Download
| Alert*
CCE-6495-6
traceroute executable should be owned by an appropriate user CCE-6517-7 /etc/security/audit_control file permissions should be set appropriately CCE-7317-1 Sendmail expn command should be allowed or not as appropriate CCE-7547-3 Users should be listed in the ASET userlist file or not as appropriate CCE-7438-5 /etc/notrouter file should be owned by an appropriate group CCE-7272-8 /var/adm/loginlog file permissions should be set appropriately CCE-6868-4 Creation/modification of superuser groups should be audited or not as appropriate CCE-7393-2 At directory should be owned by an appropriate group CCE-7501-0 The /var/adm/utmp[x] log should be enabled or disabled as appropriate CCE-7186-0 Filesystem logging/journaling should be performed or not as appropriate CCE-6603-5 The bind service should be enabled or disabled as appropriate. CCE-7491-4 rsh auth should be allowed or disallowed by PAM as appropriate CCE-6977-3 Non attributable events (na class) should be audited or not as appropriate CCE-6690-2 auth usage should be audited or not as appropriate CCE-6299-2 sprayd service should be enabled or disabled as appropriate CCE-7283-5 crontab files should be owned by an appropriate user CCE-7031-8 The lockd service should be enabled or disabled as appropriate CCE-7381-7 System rshd logons should be audited or not as appropriate CCE-6276-0 Source-routed packets should be accepted or rejected as appropriate. CCE-6582-1 /var/log/pamlog file should be owned by an appropriate user CCE-7152-2 The use of NIS special characters (+ or -) in the first field of the /etc/group file should be allowed or disallowed as appropriate. CCE-7449-2 IP redirects should be followed or ignored as appropriate CCE-7305-6 cron.deny data should be owned by an appropriate group CCE-7250-4 The /bin/rsh file should exist or not as appropriate CCE-7559-8 The /var/log/syslog log should be enabled or disabled as appropriate CCE-6712-4 The /etc/hosts.equiv file should exist or not as appropriate. CCE-6746-2 tftpd service should be enabled or disabled as appropriate CCE-7020-1 /var/adm/syslog file permissions should be set appropriately CCE-7414-6 Sending of IP redirects should be enabled or disabled as appropriate CCE-7437-7 DEPRECATED in favor of CCE-7009-4. CCE-7066-4 The SSH login banner should be set appropriately. CCE-7089-6 vino-server service should be enabled or disabled as appropriate CCE-6341-2 Samba 'encrypt' passwords option should be set as appropriate CCE-7262-9 DEPRECATED. CCE-7141-5 The default login console should be set appropriately CCE-7164-7 Login accounts should include an appropriate GECOS identifier or no GECOS identifier CCE-6953-4 /etc/inetd.conf file permissions should be set appropriately CCE-7187-8 /etc/hosts file permissions should be set appropriately CCE-6976-5 .rhosts files should exist or not as appropriate for all users. CCE-7380-9 /etc/rmmount.conf file should be owned by an appropriate user CCE-8665-2 /etc/auto.master file should be owned by an appropriate group CCE-7282-7 /etc/samba/smb.conf file should be owned by an appropriate group CCE-6485-7 Response to ICMP timestamp broadcast requests should be enabled or disabled as appropriate CCE-7078-9 /usr/lib/sendmail file should be owned by an appropriate group CCE-8359-2 Exported files and directories should be owned by an appropriate group CCE-7153-0 daytime service should be enabled or disabled as appropriate CCE-7766-9 /etc/auto.misc file should be owned by an appropriate group CCE-6659-7 The chown system call should be audited or not as appropriate CCE-7176-1 /usr/bin/sh file permissions should be set appropriately CCE-7130-8 Response to ICMP timestamp requests should be enabled or disabled as appropriate CCE-7251-2 at.allow file permissions should be set appropriately CCE-7304-9 /etc/named.boot file should be owned by an appropriate group CCE-7270-2 /etc/passwd file should be owned by an appropriate group CCE-7067-2 ftp service should be enabled or disabled as appropriate CCE-7293-4 /etc/fs file permissions should be set appropriately CCE-6308-1 rexec service should be enabled or disabled as appropriate CCE-7436-9 