Download
| Alert*
CCE-14871-8
Support for udf filesystems should be enabeld or disabled as appropriate. CCE-4544-3 Root squashing should be enabled or disabled as appropriate for all NFS shares CCE-14457-6 Support for freevxfs filesystems should be enabeld or disabled as appropriate. CCE-14061-6 The SSH 'keep alive' message count should be set to an appropriate value. CCE-3537-8 The rlogin service should be enabled or disabled as appropriate. CCE-3502-2 The /etc/pki/tls/ldap/serverkey.pem file should be owned by the appropriate user. CCE-3733-3 dhcpd logging should be enabled or disabled as appropriate. CCE-4424-8 The ntp daemon should be enabled or disabled as appropriate CCE-14688-6 Auditing should be configured to record kernel module loading and unloading events as appropriate. CCE-4459-4 The Squid option to perform FTP sanity checks should be enabled or not as appropriate CCE-14991-4 The system includes or does not include any device files with the unlabeled SELinux type. CCE-4304-2 File permissions for /etc/anacrontab should be set correctly. CCE-3999-0 The SELinux state should be set appropriately. CCE-3840-6 The default setting for performing source validation by reverse path should be enabled or disabled for network interfaces as appropriate. CCE-3644-2 Ignoring ICMP echo requests (pings) sent to broadcast / multicast addresses should be enabled or disabled as appropriate. CCE-4339-8 The /etc/pki/tls/ldap file should be owned by the appropriate group. CCE-3381-1 The default setting for IPv6 configuration should be enabled or disabled for network interfaces as appropriate. CCE-3679-8 The syslog service should be enabled or disabled as appropriate. CCE-4272-1 SSH should be installed or uninstalled as appropriate CCE-4370-3 SSH host-based authentication should be enabled or disabled as appropriate CCE-3755-6 CUPS service should be enabled or disabled as appropriate CCE-4076-6 The squid package should be installed or uninstalled as appropriate. CCE-4219-2 The bind package should be installed or uninstalled as appropriate. CCE-14679-5 Auditing should be configured to record process and session initiation events as appropriate. CCE-3604-6 The /etc/anacrontab file should be owned by the appropriate group. CCE-14716-5 Users should be allowed or not allowed to set environment options for SSH as appropriate. CCE-4379-4 The /etc/anacrontab file should be owned by the appropriate user. CCE-4322-4 The /etc/cron.monthly file should be owned by the appropriate group. CCE-3692-1 The Squid EUID should be set to an appropriate user CCE-14559-9 /home should be configured on an appropriate filesystem partition. CCE-4420-6 Remote print browsing should be enabled or disabled as appropriate CCE-14296-8 Auditing should be configured to record use of privileged commands as appropriate. CCE-4006-3 The USB device support module should be installed or not as appropriate CCE-3977-6 SELinux should be enabled or disabled as appropriate CCE-14703-3 The noexec option should be enabled or disabled for /dev/shm. CCE-14306-5 The nosuid option should be enabled or disabled for /dev/shm. CCE-3844-8 The default umask for all users should be set correctly for the bash shell CCE-4433-9 Avahi publishing of hardware information should be enabled or disabled as appropriate CCE-3724-2 Domain name server information should be sent or not sent by the DHCP server as appropriate. CCE-4313-3 Accepting redirects from IPv6 routers should be enabled or disabled as appropriate for all network interfaces. CCE-3822-4 The messagebus service should be enabled or disabled as appropriate. CCE-3626-9 The /etc/crontab file should be owned by the appropriate group. CCE-4072-5 The autofs service should be enabled or disabled as appropriate. CCE-4348-9 The ypserv package should be installed or uninstalled as appropriate. CCE-3581-6 The /etc/httpd/conf/* files should be owned by the appropriate group. CCE-4170-7 Device drivers for wireless devices should be included or excluded from the kernel as appropriate. CCE-4024-6 The nosuid option should be enabled or disabled for all NFS mounts as appropriate CCE-14712-4 The minimum number of lower case characters required for new passwords should be set as appropriate. CCE-4473-5 The nfs service should be enabled or disabled as appropriate CCE-4220-0 The daemon umask should be set as appropriate CCE-18240-2 All rsyslog log files should be owned by the appropriate group. CCE-14604-3 The gnome desktop screensaver should be enabled or disabled as appropriate as a mandatory setting for all users. CCE-4255-6 Squid should be configured to allow ftp traffic or not as appropriate CCE-4451-1 Avahi publishing of workstation name should be enabled or disabled as appropriate CCE-4100-4 The pcscd service should be enabled or disabled as appropriate. CCE-4353-9 The