Download
| Alert*
CCE-14871-8
Support for udf filesystems should be enabeld or disabled as appropriate. CCE-14457-6 Support for freevxfs filesystems should be enabeld or disabled as appropriate. CCE-4292-9 The auditd service should be enabled or disabled as appropriate. CCE-3537-8 The rlogin service should be enabled or disabled as appropriate. CCE-14061-6 The SSH 'keep alive' message count should be set to an appropriate value. CCE-3416-5 The rhnsd service should be enabled or disabled as appropriate. CCE-4009-7 Anonymous root logins are enabled or disabled as appropriate CCE-14894-0 LDAP client requires or does not require LDAP servers to use TLS for SSL communications as appropriate. CCE-14927-8 The noexec option should be enabled or disabled as appropriate for /tmp. CCE-3974-3 The rcp service should be enabled or disabled as appropriate. CCE-14118-4 Support for squashfs filesystems should be enabeld or disabled as appropriate. CCE-14829-6 Auditing should be configured to record user/group information modification events as appropriate. CCE-4239-0 The dovecot package should be installed or uninstalled as appropriate. CCE-14171-3 /var/log/audit should be configured on an appropriate filesystem partition. CCE-17742-8 The rsyslog package should be installed or uninstalled as appropriate. CCE-14939-3 The "password reuse" policy should meet minimum requirements. CCE-18095-0 File permissions for all rsyslog log files should be set correctly. CCE-4338-0 The httpd service should be enabled or disabled as appropriate. CCE-14688-6 Auditing should be configured to record kernel module loading and unloading events as appropriate. CCE-14412-1 The nodev option should be enabled or disabled as appropriate for /tmp. CCE-3624-4 The SELinux policy should be set appropriately. CCE-4074-1 X Windows System Listening for remote connections should be enabled or disabled as appropriate CCE-4097-2 The password warn age should be set appropriately CCE-14881-7 The vsftpd package should be installed or uninstalled as appropriate. CCE-14991-4 The system includes or does not include any device files with the unlabeled SELinux type. CCE-4425-5 The hplip service should be enabled or disabled as appropriate. CCE-4217-6 Accepting ICMP redirects should be enabled or disabled for all interfaces as appropriate. CCE-4172-3 Kernel support for the XD/NX processor feature should be enabled or disabled as appropriate CCE-4304-2 File permissions for /etc/anacrontab should be set correctly. CCE-18455-6 The IPv6 protocol should be enabled or disabed as appropriate. CCE-3999-0 The SELinux state should be set appropriately. CCE-3765-5 The snmpd service should be enabled or disabled as appropriate. CCE-14063-2 The password hashing algorithm should be configured as appropriate. CCE-3535-2 The rpcgssd service should be enabled or disabled as appropriate. CCE-14816-3 Auditing should be configured to record changes to the system network environment as appropriate. CCE-3840-6 The default setting for performing source validation by reverse path should be enabled or disabled for network interfaces as appropriate. CCE-3644-2 Ignoring ICMP echo requests (pings) sent to broadcast / multicast addresses should be enabled or disabled as appropriate. CCE-14161-4 /tmp should be configured on an appropriate filesystem partition. CCE-14075-6 Client SMB packet signing should be required or not required for smbclient as appropriate. CCE-4218-4 The yum-updatesd service should be enabled or disabled as appropriate. CCE-3425-6 The kdump service should be enabled or disabled as appropriate. CCE-15013-6 The system should act as a network sniffer or not as appropriate. CCE-3987-5 Login access to non-root system accounts should be enabled or disabled as appropriate CCE-14914-6 Package signature checking should be globally activated or deactivated as appropriate. CCE-17250-2 The pam_ccreds package should be installed or uninstalled as appropriate. CCE-18412-7 User accounts may or may not be inactivated a specified number of days after account expiration. CCE-14107-7 The default umask for all users should be set correctly in /etc/login.defs CCE-4370-3 SSH host-based authentication should be enabled or disabled as appropriate CCE-15026-8 The kernel arguments should enable or disable auditing early in the boot process as appropriate. CCE-4042-8 The nosuid option should be enabled or disabled as appropriate for all removable media. CCE-14569-8 Auditing should be configured to record data export to media events as appropriate. CCE-4491-7 The rpcsvcgssd service should be enabled or disabled as appropriate CCE-3668-1 The mcstrans service should be enabled or disabled as appropriate. CCE-4186-3 The default setting for accepting ICMP redirects should be enabled or disabled for network interfaces as appropriate. CCE-3501-4 The ldap service should be enabled or disabled as appropriate. CCE-3339-9 The default setting for accepting "secure" ICMP redirects (those from gateways listed in the default gateways list) should be enabled or disabled for network interfaces as appropriate. CCE-4076-6 The squid package should be installed or uninstalled as appropriate. CCE-4219-2 