Download
| Alert*
CCE-6931-0
EEPROM warning banner should be set appropriately CCE-5901-4 /bin/csh file permissions should be set appropriately CCE-5924-6 The /etc/ftpusers file should exist or not as appropriate CCE-6954-2 /etc/security/audit_event file should be owned by an appropriate user CCE-7042-5 Response to ICMP timestamp broadcast requests should be enabled or disabled as appropriate CCE-6288-5 chargen service should be enabled or disabled as appropriate CCE-7088-8 Use of identification/authorization mechanisms should be audited or not as appropriate CCE-7961-6 The at.allow file should be configured with the set of users permitted to use the at facility as appropriate. CCE-5793-5 Root logins should be restricted to the console or not as appropriate. CCE-7984-8 /etc/auto.misc file should be owned by an appropriate user CCE-6419-6 The /var/log/authlog log should be enabled or disabled as appropriate CCE-6822-1 DEPRECATED. CCE-6386-7 The minimum password age should be set as appropriate CCE-6626-6 The TCP max connection limit should be set appropriately CCE-6724-9 Superuser account home directories' permissions should be set appropriately CCE-6593-8 /sbin/bash file permissions should be set appropriately CCE-6701-7 traceroute executable should be owned by an appropriate user CCE-6570-6 smbpassword executable permissions should be set appropriately CCE-5826-3 The inetd service should be enabled or disabled as appropriate. CCE-6340-4 The default gateway should be set appropriately. CCE-6747-0 at.allow file should be owned by an appropriate group CCE-6529-2 Password history should be saved for an appropriate number of password changes CCE-6484-0 The bind service should be enabled or disabled as appropriate. CCE-6506-0 The /sbin/rsh file should exist or not as appropriate CCE-7077-1 IP redirects should be followed or ignored as appropriate CCE-6461-8 /usr/tmp file permissions should be set appropriately CCE-6810-6 discard service should be enabled or disabled as appropriate CCE-6879-1 /tmp file permissions should be set appropriately CCE-6614-2 pop3 service should be enabled or disabled as appropriate CCE-6374-3 /etc/resolv.conf file should be owned by an appropriate group CCE-6637-3 DEPRECATED. CCE-6145-7 The /var/adm/sulog log should be enabled or disabled as appropriate CCE-6989-8 Exported files and directories should be owned by an appropriate user CCE-5781-0 The minimum required password length should be set as appropriate CCE-6735-5 Login accounts should include an appropriate GECOS identifier or no GECOS identifier CCE-6351-1 login and logout events (lo class) should be audited or not as appropriate CCE-6943-5 /etc/passwd file should be owned by an appropriate group CCE-6723-1 /opt should be configured on an appropriate filesystem partition CCE-6930-2 smbpasswd executable should be owned by an appropriate group CCE-6266-1 .shosts files should exist or not as appropriate for all users. CCE-6496-4 Home directories referenced in /etc/passwd should exist or not as appropriate CCE-6769-4 /etc/notrouter file should be owned by an appropriate user CCE-6034-3 /usr/bin/jsh file permissions should be set appropriately CCE-6518-5 /etc/exports should be owned by an appropriate user CCE-5902-2 /bin/ksh file permissions should be set appropriately CCE-6844-5 Root logins should be allowed or not as appropriate from SSH consoles CCE-5880-0 Sendmail should be configured with an appropriate logging level CCE-6648-0 smbpasswd file should be owned by an appropriate group CCE-5948-5 /etc/netconfig file permissions should be set appropriately CCE-6155-6 /etc/security/audit_event file permissions should be set appropriately CCE-6132-5 The free space threshold to warn at should be set appropriately CCE-6178-8 All files should be owned by an existing account or not as appropriate. CCE-6821-3 rstatd service should be enabled or disabled as appropriate CCE-6700-9 /etc/passwd file should be owned by an appropriate user CCE-5827-1 Each account should be assigned a unique UID or not as appropriate CCE-8642-1 /etc/auto.net file should be owned by an appropriate group CCE-5892-5 resolv.conf file permissions