Squid max request HTTP header length should be set to an appropriate value CCE-17639-6 Rsyslog should accept remote messages or not as appropriate. CCE-14692-8 Auditing should be configured to make auditd configuration immutable as appropriate. CCE-14132-5 Disable or enable support for SCTP as appropriate. CCE-4388-5 File permissions for /etc/crontab should be set correctly. CCE-4331-5 The /etc/cron.weekly file should be owned by the appropriate group. CCE-17857-4 All rsyslog log files should be owned by the appropriate user. CCE-3870-3 The default umask for all users should be set correctly CCE-4090-7 File permissions should be set correctly for the home directories for all user accounts. CCE-4366-1 All syslog log files should be owned by the appropriate user. CCE-4464-4 The dhcp package should be installed or uninstalled as appropriate. CCE-4233-3 File permissions for all syslog log files should be set correctly. CCE-4268-9 The sshd service should be enabled or disabled as appropriate. CCE-4549-2 Logging of vsftpd transactions should be enabled or disabled as appropriate CCE-4148-3 The setroubleshoot package should be installed or uninstalled as appropriate. CCE-3585-7 The Squid option to ignore unknown nameservers should be enabled or not as appropriate CCE-4211-9 The kudzu service should be enabled or disabled as appropriate. CCE-4015-4 The statd service should be configured to use an outgoing static port or an outgoing dynamic portmapper port as appropriate CCE-3487-6 The ntp daemon synchronization server should be set appropriately CCE-4344-8 The Squid option to allow underscores in hostnames should be enabled or disabled as appropriate CCE-4514-6 The httpd package should be installed or uninstalled as appropriate. CCE-4371-1 The Dovecot option to drop privileges to user before executing mail process should be enabled or not as appropriate CCE-4273-9 The tftp service should be enabled or disabled as appropriate. CCE-4416-4 The sendmail service should be enabled or disabled as appropriate. CCE-3412-4 The firstboot service should be enabled or disabled as appropriate. CCE-4318-2 Time offset should be sent or not sent by the DHCP server as appropriate. CCE-3883-6 The /etc/group file should be owned by the appropriate group. CCE-4188-9 The direct gnome login warning banner should be set correctly. CCE-4251-5 File permissions for /etc/cron.monthly should be set correctly. CCE-4607-8 Squid should be configured to allow http traffic or not as appropriate CCE-4509-6 File permissions for /etc/httpd/conf should be set correctly. CCE-4286-1 The isdn service should be enabled or disabled as appropriate. CCE-18031-5 The ipsec-tools package should be installed or uninstalled as appropriate. CCE-4384-4 Dovecot should be configured to support the imaps protocol or not as necessary CCE-3301-9 The PATH variable should be set correctly for user root CCE-3919-8 The vsftpd service should be enabled or disabled as appropriate. CCE-4407-3 CUPS should be allowed or denied the ability to listen for Incoming printer information as appropriate CCE-14917-9 Auditing should be configured to record unauthorized attempts to access files as appropriate. CCE-18151-1 The talk-server package should be installed or uninstalled as appropriate. CCE-4144-2 The /etc/grub.conf file should be owned by the appropriate user. CCE-14970-8 Files with the setgid attribute enabled should be reviewed as appropriate to determine whether that condition is correct. CCE-4009-7 Anonymous root logins are enabled or disabled as appropriate CCE-3974-3 The rcp service should be enabled or disabled as appropriate. CCE-3756-4 The apache2 server's ServerSignature value should be set appropriately CCE-17742-8 The rsyslog package should be installed or uninstalled as appropriate. CCE-4303-4 DEPRECTATED in favor of CCE-4448-7 CCE-4338-0 The httpd service should be enabled or disabled as appropriate. CCE-4293-7 The listening sendmail daemon should be enabled or disabled as appropriate. CCE-3382-9 Syslogd should accept remote messages or not as appropriate CCE-4097-2 The password warn age should be set appropriately CCE-18455-6 The IPv6 protocol should be enabled or disabed as appropriate. CCE-3765-5 The snmpd service should be enabled or disabled as appropriate. CCE-14794-2 All world-writable directories should be owned by an appropriate user. CCE-3667-3 The statd service should be configured to use a static port or a dynamic portmapper port as appropriate CCE-4530-2 Dovecot should be configured to support the pop3 protocol or not as necessary CCE-14075-6 Client SMB packet signing should be required or not required for smbclient as appropriate. CCE-4449-5 The /etc/pki/tls/CA/cacert.pem file should be owned by the appropriate user. CCE-4218-4 The yum-updatesd service should be enabled or disabled as