DEPRECATED. CCE-7459-1 Exported files and directories should be owned by an appropriate user CCE-6933-6 /bin/csh file permissions should be set appropriately CCE-7188-6 Default number of allowed retries should be set appropriately CCE-7240-5 /var/adm/wtmp file permissions should be set appropriately CCE-6910-4 DEPRECATED in favor of CCE-7009-4. CCE-7315-5 The default number of syslog failed logins retried should be set appropriately CCE-7568-9 Hard core dump size limits should be set appropriately CCE-6945-0 rquotad service should be enabled or disabled as appropriate CCE-7010-2 /usr/aset/userlist file permissions should be set appropriately CCE-7326-2 smbpassword file permissions should be set appropriately CCE-7056-5 DEPRECATED. CCE-6835-3 /etc/dfs file permissions should be set appropriately CCE-8314-7 /etc/auto.net file should be owned by an appropriate user CCE-6580-5 cron.allow file should be owned by an appropriate group CCE-7401-3 Programs executed through aliases file entries should be owned by an appropriate group CCE-7424-5 /etc/rmmount.conf file permissions should be set appropriately CCE-7154-8 The mountd service should be enabled or disabled as appropriate CCE-6737-1 /etc/exports should be owned by an appropriate group CCE-6264-6 The Network Time Protocol (ntp) synchronization server should be set appropriately. CCE-7120-9 Crontab file permissions should be set appropriately CCE-7292-6 snmpd.conf file permissions should be set appropriately CCE-6287-7 rcp service should be enabled or disabled as appropriate CCE-7390-8 System ssh logons should be audited or not as appropriate CCE-7022-7 /etc/sh file permissions should be set appropriately CCE-7045-8 finger service should be enabled or disabled as appropriate CCE-7412-0 DEPRECATED. CCE-6604-3 font-service should be enabled or disabled as appropriate CCE-7665-3 Root logins should be allowed or not as appropriate from SSH consoles CCE-7458-3 The current wokring directory should or should not be added to the environmental variable PATH by global initialization files as appropriate CCE-7264-5 Samba 'smb passwd file' option should be set to an appropriate password file or no password file CCE-7189-4 The nfsd service should be enabled or disabled as appropriate CCE-7241-3 /etc/syslog.conf file should be owned by an appropriate user CCE-7337-9 /etc/exports file permissions should be set appropriately CCE-7521-8 System rexecd logons should be audited or not as appropriate CCE-6702-5 The seteuid system call should be audited or not as appropriate CCE-7280-1 DEPRECATED. CCE-7533-3 The TCP max connection limit should be set appropriately CCE-6921-1 The user umask should be set appropriately CCE-7011-0 /etc/vfstab file permissions should be set appropriately CCE-7302-3 Default su console should be set appropriately CCE-7057-3 Multicast route assignment should be enabled or disabled as appropriate CCE-7510-1 The /var/adm/messages log should be enabled or disabled as appropriate CCE-6581-3 Default sleeptime should be set appropriately CCE-7253-8 The setegid system call should be audited or not as appropriate CCE-7400-5 /etc/resolv.conf file should be owned by an appropriate group CCE-7230-6 Samba should be enabled or disabled as appropriate CCE-6615-9 /etc/motd file permissions should be set appropriately CCE-8171-1 The at.allow file should be configured with the set of users permitted to use the at facility as appropriate. CCE-7155-5 The current working directory should or should not be added to the environmental variable PATH by local initialization files as appropriate CCE-6944-3 rlogin auth should be allowed by pam.d or not as appropriate CCE-7348-6 The /usr/bin/rsh file should exist or not as appropriate CCE-6713-2 The inetd service should be enabled or disabled as appropriate. CCE-7178-7 System rlogin logons should be audited or not as appropriate CCE-7359-3 DEPRECATED. CCE-6950-0 /etc/host.lpd file permissions should be set appropriately CCE-6536-7 Groups referenced in /etc/passwd should be included in /etc/group or not as appropriate. CCE-7000-3 NFS server logging should be enabled or disabled as appropriate CCE-7336-1 Crontab directory permissions