should be set appropriately CCE-6757-9 /etc/passwd file permissions should be set appropriately CCE-7055-7 PAM should be logged at an appropriate level CCE-7032-6 TCP reverse source routes should be enabled or disabled as appropriate CCE-6878-3 Cron directories should be owned by an appropriate user CCE-5914-7 X-Windows should write .Xauthority files to users' home directories or not as appropriate CCE-6855-1 /var/adm/syslog file permissions should be set appropriately CCE-6613-4 Crontab directories should be owned by an appropriate group CCE-6832-0 /dev/kmem file permissions should be set appropriately CCE-6636-5 rlogin service should be enabled or disabled as appropriate CCE-6398-2 The console login banner should be set appropriately. CCE-6167-1 The /var/log/syslog log should be enabled or disabled as appropriate CCE-6965-8 /var/tmp file permissions should be set appropriately CCE-6711-6 The delay between failed logins should be set as appropriate CCE-6409-7 The medium security directory list should be set appropriately CCE-8457-4 /etc/auto.master file should be owned by an appropriate user CCE-6942-7 /etc/services file should be owned by an appropriate group CCE-6681-1 Environmental variable PATH for superuser accounts should not contain the current directory as the first or last entry CCE-5881-8 X11 forwarding via SSH should be enabled or disabled as appropriate. CCE-6033-5 File permissions should be set appropriately for all user home directories. CCE-6749-6 Samba 'smb passwd file' option should be set to an appropriate password file or no password file CCE-7044-1 The low security directory list should be set appropriately CCE-6824-7 /var/mail file permissions should be set appropriately CCE-6801-5 /etc/hostname* file permissions should be set appropriately CCE-6131-7 The /usr/bin/rsh file should exist or not as appropriate CCE-6605-0 Samba 'encrypt' passwords option should be set as appropriate CCE-6154-9 tooltalk service should be enabled or disabled as appropriate CCE-5795-0 Shells referenced in /etc/passwd should be included in /etc/shells or not as appropriate CCE-6361-0 The uid_aliases file should exist or not as appropriate CCE-6726-4 DEPRECATED. CCE-6703-3 Password changes should be audited or not as appropriate CCE-6482-4 sprayd service should be enabled or disabled as appropriate CCE-6714-0 /etc/fs file permissions should be set appropriately CCE-6858-5 /etc/rmmount.conf file should be owned by an appropriate user CCE-6812-2 Filesystem logging/journaling should be performed or not as appropriate CCE-8304-8 /etc/auto.misc file should be owned by an appropriate group CCE-7079-7 The /var/adm/wtmp[x] log should be enabled or disabled as appropriate CCE-6429-5 /etc/cron.d/at.allow file permissions should be set appropriately CCE-6790-0 DEPRECATED. CCE-6616-7 The ftp login banner should be set appropriately. CCE-6639-9 DEPRECATED. CCE-6922-9 /etc/named.conf file should be owned by an appropriate group CCE-6968-2 DEPRECATED. CCE-6680-3 The fchown system call should be audited or not as appropriate CCE-6494-9 rexd service should be enabled or disabled as appropriate CCE-7068-0 DEPRECATED. CCE-6748-8 The system umask should be set appropriately CCE-6823-9 inn service should be enabled or disabled as appropriate CCE-6846-0 /etc/security/audit_class file permissions should be set appropriately CCE-6199-4 The noexec_user_stack parameter should be set or not as appropriate CCE-6627-4 The ntpd service should be enabled or disabled as appropriate. CCE-6385-9 /var/adm/loginlog file permissions should be set appropriately CCE-6153-1 The setgroups system call should be audited or not as appropriate CCE-6176-2 The seteuid system call should be audited or not as appropriate CCE-6725-6 Core dump size limits should be set appropriately CCE-6418-8 rsh service should be enabled or disabled as appropriate CCE-6978-1 Multicast route assignment should be enabled or disabled as appropriate CCE-5916-2 /etc/dfs file permissions should be set appropriately CCE-6505-2 The shell for the root account should be located on the appropriate filesystem CCE-6857-7 /etc/ksh file permissions should be set appropriately