[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*


CCE-14871-8
Support for udf filesystems should be enabeld or disabled as appropriate.

CCE-4544-3
Root squashing should be enabled or disabled as appropriate for all NFS shares

CCE-14457-6
Support for freevxfs filesystems should be enabeld or disabled as appropriate.

CCE-14061-6
The SSH 'keep alive' message count should be set to an appropriate value.

CCE-3537-8
The rlogin service should be enabled or disabled as appropriate.

CCE-3502-2
The /etc/pki/tls/ldap/serverkey.pem file should be owned by the appropriate user.

CCE-3733-3
dhcpd logging should be enabled or disabled as appropriate.

CCE-4424-8
The ntp daemon should be enabled or disabled as appropriate

CCE-14688-6
Auditing should be configured to record kernel module loading and unloading events as appropriate.

CCE-4459-4
The Squid option to perform FTP sanity checks should be enabled or not as appropriate

CCE-14991-4
The system includes or does not include any device files with the unlabeled SELinux type.

CCE-4304-2
File permissions for /etc/anacrontab should be set correctly.

CCE-3999-0
The SELinux state should be set appropriately.

CCE-3840-6
The default setting for performing source validation by reverse path should be enabled or disabled for network interfaces as appropriate.

CCE-3644-2
Ignoring ICMP echo requests (pings) sent to broadcast / multicast addresses should be enabled or disabled as appropriate.

CCE-4339-8
The /etc/pki/tls/ldap file should be owned by the appropriate group.

CCE-3381-1
The default setting for IPv6 configuration should be enabled or disabled for network interfaces as appropriate.

CCE-3679-8
The syslog service should be enabled or disabled as appropriate.

CCE-4272-1
SSH should be installed or uninstalled as appropriate

CCE-4370-3
SSH host-based authentication should be enabled or disabled as appropriate

CCE-3755-6
CUPS service should be enabled or disabled as appropriate

CCE-4076-6
The squid package should be installed or uninstalled as appropriate.

CCE-4219-2
The bind package should be installed or uninstalled as appropriate.

CCE-14679-5
Auditing should be configured to record process and session initiation events as appropriate.

CCE-3604-6
The /etc/anacrontab file should be owned by the appropriate group.

CCE-14716-5
Users should be allowed or not allowed to set environment options for SSH as appropriate.

CCE-4379-4
The /etc/anacrontab file should be owned by the appropriate user.

CCE-4322-4
The /etc/cron.monthly file should be owned by the appropriate group.

CCE-3692-1
The Squid EUID should be set to an appropriate user

CCE-14559-9
/home should be configured on an appropriate filesystem partition.

CCE-4420-6
Remote print browsing should be enabled or disabled as appropriate

CCE-14296-8
Auditing should be configured to record use of privileged commands as appropriate.

CCE-4006-3
The USB device support module should be installed or not as appropriate

CCE-3977-6
SELinux should be enabled or disabled as appropriate

CCE-14703-3
The noexec option should be enabled or disabled for /dev/shm.

CCE-14306-5
The nosuid option should be enabled or disabled for /dev/shm.

CCE-3844-8
The default umask for all users should be set correctly for the bash shell

CCE-4433-9
Avahi publishing of hardware information should be enabled or disabled as appropriate

CCE-3724-2
Domain name server information should be sent or not sent by the DHCP server as appropriate.

CCE-4313-3
Accepting redirects from IPv6 routers should be enabled or disabled as appropriate for all network interfaces.

CCE-3822-4
The messagebus service should be enabled or disabled as appropriate.

CCE-3626-9
The /etc/crontab file should be owned by the appropriate group.

CCE-4072-5
The autofs service should be enabled or disabled as appropriate.

CCE-4348-9
The ypserv package should be installed or uninstalled as appropriate.

CCE-3581-6
The /etc/httpd/conf/* files should be owned by the appropriate group.

CCE-4170-7
Device drivers for wireless devices should be included or excluded from the kernel as appropriate.

CCE-4024-6
The nosuid option should be enabled or disabled for all NFS mounts as appropriate

CCE-14712-4
The minimum number of lower case characters required for new passwords should be set as appropriate.

CCE-4473-5
The nfs service should be enabled or disabled as appropriate

CCE-4220-0
The daemon umask should be set as appropriate

CCE-18240-2
All rsyslog log files should be owned by the appropriate group.

CCE-14604-3
The gnome desktop screensaver should be enabled or disabled as appropriate as a mandatory setting for all users.

CCE-4255-6
Squid should be configured to allow ftp traffic or not as appropriate

CCE-4451-1
Avahi publishing of workstation name should be enabled or disabled as appropriate

CCE-4100-4
The pcscd service should be enabled or disabled as appropriate.

