Download
| Alert*
CCE-4314-1
No Legacy "+" entries in passwd, shadow, and group files should be verified to be appropriate CCE-4375-2 The sendmail services should be enabled or disabled as appropriate. CCE-4582-3 The debug logging option for daemons should be enabled or disabled as appropriate. CCE-4458-6 The ability to login as root directly should be configured correctly. CCE-4642-5 The ARP cache cleanup interval should be set appropriately. CCE-4435-4 Serial port login prompts should be enabled or disabled as appropriate. CCE-4834-8 Default group for root account should be configured correctly CCE-4713-4 Root login via SSH should be enabled or disabled as appropriate. CCE-3684-8 IP forwarding should enabled or disabled as appropriate. CCE-3782-0 The ftpusers file should restrict the nobody account as appropriate. CCE-4337-2 Kernel level auditing for processes should be enabled or disabled as appropriate CCE-4179-8 The ftpusers file should restrict the lp account as appropriate. CCE-4281-2 setuid files should be found and examined for appropriateness CCE-4578-1 File permissions should be set correctly for .netrc files. CCE-4615-1 The telnet service should be enabled or disabled as appropriate. CCE-4570-8 The core dump directory owner should be restricted. CCE-4216-8 The gdm account should be locked or unlocked as appropriate. CCE-4401-6 Kernel level auditing for process modify should be enabled or disabled as appropriate CCE-4593-0 ICMPv4 redirects should be enabled or disabled as appropriate. CCE-4266-3 The metainit service (Solaris 10 <= 11/06) should be enabled or disabled as appropriate CCE-4638-3 SSH X11 forwarding should be enabled or disabled as appropriate. CCE-4517-9 The Samba smbd service should be enabled or disabled as approriate CCE-4630-0 The systems accounting file group owner should be restricted. CCE-3901-6 The BOOTP service should be enabled or disabled as appropriate. CCE-4748-0 SSH maximum number of retries for authentication should be set as appropriate. CCE-3650-9 The metaed service should be enabled or disabled as appropriate CCE-4676-3 Extended TCP reserved ports should be set appropriately. CCE-4532-8 The ARP IRE scan rate should be set appropriately. CCE-3950-3 The local rpc port mapping service should be enabled or disabled as appropriate CCE-4603-7 The SSH banner should be enabled or disabled as appropriate. CCE-4810-8 The sys account should be locked or unlocked as appropriate. CCE-3768-9 The ftpusers file should restrict the webservd account as appropriate. CCE-3662-4 The WBEM services should be enabled or disabled as appropriate. CCE-4436-2 The shell for the smmsp account should be assigned appropriately. CCE-4626-8 The loginlog file permissions should be set appropriately. CCE-4497-4 The ftpusers file should restrict the nobody4 account as appropriate. CCE-4566-6 IPv4 source route forwarding should be enabled or disabled as appropriate. CCE-4589-8 The ftpusers file should restrict the uucp account as appropriate. CCE-4315-8 The setuid option should be enabled or disabled on removable media as appropriate. CCE-4543-5 Use of the at.allow file should be enabled or disabled as appropriate CCE-3760-6 The pkgchk utility should be used to verify ownership, group ownership, and access permissions for installed packages as appropriate. CCE-4758-9 The shell for the gdm account should be assigned appropriately. CCE-4282-0 The nobody account should be locked or unlocked as appropriate. CCE-4614-4 The nisplus daemons should be enabled or disabled as appropriate CCE-4807-4 The nuucp account should be locked or unlocked as appropriate. CCE-4675-5 Kernel level auditing should be enabled or disabled as appropriate CCE-4698-7 CDE should display a banner as appropriate before authentication. CCE-4402-4 The strong password DICTIONDBDIR value should be configured correctly CCE-4592-2 The NIS client daemons should be enabled or disabled as appropriate CCE-4486-7 The NIS server daemon should be enabled or disabled as appropriate CCE-4724-1 All user login accounts with empty passwords should be locked or unlocked as appropriate. CCE-3946-1 SSH Rhosts RSA Authentication should be enabled or disabled as appropriate. CCE-4157-4 The ftpusers file should restrict the sys account as appropriate. CCE-4701-9 The shell for the nuucp account should be assigned appropriately. CCE-4327-3 The calendar manager should be enabled or disabled as appropriate. CCE-4588-0 The Generic Security Service daemons should be enabled or disabled as appropriate CCE-4832-2 The