should be set appropriately CCE-7069-8 /etc/pam.conf file permissions should be set appropriately CCE-6491-5 File permissions should be set appropriately for all user home directories. CCE-6645-6 /etc/csh file permissions should be set appropriately CCE-7457-5 Each user home directory should be owned by an appropriate user. CCE-6198-6 Password policy should enforce the correct amount of special characters CCE-6841-1 Accounts other than root should be allowed to have the UID 0 or not as appropriate CCE-6668-8 /usr/bin/at file permissions should be set appropriately CCE-7167-0 DEPRECATED. CCE-7434-4 DEPRECATED. CCE-7265-2 /etc/security/audit_event file should be owned by an appropriate user CCE-7242-1 /etc/named.boot file should be owned by an appropriate user CCE-7144-9 /etc/cron.d/at.allow file permissions should be set appropriately CCE-4909-8 DEPRECATED. CCE-7653-9 Caching of the RBAC prof_attr should be enabled or disabled as appropriate CCE-6610-0 /etc/hostname* file permissions should be set appropriately CCE-7058-1 imap2 service should be enabled or disabled as appropriate CCE-7110-0 DEPRECATED. CCE-6633-2 traceroute executable should be owned by an appropriate group CCE-6656-3 Routing should be enabled or disabled as appropriate CCE-7035-9 DEPRECATED. CCE-6480-8 DEPRECATED. CCE-7445-0 DEPRECATED. CCE-7254-6 su usage should be audited or not as appropriate CCE-7231-4 resolv.conf file permissions should be set appropriately CCE-7468-2 The high security directory list should be set appropriately CCE-7156-3 chargen service should be enabled or disabled as appropriate CCE-7290-0 NIS+ server should operate at an appropriate security level CCE-7179-5 /etc/named.conf file permissions should be set appropriately CCE-7347-8 /var/adm/messages file permissions should be set appropriately CCE-7335-3 ARP cleanup interval should be set appropriately CCE-6995-5 /opt should be configured on an appropriate filesystem partition CCE-7312-2 DEPRECATED. CCE-7358-5 /etc/notrouter file should be owned by an appropriate user CCE-7542-4 auditing should be logged to an appropriate directory CCE-6307-3 rusersd service should be enabled or disabled as appropriate CCE-7024-3 New users should be required or not required to change their password on first login as appropriate CCE-6285-1 Executable stack should be enabled or disabled as appropriate CCE-6919-5 Password policy should ban or allow words found in a dictionary as appropriate. CCE-7243-9 /tmp file permissions should be set appropriately CCE-6439-4 /etc/aliases file permissions should be set appropriately CCE-7220-7 The read-only (ro) option should be enabled or disabled as appropriate for all NFS exports. CCE-7588-7 System ftp logons should be audited or not as appropriate CCE-7145-6 uucp service should be enabled or disabled as appropriate CCE-6730-6 The /var/log/pamlog log should be enabled or disabled as appropriate CCE-7577-0 The free space threshold to warn at should be set appropriately CCE-7300-7 /etc/passwd file should be owned by an appropriate user CCE-6503-7 DEPRECATED in favor of CCE-7736-2. CCE-6481-6 snmpd.conf file should be owned by an appropriate group CCE-6632-4 The shell for the root account should be located on the appropriate filesystem CCE-6886-6 Programs executed through aliases file entries should be owned by an appropriate user CCE-7444-3 /etc/security/audit_event file should be owned by an appropriate group CCE-7059-9 tooltalk service should be enabled or disabled as appropriate CCE-6428-7 Cron log file permissions should be set appropriately CCE-6405-5 At directory should be owned by an appropriate user CCE-7157-1 .shosts files should exist or not as appropriate for all users. CCE-7232-2 Root logins should be restricted to the console or not as appropriate. CCE-7323-9 PAM should be logged at an appropriate level CCE-6549-0 /etc/security/audit_class file permissions should be set appropriately CCE-6961-7 Samba 'security option' option should be set as appropriate CCE-6394-1 /etc/services file permissions should be set appropriately CCE-7839-4 The at.deny file should be configured with the set of users not permitted to use the at facility