CCE-6834-6 sadmin service should be enabled or disabled as appropriate CCE-6811-4 Samba 'hosts allow' option should be configured with an appropriate set of networks CCE-6188-7 /usr/bin/csh file permissions should be set appropriately CCE-6638-1 The /var/adm/messages log should be enabled or disabled as appropriate CCE-8338-6 /etc/auto.master file should be owned by an appropriate group CCE-6142-4 /bin/jsh file permissions should be set appropriately CCE-6407-1 /bin/bash file permissions should be set appropriately CCE-5818-0 Response to ICMP timestamp requests should be enabled or disabled as appropriate CCE-6736-3 cron.deny file permissions should be set appropriately CCE-6350-3 snmpd.conf file should be owned by an appropriate user CCE-6967-4 At directory should be owned by an appropriate group CCE-5989-9 New users should be required or not required to change their password on first login as appropriate CCE-6513-6 X-Windows should be enabled or disabled as appropriate CCE-6996-3 DEPRECATED. CCE-6329-7 /etc/security/audit_control file should be owned by an appropriate user CCE-5943-6 /export/home should be configured on an appropriate filesystem partition CCE-7121-7 ARP IRE interval should be set appropriately CCE-5920-4 font-service should be enabled or disabled as appropriate CCE-6077-2 rsh auth should be allowed or disallowed by PAM as appropriate CCE-6898-1 DEPRECATED. CCE-5966-7 All su (switch user) activity should be logged or not as appropriate CCE-6261-2 snmpd.conf file should be owned by an appropriate group CCE-6382-6 Password policy should enforce the correct amount of special characters CCE-6622-5 System rexecd logons should be audited or not as appropriate CCE-6152-3 The lchown system call should be audited or not as appropriate CCE-5845-3 uucp service should be enabled or disabled as appropriate CCE-6766-0 imap2 service should be enabled or disabled as appropriate CCE-6789-2 /var/adm/authlog file permissions should be set appropriately CCE-6720-7 echo service should be enabled or disabled as appropriate CCE-6754-6 The statd service should be enabled or disabled as appropriate CCE-6777-7 daytime service should be enabled or disabled as appropriate CCE-6962-5 DEPRECATED. CCE-6875-9 /etc/default/* file permissions should be set appropriately CCE-7012-8 DEPRECATED. CCE-6295-0 /usr/lib/sendmail file permissions should be set appropriately CCE-6164-8 Response to ICMP timestamp broadcast requests should be enabled or disabled as appropriate CCE-6887-4 The default login console should be set appropriately CCE-6404-8 /etc/auto_* file should be owned by an appropriate user CCE-5857-8 cmsd service should be enabled or disabled as appropriate CCE-6187-9 System rshd logons should be audited or not as appropriate CCE-6909-6 at.deny file should be owned by an appropriate user CCE-6537-5 The sendmail banner should be set appropriately. CCE-6788-4 /etc/pam.conf file permissions should be set appropriately CCE-7122-5 rlogin auth should be allowed or disallowed by PAM as appropriate CCE-7001-1 Forwarding of source routed IPv6 packets should be enabled or disabled as appropriate CCE-5823-0 Response to ICMP echo (ping) requests should be enabled or disabled as appropriate CCE-6053-3 /usr/lib/sendmail file should be owned by an appropriate group CCE-5967-5 /etc/vold.conf file permissions should be set appropriately CCE-6897-3 /usr/bin/sh file permissions should be set appropriately CCE-6667-0 Aliases file permissions should be set appropriately CCE-6863-5 DEPRECATED. CCE-6840-3 /var/adm directory should be owned by an appropriate user CCE-6590-4 Accounts other than root should be allowed to have the UID 0 or not as appropriate CCE-6416-2 Each user home directory should be owned by an appropriate user. CCE-6209-1 DEPRECATED. CCE-6742-1 traceroute executable file permissions should be set appropriately CCE-5869-3 The SSH login banner should be set appropriately. CCE-6273-7 The default number of syslog failed logins retried should be set appropriately CCE-8393-1 The cron.allow file should be configured with the set of users permitted to use the cron facility as appropriate. CCE-6526-8 Sendmail