The bind package should be installed or uninstalled as appropriate. CCE-14051-7 Auditing should be configured to record date and time modification events as appropriate. CCE-17698-2 The rsyslog service should be enabled or disabled as appropriate. CCE-4151-7 The default setting for sending ICMP redirects should be enabled or disabled for network interfaces as appropriate. CCE-14088-9 The 'wheel' group should exist or not as appropriate CCE-4431-3 SSH warning banner should be enabled or disabled as appropriate CCE-14491-5 Appropriate ciphers should be used for SSH. CCE-17504-2 The irda-utils package should be installed or uninstalled as appropriate. CCE-3932-1 File permissions for /etc/gshadow should be set correctly. CCE-4114-5 NIS file inclusions should be set appropriately in the /etc/passwd file CCE-14825-4 The isdn4k-utils package should installed or uninstalled as appropriate. CCE-4092-3 The "maximum password age" policy should meet minimum requirements. CCE-14054-1 Zeroconf networking should be enabled or disabled as appropriate. CCE-4247-3 Core dumps for setuid programs should be enabled or disabled as appropriate CCE-14559-9 /home should be configured on an appropriate filesystem partition. CCE-3399-3 The sticky bit should be set or not set as appropriate for all world-writable directories. CCE-18244-4 The irda service should be enabled or disabled as appropriate. CCE-4368-7 The nodev option should be enabled or disabled for all NFS mounts as appropriate CCE-14813-0 Package signature checking should be activated or deactivated as appropriate for all configured repositories. CCE-4225-9 Core dumps for all users should be enabled or disabled as appropriate CCE-3847-1 The dovecot service should be enabled or disabled as appropriate. CCE-14296-8 Auditing should be configured to record use of privileged commands as appropriate. CCE-4180-6 The "minimum password age" policy should meet minimum requirements. CCE-3977-6 SELinux should be enabled or disabled as appropriate CCE-3485-0 Logins through the specified virtual console device should be enabled or disabled as appropriate CCE-4236-6 Accepting source routed packets should be enabled or disabled for all interfaces as appropriate. CCE-14824-7 Auditing should be configured to record administrator and security personnel action events as appropriate. CCE-14847-8 The default umask for all users should be set correctly in /etc/profile CCE-14703-3 The noexec option should be enabled or disabled for /dev/shm. CCE-14911-2 Disable or enable support for TIPC as appropriate. CCE-4421-4 The readahead_early service should be enabled or disabled as appropriate. CCE-14306-5 The nosuid option should be enabled or disabled for /dev/shm. CCE-14957-5 The PATH variable for root includes or does not include any world-writable or group-writable directories as appropriate. CCE-4060-0 The system login banner text should be set correctly. CCE-3844-8 The default umask for all users should be set correctly for the bash shell CCE-15029-2 Client SMB packet signing should be required or not required for mount.cifs as appropriate. CCE-4203-6 File permissions for /etc/cron.weekly should be set correctly. CCE-4324-0 The crond service should be enabled or disabled as appropriate. CCE-4422-2 X Windows should be installed or removed as appropriate CCE-4249-9 The nodev option should be enabled or disabled as appropriate for all non-root partitions. CCE-18200-6 The talk package should be installed or uninstalled as appropriate. CCE-15007-8 The nodev option should be enabled or disabled for /dev/shm. CCE-4313-3 Accepting redirects from IPv6 routers should be enabled or disabled as appropriate for all network interfaces. CCE-3472-8 Accepting "secure" ICMP redirects (those from gateways listed in the default gateways list) should be enabled or disabled for all interfaces as appropriate. CCE-3845-5 The SSH idle timout interval should be set to an appropriate value CCE-4227-5 The default umask for all users should be set correctly for the csh shell CCE-14089-7 Support for cramfs filesystems should be enabeld or disabled as appropriate. CCE-4182-2 The logrotate (syslog rotater) service should be enabled or disabled as appropriate. CCE-3649-1 Firewall access to printing service should be enabled or disabled as appropriate CCE-3910-7 The vlock package should be installed or not as appropriate CCE-4336-4 The dhcpd service should be enabled or disabled as appropriate. CCE-4106-1 File permissions for /etc/cron.hourly should be set correctly. CCE-4072-5 The autofs service should be enabled or disabled as appropriate. CCE-15018-5 Postfix network listening should be enabled or disabled for as appropriate. CCE-4238-2 Login access to accounts without passwords should be enabled or disabled as appropriate CCE-14701-7 The password strength parameters should require new passwords to differ from old ones by the appropriate minimum number of characters. CCE-3967-7 File permissions for /etc/group should be set correctly. CCE-4348-9 The ypserv package should be installed or uninstalled as appropriate. CCE-4325-7 SSH version 1 protocol support should be enabled or disabled as appropriate. CCE-4533-6 