appropriate. CCE-3610-3 Squid should be configured to allow wais traffic or not as appropriate CCE-4173-1 USB kernel support should be enabled or disabled as appropriate. CCE-3987-5 Login access to non-root system accounts should be enabled or disabled as appropriate CCE-14107-7 The default umask for all users should be set correctly in /etc/login.defs CCE-14569-8 Auditing should be configured to record data export to media events as appropriate. CCE-3854-7 The mdmonitor service should be enabled or disabled as appropriate. CCE-3952-9 File permissions for /usr/sbin/userhelper should be set correctly. CCE-4186-3 The default setting for accepting ICMP redirects should be enabled or disabled for network interfaces as appropriate. CCE-4552-6 Dovecot plaintext authentication of clients should be enabled or disabled as necessary CCE-4427-1 The /etc/pki/tls/CA/cacert.pem file should be owned by the appropriate group. CCE-4151-7 The default setting for sending ICMP redirects should be enabled or disabled for network interfaces as appropriate. CCE-4356-2 The microcode_ctl service should be enabled or disabled as appropriate. CCE-4258-0 The /var/named/chroot/etc/named.conf file should be owned by the appropriate user. CCE-4454-5 The Squid option to force FTP passive connections should be enabled or not as appropriate CCE-14088-9 The 'wheel' group should exist or not as appropriate CCE-3399-3 The sticky bit should be set or not set as appropriate for all world-writable directories. CCE-14813-0 Package signature checking should be activated or deactivated as appropriate for all configured repositories. CCE-4547-6 Dovecot should be configured to support the imap protocol or not as necessary CCE-4236-6 Accepting source routed packets should be enabled or disabled for all interfaces as appropriate. CCE-14911-2 Disable or enable support for TIPC as appropriate. CCE-4191-3 The dhcp client service should be enabled or disabled as appropriate for each interface. CCE-4369-5 The network service should be enabled or disabled as appropriate. CCE-4410-7 The Dovecot option to spawn a new login process per connection should be enabled or not as appropriate CCE-4249-9 The nodev option should be enabled or disabled as appropriate for all non-root partitions. CCE-4129-3 The restorecond service should be enabled or disabled as appropriate. CCE-3845-5 The SSH idle timout interval should be set to an appropriate value CCE-4227-5 The default umask for all users should be set correctly for the csh shell CCE-3649-1 Firewall access to printing service should be enabled or disabled as appropriate CCE-4182-2 The logrotate (syslog rotater) service should be enabled or disabled as appropriate. CCE-15018-5 Postfix network listening should be enabled or disabled for as appropriate. CCE-4325-7 SSH version 1 protocol support should be enabled or disabled as appropriate. CCE-18037-2 The firewall should allow or reject access to the avahi service. CCE-4556-7 The squid service should be enabled or disabled as appropriate. CCE-4352-1 Avahi publishing of local information by user applications should be enabled or disabled as appropriate CCE-4254-9 The setroubleshoot service should be enabled or disabled as appropriate. CCE-4450-3 File permissions for /etc/cron.daily should be set correctly. CCE-4387-7 Root login via SSH should be enabled or disabled as appropriate CCE-4058-4 The default setting for accepting prefix information via IPv6 router advertisement should be enabled or disabled for network interfaces as appropriate. CCE-4289-5 The apmd service should be enabled or disabled as appropriate. CCE-4330-7 The telnet-server package should be installed or uninstalled as appropriate. CCE-4169-9 NIS servers should be sent or not sent by the DHCP server as appropriate. CCE-3707-7 The idle time-out value for the default /bin/bash shell should meet the minimum requirements. CCE-4365-3 The avahi-daemon service should be enabled or disabled as appropriate. CCE-3795-2 The world-write permission should be enabled or disabled as appropriate for all files. CCE-4134-3 Network access to ntpd should be allowed or denied as appropriate CCE-15054-0 The number of times a user is prompted to provide a new password if it fails to meet configured password strength requirements (also known as the retry value) should be set appropriately. CCE-18156-0 The rawdevices service should be enabled or disabled as appropriate. CCE-3573-3 All files should be owned by a group as appropriate CCE-4112-9 The cups service should be enabled or disabled as appropriate. CCE-4245-7 The ability for users to perform interactive startups should be enabled or disabled as appropriate. CCE-4441-2 The /etc/cron.monthly file should be owned by the appropriate user. CCE-4210-1 The /etc/gshadow file should be owned by the appropriate