accept_ra" selected="true" />
-<select idref="sysctl_ipv6_default_accept_redirects" selected="true" />
+<select idref="sysctl_net_ipv6_conf_default_accept_redirects" selected="true" />
 <select idref="network_disable_unused_interfaces" selected="true" />
 <select idref="network_disable_zeroconf" selected="true" />
 <select idref="network_sniffer_disabled" selected="true" />
diff --git a/RHEL/6/input/profiles/usgcb-rhel6-server.xml b/RHEL/6/input/profiles/usgcb-rhel6-server.xml
index efbecb5ca48b..533c221b60b7 100644
--- a/RHEL/6/input/profiles/usgcb-rhel6-server.xml
+++ b/RHEL/6/input/profiles/usgcb-rhel6-server.xml
@@ -147,7 +147,7 @@
 <select idref="network_ipv6_disable_rpc" selected="true" />
 <refine-value idref="sysctl_net_ipv6_conf_default_accept_ra_value" selector="disabled" />
 <select idref="sysctl_net_ipv6_conf_default_accept_ra" selected="true" />
-<select idref="sysctl_ipv6_default_accept_redirects" selected="true" />
+<select idref="sysctl_net_ipv6_conf_default_accept_redirects" selected="true" />
 <select idref="service_ip6tables_enabled" selected="true" />
 <select idref="service_iptables_enabled" selected="true" />
 <select idref="set_iptables_default_rule" selected="true" />
diff --git a/RHEL/6/input/system/network/ipv6.xml b/RHEL/6/input/system/network/ipv6.xml
index cf9a07fc912e..bf1e4f442c60 100644
--- a/RHEL/6/input/system/network/ipv6.xml
+++ b/RHEL/6/input/system/network/ipv6.xml
@@ -138,7 +138,7 @@ An illicit router advertisement message could result in a man-in-the-middle atta
 <ref nist="CM-7" />
 </Rule>
 
-<Rule id="sysctl_ipv6_default_accept_redirects" severity="medium">
+<Rule id="sysctl_net_ipv6_conf_default_accept_redirects" severity="medium">
 <title>Disable Accepting IPv6 Redirects</title>
 <description>
 <sysctl-desc-macro sysctl="net.ipv6.conf.default.accept_redirects" value="0" />