The netfs service should be enabled or disabled as appropriate. CCE-18037-2 The firewall should allow or reject access to the avahi service. CCE-4302-6 The readahead_later service should be enabled or disabled as appropriate. CCE-4556-7 The squid service should be enabled or disabled as appropriate. CCE-14023-6 The screen lock (password protection) function of the gnome desktop screensaver should be enabled or disabled as appropriate as a mandatory setting for all users. CCE-4024-6 The nosuid option should be enabled or disabled for all NFS mounts as appropriate CCE-14735-5 The screen blanking function of the gnome desktop screensaver should be enabled or disabled as appropriate as a mandatory setting for all users. CCE-14712-4 The minimum number of lower case characters required for new passwords should be set as appropriate. CCE-4473-5 The nfs service should be enabled or disabled as appropriate CCE-14495-6 The sendmail package should be installed or uninstalled as appropriate. CCE-4450-3 File permissions for /etc/cron.daily should be set correctly. CCE-4220-0 The daemon umask should be set as appropriate CCE-4168-1 ExecShield should be enabled or disabled as appropriate CCE-4387-7 Root login via SSH should be enabled or disabled as appropriate CCE-14821-3 Auditing should be configured to record changes to the system's mandatory access controls as appropriate. CCE-14058-2 Auditing should be configured to record changes to discretionary access control permissions as appropriate. CCE-14931-0 All installed software packages verify or do not verify against the package database. CCE-14264-6 The default policy for iptables INPUT table should be set as appropriate. CCE-18240-2 All rsyslog log files should be owned by the appropriate group. CCE-4133-5 Ignoring bogus ICMP responses to broadcasts should be enabled or disabled as appropriate. CCE-14604-3 The gnome desktop screensaver should be enabled or disabled as appropriate as a mandatory setting for all users. CCE-4146-7 ExecShield randomized placement of virtual memory regions should be enabled or disabled as appropriate CCE-4330-7 The telnet-server package should be installed or uninstalled as appropriate. CCE-4376-0 The ntpd service should be enabled or disabled as appropriate. CCE-14068-1 The postfix package should be installed or uninstalled as appropriate. CCE-17639-6 Rsyslog should accept remote messages or not as appropriate. CCE-4365-3 The avahi-daemon service should be enabled or disabled as appropriate. CCE-14340-4 Files with the setuid attribute enabled should be reviewed as appropriate to determine whether that condition is correct. CCE-14820-5 Auditing should be configured to record file and program deletion events as appropriate. CCE-14011-1 /var/log should be configured on an appropriate filesystem partition. CCE-14692-8 Auditing should be configured to make auditd configuration immutable as appropriate. CCE-3795-2 The world-write permission should be enabled or disabled as appropriate for all files. CCE-14132-5 Disable or enable support for SCTP as appropriate. CCE-15054-0 The number of times a user is prompted to provide a new password if it fails to meet configured password strength requirements (also known as the retry value) should be set appropriately. CCE-3923-0 File permissions for /etc/grub.conf should be set correctly. CCE-4388-5 File permissions for /etc/crontab should be set correctly. CCE-18156-0 The rawdevices service should be enabled or disabled as appropriate. CCE-17857-4 All rsyslog log files should be owned by the appropriate user. CCE-14940-1 The nosuid option should be enabled or disabled as appropriate for /tmp. CCE-4256-4 Login prompts on serial ports should be enabled or disabled as appropriate. CCE-4475-0 Emulation of the rsh command through the ssh server should be enabled or disabled as appropriate CCE-3573-3 All files should be owned by a group as appropriate CCE-4377-8 The hidd service should be enabled or disabled as appropriate. CCE-4090-7 File permissions should be set correctly for the home directories for all user accounts. CCE-3561-8 IP forwarding should be enabled or disabled as appropriate. CCE-4464-4 The dhcp package should be installed or uninstalled as appropriate. CCE-4245-7 The ability for users to perform interactive startups should be enabled or disabled as appropriate. CCE-4320-8 Logging of "martian" packets (those with impossible addresses) should be enabled or disabled for all interfaces as appropriate. CCE-4355-4 The bluetooth service should be enabled or disabled as appropriate. CCE-14853-6 Support for jffs2 filesystems should be enabeld or disabled as appropriate. CCE-4080-8 Performing source validation by reverse path should be enabled or disabled for all interfaces as appropriate. CCE-17248-6 Rsyslog logs should be sent to a remote loghost or not as appropriate. CCE-4223-4 All files should be owned by a user as appropriate CCE-3660-8 Remote connections from accounts with empty passwords should be enabled or disabled as appropriate CCE-3705-1 The ypbind service should be enabled or disabled as appropriate. CCE-14584-7 /var/tmp should be configured on an appropriate