expn command should be allowed or not as appropriate CCE-6776-9 rquotad service should be enabled or disabled as appropriate CCE-6678-7 Programs executed through aliases file entries should be owned by an appropriate group CCE-6655-5 The mountd service should be enabled or disabled as appropriate CCE-6874-2 .forward files should be allowed or disallowed as appropriate for all users CCE-6908-8 The setreuid system call should be audited or not as appropriate CCE-6851-0 DEPRECATED. CCE-6722-3 /etc/issue file permissions should be set appropriately CCE-6745-4 /usr/lib/embedded_us file permissions should be set appropriately CCE-7771-9 Cron logging should be enabled or disabled as appropriate CCE-6436-0 Accounts other than root and locked system accounts should be allowed to have a GID of 0 or not as appropriate CCE-6866-8 cron.deny data should be owned by an appropriate group CCE-6843-7 Programs executed through the aliases file should be owned by an appropriate user CCE-7002-9 /var/log/pamlog file should be owned by an appropriate user CCE-7925-1 The cron.deny file should be configured with the set of users not permitted to use the cron facility as appropriate. CCE-6647-2 DEPRECATED. CCE-6380-0 All files executed through /etc/aliases file entries should have file permissions set appropriately CCE-6098-8 /usr/lib/sendmail file should be owned by an appropriate user CCE-8428-5 /etc/auto.misc file should be owned by an appropriate group CCE-6534-2 Routing should be enabled or disabled as appropriate CCE-6779-3 The ftp account should exist or not as appropriate CCE-6964-1 /var/log/pamlog file permissions should be set appropriately CCE-6987-2 /etc/samba/smb.conf file should be owned by an appropriate user CCE-6546-6 The serial port listener should be enabled or disabled as appropriate CCE-6064-0 The current directory should or should not be added to the environmental variable PATH by run control scripts as appropriate CCE-6854-4 Programs executed through aliases file entries should be owned by an appropriate user CCE-6889-0 /etc/services file permissions should be set appropriately CCE-6831-2 DEPRECATED. CCE-6612-6 Forwarding of directed broadcasts should be enabled or disabled as appropriate CCE-7674-5 The at.deny file should be configured with the set of users not permitted to use the at facility as appropriate. CCE-6658-9 The setpgrp system call should be audited or not as appropriate CCE-6162-2 DEPRECATED. CCE-6941-9 /etc/security/audit_class file should be owned by an appropriate user CCE-6391-7 The ASET periodic schedule setting should be set appropriately CCE-6756-1 Sendmail help command should be allowed or not as appropriate CCE-7135-7 /var/log directory should be owned by an appropriate user CCE-6500-3 DEPRECATED. CCE-6305-7 dtspc (cde-spc) service should be enabled or disabled as appropriate CCE-6744-7 Print services through inetd should be enabled or disabled as appropriate CCE-6997-1 DEPRECATED. CCE-6074-9 Password policy should ban or allow words found in a dictionary as appropriate. CCE-6974-0 DEPRECATED. CCE-7124-1 The setregid system call should be audited or not as appropriate CCE-6119-2 ftp service should be enabled or disabled as appropriate CCE-6842-9 NFS should be configured to respond or not as appropriate to client requests that do not originate from a privileged port. CCE-6623-3 rcp service should be enabled or disabled as appropriate CCE-5792-7 The graphical login banner should be set appropriately. CCE-6381-8 /etc/security/audit_class file should be owned by an appropriate group CCE-6097-0 Cron directory permissions should be set appropriately CCE-6669-6 The /etc/rsh file should exist or not as appropriate CCE-7090-4 Sending of IP redirects should be enabled or disabled as appropriate CCE-6732-2 /var/adm/wtmp file permissions should be set appropriately CCE-6339-6 DEPRECATED. CCE-6963-3 DEPRECATED. CCE-5935-2 /etc/mail/aliases file permissions should be set appropriately CCE-6316-4 Remote (serial) consoles should be enabled or disabled as appropriate. CCE-6940-1 IPv6 forwarding should be enabled or disabled as appropriate CCE-6403-0 at.allow file should be owned by