user. CCE-14853-6 Support for jffs2 filesystems should be enabeld or disabled as appropriate. CCE-4080-8 Performing source validation by reverse path should be enabled or disabled for all interfaces as appropriate. CCE-17248-6 Rsyslog logs should be sent to a remote loghost or not as appropriate. CCE-4476-8 The Squid GUID should be set to an appropriate group CCE-4223-4 All files should be owned by a user as appropriate CCE-4526-0 The noexec option should be enabled or disabled for all NFS mounts as appropriate CCE-4378-6 File permissions for /etc/pki/tls/ldap/serverkey.pem should be set correctly. CCE-4321-6 The /etc/pki/tls/ldap/serverkey.pem file should be owned by the appropriate group. CCE-3377-9 Global IPv6 initialization should be enabled or disabled as appropriate. CCE-14440-2 The GPG Key for Red Hat Network should be installed or uninstalled as appropriate. CCE-4250-7 File permissions for /etc/cron.d should be set correctly. CCE-4187-1 The USB device support module should be loaded or not as appropriate CCE-14777-7 /var should be configured on an appropriate filesystem partition. CCE-3315-9 The allowed period of inactivity gnome desktop lockout should be configured correctly. CCE-4428-9 The anacron package should be installed or uninstalled as appropriate. CCE-4574-0 File permissions for /var/log/httpd should be set correctly. CCE-4054-3 The /etc/cron.hourly file should be owned by the appropriate group. CCE-3916-4 The tftp-server package should be installed or uninstalled as appropriate. CCE-3568-3 The rpcidmapd service should be enabled or disabled as appropriate. CCE-4263-0 File permissions for /etc/pki/tls/ldap/servercert.pem should be set correctly. CCE-4361-2 File permissions for /etc/pki/tls/ldap should be set correctly. CCE-4032-9 OpenNTPD should be installed or uninstalled as appropriate CCE-4406-5 The anacron service should be enabled or disabled as appropriate. CCE-4130-1 File permissions for /etc/shadow should be set correctly. CCE-4308-3 The rsh package should be installed or uninstalled as appropriate. CCE-3390-2 The telnet service should be enabled or disabled as appropriate. CCE-4298-6 The acpid service should be enabled or disabled as appropriate. CCE-3324-1 The suid bit should be set or not set as appropriate for all files. CCE-4494-1 The Squid option to suppress the httpd version string should be enabled or disabled as appropriate CCE-4396-8 The nfslock service should be enabled or disabled as appropriate. CCE-3818-2 The grub boot loader should have password protection enabled or disabled as appropriate CCE-4241-6 The requirement for a password to boot into single-user mode should be configured correctly. CCE-14466-7 The at daemon should be enabled or disabled as appropriate. CCE-4419-8 The Squid max reply HTTP header length should be set to an appropriate value CCE-4276-2 All wireless interfaces should be enabled or disabled as appropriate. CCE-4023-8 The inetd package should be installed or uninstalled as appropriate. CCE-14675-3 NIS file inclusions should be set appropriately in the /etc/group file CCE-4178-0 The sgid bit should be set or not set as appropriate for all files. CCE-4292-9 The auditd service should be enabled or disabled as appropriate. CCE-3842-2 IPv6 privacy extensions should be configured appropriately for all interfaces. CCE-14927-8 The noexec option should be enabled or disabled as appropriate for /tmp. CCE-14829-6 Auditing should be configured to record user/group information modification events as appropriate. CCE-4239-0 The dovecot package should be installed or uninstalled as appropriate. CCE-18095-0 File permissions for all rsyslog log files should be set correctly. CCE-3820-8 Logins through the specified virtual console interface should be enabled or disabled as appropriate CCE-4413-1 Squid proxy access to localhost should be allowed or denied as appropriate CCE-3624-4 The SELinux policy should be set appropriately. CCE-4074-1 X Windows System Listening for remote connections should be enabled or disabled as appropriate CCE-4577-3 The Squid option to log HTTP MIME headers should be enabled or disabled as appropriate CCE-3481-9 The /etc/cron.daily file should be owned by the appropriate group. CCE-4448-7 The xfs service should be enabled or disabled as appropriate. CCE-4217-6 Accepting ICMP redirects should be enabled or disabled for all interfaces as appropriate. CCE-4172-3 Kernel support for the XD/NX processor feature should be enabled or disabled as appropriate CCE-14063-2 The password hashing algorithm should be configured as appropriate. CCE-3535-2 The rpcgssd service should be enabled or disabled as appropriate. CCE-14816-3 Auditing should be configured to record changes to the system network environment as appropriate. CCE-4185-5 The /usr/sbin/userhelper file should be owned by the