as appropriate. CCE-6768-6 /etc/default/* file permissions should be set appropriately CCE-7025-0 DEPRECATED. CCE-6459-2 DEPRECATED. CCE-6624-1 The /etc/ftpusers file should exist or not as appropriate CCE-7267-8 /bin/sh file permissions should be set appropriately CCE-7244-7 PAM access to /dev/console should be logged at an appropriate level or not logged as appropriate CCE-6601-9 cron.allow file should be owned by an appropriate user CCE-7432-8 ARP IRE interval should be set appropriately CCE-6511-0 /var/log/pamlog file permissions should be set appropriately CCE-6998-9 Cron logging should be enabled or disabled as appropriate CCE-6557-3 Samba 'hosts allow' option should be configured with an appropriate set of networks CCE-7146-4 The minimum password age should be set as appropriate CCE-6196-0 Core dump size limits should be set appropriately CCE-7169-6 The Solaris Automated Security Enhancement Tool (ASET) tune.med file should exist or not as appropriate CCE-7158-9 Programs executed through the aliases file should reside a directory with an appropriate user owner CCE-7368-4 DEPRECATED. CCE-7553-1 /etc/security/audit_class file should be owned by an appropriate group CCE-6338-8 Programs executed through the aliases file should be owned by an appropriate user CCE-6733-0 /etc/syslog.conf file permissions should be set appropriately CCE-7345-2 DEPRECATED in favor of CCE-7839-4. CCE-6877-5 NFS should be configured to respond or not as appropriate to client requests that do not originate from a privileged port CCE-7210-8 /var/adm/utmp file permissions should be set appropriately CCE-7420-3 /usr/aset/masters/uid_aliases should contain an appropriate listing of aliases CCE-6328-9 .forward files should be allowed or disallowed as appropriate for all users CCE-7101-9 /usr/kerberos/bin/rsh file permissions should be set appropriately CCE-7586-1 Password changes should be audited or not as appropriate CCE-6767-8 at.allow file should be owned by an appropriate group CCE-7310-6 The ASET periodic schedule setting should be set appropriately CCE-7049-0 Password policy should enforce or not enforce the requirement to have mixed case passwords as appropriate. CCE-6600-1 DEPRECATED. CCE-7003-7 /bin/bash file permissions should be set appropriately CCE-6260-4 Home directories referenced in /etc/passwd should exist or not as appropriate CCE-6490-7 /usr/bin/jsh file permissions should be set appropriately CCE-7563-0 ASET should check NIS+ tables or not as appropriate CCE-7268-6 Each user home directory should be owned by an appropriate group. CCE-6646-4 IP forwarding should be enabled or disabled as appropriate CCE-6865-0 Strict destination multihoming should be enabled or disabled as appropriate CCE-7222-3 /etc/security/audit_control file should be owned by an appropriate group CCE-7245-4 Remote (serial) consoles should be enabled or disabled as appropriate. CCE-6899-9 su usage should be audited or not as appropriate CCE-7147-2 inetd.conf file should be owned by an appropriate group CCE-6951-8 The read/write SNMP community string should be set appropriately. CCE-6721-5 /sbin/jsh file permissions should be set appropriately CCE-7344-5 The UID aliases pointer should be set appropriately CCE-7159-7 /var/mail file permissions should be set appropriately CCE-6778-5 /etc/security file permissions should be set appropriately CCE-7113-4 .Xauthority file permissions should be set appropriately for all users. CCE-6876-7 Global initialization files should allow or deny write access to the terminal as appropriate CCE-7038-3 Authorized X-clients should be listed or not in the X*.hosts file as appropriate CCE-7234-8 rstatd service should be enabled or disabled as appropriate CCE-7488-0 TCP reverse source routes should be enabled or disabled as appropriate CCE-6218-2 The console login banner should be set appropriately. CCE-8602-5 NFS should be configured to respond or not as appropriate to client requests that do not include a user id . CCE-6392-5 /etc/mail/aliases file permissions should be set appropriately CCE-7136-5 /bin/jsh file permissions should be set appropriately CCE-7607-5 DEPRECATED. CCE-7080-5 The minimum required