an appropriate user CCE-7015-1 The UID aliases pointer should be set appropriately CCE-6063-2 Sendmail vrfy command should be allowed or not as appropriate CCE-6040-0 /etc/syslog.conf file should be owned by an appropriate user CCE-6657-1 at.deny file permissions should be set appropriately CCE-6634-0 telnet service should be enabled or disabled as appropriate CCE-5958-4 /etc/notrouter file permissions should be set appropriately CCE-6853-6 NIS+ server should operate at an appropriate security level CCE-6888-2 DEPRECATED. CCE-5814-9 The home directory for each user account should be set appropriately. CCE-6611-8 DEPRECATED. CCE-6830-4 /bin/sh file permissions should be set appropriately CCE-6449-3 /var/spool/mail file permissions should be set appropriately CCE-6986-4 /etc/services file should be owned by an appropriate user CCE-6755-3 finger service should be enabled or disabled as appropriate CCE-6762-9 DEPRECATED. CCE-6325-5 inetd logging should be enabled or disabled as appropriate CCE-6411-3 /etc/security/audit_event file should be owned by an appropriate group CCE-6894-0 The /var/adm/utmp[x] log should be enabled or disabled as appropriate CCE-6807-2 NFS should be configured with appropriate authentication methods CCE-6073-1 /etc/security/audit_control file permissions should be set appropriately CCE-7027-6 The chown system call should be audited or not as appropriate CCE-6664-7 /usr/bin/ksh file permissions should be set appropriately CCE-6687-8 at.allow file permissions should be set appropriately CCE-6457-6 The /var/log/pamlog log should be enabled or disabled as appropriate CCE-7091-2 rlogin auth should be allowed by pam.d or not as appropriate CCE-6709-0 The current wokring directory should or should not be added to the environmental variable PATH by global initialization files as appropriate CCE-6532-6 The screen lock should activate after an appropriate period of inactivity CCE-6916-1 /usr/lib/pt_chmod file permissions should be set appropriately CCE-6818-9 DEPRECATED. CCE-6521-9 The use of NIS special characters (+ or -) in the first field of the /etc/passwd file should be allowed or disallowed as appropriate. CCE-6796-7 /etc/notrouter file should be owned by an appropriate group CCE-6359-4 Users should be listed in the ASET userlist file or not as appropriate CCE-6652-2 Crontab file permissions should be set appropriately CCE-7039-1 Unsuccessful login attemps should be logged or not as appropriate CCE-8539-9 /etc/auto.net file should be owned by an appropriate group CCE-6883-3 /usr/sbin/sync file permissions should be set appropriately CCE-6871-8 /usr/aset/masters/uid_aliases should contain an appropriate listing of aliases CCE-6446-9 DEPRECATED. CCE-6183-8 System telnet logons should be audited or not as appropriate CCE-6160-6 Automount should be enabled or disabled as appropriate CCE-6750-4 /sbin/jsh file permissions should be set appropriately CCE-6544-1 The /bin/rsh file should exist or not as appropriate CCE-6773-6 /etc/aliases file permissions should be set appropriately CCE-5865-1 The use of NIS special characters (+ or -) in the first field of the /etc/shadow file should be allowed or disallowed as appropriate. CCE-6556-5 The /etc/shells file should exist or not as appropriate CCE-6228-1 Password policy should enforce or not enforce the requirement to have mixed case passwords as appropriate. CCE-6893-2 /etc/inetd.conf file permissions should be set appropriately CCE-6806-4 rexec service should be enabled or disabled as appropriate CCE-6072-3 /etc/rmmount.conf file permissions should be set appropriately CCE-6686-0 The nfsd service should be enabled or disabled as appropriate CCE-5779-4 The read-only SNMP community string should be set appropriately. CCE-6412-1 The Solaris Automated Security Enhancement Tool (ASET) tune.low file should exist or not as appropriate CCE-6663-9 /etc/samba/smb.conf file permissions should be set appropriately CCE-6938-5 /etc/named.boot file should be owned by an appropriate user CCE-6193-7 The read/write SNMP community string should be set appropriately. CCE-6761-1 The setegid system call should be audited or not as appropriate CCE-6784-3 