CCE-4353-9
The Squid max request HTTP header length should be set to an appropriate value

CCE-17639-6
Rsyslog should accept remote messages or not as appropriate.

CCE-14692-8
Auditing should be configured to make auditd configuration immutable as appropriate.

CCE-14132-5
Disable or enable support for SCTP as appropriate.

CCE-4388-5
File permissions for /etc/crontab should be set correctly.

CCE-4331-5
The /etc/cron.weekly file should be owned by the appropriate group.

CCE-17857-4
All rsyslog log files should be owned by the appropriate user.

CCE-3870-3
The default umask for all users should be set correctly

CCE-4090-7
File permissions should be set correctly for the home directories for all user accounts.

CCE-4366-1
All syslog log files should be owned by the appropriate user.

CCE-4464-4
The dhcp package should be installed or uninstalled as appropriate.

CCE-4233-3
File permissions for all syslog log files should be set correctly.

CCE-4268-9
The sshd service should be enabled or disabled as appropriate.

CCE-4549-2
Logging of vsftpd transactions should be enabled or disabled as appropriate

CCE-4148-3
The setroubleshoot package should be installed or uninstalled as appropriate.

CCE-3585-7
The Squid option to ignore unknown nameservers should be enabled or not as appropriate

CCE-4211-9
The kudzu service should be enabled or disabled as appropriate.

CCE-4015-4
The statd service should be configured to use an outgoing static port or an outgoing dynamic portmapper port as appropriate

CCE-3487-6
The ntp daemon synchronization server should be set appropriately

CCE-4344-8
The Squid option to allow underscores in hostnames should be enabled or disabled as appropriate

CCE-4514-6
The httpd package should be installed or uninstalled as appropriate.

CCE-4371-1
The Dovecot option to drop privileges to user before executing mail process should be enabled or not as appropriate

CCE-4273-9
The tftp service should be enabled or disabled as appropriate.

CCE-4416-4
The sendmail service should be enabled or disabled as appropriate.

CCE-3412-4
The firstboot service should be enabled or disabled as appropriate.

CCE-4318-2
Time offset should be sent or not sent by the DHCP server as appropriate.

CCE-3883-6
The /etc/group file should be owned by the appropriate group.

CCE-4188-9
The direct gnome login warning banner should be set correctly.

CCE-4251-5
File permissions for /etc/cron.monthly should be set correctly.

CCE-4607-8
Squid should be configured to allow http traffic or not as appropriate

CCE-4509-6
File permissions for /etc/httpd/conf should be set correctly.

CCE-4286-1
The isdn service should be enabled or disabled as appropriate.

CCE-18031-5
The ipsec-tools package should be installed or uninstalled as appropriate.

CCE-4384-4
Dovecot should be configured to support the imaps protocol or not as necessary

CCE-3301-9
The PATH variable should be set correctly for user root

CCE-3919-8
The vsftpd service should be enabled or disabled as appropriate.

CCE-4407-3
CUPS should be allowed or denied the ability to listen for Incoming printer information as appropriate

CCE-14917-9
Auditing should be configured to record unauthorized attempts to access files as appropriate.

CCE-18151-1
The talk-server package should be installed or uninstalled as appropriate.

CCE-4144-2
The /etc/grub.conf file should be owned by the appropriate user.

CCE-14970-8
Files with the setgid attribute enabled should be reviewed as appropriate to determine whether that condition is correct.

CCE-4009-7
Anonymous root logins are enabled or disabled as appropriate

CCE-3974-3
The rcp service should be enabled or disabled as appropriate.

CCE-3756-4
The apache2 server's ServerSignature value should be set appropriately

CCE-17742-8
The rsyslog package should be installed or uninstalled as appropriate.

CCE-4303-4
DEPRECTATED in favor of CCE-4448-7

CCE-4338-0
The httpd service should be enabled or disabled as appropriate.

CCE-4293-7
The listening sendmail daemon should be enabled or disabled as appropriate.

CCE-3382-9
Syslogd should accept remote messages or not as appropriate

CCE-4097-2
The password warn age should be set appropriately

CCE-18455-6
The IPv6 protocol should be enabled or disabed as appropriate.

CCE-3765-5
The snmpd service should be enabled or disabled as appropriate.

CCE-14794-2
All world-writable directories should be owned by an appropriate user.

CCE-3667-3
The statd service should be configured to use a static port or a dynamic portmapper port as appropriate

CCE-4530-2
Dovecot should be configured to support the pop3 protocol or not as necessary

CCE-14075-6
Client SMB packet signing should be required or not required for smbclient as appropriate.

CCE-4449-5
The /etc/pki/tls/CA/cacert.pem file should be owned by the appropriate user.

CCE-4218-4
The yum-updatesd service should be enabled or disabled as appropriate.