appropriate group. CCE-14161-4 /tmp should be configured on an appropriate filesystem partition. CCE-4426-3 Avahi should be configured to accept packets with a TTL field not equal to 255 or not as appropriate CCE-15013-6 The system should act as a network sniffer or not as appropriate. CCE-14914-6 Package signature checking should be globally activated or deactivated as appropriate. CCE-18412-7 User accounts may or may not be inactivated a specified number of days after account expiration. CCE-15026-8 The kernel arguments should enable or disable auditing early in the boot process as appropriate. CCE-3668-1 The mcstrans service should be enabled or disabled as appropriate. CCE-3339-9 The default setting for accepting "secure" ICMP redirects (those from gateways listed in the default gateways list) should be enabled or disabled for network interfaces as appropriate. CCE-17698-2 The rsyslog service should be enabled or disabled as appropriate. CCE-4404-0 The net-smtp package should be installed or uninstalled as appropriate. CCE-4502-1 The /var/lib/ldap/* files should be owned by the appropriate user. CCE-4431-3 SSH warning banner should be enabled or disabled as appropriate CCE-14825-4 The isdn4k-utils package should installed or uninstalled as appropriate. CCE-4137-6 The default number of global unicast IPv6 addresses allowed per network interface should be set appropriately. CCE-4092-3 The "maximum password age" policy should meet minimum requirements. CCE-4466-9 Squid should be configured to allow multiling http traffic or not as appropriate CCE-14054-1 Zeroconf networking should be enabled or disabled as appropriate. CCE-4559-1 The lockd service should be configured to use a static port or a dynamic portmapper port for TCP as appropriate CCE-4368-7 The nodev option should be enabled or disabled for all NFS mounts as appropriate CCE-3628-5 All wireless devices should be enabled or disabled in the BIOS as appropriate. CCE-3485-0 Logins through the specified virtual console device should be enabled or disabled as appropriate CCE-4346-3 The apache 2 server software should be installed or removed as appropriate CCE-4444-6 Avahi publishing of local information should be enabled or disabled as appropriate CCE-14847-8 The default umask for all users should be set correctly in /etc/profile CCE-3988-3 The /etc/shadow file should be owned by the appropriate group. CCE-4128-5 The default setting for accepting a default router via IPv6 router advertisement should be enabled or disabled for network interfaces as appropriate. CCE-4181-4 The Squid option to show proxy client IP addresses in HTTP headers should be enabled or disabled as appropriate CCE-3276-3 The /etc/group file should be owned by the appropriate user. CCE-4324-0 The crond service should be enabled or disabled as appropriate. CCE-4511-2 Squid should be configured to allow gss-http traffic or not as appropriate CCE-3833-1 The /etc/cron.weekly file should be owned by the appropriate user. CCE-4422-2 X Windows should be installed or removed as appropriate CCE-3472-8 Accepting "secure" ICMP redirects (those from gateways listed in the default gateways list) should be enabled or disabled for all interfaces as appropriate. CCE-14089-7 Support for cramfs filesystems should be enabeld or disabled as appropriate. CCE-4106-1 File permissions for /etc/cron.hourly should be set correctly. CCE-14701-7 The password strength parameters should require new passwords to differ from old ones by the appropriate minimum number of characters. CCE-3944-6 The ability to boot from USB devices should be enabled or disabled as appropriate CCE-4533-6 The netfs service should be enabled or disabled as appropriate. CCE-4302-6 The readahead_later service should be enabled or disabled as appropriate. CCE-14023-6 The screen lock (password protection) function of the gnome desktop screensaver should be enabled or disabled as appropriate as a mandatory setting for all users. CCE-3913-1 NIS domain should be sent or not sent by the DHCP server as appropriate. CCE-4168-1 ExecShield should be enabled or disabled as appropriate CCE-4529-4 Squid should be configured to allow https traffic or not as appropriate CCE-4364-6 The haldaemon service should be enabled or disabled as appropriate. CCE-14821-3 Auditing should be configured to record changes to the system's mandatory access controls as appropriate. CCE-4409-9 The Avahi daemon should be configured to serve via Ipv4 or not as appropriate CCE-14058-2 Auditing should be configured to record changes to discretionary access control permissions as appropriate. CCE-4231-7 The GNOME automounter (gnome-volume-manager) should be enabled or disabled as appropriate CCE-4462-8 X Windows should be enabled or disabled at system boot as appropriate CCE-4133-5 Ignoring bogus ICMP responses