password length should be set as appropriate CCE-7355-1 /usr/tmp file permissions should be set appropriately CCE-7378-3 Cron directories should be owned by an appropriate user CCE-6434-5 The number of consecutive failed login attempts required to trigger a lockout should be set as appropriate CCE-6641-5 Forwarding of source routed packets should be enabled or disabled as appropriate CCE-7453-4 DEPRECATED. CCE-7269-4 /usr/bin/csh file permissions should be set appropriately CCE-7223-1 /etc/rmmount.conf file should be owned by an appropriate group CCE-6860-1 at.deny file should be owned by an appropriate user CCE-6194-5 /var should be configured on an appropriate filesystem partition CCE-7430-2 DEPRECATED. CCE-7125-8 /etc/samba/smb.conf file should be owned by an appropriate user CCE-7320-5 /var/log directory should be owned by an appropriate user CCE-7343-7 DEPRECATED. CCE-6981-5 The read-only SNMP community string should be set appropriately. CCE-7366-8 /usr/lib/embedded_us file permissions should be set appropriately CCE-6469-1 /etc/services file should be owned by an appropriate user CCE-6400-6 /etc/vold.conf file permissions should be set appropriately CCE-7258-7 The home directory for each user account should be set appropriately. CCE-6928-6 /var/adm/authlog file permissions should be set appropriately CCE-7016-9 The noexec_user_stack flag should be set on the user stack or not as appropriate CCE-7441-9 smbpasswd executable should be owned by an appropriate group CCE-6567-2 rlogin service should be enabled or disabled as appropriate CCE-8494-7 /etc/auto.misc file should be owned by an appropriate user CCE-7137-3 walld service should be enabled or disabled as appropriate CCE-7126-6 Generic PAM authentication should be enabled or disabled as appropriate CCE-7584-6 /var/adm directory should be owned by an appropriate user CCE-7149-8 ident service should be enabled or disabled as appropriate CCE-7103-5 rlogin auth should be allowed or disallowed by PAM as appropriate CCE-6991-4 /etc/shadow file permissions should be set appropriately CCE-6579-7 Attempted stack eploit logging should be enabled or disabled as appropriate CCE-7005-2 telnet service should be enabled or disabled as appropriate CCE-7331-2 The current directory should or should not be added to the environmental variable PATH by run control scripts as appropriate CCE-6640-7 Response to echo (ping) request broadcasts should be enabled or disabled as appropriate CCE-7190-2 /etc/security/audit_class file should be owned by an appropriate user CCE-7028-4 The delay between failed logins should be set as appropriate CCE-7201-7 All logon attempts should be logged or not logged as appropriate CCE-7247-0 smbpasswd file should be owned by an appropriate group CCE-7092-0 /etc/named.conf file should be owned by an appropriate user CCE-7388-2 DEPRECATED in favor of CCE-7009-4. CCE-6927-8 /etc/cron.d/cron.allow file permissions should be set appropriately CCE-7017-7 Response to ICMP echo (ping) requests should be enabled or disabled as appropriate CCE-7259-5 X-Windows should be enabled or disabled as appropriate CCE-6390-9 /etc/issue file permissions should be set appropriately CCE-7236-3 Crontab directories should be owned by an appropriate user CCE-6904-7 /etc/shadow file should be owned by an appropriate group CCE-8264-4 /etc/auto.net file should be owned by an appropriate group CCE-6697-7 /etc/init.d file permissions should be set appropriately CCE-7486-4 The low security directory list should be set appropriately CCE-6568-0 DEPRECATED in favor of CCE-8665-2, CCE-7766-9, CCE-8264-4. CCE-7115-9 /etc/resolv.conf file should be owned by an appropriate user CCE-7440-1 DEPRECATED. CCE-7127-4 EEPROM warning banner should be set appropriately CCE-7104-3 Access to single-user mode (maintainence mode) should require the root password or not as appropriate CCE-6787-6 DEPRECATED in favor of CCE-8221-4. CCE-7376-7 Aliases file permissions should be set appropriately CCE-7353-6 /sbin/bash file permissions should be set appropriately CCE-6643-1 The decode sendmail alias should be enabled or disabled as appropriate. CCE-7029-2 /dev/null file permissions should be