CCE-3610-3
Squid should be configured to allow wais traffic or not as appropriate

CCE-4173-1
USB kernel support should be enabled or disabled as appropriate.

CCE-3987-5
Login access to non-root system accounts should be enabled or disabled as appropriate

CCE-14107-7
The default umask for all users should be set correctly in /etc/login.defs

CCE-14569-8
Auditing should be configured to record data export to media events as appropriate.

CCE-3854-7
The mdmonitor service should be enabled or disabled as appropriate.

CCE-3952-9
File permissions for /usr/sbin/userhelper should be set correctly.

CCE-4186-3
The default setting for accepting ICMP redirects should be enabled or disabled for network interfaces as appropriate.

CCE-4552-6
Dovecot plaintext authentication of clients should be enabled or disabled as necessary

CCE-4427-1
The /etc/pki/tls/CA/cacert.pem file should be owned by the appropriate group.

CCE-4151-7
The default setting for sending ICMP redirects should be enabled or disabled for network interfaces as appropriate.

CCE-4356-2
The microcode_ctl service should be enabled or disabled as appropriate.

CCE-4258-0
The /var/named/chroot/etc/named.conf file should be owned by the appropriate user.

CCE-4454-5
The Squid option to force FTP passive connections should be enabled or not as appropriate

CCE-14088-9
The 'wheel' group should exist or not as appropriate

CCE-3399-3
The sticky bit should be set or not set as appropriate for all world-writable directories.

CCE-14813-0
Package signature checking should be activated or deactivated as appropriate for all configured repositories.

CCE-4547-6
Dovecot should be configured to support the imap protocol or not as necessary

CCE-4236-6
Accepting source routed packets should be enabled or disabled for all interfaces as appropriate.

CCE-14911-2
Disable or enable support for TIPC as appropriate.

CCE-4191-3
The dhcp client service should be enabled or disabled as appropriate for each interface.

CCE-4369-5
The network service should be enabled or disabled as appropriate.

CCE-4410-7
The Dovecot option to spawn a new login process per connection should be enabled or not as appropriate

CCE-4249-9
The nodev option should be enabled or disabled as appropriate for all non-root partitions.

CCE-4129-3
The restorecond service should be enabled or disabled as appropriate.

CCE-3845-5
The SSH idle timout interval should be set to an appropriate value

CCE-4227-5
The default umask for all users should be set correctly for the csh shell

CCE-3649-1
Firewall access to printing service should be enabled or disabled as appropriate

CCE-4182-2
The logrotate (syslog rotater) service should be enabled or disabled as appropriate.

CCE-15018-5
Postfix network listening should be enabled or disabled for as appropriate.

CCE-4325-7
SSH version 1 protocol support should be enabled or disabled as appropriate.

CCE-18037-2
The firewall should allow or reject access to the avahi service.

CCE-4556-7
The squid service should be enabled or disabled as appropriate.

CCE-4352-1
Avahi publishing of local information by user applications should be enabled or disabled as appropriate

CCE-4254-9
The setroubleshoot service should be enabled or disabled as appropriate.

CCE-4450-3
File permissions for /etc/cron.daily should be set correctly.

CCE-4387-7
Root login via SSH should be enabled or disabled as appropriate

CCE-4058-4
The default setting for accepting prefix information via IPv6 router advertisement should be enabled or disabled for network interfaces as appropriate.

CCE-4289-5
The apmd service should be enabled or disabled as appropriate.

CCE-4330-7
The telnet-server package should be installed or uninstalled as appropriate.

CCE-4169-9
NIS servers should be sent or not sent by the DHCP server as appropriate.

CCE-3707-7
The idle time-out value for the default /bin/bash shell should meet the minimum requirements.

CCE-4365-3
The avahi-daemon service should be enabled or disabled as appropriate.

CCE-3795-2
The world-write permission should be enabled or disabled as appropriate for all files.

CCE-4134-3
Network access to ntpd should be allowed or denied as appropriate

CCE-15054-0
The number of times a user is prompted to provide a new password if it fails to meet configured password strength requirements (also known as the retry value) should be set appropriately.

CCE-18156-0
The rawdevices service should be enabled or disabled as appropriate.

CCE-3573-3
All files should be owned by a group as appropriate

CCE-4112-9
The cups service should be enabled or disabled as appropriate.

CCE-4245-7
The ability for users to perform interactive startups should be enabled or disabled as appropriate.

CCE-4441-2
The /etc/cron.monthly file should be owned by the appropriate user.

CCE-4210-1
The /etc/gshadow file should be owned by the appropriate user.

CCE-14853-6
Support for jffs2 filesystems should be enabeld or disabled as appropriate.

CCE-4080-8
Performing source validation by reverse path should be enabled or disabled for all interfaces as appropriate.

CCE-17248-6
Rsyslog logs should be sent to a remote loghost or not as appropriate.