to broadcasts should be enabled or disabled as appropriate. CCE-4146-7 ExecShield randomized placement of virtual memory regions should be enabled or disabled as appropriate CCE-3685-5 Console device ownership should be restricted to root-only as appropriate. CCE-4399-2 LDAP's dynamic updates feature should be enabled or disabled as appropriate CCE-4111-1 Logins through the primary console device should be enabled or disabled as appropriate CCE-4475-0 Emulation of the rsh command through the ssh server should be enabled or disabled as appropriate CCE-4377-8 The hidd service should be enabled or disabled as appropriate. CCE-3561-8 IP forwarding should be enabled or disabled as appropriate. CCE-4320-8 Logging of "martian" packets (those with impossible addresses) should be enabled or disabled for all interfaces as appropriate. CCE-4355-4 The bluetooth service should be enabled or disabled as appropriate. CCE-4257-2 The dynamic DNS feature of the DHCP server should be enabled or disabled as appropriate CCE-4503-9 The Squid option to check for RFC compliant hostnames should be enabled or not as appropriate CCE-3717-6 Warning banners for gui login users should be enabled or disabled as appropriate CCE-4159-0 The default number of IPv6 router solicitations for network interfaces to send should be set appropriately. CCE-4209-3 The AIDE package should be installed or not as appropriate CCE-4164-0 The xinetd package should be installed or uninstalled as appropriate. CCE-14027-7 Disable or enable support for RDS as appropriate. CCE-4360-4 File permissions for /etc/pki/tls/CA/cacert.pem should be set correctly. CCE-14672-0 The minimum number of upper case characters required for new passwords should be set as appropriate. CCE-4551-8 The smb service should be enabled or disabled as appropriate. CCE-4044-4 Sudo privileges should granted or rejected to the wheel group as appropriate CCE-3689-7 The idle time-out value for the default /bin/tcsh shell should meet the minimum requirements. CCE-4373-7 Squid should be configured to allow http-mgmt traffic or not as appropriate CCE-4022-0 The /etc/cron.daily file should be owned by the appropriate user. CCE-4275-4 The noexec option should be enabled or disabled as appropriate for all removable media. CCE-3410-8 The "account lockout threshold" policy should meet minimum requirements. CCE-14071-5 NIS file inclusions should be set appropriately in the /etc/shadow file CCE-4177-2 The XD/NX processor feature should be enabled or disabled as appropriate in the BIOS CCE-3983-4 The /etc/cron.hourly file should be owned by the appropriate user. CCE-3578-2 The named service should be enabled or disabled as appropriate. CCE-4386-9 File permissions for /etc/httpd/conf/* should be set correctly. CCE-4155-8 Sending ICMP redirects should be enabled or disabled for all interfaces as appropriate. CCE-14093-9 Support for hfsplus filesystems should be enabeld or disabled as appropriate. CCE-4484-2 The /var/lib/ldap/* files should be owned by the appropriate group. CCE-3416-5 The rhnsd service should be enabled or disabled as appropriate. CCE-14894-0 LDAP client requires or does not require LDAP servers to use TLS for SSL communications as appropriate. CCE-14904-7 Auditing should be configured to record logon and logout events as appropriate. CCE-14118-4 Support for squashfs filesystems should be enabeld or disabled as appropriate. CCE-14171-3 /var/log/audit should be configured on an appropriate filesystem partition. CCE-3887-7 Dovecot should be configured to support the pop3s protocol or not as necessary CCE-14939-3 The "password reuse" policy should meet minimum requirements. CCE-3985-9 The /var/named/chroot/etc/named.conf file should be owned by the appropriate group. CCE-4229-1 The gpm service should be enabled or disabled as appropriate. CCE-14412-1 The nodev option should be enabled or disabled as appropriate for /tmp. CCE-14881-7 The vsftpd package should be installed or uninstalled as appropriate. CCE-4554-2 A warning banner for all FTP users should be enabled or disabled as appropriate CCE-4051-9 The cpuspeed service should be enabled or disabled as appropriate. CCE-4425-5 The hplip service should be enabled or disabled as appropriate. CCE-4380-2 The /etc/cron.d file should be owned by the appropriate user. CCE-4064-2 The /etc/gshadow file should be owned by the appropriate group. CCE-14948-4 Bluetooth kernel modules should be enabled or disabled as appropriate. CCE-4260-6 Syslog logs should be sent to a remote loghost or not as appropriate CCE-4403-2 DHCPDECLINE messages should be accepted or denied by the DHCP server as appropriate CCE-3425-6 The kdump service should be enabled or disabled as appropriate. CCE-17250-2 The pam_ccreds package should be installed or uninstalled as appropriate. CCE-4438-8 The mountd service