strong password MINDIFF value should meet minimum requirements CCE-4625-0 The strong password PASSLENGTH value should meet minimum requirements CCE-4648-2 The eeprom security mode should be configured appropriately. CCE-4602-9 Forwarding broadcasts should be enabled or disabled as appropriate. CCE-4222-6 GNOME should display a banner as appropriate before authentication. CCE-4279-6 The ldap cache manager should be enabled or disabled as appropriate CCE-4527-8 Audit log permissions should be restricted. CCE-4498-2 Kernel level auditing for process start/stop should be enabled or disabled as appropriate CCE-4663-1 The sendmail greeting should be set appropriately. CCE-4437-0 The /etc/cron.d/cron.allow file should be owned by the appropriate user. CCE-4490-9 Cron log file owner should be restricted CCE-4542-7 The system accounting file permissions should be set appropriately. CCE-4870-2 The telnet service banner should be set appropriately. CCE-3930-5 Capture of failed login attempts should be enabled or disabled as appropriate CCE-4354-7 The volfs service should be enabled or disabled as appropriate CCE-4124-4 The loginlog file owner should be restricted. CCE-4553-4 The RARP service should be enabled or disabled as appropriate. CCE-4591-4 Cron logging should be enabled or disabled as appropriate. CCE-4075-8 Kernel level auditing for administrative actions should be enabled or disabled as appropriate CCE-4806-6 The noaccess account should be locked or unlocked as appropriate. CCE-4037-8 The SNMP service should be enabled or disabled as appropriate. CCE-4746-4 The default setting for all users to allow terminal messages via the mesg utility should be configured correctly. CCE-4305-9 The volume manager GUI mdcomm service should be enabled or disabled as appropriate CCE-4723-3 The default GNOME screenlock timeout should be set appropriately. CCE-4515-3 The shell for the webservd account should be assigned appropriately. CCE-4135-0 The ftpusers file should restrict the gdm account as appropriate. CCE-4576-5 Access to secure RPC for the 'nobody' user should be enabled or disabled as appropriate. CCE-4538-5 File permissions should be set correctly for the home directories for all user accounts. CCE-4708-4 SSH should be configured to enable or disable empty passwords as appropriate. CCE-4624-3 The IPv4 ICMP redirect should be enabled or disabled CCE-3826-5 The grub menu password protection should be enabled or disabled as appropriate. CCE-4710-0 File permissions for the /etc/cron.d/at.allow file should be configured correctly. CCE-4816-5 No UID 0 Accounts exist other than root should be verified to be appropriate CCE-3841-4 The shell for the uucp account should be assigned appropriately. CCE-4415-6 The daemon debug log file permissions should be set appropriately. CCE-3622-8 The NIS update daemon should be enabled or disabled as appropriate CCE-4499-0 The mpxio-upgrade service should be enabled or disabled as appropriate CCE-4541-9 The BSD print spooler should enabled or disabled as appropriate. CCE-4393-5 The web console should be enabled or disabled as appropriate. CCE-4102-0 The "account lockout threshold" policy should meet minimum requirements. CCE-4635-9 The loginlog file group owner should be restricted. CCE-4113-7 The ftpusers file should restrict the smmsp account as appropriate. CCE-4843-9 Presence of .rhost files should be checked to be appropriate CCE-4030-3 SSH integration with .rhosts should be enabled or disabled as appropriate. CCE-4284-6 The Samba nmbd service should be enabled or disabled as approriate CCE-4760-5 General login services should display a banner as appropriate before authentication. CCE-4696-1 The shell for the listen account should be assigned appropriately. CCE-4442-0 The BSD line printer protocol should be enabled or disabled as appropriate. CCE-4598-9 The Kerberos krb5kdc service should be enabled or disabled as appropriate. CCE-4575-7 IPv6 strict multihoming should be enabled or disabled as appropriate. CCE-4306-7 The apache web servicer should be enabled or disabled as appropriate CCE-4367-9 The "minimum password age" policy should meet minimum requirements. CCE-4480-0 The strong password MINUPPER value should meet minimum requirements CCE-4669-8 The smmsp account should be locked or unlocked as appropriate. CCE-4103-8 The FTP service should display a banner as appropriate before authentication. CCE-4540-1 The read-only SNMP community string should be set appropriately. CCE-4126-9 Audit log file ownership should be restricted. CCE-4623-5 