CCE-4476-8
The Squid GUID should be set to an appropriate group

CCE-4223-4
All files should be owned by a user as appropriate

CCE-4526-0
The noexec option should be enabled or disabled for all NFS mounts as appropriate

CCE-4378-6
File permissions for /etc/pki/tls/ldap/serverkey.pem should be set correctly.

CCE-4321-6
The /etc/pki/tls/ldap/serverkey.pem file should be owned by the appropriate group.

CCE-3377-9
Global IPv6 initialization should be enabled or disabled as appropriate.

CCE-14440-2
The GPG Key for Red Hat Network should be installed or uninstalled as appropriate.

CCE-4250-7
File permissions for /etc/cron.d should be set correctly.

CCE-4187-1
The USB device support module should be loaded or not as appropriate

CCE-14777-7
/var should be configured on an appropriate filesystem partition.

CCE-3315-9
The allowed period of inactivity gnome desktop lockout should be configured correctly.

CCE-4428-9
The anacron package should be installed or uninstalled as appropriate.

CCE-4574-0
File permissions for /var/log/httpd should be set correctly.

CCE-4054-3
The /etc/cron.hourly file should be owned by the appropriate group.

CCE-3916-4
The tftp-server package should be installed or uninstalled as appropriate.

CCE-3568-3
The rpcidmapd service should be enabled or disabled as appropriate.

CCE-4263-0
File permissions for /etc/pki/tls/ldap/servercert.pem should be set correctly.

CCE-4361-2
File permissions for /etc/pki/tls/ldap should be set correctly.

CCE-4032-9
OpenNTPD should be installed or uninstalled as appropriate

CCE-4406-5
The anacron service should be enabled or disabled as appropriate.

CCE-4130-1
File permissions for /etc/shadow should be set correctly.

CCE-4308-3
The rsh package should be installed or uninstalled as appropriate.

CCE-3390-2
The telnet service should be enabled or disabled as appropriate.

CCE-4298-6
The acpid service should be enabled or disabled as appropriate.

CCE-3324-1
The suid bit should be set or not set as appropriate for all files.

CCE-4494-1
The Squid option to suppress the httpd version string should be enabled or disabled as appropriate

CCE-4396-8
The nfslock service should be enabled or disabled as appropriate.

CCE-3818-2
The grub boot loader should have password protection enabled or disabled as appropriate

CCE-4241-6
The requirement for a password to boot into single-user mode should be configured correctly.

CCE-14466-7
The at daemon should be enabled or disabled as appropriate.

CCE-4419-8
The Squid max reply HTTP header length should be set to an appropriate value

CCE-4276-2
All wireless interfaces should be enabled or disabled as appropriate.

CCE-4023-8
The inetd package should be installed or uninstalled as appropriate.

CCE-14675-3
NIS file inclusions should be set appropriately in the /etc/group file

CCE-4178-0
The sgid bit should be set or not set as appropriate for all files.

CCE-4292-9
The auditd service should be enabled or disabled as appropriate.

CCE-3842-2
IPv6 privacy extensions should be configured appropriately for all interfaces.

CCE-14927-8
The noexec option should be enabled or disabled as appropriate for /tmp.

CCE-14829-6
Auditing should be configured to record user/group information modification events as appropriate.

CCE-4239-0
The dovecot package should be installed or uninstalled as appropriate.

CCE-18095-0
File permissions for all rsyslog log files should be set correctly.

CCE-3820-8
Logins through the specified virtual console interface should be enabled or disabled as appropriate

CCE-4413-1
Squid proxy access to localhost should be allowed or denied as appropriate

CCE-3624-4
The SELinux policy should be set appropriately.

CCE-4074-1
X Windows System Listening for remote connections should be enabled or disabled as appropriate

CCE-4577-3
The Squid option to log HTTP MIME headers should be enabled or disabled as appropriate

CCE-3481-9
The /etc/cron.daily file should be owned by the appropriate group.

CCE-4448-7
The xfs service should be enabled or disabled as appropriate.

CCE-4217-6
Accepting ICMP redirects should be enabled or disabled for all interfaces as appropriate.

CCE-4172-3
Kernel support for the XD/NX processor feature should be enabled or disabled as appropriate

CCE-14063-2
The password hashing algorithm should be configured as appropriate.

CCE-3535-2
The rpcgssd service should be enabled or disabled as appropriate.

CCE-14816-3
Auditing should be configured to record changes to the system network environment as appropriate.

CCE-4185-5
The /usr/sbin/userhelper file should be owned by the appropriate group.

CCE-14161-4
/tmp should be configured on an appropriate filesystem partition.

CCE-4426-3
Avahi should be configured to accept packets with a TTL field not equal to 255 or not as appropriate

CCE-15013-6
The system should act as a network sniffer or not as appropriate.