should be configured to use a static port or a dynamic portmapper port as appropriate CCE-4295-2 Inbound connections to the ssh port should be allowed or denied as appropriate CCE-4042-8 The nosuid option should be enabled or disabled as appropriate for all removable media. CCE-4491-7 The rpcsvcgssd service should be enabled or disabled as appropriate CCE-3501-4 The ldap service should be enabled or disabled as appropriate. CCE-14051-7 Auditing should be configured to record date and time modification events as appropriate. CCE-4197-0 The /etc/grub.conf file should be owned by the appropriate group. CCE-14491-5 Appropriate ciphers should be used for SSH. CCE-17504-2 The irda-utils package should be installed or uninstalled as appropriate. CCE-3932-1 File permissions for /etc/gshadow should be set correctly. CCE-4310-9 The lockd service should be configured to use a static port or a dynamic portmapper port for UDP as appropriate CCE-4114-5 NIS file inclusions should be set appropriately in the /etc/passwd file CCE-4443-8 Local user login to the vsftpd service should be enabled or disabled as appropriate CCE-4212-7 The /etc/cron.d file should be owned by the appropriate group. CCE-4247-3 Core dumps for setuid programs should be enabled or disabled as appropriate CCE-18244-4 The irda service should be enabled or disabled as appropriate. CCE-4345-5 BOOTP queries should be accepted or denied by the DHCP server as appropriate CCE-4127-7 Squid should be configured to allow gopher traffic or not as appropriate CCE-4225-9 Core dumps for all users should be enabled or disabled as appropriate CCE-3847-1 The dovecot service should be enabled or disabled as appropriate. CCE-4029-5 File permissions for /usr/sbin/httpd should be set correctly. CCE-4180-6 The "minimum password age" policy should meet minimum requirements. CCE-4323-2 The logwatch service should be enabled or disabled as appropriate CCE-14824-7 Auditing should be configured to record administrator and security personnel action events as appropriate. CCE-4421-4 The readahead_early service should be enabled or disabled as appropriate. CCE-14957-5 The PATH variable for root includes or does not include any world-writable or group-writable directories as appropriate. CCE-4105-3 The /etc/pki/tls/ldap/servercert.pem file should be owned by the appropriate user. CCE-4060-0 The system login banner text should be set correctly. CCE-15029-2 Client SMB packet signing should be required or not required for mount.cifs as appropriate. CCE-4203-6 File permissions for /etc/cron.weekly should be set correctly. CCE-4358-8 Avahi publishing of domain name should be enabled or disabled as appropriate CCE-18200-6 The talk package should be installed or uninstalled as appropriate. CCE-4291-1 The default setting for accepting IPv6 router advertisements should be enabled or disabled for network interfaces as appropriate. CCE-15007-8 The nodev option should be enabled or disabled for /dev/shm. CCE-3495-9 The /etc/passwd file should be owned by the appropriate group. CCE-3910-7 The vlock package should be installed or not as appropriate CCE-4336-4 The dhcpd service should be enabled or disabled as appropriate. CCE-3701-0 All syslog log files should be owned by the appropriate group. CCE-4238-2 Login access to accounts without passwords should be enabled or disabled as appropriate CCE-3967-7 File permissions for /etc/group should be set correctly. CCE-4193-9 Avahi should be configured to allow other stacks from binding to port 5353 or not as appropriate CCE-14735-5 The screen blanking function of the gnome desktop screensaver should be enabled or disabled as appropriate as a mandatory setting for all users. CCE-14495-6 The sendmail package should be installed or uninstalled as appropriate. CCE-4341-4 Avahi publishing of IP addresses should be enabled or disabled as appropriate CCE-3718-4 The /etc/pki/tls/ldap/servercert.pem file should be owned by the appropriate group. CCE-4243-2 Default routers should be sent or not sent by the DHCP server as appropriate. CCE-14931-0 All installed software packages verify or do not verify against the package database. CCE-14264-6 The default policy for iptables INPUT table should be set as appropriate. CCE-4376-0 The ntpd service should be enabled or disabled as appropriate. CCE-3455-3 The smartd service should be enabled or disabled as appropriate. CCE-14068-1 The postfix package should be installed or uninstalled as appropriate. CCE-4221-8 The default setting for accepting router preference via IPv6 router advertisement should be enabled or disabled for network interfaces as appropriate. CCE-3958-6 The /etc/passwd file should be owned by the appropriate user. CCE-4474-3 The apache2 server's ServerTokens value should be set appropriately CCE-4123-6 The irqbalance service should