Crontab directory permissions should be set appropriately CCE-6019-4 /etc/named.boot file should be owned by an appropriate group CCE-6533-4 cron.allow file permissions should be set appropriately CCE-6915-3 Non attributable events (na class) should be audited or not as appropriate CCE-7070-6 NFS server logging should be enabled or disabled as appropriate CCE-6795-9 netstat service should be enabled or disabled as appropriate CCE-5831-3 tftpd service should be enabled or disabled as appropriate CCE-6651-4 SNMP version 1 should be enabled or disabled as appropriate CCE-6106-9 The number of consecutive failed login attempts required to trigger a lockout should be set as appropriate CCE-6882-5 DEPRECATED in favor of CCE-8399-8, CCE-8304-8, and CCE-8642-1. CCE-6674-6 The /var/adm/sshlog log should be enabled or disabled as appropriate CCE-6719-9 /sbin/ksh file permissions should be set appropriately CCE-5998-0 Cron directories should be owned by an appropriate group CCE-6447-7 System ssh logons should be audited or not as appropriate CCE-6216-6 IPv6 should be enabled or disabled as appropriate CCE-6239-8 The use of NIS special characters (+ or -) in the first field of the /etc/group file should be allowed or disallowed as appropriate. CCE-6772-8 Groups referenced in /etc/passwd should be included in /etc/group or not as appropriate. CCE-6008-7 crontab files should be owned by an appropriate group CCE-6809-8 /etc/vfstab file permissions should be set appropriately CCE-6971-6 Crontab directories should be owned by an appropriate user CCE-7006-0 DEPRECATED. CCE-6071-5 /etc/init.d file permissions should be set appropriately CCE-6478-2 walld service should be enabled or disabled as appropriate CCE-6862-7 Creation/modification of superuser groups should be audited or not as appropriate CCE-6896-5 Exported files and directories should be owned by an appropriate user CCE-6139-0 Clearing of the audit log file should be audited or not as appropriate CCE-6918-7 ARP cleanup interval should be set appropriately CCE-5866-9 SSH Protocol v1 should be enabled or disabled as appropriate CCE-6994-8 DEPRECATED. CCE-7800-6 /etc/auto.net file should be owned by an appropriate user CCE-6588-8 Authorized X-clients should be listed or not in the X*.hosts file as appropriate CCE-6334-7 xdmcp service should be enabled or disabled as appropriate CCE-6467-5 The "at" utility directory permissions should be set as appropriate CCE-6060-8 Environmental variable PATH for superuser accounts should or should not contain world-writable files as appropriate CCE-6654-8 Programs executed through the aliases file should reside a directory with an appropriate user owner CCE-7018-5 DEPRECATED. CCE-6873-4 /usr/aset/userlist file permissions should be set appropriately CCE-6542-5 DEPRECATED. CCE-6752-0 su usage should be audited or not as appropriate CCE-6775-1 Sendmail should be enabled or disabled as appropriate CCE-6181-2 System ftp logoffs should be audited or not as appropriate CCE-6798-3 /etc/samba/smb.conf file should be owned by an appropriate group CCE-7116-7 Caching of the RBAC user_attr should be enabled or disabled as appropriate CCE-6907-0 /etc/resolv.conf file should be owned by an appropriate user CCE-6786-8 /etc/security/audit_control file should be owned by an appropriate group CCE-6763-7 Samba 'security option' option should be set as appropriate CCE-6970-8 IP forwarding should be enabled or disabled as appropriate CCE-6993-0 Response to mask addresses should be enabled or disabled as appropriate CCE-6808-0 All logon attempts should be logged or not logged as appropriate CCE-6347-9 /etc/default/login file permissions should be set appropriately CCE-5965-9 vino-server service should be enabled or disabled as appropriate CCE-6456-8 ASET should check NIS+ tables or not as appropriate CCE-6433-7 The no_exec_user_stack_log parameter should be set or not as appropriate CCE-6917-9 rlogin auth should be allowed by pam.d or not as appropriate CCE-6226-5 /var/adm/sulog file permissions should be set appropriately CCE-6740-5 The decode sendmail alias should be enabled or disabled as appropriate. CCE-6577-1 The user audit file