filesystem partition. CCE-15087-0 Support for hfs filesystems should be enabeld or disabled as appropriate. CCE-14122-6 The minimum number of special characters required for new passwords should be set as appropriate. CCE-4091-5 The default setting for accepting source routed packets should be enabled or disabled for network interfaces as appropriate. CCE-3717-6 Warning banners for gui login users should be enabled or disabled as appropriate CCE-4269-7 Accepting IPv6 router advertisements should be enabled or disabled as appropriate for all network interfaces. CCE-4234-1 The inetd service should be enabled or disabled as appropriate. CCE-14440-2 The GPG Key for Red Hat Network should be installed or uninstalled as appropriate. CCE-4514-6 The httpd package should be installed or uninstalled as appropriate. CCE-4209-3 The AIDE package should be installed or not as appropriate CCE-4250-7 File permissions for /etc/cron.d should be set correctly. CCE-4273-9 The tftp service should be enabled or disabled as appropriate. CCE-4164-0 The xinetd package should be installed or uninstalled as appropriate. CCE-14027-7 Disable or enable support for RDS as appropriate. CCE-14777-7 /var should be configured on an appropriate filesystem partition. CCE-4141-8 The rsh service should be enabled or disabled as appropriate. CCE-3315-9 The allowed period of inactivity gnome desktop lockout should be configured correctly. CCE-14268-7 Disable or enable support for DCCP as appropriate. CCE-14672-0 The minimum number of upper case characters required for new passwords should be set as appropriate. CCE-4551-8 The smb service should be enabled or disabled as appropriate. CCE-17816-0 The libuser library "login_defs" variable should be set correctly in libuser.conf. CCE-4188-9 The direct gnome login warning banner should be set correctly. CCE-4251-5 File permissions for /etc/cron.monthly should be set correctly. CCE-3916-4 The tftp-server package should be installed or uninstalled as appropriate. CCE-15047-4 Access to the root account via su should be restricted to the wheel group or not as appropriate. CCE-14113-5 The minimum number of digits required for new passwords should be set as appropriate. CCE-3568-3 The rpcidmapd service should be enabled or disabled as appropriate. CCE-4286-1 The isdn service should be enabled or disabled as appropriate. CCE-4550-0 The portmap service should be enabled or disabled as appropriate. CCE-18031-5 The ipsec-tools package should be installed or uninstalled as appropriate. CCE-4130-1 File permissions for /etc/shadow should be set correctly. CCE-3522-0 The nodev option should be enabled or disabled as appropriate for all removable media. CCE-4308-3 The rsh package should be installed or uninstalled as appropriate. CCE-3390-2 The telnet service should be enabled or disabled as appropriate. CCE-3301-9 The PATH variable should be set correctly for user root CCE-4189-7 The iptables service should be enabled or disabled as appropriate. CCE-4252-3 The xinetd service should be enabled or disabled as appropriate. CCE-4275-4 The noexec option should be enabled or disabled as appropriate for all removable media. CCE-3410-8 The "account lockout threshold" policy should meet minimum requirements. CCE-4396-8 The nfslock service should be enabled or disabled as appropriate. CCE-14071-5 NIS file inclusions should be set appropriately in the /etc/shadow file CCE-3818-2 The grub boot loader should have password protection enabled or disabled as appropriate CCE-4241-6 The requirement for a password to boot into single-user mode should be configured correctly. CCE-3919-8 The vsftpd service should be enabled or disabled as appropriate. CCE-14466-7 The at daemon should be enabled or disabled as appropriate. CCE-4385-1 A remote NTP Server for time synchronization should be specified or not as appropriate CCE-4154-1 The password minimum length should be set appropriately CCE-14917-9 Auditing should be configured to record unauthorized attempts to access files as appropriate. CCE-14081-4 The net-snmpd package should be installed or uninstalled as appropriate. CCE-18151-1 The talk-server package should be installed or uninstalled as appropriate. CCE-3578-2 The named service should be enabled or disabled as appropriate. CCE-4276-2 All wireless interfaces should be enabled or disabled as appropriate. CCE-4023-8 The inetd package should be installed or uninstalled as appropriate. CCE-4167-3 The ip6tables service should be enabled or disabled as appropriate. CCE-3566-7 File permissions for /etc/passwd should be set correctly. CCE-4155-8 Sending ICMP redirects should be enabled or disabled for all interfaces as appropriate. CCE-4265-5 Sending TCP syncookies should be enabled or disabled as appropriate. CCE-14093-9 Support for hfsplus filesystems should be enabeld or disabled as appropriate. CCE-14675-3 NIS file inclusions should be set appropriately in the /etc/group file CCE-14970-8 Files with the setgid attribute enabled should be reviewed as appropriate to determine whether that condition is correct. CCE-14300-8 Password hashes are shadowed or not shadowed for all accounts in /etc/passwd as appropriate. |