CCE-14914-6
Package signature checking should be globally activated or deactivated as appropriate.

CCE-18412-7
User accounts may or may not be inactivated a specified number of days after account expiration.

CCE-15026-8
The kernel arguments should enable or disable auditing early in the boot process as appropriate.

CCE-3668-1
The mcstrans service should be enabled or disabled as appropriate.

CCE-3339-9
The default setting for accepting "secure" ICMP redirects (those from gateways listed in the default gateways list) should be enabled or disabled for network interfaces as appropriate.

CCE-17698-2
The rsyslog service should be enabled or disabled as appropriate.

CCE-4404-0
The net-smtp package should be installed or uninstalled as appropriate.

CCE-4502-1
The /var/lib/ldap/* files should be owned by the appropriate user.

CCE-4431-3
SSH warning banner should be enabled or disabled as appropriate

CCE-14825-4
The isdn4k-utils package should installed or uninstalled as appropriate.

CCE-4137-6
The default number of global unicast IPv6 addresses allowed per network interface should be set appropriately.

CCE-4092-3
The "maximum password age" policy should meet minimum requirements.

CCE-4466-9
Squid should be configured to allow multiling http traffic or not as appropriate

CCE-14054-1
Zeroconf networking should be enabled or disabled as appropriate.

CCE-4559-1
The lockd service should be configured to use a static port or a dynamic portmapper port for TCP as appropriate

CCE-3628-5
All wireless devices should be enabled or disabled in the BIOS as appropriate.

CCE-4346-3
The apache 2 server software should be installed or removed as appropriate

CCE-4444-6
Avahi publishing of local information should be enabled or disabled as appropriate

CCE-14847-8
The default umask for all users should be set correctly in /etc/profile

CCE-3988-3
The /etc/shadow file should be owned by the appropriate group.

CCE-4128-5
The default setting for accepting a default router via IPv6 router advertisement should be enabled or disabled for network interfaces as appropriate.

CCE-4181-4
The Squid option to show proxy client IP addresses in HTTP headers should be enabled or disabled as appropriate

CCE-3276-3
The /etc/group file should be owned by the appropriate user.

CCE-4324-0
The crond service should be enabled or disabled as appropriate.

CCE-4511-2
Squid should be configured to allow gss-http traffic or not as appropriate

CCE-3833-1
The /etc/cron.weekly file should be owned by the appropriate user.

CCE-4422-2
X Windows should be installed or removed as appropriate

CCE-3472-8
Accepting "secure" ICMP redirects (those from gateways listed in the default gateways list) should be enabled or disabled for all interfaces as appropriate.

CCE-14089-7
Support for cramfs filesystems should be enabeld or disabled as appropriate.

CCE-4106-1
File permissions for /etc/cron.hourly should be set correctly.

CCE-14701-7
The password strength parameters should require new passwords to differ from old ones by the appropriate minimum number of characters.

CCE-3944-6
The ability to boot from USB devices should be enabled or disabled as appropriate

CCE-4533-6
The netfs service should be enabled or disabled as appropriate.

CCE-4302-6
The readahead_later service should be enabled or disabled as appropriate.

CCE-14023-6
The screen lock (password protection) function of the gnome desktop screensaver should be enabled or disabled as appropriate as a mandatory setting for all users.

CCE-3913-1
NIS domain should be sent or not sent by the DHCP server as appropriate.

CCE-4168-1
ExecShield should be enabled or disabled as appropriate

CCE-4529-4
Squid should be configured to allow https traffic or not as appropriate

CCE-4364-6
The haldaemon service should be enabled or disabled as appropriate.

CCE-14821-3
Auditing should be configured to record changes to the system's mandatory access controls as appropriate.

CCE-4409-9
The Avahi daemon should be configured to serve via Ipv4 or not as appropriate

CCE-14058-2
Auditing should be configured to record changes to discretionary access control permissions as appropriate.

CCE-4231-7
The GNOME automounter (gnome-volume-manager) should be enabled or disabled as appropriate

CCE-4462-8
X Windows should be enabled or disabled at system boot as appropriate

CCE-4133-5
Ignoring bogus ICMP responses to broadcasts should be enabled or disabled as appropriate.

CCE-4146-7
ExecShield randomized placement of virtual memory regions should be enabled or disabled as appropriate

CCE-3685-5
Console device ownership should be restricted to root-only as appropriate.

CCE-4399-2
LDAP's dynamic updates feature should be enabled or disabled as appropriate

CCE-4111-1
Logins through the primary console device should be enabled or disabled as appropriate

CCE-4475-0
Emulation of the rsh command through the ssh server should be enabled or disabled as appropriate

CCE-4377-8
The hidd service should be enabled or disabled as appropriate.