should contain an appropriate set of never-audit flags CCE-6819-7 DEPRECATED. CCE-7072-2 Generic PAM authentication should be enabled or disabled as appropriate CCE-6982-3 DEPRECATED. CCE-6006-1 cron.allow file should be owned by an appropriate user CCE-6589-6 cron.allow file should be owned by an appropriate group CCE-6676-1 .netrc files should exist or not as appropriate for all users. CCE-6127-5 auditing should be logged to an appropriate directory CCE-6699-3 DEPRECATED. CCE-6884-1 /usr/bin/bash file permissions should be set appropriately CCE-8399-8 /etc/auto.master file should be owned by an appropriate group CCE-6445-1 /dev/mem file permissions should be set appropriately CCE-7019-3 /etc/rmmount.conf file should be owned by an appropriate group CCE-6872-6 /etc/security file permissions should be set appropriately CCE-6543-3 rusersd service should be enabled or disabled as appropriate CCE-6751-2 /usr/bin/at file permissions should be set appropriately CCE-6774-4 The telnet login banner should be set appropriately. CCE-6906-2 The user umask should be set appropriately CCE-6797-5 The high security directory list should be set appropriately CCE-6246-3 /usr/aset/userlist file permissions should be set appropriately CCE-7061-5 DEPRECATED. CCE-6849-4 /etc/motd file permissions should be set appropriately CCE-6660-5 /etc/shadow file should be owned by an appropriate group CCE-5928-7 /etc/jsh file permissions should be set appropriately CCE-6890-8 /etc/shadow file should be owned by an appropriate user CCE-6826-2 Response to ICMP timestamp requests should be enabled or disabled as appropriate CCE-6137-4 /var/adm/utmp file permissions should be set appropriately CCE-6705-8 smbpasswd executable should be owned by an appropriate user CCE-6958-3 inetd.conf file should be owned by an appropriate user CCE-6574-8 Executable stack should be enabled or disabled as appropriate CCE-7182-9 System rexd logons should be audited or not as appropriate CCE-6781-9 Source-routed packets should be accepted or rejected as appropriate. CCE-6728-0 ident service should be enabled or disabled as appropriate CCE-6814-8 /etc/host.lpd file permissions should be set appropriately CCE-7050-8 /usr/aset/userlist file should be owned by an appropriate group CCE-6005-3 /var/adm/messages file permissions should be set appropriately CCE-6126-7 Default su console should be set appropriately CCE-6694-4 Access to single-user mode (maintainence mode) should require the root password or not as appropriate CCE-6092-1 The Solaris Automated Security Enhancement Tool (ASET) tune.med file should exist or not as appropriate CCE-6618-3 The fchmod system call should be audited or not as appropriate CCE-6739-7 File permissions should be set appropriately for all shell executables. CCE-6716-5 All device files should be located inside an appropriate path CCE-6901-3 /etc/cron.d/cron.allow file permissions should be set appropriately CCE-5895-8 /etc/named.conf file permissions should be set appropriately CCE-6924-5 DEPRECATED. CCE-6038-4 inetd.conf file should be owned by an appropriate group CCE-6598-7 /sbin/sh file permissions should be set appropriately CCE-6015-2 All files should be owned by an existing group or not as appropriate. CCE-6825-4 /etc/named.conf file should be owned by an appropriate user CCE-6848-6 /usr/bin/rdist file permissions should be set appropriately CCE-6682-9 TCP_WRAPPERS should be enabled or disabled as appropriate CCE-6802-3 traceroute executable should be owned by an appropriate group CCE-6629-0 auth usage should be audited or not as appropriate CCE-6368-5 Default number of allowed retries should be set appropriately CCE-6201-8 cron.deny should be owned by an appropriate user CCE-6345-3 The lockd service should be enabled or disabled as appropriate CCE-6704-1 The version string reported by the bind service should be configured appropriately. CCE-6934-4 The current working directory should or should not be added to the environmental variable PATH by local initialization files as appropriate CCE-7051-6 su usage should be audited or not as appropriate CCE-5971-7 The Network Time Protocol (ntp) synchronization server