File permissions for the core dump directory should be set correctly. CCE-4333-1 The Kerberos ktkt_warnd service should be enabled or disabled as appropriate. CCE-4600-3 Kernel level auditing for file attribute modification should be enabled or disabled as appropriate CCE-4563-3 The strong password HISTORY value should meet minimum requirements CCE-4815-7 The listen account should be locked or unlocked as appropriate. CCE-4439-6 IPv6 source route forwarding should be enabled or disabled as appropriate. CCE-4477-6 The meta service should be enabled or disabled as appropriate CCE-4770-4 The strong password NAMECHECK value should meet minimum requirements CCE-3857-0 NFS server functionality should be enabled or disabled as appropriate. CCE-4661-5 The shell for the bin account should be assigned appropriately. CCE-4525-2 The daemon account should be locked or unlocked as appropriate. CCE-3955-2 The adm account should be locked or unlocked as appropriate. CCE-4548-4 Strong TCP Sequence numbers should be enabled or disabled as appropriate. CCE-4657-3 The bin account should be locked or unlocked as appropriate. CCE-4721-7 The sticky bit should be enabled or disabled as appropriate for all world-writable directories. CCE-4481-8 The system accounting file owner should be restricted. CCE-4536-9 The shell for the lp account should be assigned appropriately. CCE-4672-2 The daemon user's umask should be set appropriately. CCE-4695-3 The ftpusers file should restrict the daemon account as appropriate. CCE-4706-8 The /etc/cron.d/cron.allow file should be owned by the appropriate group. CCE-4611-0 The DNS server functionality should be enabled or disabled as appropriate. CCE-3752-3 Unestablished tcp connection queue should be set appropriately. CCE-4082-4 Respond to ICMP netmask request should be enabled or disabled as appropriate. CCE-4622-7 The GNOME screenlock should be enabled or disabled as appropriate. CCE-4562-5 Respond to ICMP broadcast timestamp request should be enabled or disabled. CCE-4417-2 Established tcp connection queue should be set appropriately. CCE-4021-2 PAM Rhosts support should be enabled or disabled. CCE-4683-9 Cron log file group owner should be restricted CCE-4297-8 Kernel stack protection should be enabled or disabled as appropriate. CCE-4478-4 The core dump directory group owner should be restricted. CCE-3681-4 Respond to ICMP echo broadcast request should be enabled or disabled as appropriate. CCE-4432-1 The failed login delay should be set appropriately. CCE-4455-2 The logging option for the ftp service should be enabled or disabled as appropriate. CCE-4754-8 Account lockout should be enabled or disabled as appropriate. CCE-3856-2 The strong password WHITESPACE value should meet minimum requirements CCE-4731-6 The strong password MINLOWER value should meet minimum requirements CCE-4395-0 SSH maximum number or retries for authentication log should be set as appropriate. CCE-4660-7 Unowned files should be found and removed or given to a valid user as appropriate. CCE-4470-1 The Kerberos kadmind service should be enabled or disabled as appropriate. CCE-4739-9 The ftpusers file should restrict the listen account as appropriate. CCE-4165-7 The "maximum password age" policy should meet minimum requirements. CCE-4311-7 Respond to ICMP timestamp request should be enabled or disabled. CCE-3992-5 System Accounting should be enabled or disabled as appropriate CCE-4596-3 The keyserv service should be enabled or disabled as appropriate. CCE-4429-7 The automount daemon should be enabled or disabled as appropriate CCE-4512-0 The CDE logon service should be enabled or disabled as appropriate. CCE-4743-1 setgid files should be found and examined for appropriateness CCE-4633-4 Audit log file group ownership should be restricted. CCE-4240-8 The smserver service should be enabled or disabled as appropriate CCE-4679-7 Kernel level auditing for login/logout should be enabled or disabled as appropriate CCE-3655-8 The TFTP server functionality should be configured and enabled or disabled as appropriate. CCE-4671-4 inetd tracing should be enabled as appropriate. CCE-4728-2 The home directory of the root user should be set correctly. CCE-4705-0 The default CDE screenlock timeout should be set appropriately. CCE-4610-2 Kernel level auditing for root login/logout should be enabled or disabled as appropriate CCE-4836-3 The password expiration warning time should be set appropriately CCE-4621-9 The webservd account should be locked or unlocked as appropriate. CCE-4561-7 