CCE-3561-8
IP forwarding should be enabled or disabled as appropriate.

CCE-4320-8
Logging of "martian" packets (those with impossible addresses) should be enabled or disabled for all interfaces as appropriate.

CCE-4355-4
The bluetooth service should be enabled or disabled as appropriate.

CCE-4257-2
The dynamic DNS feature of the DHCP server should be enabled or disabled as appropriate

CCE-4503-9
The Squid option to check for RFC compliant hostnames should be enabled or not as appropriate

CCE-3717-6
Warning banners for gui login users should be enabled or disabled as appropriate

CCE-4159-0
The default number of IPv6 router solicitations for network interfaces to send should be set appropriately.

CCE-4209-3
The AIDE package should be installed or not as appropriate

CCE-4164-0
The xinetd package should be installed or uninstalled as appropriate.

CCE-14027-7
Disable or enable support for RDS as appropriate.

CCE-4360-4
File permissions for /etc/pki/tls/CA/cacert.pem should be set correctly.

CCE-14672-0
The minimum number of upper case characters required for new passwords should be set as appropriate.

CCE-4551-8
The smb service should be enabled or disabled as appropriate.

CCE-4044-4
Sudo privileges should granted or rejected to the wheel group as appropriate

CCE-3689-7
The idle time-out value for the default /bin/tcsh shell should meet the minimum requirements.

CCE-4373-7
Squid should be configured to allow http-mgmt traffic or not as appropriate

CCE-4022-0
The /etc/cron.daily file should be owned by the appropriate user.

CCE-4275-4
The noexec option should be enabled or disabled as appropriate for all removable media.

CCE-3410-8
The "account lockout threshold" policy should meet minimum requirements.

CCE-14071-5
NIS file inclusions should be set appropriately in the /etc/shadow file

CCE-4177-2
The XD/NX processor feature should be enabled or disabled as appropriate in the BIOS

CCE-3983-4
The /etc/cron.hourly file should be owned by the appropriate user.

CCE-3578-2
The named service should be enabled or disabled as appropriate.

CCE-4386-9
File permissions for /etc/httpd/conf/* should be set correctly.

CCE-4155-8
Sending ICMP redirects should be enabled or disabled for all interfaces as appropriate.

CCE-14093-9
Support for hfsplus filesystems should be enabeld or disabled as appropriate.

CCE-4484-2
The /var/lib/ldap/* files should be owned by the appropriate group.

CCE-3416-5
The rhnsd service should be enabled or disabled as appropriate.

CCE-14894-0
LDAP client requires or does not require LDAP servers to use TLS for SSL communications as appropriate.

CCE-14904-7
Auditing should be configured to record logon and logout events as appropriate.

CCE-14118-4
Support for squashfs filesystems should be enabeld or disabled as appropriate.

CCE-14171-3
/var/log/audit should be configured on an appropriate filesystem partition.

CCE-3887-7
Dovecot should be configured to support the pop3s protocol or not as necessary

CCE-14939-3
The "password reuse" policy should meet minimum requirements.

CCE-3985-9
The /var/named/chroot/etc/named.conf file should be owned by the appropriate group.

CCE-4229-1
The gpm service should be enabled or disabled as appropriate.

CCE-14412-1
The nodev option should be enabled or disabled as appropriate for /tmp.

CCE-14881-7
The vsftpd package should be installed or uninstalled as appropriate.

CCE-4554-2
A warning banner for all FTP users should be enabled or disabled as appropriate

CCE-4051-9
The cpuspeed service should be enabled or disabled as appropriate.

CCE-4425-5
The hplip service should be enabled or disabled as appropriate.

CCE-4380-2
The /etc/cron.d file should be owned by the appropriate user.

CCE-4064-2
The /etc/gshadow file should be owned by the appropriate group.

CCE-14948-4
Bluetooth kernel modules should be enabled or disabled as appropriate.

CCE-4260-6
Syslog logs should be sent to a remote loghost or not as appropriate

CCE-4403-2
DHCPDECLINE messages should be accepted or denied by the DHCP server as appropriate

CCE-3425-6
The kdump service should be enabled or disabled as appropriate.

CCE-17250-2
The pam_ccreds package should be installed or uninstalled as appropriate.

CCE-4438-8
The mountd service should be configured to use a static port or a dynamic portmapper port as appropriate

CCE-4295-2
Inbound connections to the ssh port should be allowed or denied as appropriate

CCE-4042-8
The nosuid option should be enabled or disabled as appropriate for all removable media.

CCE-4491-7
The rpcsvcgssd service should be enabled or disabled as appropriate

CCE-3501-4
The ldap service should be enabled or disabled as appropriate.

CCE-14051-7
Auditing should be configured to record date and time modification events as appropriate.