should be set appropriately. CCE-6125-9 at.deny file should be owned by an appropriate group CCE-6859-3 /etc/syslog.conf file should be owned by an appropriate group CCE-7074-8 DEPRECATED. CCE-6836-1 Global initialization files should allow or deny write access to the terminal as appropriate CCE-6693-6 /sbin/csh file permissions should be set appropriately CCE-6148-1 Caching of the RBAC prof_attr should be enabled or disabled as appropriate CCE-6356-0 /dev/null file permissions should be set appropriately CCE-6946-8 DEPRECATED. CCE-6900-5 DEPRECATED. CCE-6923-7 DEPRECATED. CCE-6791-8 crontab files should be owned by an appropriate user CCE-6497-2 /var directory should be owned by an appropriate user CCE-6244-8 Each user home directory should be owned by an appropriate group. CCE-6828-8 The Solaris Automated Security Enhancement Tool (ASET) tune.high file should exist or not as appropriate CCE-6662-1 The home directory for the root account should be set appropriately. CCE-7040-9 chmod command should be audited or not as appropriate CCE-6090-5 PAM access to /dev/console should be logged at an appropriate level or not logged as appropriate CCE-5960-0 /etc/ufs file permissions should be set appropriately CCE-6112-7 /var/log/pamlog file should be owned by an appropriate group CCE-6937-7 Hard core dump size limits should be set appropriately CCE-6707-4 .rhosts files should exist or not as appropriate for all users. CCE-6914-6 DEPRECATED. CCE-5874-3 The nosuid option should be enabled or disabled for all NFS mounts as appropriate CCE-7075-5 The TCP abort interval should be set appropriately CCE-6278-6 DEPRECATED. CCE-6839-5 .Xauthority file permissions should be set appropriately for all users. CCE-6816-3 NFS should be configured to respond or not as appropriate to client requests that do not include a user id . CCE-5787-7 Login access to accounts without passwords should be enabled or disabled as appropriate CCE-5908-9 /etc/csh file permissions should be set appropriately CCE-6771-0 /var should be configured on an appropriate filesystem partition CCE-6584-7 snmpd.conf file permissions should be set appropriately CCE-8477-2 The chmod command system call should be audited or not as appropriate CCE-5897-4 File permissions should be set as appropriate for the log file configured to capture critical sendmail messages. CCE-6718-1 smbpassword file permissions should be set appropriately CCE-6330-5 Response to echo (ping) request broadcasts should be enabled or disabled as appropriate CCE-6101-0 EEPROM security mode should be set appropriately CCE-6561-5 Forwarding of source routed packets should be enabled or disabled as appropriate CCE-6498-0 Cron log file permissions should be set appropriately CCE-6804-9 /etc/exports should be owned by an appropriate user CCE-6059-0 smbpasswd file should be owned by an appropriate user CCE-7041-7 Caching of the RBAC exec_attr should be enabled or disabled as appropriate CCE-6827-0 /etc/shadow file permissions should be set appropriately CCE-6573-0 The read-only (ro) option should be enabled or disabled as appropriate for all NFS exports. CCE-6111-9 Default sleeptime should be set appropriately CCE-6036-8 DEPRECATED. CCE-6782-7 DEPRECATED in favor of CCE-8338-6, CCE-8428-5, and CCE-8539-9. CCE-6279-4 Strict destination multihoming should be enabled or disabled as appropriate CCE-6838-7 DEPRECATED. CCE-6815-5 At directory should be owned by an appropriate user CCE-6169-7 Samba should be enabled or disabled as appropriate CCE-6487-3 The /etc/hosts.equiv file should exist or not as appropriate. CCE-6695-1 /etc/hosts file permissions should be set appropriately CCE-7099-5 System rlogin logons should be audited or not as appropriate CCE-6464-2 /etc/syslog.conf file permissions should be set appropriately CCE-6123-4 /usr/kerberos/bin/rsh file permissions should be set appropriately CCE-7151-4 System ftp logons should be audited or not as appropriate CCE-6770-2 DEPRECATED. CCE-6377-6 /etc/exports file permissions should be set appropriately CCE-6717-3 /etc/sh file permissions should be set appropriately CCE-6948-4 BSM auditing should be enabled or disabled as appropriate |