Download
| Alert*
oval:org.secpod.oval:def:55101
Root login via SSH should be disabled (and dependencies are met) oval:org.secpod.oval:def:55097 The pam_cracklib module checks the strength of passwords. It performs checks such as making sure a password is not a dictionary word, it is a certain length, contains a mix of characters (e.g. alphabet, numeric, other) and more. The following are definitions of the pam_cracklib.so options. * retr ... oval:org.secpod.oval:def:55102 This test makes sure that '/etc/shadow' file permission is setted as appropriate. If the target file or directory has an extended ACL then it will fail the mode check. oval:org.secpod.oval:def:55105 File permission for '/etc/ssh/sshd_config' is set to appropriate values. oval:org.secpod.oval:def:55099 The /etc/group file contains a list of all the valid groups defined in the system. The command below allows read/write access for root and read access for everyone else. oval:org.secpod.oval:def:55100 Only SSH protocol version 2 connections should be permitted. oval:org.secpod.oval:def:55103 The /etc/shadow file contains the one-way cipher text passwords for each user defined in the /etc/passwd file. The command below sets the user and group ownership of the file to root. oval:org.secpod.oval:def:55096 The kernel runtime parameter "net.ipv6.conf.default.accept_ra" should be set to "0". oval:org.secpod.oval:def:55094 The Set Lockout Time For Failed Password Attempts should be set correctly. oval:org.secpod.oval:def:55104 The /etc/passwd file contains a list of all the valid userIDs defined in the system, but not the passwords. The command below sets the owner and group of the file to root. oval:org.secpod.oval:def:55095 The minimum password age policy should be set appropriately. oval:org.secpod.oval:def:55098 The maximum password age policy should meet minimum requirements. |