
With the upcoming changes to rebase onto the RHEL 7 STIG controls, there needs to be a new solution for documentation that is easier to manage and filter. This patch automates the generation of the STIG control documentation in the following way: * A Sphinx extension runs early in the doc build process that writes all of the individual STIG control docs as well as ToC pages. * ToC pages are now sorted by severity, tag, and implementation status. * A giant listing of controls is easier to navigate now. * Docs are generated from metadata in the /doc/metadata directory. New documentation only needs to be added there. (Will explain this in the developer notes in a subsequent patch.) Implements: blueprint security-rhel7-stig Change-Id: I455af1121049f52193e98e2c9cb1ba5d4c292386
20 lines
731 B
ReStructuredText
20 lines
731 B
ReStructuredText
---
|
|
id: V-38529
|
|
status: exception
|
|
tag: misc
|
|
---
|
|
|
|
**Exception**
|
|
|
|
The STIG makes several requirements for IPv4 network restrictions, but these
|
|
restrictions can impact certain network interfaces and cause service
|
|
disruptions. Some security configurations make sense for certain types of
|
|
network interfaces, like bridges, but other restrictions cause the network
|
|
interface to stop passing valid traffic between hosts, containers, or virtual
|
|
machines.
|
|
|
|
The default network scripts and LXC userspace tools already configure various
|
|
network devices to their most secure setting. Since some hosts will act as
|
|
routers, enabling security configurations that restrict network traffic can
|
|
cause service disruptions for OpenStack environments.
|