File permissions should be set correctly for user configuration files. CCE-4606-0 Kernel level auditing for exec should be enabled or disabled as appropriate CCE-3663-2 The IPP listener should be enabled or disabled as appropriate. CCE-4418-0 The shell for the nobody4 account should be assigned appropriately. CCE-4753-0 The strong password MINNONALPHA value should meet minimum requirements CCE-4007-1 The FTP service should be enabled or disabled as appropriate. CCE-4456-0 Reverse source routed packets should be enabled or disabled as appropriate. CCE-4682-1 Files with extended attributes should be found and handled as appropriate. CCE-4471-9 The shell for the noaccess account should be assigned appropriately. CCE-4508-8 The tooltalk service should be enabled or disabled as appropriate CCE-3897-6 The default umask for ftp users should be set appropriately. CCE-4644-1 Use of the cron.allow file should be enabled or disabled as appropriate CCE-4312-5 The pkgchk utility should be used to force default settings for ownership, group ownership, and access permissions for installed packages as appropriate. CCE-4584-9 The DHCP server functionality should be enabled or disabled as appropriate. CCE-4347-1 The ftpusers file should restrict the noaccess account as appropriate. CCE-4572-4 The strong password MINALPHA value should meet minimum requirements CCE-4802-5 The shell for the nobody account should be assigned appropriately. CCE-4362-0 The NIS passwd daemon should be enabled or disabled as appropriate CCE-4617-7 The nobody4 account should be locked or unlocked as appropriate. CCE-4655-7 SSH integration with .rhosts/hosts.equiv should be enabled or disabled as appropriate. CCE-4678-9 The ftpusers file should restrict the root account as appropriate. CCE-4468-5 The GNOME logon service should be enabled or disabled as appropriate CCE-4445-3 The /etc/cron.d/at.allow file should be owned by the appropriate group. CCE-4483-4 The Solaris print server functionality should be enabled or disabled as appropriate. CCE-4670-6 The strong password DICTIONLIST value should be configured correctly CCE-4693-8 File permissions for the /etc/cron.d/cron.allow file should be configured correctly. CCE-4309-1 The threshold of syslog logging of failed login attempts should be configured correctly. CCE-4557-5 The Kerberos TGT Expiration warning should be enabled or disabled as appropriate CCE-4301-8 General login services should display a banner as appropriate after authentication. CCE-4560-9 The daemon debug log file group owner should be restricted. CCE-4896-7 The power-on banner should be set appropriately. CCE-4351-3 World-writable files should be found and examined for appropriateness. CCE-4775-3 The strong password MAXREPEATS value should meet minimum requirements CCE-4434-7 TCP Wrappers should be enabled or disabled as appropriate for all services. CCE-4411-5 The mdmonitor service (Solaris 10 <= 11/06) should be enabled or disabled as appropriate CCE-4299-4 The NIS xfr daemon should be enabled or disabled as appropriate CCE-4472-7 Cron log file permissions should be set appropriately CCE-4737-3 The default umask should be configured correctly. CCE-3979-2 Capture of syslog AUTH Messages should be enabled or disabled as appropriate CCE-4359-6 NFS client functionality should be enabled or disabled as appropriate. CCE-4620-1 The Kerberos kpropd service should be enabled or disabled as appropriate. CCE-4522-9 Core dumps should be enabled/disabled as appropriate CCE-4397-6 The daemon debug log file owner should be restricted. CCE-3834-9 The shell for the adm account should be assigned appropriately. CCE-4510-4 The ftpusers file should restrict the bin account as appropriate. CCE-4571-6 The metamh service should be enabled or disabled as appropriate CCE-4809-0 The uucp account should be locked or unlocked as appropriate. CCE-4631-8 The PATH for the root user should be configured correctly. CCE-4408-1 The lp account should be locked or unlocked as appropriate. CCE-4095-6 ICMPv6 redirects should be enabled or disabled as appropriate. CCE-4230-9 The /etc/cron.d/at.allow file should be owned by the appropriate user. CCE-3699-6 IPv4 strict multihoming should be enabled or disabled as appropriate. CCE-4288-7 IP routing should be enabled or disabled as appropriate. CCE-4518-7 The IPv6 ICMP redirect should be enabled or disabled as appropriate. CCE-4677-1 The ftpusers file should restrict the adm account as appropriate. CCE-4726-6 SSH version 2 protocol should be enabled or disabled as appropriate. |