be enabled or disabled as appropriate. CCE-14340-4 Files with the setuid attribute enabled should be reviewed as appropriate to determine whether that condition is correct. CCE-14820-5 Auditing should be configured to record file and program deletion events as appropriate. CCE-14011-1 /var/log should be configured on an appropriate filesystem partition. CCE-3923-0 File permissions for /etc/grub.conf should be set correctly. CCE-14940-1 The nosuid option should be enabled or disabled as appropriate for /tmp. CCE-4256-4 Login prompts on serial ports should be enabled or disabled as appropriate. CCE-4487-5 File permissions for /var/named/chroot/etc/named.conf should be set correctly. CCE-4389-3 Domain name should be sent or not sent by the DHCP server as appropriate. CCE-3660-8 Remote connections from accounts with empty passwords should be enabled or disabled as appropriate CCE-3705-1 The ypbind service should be enabled or disabled as appropriate. CCE-14584-7 /var/tmp should be configured on an appropriate filesystem partition. CCE-15087-0 Support for hfs filesystems should be enabeld or disabled as appropriate. CCE-14122-6 The minimum number of special characters required for new passwords should be set as appropriate. CCE-4091-5 The default setting for accepting source routed packets should be enabled or disabled for network interfaces as appropriate. CCE-4136-8 The Avahi daemon should be configured to serve via Ipv6 or not as appropriate CCE-4269-7 Accepting IPv6 router advertisements should be enabled or disabled as appropriate for all network interfaces. CCE-4234-1 The inetd service should be enabled or disabled as appropriate. CCE-4465-1 Restriction of NFS clients to privileged ports should be enabled or disabled as appropriate CCE-3562-6 Automatic loading of the IPv6 kernel module should be enabled or disabled as appropriate. CCE-4296-0 IPv6 configuration should be enabled or disabled as appropriate for all interfaces. CCE-3895-0 The default number of IPv6 duplicate address detection solicitations for network interfaces to send per configured address should be set appropriately. CCE-4492-5 The /etc/pki/tls/ldap file should be owned by the appropriate user. CCE-3579-0 The rquotad service should be configured to use a static port or a dynamic portmapper port as appropriate CCE-4141-8 The rsh service should be enabled or disabled as appropriate. CCE-14268-7 Disable or enable support for DCCP as appropriate. CCE-4198-8 The default setting for accepting redirects from IPv6 routers should be enabled or disabled for network interfaces as appropriate. CCE-17816-0 The libuser library "login_defs" variable should be set correctly in libuser.conf. CCE-4274-7 Command access to the root account should be enabled or disabled as appropriate. CCE-15047-4 Access to the root account via su should be restricted to the wheel group or not as appropriate. CCE-4319-0 NTP servers should be sent or not sent by the DHCP server as appropriate. CCE-14113-5 The minimum number of digits required for new passwords should be set as appropriate. CCE-4550-0 The portmap service should be enabled or disabled as appropriate. CCE-3522-0 The nodev option should be enabled or disabled as appropriate for all removable media. CCE-4189-7 The iptables service should be enabled or disabled as appropriate. CCE-4350-5 Write access to NFS shares should be enabled or disabled as appropriate CCE-4252-3 The xinetd service should be enabled or disabled as appropriate. CCE-3851-3 The /etc/crontab file should be owned by the appropriate user. CCE-4519-5 Squid should be configured to allow filemaker traffic or not as appropriate CCE-4287-9 The default setting for autoconfiguring network interfaces using prefix information in IPv6 router advertisements should be enabled or disabled as appropriate. CCE-4385-1 A remote NTP Server for time synchronization should be specified or not as appropriate CCE-4154-1 The password minimum length should be set appropriately CCE-14081-4 The net-snmpd package should be installed or uninstalled as appropriate. CCE-3918-0 The /etc/shadow file should be owned by the appropriate user. CCE-3762-2 DEPRECATED in favor of CCE-14113-5, CCE-14672-0, CCE-14712-4, CCE-14122-6. Was: The password strength should meet minimum requirements CCE-4167-3 The ip6tables service should be enabled or disabled as appropriate. CCE-3566-7 File permissions for /etc/passwd should be set correctly. CCE-4265-5 Sending TCP syncookies should be enabled or disabled as appropriate. CCE-4461-0 File uploads via vsftpd should be enabled or disabled as appropriate CCE-14860-1 DEPRECATED in favor of CCE-14107-7. Was: The default umask for all users should be set correctly in /etc/login.defs CCE-14300-8 Password hashes are shadowed or not shadowed for all accounts in /etc/passwd as appropriate. |