set appropriately CCE-7248-8 /etc/samba/smb.conf file permissions should be set appropriately CCE-7278-5 /sbin/sh file permissions should be set appropriately CCE-7225-6 cron.deny should be owned by an appropriate user CCE-6620-9 The TCP abort interval should be set appropriately CCE-7474-0 /var directory should be owned by an appropriate user CCE-7497-1 DEPRECATED in favor of CCE-7736-2. CCE-6741-3 Response to mask addresses should be enabled or disabled as appropriate CCE-6323-0 All files should be owned by an existing group or not as appropriate. CCE-7399-9 The /var/adm/sulog log should be enabled or disabled as appropriate CCE-7071-4 DEPRECATED. CCE-6983-1 smbpasswd file should be owned by an appropriate user CCE-7289-2 The /etc/rsh file should exist or not as appropriate CCE-7341-1 The Solaris Automated Security Enhancement Tool (ASET) tune.low file should exist or not as appropriate CCE-6885-8 Response to ICMP timestamp requests should be enabled or disabled as appropriate CCE-6850-2 DEPRECATED. CCE-7214-0 The /etc/shells file should exist or not as appropriate CCE-7237-1 inetd.conf file should be owned by an appropriate user CCE-6677-9 The setreuid system call should be audited or not as appropriate CCE-6565-6 /usr/aset/userlist file should be owned by an appropriate group CCE-8221-4 The cron.deny file should be configured with the set of users not permitted to use the cron facility as appropriate. CCE-6311-5 .netrc files should exist or not as appropriate for all users. CCE-7375-9 Environmental variable PATH for superuser accounts should not contain the current directory as the first or last entry CCE-7352-8 DEPRECATED. CCE-7105-0 The ntpd service should be enabled or disabled as appropriate. CCE-6324-8 The home directory for the root account should be set appropriately. CCE-7060-7 DEPRECATED in favor of CCE-8221-4. CCE-7398-1 DEPRECATED. CCE-6479-0 DEPRECATED. CCE-6665-4 The lchown system call should be audited or not as appropriate CCE-7277-7 The setpgrp system call should be audited or not as appropriate CCE-6861-9 /etc/default/login file permissions should be set appropriately CCE-7249-6 discard service should be enabled or disabled as appropriate CCE-6895-7 File permissions should be set appropriately for all shell executables. CCE-7203-3 at.allow file should be owned by an appropriate user CCE-6688-6 The ftp account should exist or not as appropriate CCE-7496-3 Response to ICMP timestamp broadcast requests should be enabled or disabled as appropriate CCE-7363-5 /etc/exports should be owned by an appropriate user CCE-7095-3 traceroute executable file permissions should be set appropriately CCE-8330-3 NIS server should be enabled or disabled as appropriate CCE-7238-9 Environmental variable PATH for superuser accounts should or should not contain world-writable files as appropriate CCE-7340-3 /usr/lib/sendmail file permissions should be set appropriately CCE-7215-7 Cron directory permissions should be set appropriately CCE-7181-1 cron.deny file permissions should be set appropriately CCE-6630-8 inn service should be enabled or disabled as appropriate CCE-7461-7 /usr/lib/sendmail file should be owned by an appropriate user CCE-6929-4 The user audit file should contain an appropriate set of never-audit flags CCE-7193-6 DEPRECTATED in favor of CCE-8421-0 and CCE-8330-3 CCE-7117-5 The use of NIS special characters (+ or -) in the first field of the /etc/shadow file should be allowed or disallowed as appropriate. CCE-7603-4 System ftp logoffs should be audited or not as appropriate CCE-7626-5 Forwarding of source routed IPv6 packets should be enabled or disabled as appropriate CCE-7299-1 The sendmail banner should be set appropriately. CCE-7397-3 /var/tmp file permissions should be set appropriately CCE-6367-7 at.deny file permissions should be set appropriately CCE-6683-7 The graphical login banner should be set appropriately. CCE-6453-5 Sendmail should be enabled or disabled as appropriate CCE-6803-1 inetd logging should be enabled or disabled as appropriate CCE-7276-9 DEPRECATED. CCE-7351-0 Crontab directories should be owned by an appropriate group CCE-7581-2 Caching of the RBAC exec_attr