CCE-4197-0
The /etc/grub.conf file should be owned by the appropriate group.

CCE-14491-5
Appropriate ciphers should be used for SSH.

CCE-17504-2
The irda-utils package should be installed or uninstalled as appropriate.

CCE-3932-1
File permissions for /etc/gshadow should be set correctly.

CCE-4310-9
The lockd service should be configured to use a static port or a dynamic portmapper port for UDP as appropriate

CCE-4114-5
NIS file inclusions should be set appropriately in the /etc/passwd file

CCE-4443-8
Local user login to the vsftpd service should be enabled or disabled as appropriate

CCE-4212-7
The /etc/cron.d file should be owned by the appropriate group.

CCE-4247-3
Core dumps for setuid programs should be enabled or disabled as appropriate

CCE-18244-4
The irda service should be enabled or disabled as appropriate.

CCE-4345-5
BOOTP queries should be accepted or denied by the DHCP server as appropriate

CCE-4127-7
Squid should be configured to allow gopher traffic or not as appropriate

CCE-4225-9
Core dumps for all users should be enabled or disabled as appropriate

CCE-3847-1
The dovecot service should be enabled or disabled as appropriate.

CCE-4029-5
File permissions for /usr/sbin/httpd should be set correctly.

CCE-4180-6
The "minimum password age" policy should meet minimum requirements.

CCE-4323-2
The logwatch service should be enabled or disabled as appropriate

CCE-14824-7
Auditing should be configured to record administrator and security personnel action events as appropriate.

CCE-4421-4
The readahead_early service should be enabled or disabled as appropriate.

CCE-14957-5
The PATH variable for root includes or does not include any world-writable or group-writable directories as appropriate.

CCE-4105-3
The /etc/pki/tls/ldap/servercert.pem file should be owned by the appropriate user.

CCE-4060-0
The system login banner text should be set correctly.

CCE-15029-2
Client SMB packet signing should be required or not required for mount.cifs as appropriate.

CCE-4203-6
File permissions for /etc/cron.weekly should be set correctly.

CCE-4358-8
Avahi publishing of domain name should be enabled or disabled as appropriate

CCE-18200-6
The talk package should be installed or uninstalled as appropriate.

CCE-4291-1
The default setting for accepting IPv6 router advertisements should be enabled or disabled for network interfaces as appropriate.

CCE-15007-8
The nodev option should be enabled or disabled for /dev/shm.

CCE-3495-9
The /etc/passwd file should be owned by the appropriate group.

CCE-3910-7
The vlock package should be installed or not as appropriate

CCE-4336-4
The dhcpd service should be enabled or disabled as appropriate.

CCE-3701-0
All syslog log files should be owned by the appropriate group.

CCE-4238-2
Login access to accounts without passwords should be enabled or disabled as appropriate

CCE-3967-7
File permissions for /etc/group should be set correctly.

CCE-4193-9
Avahi should be configured to allow other stacks from binding to port 5353 or not as appropriate

CCE-14735-5
The screen blanking function of the gnome desktop screensaver should be enabled or disabled as appropriate as a mandatory setting for all users.

CCE-14495-6
The sendmail package should be installed or uninstalled as appropriate.

CCE-4341-4
Avahi publishing of IP addresses should be enabled or disabled as appropriate

CCE-3718-4
The /etc/pki/tls/ldap/servercert.pem file should be owned by the appropriate group.

CCE-4243-2
Default routers should be sent or not sent by the DHCP server as appropriate.

CCE-14931-0
All installed software packages verify or do not verify against the package database.

CCE-14264-6
The default policy for iptables INPUT table should be set as appropriate.

CCE-4376-0
The ntpd service should be enabled or disabled as appropriate.

CCE-3455-3
The smartd service should be enabled or disabled as appropriate.

CCE-14068-1
The postfix package should be installed or uninstalled as appropriate.

CCE-4221-8
The default setting for accepting router preference via IPv6 router advertisement should be enabled or disabled for network interfaces as appropriate.

CCE-3958-6
The /etc/passwd file should be owned by the appropriate user.

CCE-4474-3
The apache2 server's ServerTokens value should be set appropriately

CCE-4123-6
The irqbalance service should be enabled or disabled as appropriate.

CCE-14340-4
Files with the setuid attribute enabled should be reviewed as appropriate to determine whether that condition is correct.

CCE-14820-5
Auditing should be configured to record file and program deletion events as appropriate.

CCE-14011-1
/var/log should be configured on an appropriate filesystem partition.

CCE-3923-0
File permissions for /etc/grub.conf should be set correctly.

CCE-14940-1
The nosuid option should be enabled or disabled as appropriate for /tmp.

CCE-4256-4
Login prompts on serial ports should be enabled or disabled as appropriate.

CCE-4487-5
File permissions for /var/named/chroot/etc/named.conf should be set correctly.