should be enabled or disabled as appropriate CCE-7008-6 /etc/jsh file permissions should be set appropriately CCE-6321-4 TCP_WRAPPERS should be enabled or disabled as appropriate CCE-6935-1 The Solaris Automated Security Enhancement Tool (ASET) tune.high file should exist or not as appropriate CCE-7118-3 rexd service should be enabled or disabled as appropriate CCE-6837-9 The ftp login banner should be set appropriately. CCE-7096-1 Sendmail should be configured with an appropriate logging level CCE-7216-5 DEPRECATED. CCE-7171-2 /bin/ksh file permissions should be set appropriately CCE-7460-9 snmpd.conf file should be owned by an appropriate user CCE-7309-8 The /sbin/rsh file should exist or not as appropriate CCE-6378-4 /dev/mem file permissions should be set appropriately CCE-7194-4 cron.allow file permissions should be set appropriately CCE-7407-0 DEPRECATED. CCE-7483-1 Clearing of the audit log file should be audited or not as appropriate CCE-6947-6 The version string reported by the bind service should be configured appropriately. CCE-6563-1 DEPRECATED. CCE-7062-3 The nosuid option should be enabled or disabled for all NFS mounts as appropriate CCE-8488-9 /etc/auto.master file should be owned by an appropriate user CCE-7275-1 xdmcp service should be enabled or disabled as appropriate CCE-7350-2 System rexd logons should be audited or not as appropriate CCE-7580-4 Use of identification/authorization mechanisms should be audited or not as appropriate CCE-7009-4 login and logout events (lo class) should be audited or not as appropriate CCE-7228-0 X-Windows should write .Xauthority files to users' home directories or not as appropriate CCE-7471-6 smbpasswd executable should be owned by an appropriate user CCE-7736-2 The cron.allow file should be configured with the set of users permitted to use the cron facility as appropriate. CCE-7183-7 The use of NIS special characters (+ or -) in the first field of the /etc/passwd file should be allowed or disallowed as appropriate. CCE-6575-5 DEPRECATED. CCE-6606-8 chmod command should be audited or not as appropriate CCE-7107-6 IPv6 forwarding should be enabled or disabled as appropriate CCE-6322-2 SNMP version 1 should be enabled or disabled as appropriate CCE-7119-1 All device files should be located inside an appropriate path CCE-7308-0 /etc/named.conf file should be owned by an appropriate group CCE-7361-9 The system umask should be set appropriately CCE-7406-2 /etc/security/audit_control file should be owned by an appropriate user CCE-6670-4 crontab files should be owned by an appropriate group CCE-7286-8 /usr/bin/ksh file permissions should be set appropriately CCE-7097-9 NFS should be configured with appropriate authentication methods CCE-7172-0 SSH Protocol v1 should be enabled or disabled as appropriate CCE-7217-3 File permissions should be set as appropriate for the log file configured to capture critical sendmail messages. CCE-6489-9 Sendmail vrfy command should be allowed or not as appropriate CCE-6379-2 /usr/bin/bash file permissions should be set appropriately CCE-6258-8 Shells referenced in /etc/passwd should be included in /etc/shells or not as appropriate CCE-7482-3 rlogin auth should be allowed by pam.d or not as appropriate CCE-6541-7 echo service should be enabled or disabled as appropriate CCE-6474-1 /etc/services file should be owned by an appropriate group CCE-7086-2 Password history should be saved for an appropriate number of password changes CCE-7063-1 Superuser account home directories' permissions should be set appropriately CCE-6805-6 /etc/notrouter file permissions should be set appropriately CCE-6990-6 /var/adm/sulog file permissions should be set appropriately CCE-7274-4 pop3 service should be enabled or disabled as appropriate CCE-6685-2 cmsd service should be enabled or disabled as appropriate CCE-7206-6 DEPRECATED in favor of CCE-8171-1. CCE-6342-0 The "at" utility directory permissions should be set as appropriate CCE-7161-3 Cron directories should be owned by an appropriate group CCE-7184-5 /etc/ksh file permissions should be set appropriately CCE-7470-8 DEPRECATED in favor of CE-8488-9, CCE-8494-7 and CCE-8314-7. CCE-7503-6 Forwarding of directed broadcasts should be enabled or disabled as appropriate CCE-6609-2 The /var/adm/wtmp[x] log should be enabled or disabled as appropriate CCE-8236-2 The chmod system call should be audited or not as appropriate CCE-6267-9 Automount should be enabled or disabled as appropriate CCE-7526-7 The setregid system call should be audited or not as appropriate CCE-6783-5 IPv6 should be enabled or disabled as appropriate CCE-6595-3 The statd service should be enabled or disabled as appropriate CCE-7108-4 All files should be owned by an existing account or not as appropriate. CCE-7493-0 The setgroups system call should be audited or not as appropriate CCE-6255-4 Each account should be assigned a unique UID or not as appropriate CCE-7052-4 DEPRECATED. CCE-7405-4 Print services through inetd should be enabled or disabled as appropriate CCE-7515-0 DEPRECATED. CCE-6673-8 Caching of the RBAC user_attr should be enabled or disabled as appropriate CCE-6650-6 sadmin service should be enabled or disabled as appropriate CCE-7098-7 rsh service should be enabled or disabled as appropriate CCE-6903-9 The telnet login banner should be set appropriately. CCE-6399-0 /etc/passwd file permissions should be set appropriately CCE-7218-1 smbpassword executable permissions should be set appropriately CCE-6696-9 Sendmail help command should be allowed or not as appropriate CCE-7150-6 /dev/kmem file permissions should be set appropriately CCE-7173-8 /export/home should be configured on an appropriate filesystem partition CCE-6926-0 The screen lock should activate after an appropriate period of inactivity CCE-7196-9 Login access to accounts without passwords should be enabled or disabled as appropriate CCE-7481-5 DEPRECATED. CCE-7307-2 dtspc (cde-spc) service should be enabled or disabled as appropriate CCE-7087-0 /etc/netconfig file permissions should be set appropriately CCE-7548-1 The uid_aliases file should exist or not as appropriate CCE-6684-5 System telnet logons should be audited or not as appropriate CCE-7064-9 DEPRECATED. CCE-7273-6 /usr/lib/pt_chmod file permissions should be set appropriately CCE-8421-0 NIS clinent should be enabled or disabled as appropriate CCE-6661-3 The fchmod system call should be audited or not as appropriate CCE-6452-7 at.deny file should be owned by an appropriate group CCE-6891-6 The medium security directory list should be set appropriately CCE-7296-7 DEPRECATED. CCE-7207-4 /var/spool/mail file permissions should be set appropriately CCE-7394-0 /var/log/pamlog file should be owned by an appropriate group CCE-6729-8 DEPRECATED. CCE-6936-9 /usr/bin/rdist file permissions should be set appropriately CCE-7185-2 Accounts other than root and locked system accounts should be allowed to have a GID of 0 or not as appropriate CCE-6550-8 /etc/security/audit_event file permissions should be set appropriately CCE-4923-9 DEPRECATED. CCE-7109-2 All files executed through /etc/aliases file entries should have file permissions set appropriately CCE-7492-2 BSM auditing should be enabled or disabled as appropriate CCE-6672-0 /sbin/ksh file permissions should be set appropriately CCE-7076-3 /etc/shadow file should be owned by an appropriate user CCE-7053-2 The default gateway should be set appropriately. CCE-7514-3 EEPROM security mode should be set appropriately CCE-7590-3 The fchown system call should be audited or not as appropriate CCE-7404-7 /etc/syslog.conf file should be owned by an appropriate group CCE-6880-9 /usr/aset/userlist file permissions should be set appropriately CCE-6619-1 The /var/adm/sshlog log should be enabled or disabled as appropriate CCE-6793-4 The /var/log/authlog log should be enabled or disabled as appropriate CCE-7197-7 X11 forwarding via SSH should be enabled or disabled as appropriate. CCE-7174-6 /usr/sbin/sync file permissions should be set appropriately CCE-7306-4 DEPRECATED. CCE-6902-1 All su (switch user) activity should be logged or not as appropriate CCE-6562-3 /etc/ufs file permissions should be set appropriately CCE-6585-4 netstat service should be enabled or disabled as appropriate CCE-7329-6 /sbin/csh file permissions should be set appropriately |