CCE-4389-3
Domain name should be sent or not sent by the DHCP server as appropriate.

CCE-3660-8
Remote connections from accounts with empty passwords should be enabled or disabled as appropriate

CCE-3705-1
The ypbind service should be enabled or disabled as appropriate.

CCE-14584-7
/var/tmp should be configured on an appropriate filesystem partition.

CCE-15087-0
Support for hfs filesystems should be enabeld or disabled as appropriate.

CCE-14122-6
The minimum number of special characters required for new passwords should be set as appropriate.

CCE-4091-5
The default setting for accepting source routed packets should be enabled or disabled for network interfaces as appropriate.

CCE-4136-8
The Avahi daemon should be configured to serve via Ipv6 or not as appropriate

CCE-4269-7
Accepting IPv6 router advertisements should be enabled or disabled as appropriate for all network interfaces.

CCE-4234-1
The inetd service should be enabled or disabled as appropriate.

CCE-4465-1
Restriction of NFS clients to privileged ports should be enabled or disabled as appropriate

CCE-3562-6
Automatic loading of the IPv6 kernel module should be enabled or disabled as appropriate.

CCE-4296-0
IPv6 configuration should be enabled or disabled as appropriate for all interfaces.

CCE-3895-0
The default number of IPv6 duplicate address detection solicitations for network interfaces to send per configured address should be set appropriately.

CCE-4492-5
The /etc/pki/tls/ldap file should be owned by the appropriate user.

CCE-3579-0
The rquotad service should be configured to use a static port or a dynamic portmapper port as appropriate

CCE-4141-8
The rsh service should be enabled or disabled as appropriate.

CCE-14268-7
Disable or enable support for DCCP as appropriate.

CCE-4198-8
The default setting for accepting redirects from IPv6 routers should be enabled or disabled for network interfaces as appropriate.

CCE-17816-0
The libuser library "login_defs" variable should be set correctly in libuser.conf.

CCE-4274-7
Command access to the root account should be enabled or disabled as appropriate.

CCE-15047-4
Access to the root account via su should be restricted to the wheel group or not as appropriate.

CCE-4319-0
NTP servers should be sent or not sent by the DHCP server as appropriate.

CCE-14113-5
The minimum number of digits required for new passwords should be set as appropriate.

CCE-4550-0
The portmap service should be enabled or disabled as appropriate.

CCE-3522-0
The nodev option should be enabled or disabled as appropriate for all removable media.

CCE-4189-7
The iptables service should be enabled or disabled as appropriate.

CCE-4350-5
Write access to NFS shares should be enabled or disabled as appropriate

CCE-4252-3
The xinetd service should be enabled or disabled as appropriate.

CCE-3851-3
The /etc/crontab file should be owned by the appropriate user.

CCE-4519-5
Squid should be configured to allow filemaker traffic or not as appropriate

CCE-4287-9
The default setting for autoconfiguring network interfaces using prefix information in IPv6 router advertisements should be enabled or disabled as appropriate.

CCE-4385-1
A remote NTP Server for time synchronization should be specified or not as appropriate

CCE-4154-1
The password minimum length should be set appropriately

CCE-14081-4
The net-snmpd package should be installed or uninstalled as appropriate.

CCE-3918-0
The /etc/shadow file should be owned by the appropriate user.

CCE-3762-2
DEPRECATED in favor of CCE-14113-5, CCE-14672-0, CCE-14712-4, CCE-14122-6. Was: The password strength should meet minimum requirements

CCE-4167-3
The ip6tables service should be enabled or disabled as appropriate.

CCE-3566-7
File permissions for /etc/passwd should be set correctly.

CCE-4265-5
Sending TCP syncookies should be enabled or disabled as appropriate.

CCE-4461-0
File uploads via vsftpd should be enabled or disabled as appropriate

CCE-14860-1
DEPRECATED in favor of CCE-14107-7. Was: The default umask for all users should be set correctly in /etc/login.defs

CCE-14300-8
Password hashes are shadowed or not shadowed for all accounts in /etc/passwd as appropriate.

CCE-3485-0
Logins through the specified virtual console device should be enabled or disabled as appropriate

CCE-4368-7
The nodev option should be enabled or disabled for all NFS mounts as appropriate

CVE    77
CVE-2014-3925
CVE-2013-0219
CVE-2011-2482
CVE-2011-3346
...
*CPE
cpe:/o:redhat:enterprise_linux:5
OVAL    1687
oval:org.secpod.oval:def:106181
oval:org.secpod.oval:def:202927
oval:org.secpod.oval:def:500856
oval:org.secpod.oval:def:500141
...
XCCDF    1
xccdf_gov.nist_benchmark_USGCB-RHEL-5-Desktop

© 2013 SecPod Technologies