[Forgot Password]
Login  Register Subscribe

23631

 
 

115084

 
 

97559

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*


CCE-14871-8
Support for udf filesystems should be enabeld or disabled as appropriate.

CCE-14457-6
Support for freevxfs filesystems should be enabeld or disabled as appropriate.

CCE-4292-9
The auditd service should be enabled or disabled as appropriate.

CCE-3537-8
The rlogin service should be enabled or disabled as appropriate.

CCE-14061-6
The SSH 'keep alive' message count should be set to an appropriate value.

CCE-3416-5
The rhnsd service should be enabled or disabled as appropriate.

CCE-4009-7
Anonymous root logins are enabled or disabled as appropriate

CCE-14894-0
LDAP client requires or does not require LDAP servers to use TLS for SSL communications as appropriate.

CCE-14927-8
The noexec option should be enabled or disabled as appropriate for /tmp.

CCE-3974-3
The rcp service should be enabled or disabled as appropriate.

CCE-14118-4
Support for squashfs filesystems should be enabeld or disabled as appropriate.

CCE-14829-6
Auditing should be configured to record user/group information modification events as appropriate.

CCE-4239-0
The dovecot package should be installed or uninstalled as appropriate.

CCE-14171-3
/var/log/audit should be configured on an appropriate filesystem partition.

CCE-17742-8
The rsyslog package should be installed or uninstalled as appropriate.

CCE-14939-3
The "password reuse" policy should meet minimum requirements.

CCE-18095-0
File permissions for all rsyslog log files should be set correctly.

CCE-4338-0
The httpd service should be enabled or disabled as appropriate.

CCE-14688-6
Auditing should be configured to record kernel module loading and unloading events as appropriate.

CCE-14412-1
The nodev option should be enabled or disabled as appropriate for /tmp.

CCE-3624-4
The SELinux policy should be set appropriately.

CCE-4074-1
X Windows System Listening for remote connections should be enabled or disabled as appropriate

CCE-4097-2
The password warn age should be set appropriately

CCE-14881-7
The vsftpd package should be installed or uninstalled as appropriate.

CCE-3481-9
The /etc/cron.daily file should be owned by the appropriate group.

CCE-14991-4
The system includes or does not include any device files with the unlabeled SELinux type.

CCE-4425-5
The hplip service should be enabled or disabled as appropriate.

CCE-4217-6
Accepting ICMP redirects should be enabled or disabled for all interfaces as appropriate.

CCE-4380-2
The /etc/cron.d file should be owned by the appropriate user.

CCE-4172-3
Kernel support for the XD/NX processor feature should be enabled or disabled as appropriate

CCE-4304-2
File permissions for /etc/anacrontab should be set correctly.

CCE-18455-6
The IPv6 protocol should be enabled or disabed as appropriate.

CCE-3999-0
The SELinux state should be set appropriately.

CCE-3765-5
The snmpd service should be enabled or disabled as appropriate.

CCE-14063-2
The password hashing algorithm should be configured as appropriate.

CCE-4064-2
The /etc/gshadow file should be owned by the appropriate group.

CCE-3535-2
The rpcgssd service should be enabled or disabled as appropriate.

CCE-14794-2
All world-writable directories should be owned by an appropriate user.

CCE-14816-3
Auditing should be configured to record changes to the system network environment as appropriate.

CCE-3840-6
The default setting for performing source validation by reverse path should be enabled or disabled for network interfaces as appropriate.

CCE-3644-2
Ignoring ICMP echo requests (pings) sent to broadcast / multicast addresses should be enabled or disabled as appropriate.

CCE-14161-4
/tmp should be configured on an appropriate filesystem partition.

CCE-14075-6
Client SMB packet signing should be required or not required for smbclient as appropriate.

CCE-4218-4
The yum-updatesd service should be enabled or disabled as appropriate.

CCE-3425-6
The kdump service should be enabled or disabled as appropriate.

CCE-15013-6
The system should act as a network sniffer or not as appropriate.

CCE-3987-5
Login access to non-root system accounts should be enabled or disabled as appropriate

CCE-14914-6
Package signature checking should be globally activated or deactivated as appropriate.

CCE-17250-2
The pam_ccreds package should be installed or uninstalled as appropriate.

CCE-18412-7
User accounts may or may not be inactivated a specified number of days after account expiration.

CCE-14107-7
The default umask for all users should be set correctly in /etc/login.defs

CCE-4370-3
SSH host-based authentication should be enabled or disabled as appropriate

CCE-15026-8
The kernel arguments should enable or disable auditing early in the boot process as appropriate.

CCE-4042-8
The nosuid option should be enabled or disabled as appropriate for all removable media.

CCE-14569-8
Auditing should be configured to record data export to media events as appropriate.

CCE-4491-7
The rpcsvcgssd service should be enabled or disabled as appropriate

CCE-3668-1
The mcstrans service should be enabled or disabled as appropriate.

CCE-4186-3
The default setting for accepting ICMP redirects should be enabled or disabled for network interfaces as appropriate.

CCE-3501-4
The ldap service should be enabled or disabled as appropriate.

CCE-3339-9
The default setting for accepting "secure" ICMP redirects (those from gateways listed in the default gateways list) should be enabled or disabled for network interfaces as appropriate.

CCE-4076-6
The squid package should be installed or uninstalled as appropriate.

CCE-4219-2
The bind package should be installed or uninstalled as appropriate.

CCE-14051-7
Auditing should be configured to record date and time modification events as appropriate.

CCE-4197-0
The /etc/grub.conf file should be owned by the appropriate group.

CCE-17698-2
The rsyslog service should be enabled or disabled as appropriate.

CCE-4151-7
The default setting for sending ICMP redirects should be enabled or disabled for network interfaces as appropriate.

CCE-14088-9
The 'wheel' group should exist or not as appropriate

CCE-4431-3
SSH warning banner should be enabled or disabled as appropriate

CCE-14491-5
Appropriate ciphers should be used for SSH.

CCE-17504-2
The irda-utils package should be installed or uninstalled as appropriate.

CCE-3604-6
The /etc/anacrontab file should be owned by the appropriate group.

CCE-3932-1
File permissions for /etc/gshadow should be set correctly.

CCE-4379-4
The /etc/anacrontab file should be owned by the appropriate user.

CCE-4114-5
NIS file inclusions should be set appropriately in the /etc/passwd file

CCE-4322-4
The /etc/cron.monthly file should be owned by the appropriate group.

CCE-14825-4
The isdn4k-utils package should installed or uninstalled as appropriate.

CCE-4092-3
The "maximum password age" policy should meet minimum requirements.

CCE-14054-1
Zeroconf networking should be enabled or disabled as appropriate.

CCE-4247-3
Core dumps for setuid programs should be enabled or disabled as appropriate

CCE-4212-7
The /etc/cron.d file should be owned by the appropriate group.

CCE-14559-9
/home should be configured on an appropriate filesystem partition.

CCE-3399-3
The sticky bit should be set or not set as appropriate for all world-writable directories.

CCE-18244-4
The irda service should be enabled or disabled as appropriate.

CCE-14813-0
Package signature checking should be activated or deactivated as appropriate for all configured repositories.

CCE-4225-9
Core dumps for all users should be enabled or disabled as appropriate

CCE-3847-1
The dovecot service should be enabled or disabled as appropriate.

CCE-14296-8
Auditing should be configured to record use of privileged commands as appropriate.

CCE-4180-6
The "minimum password age" policy should meet minimum requirements.

CCE-3977-6
SELinux should be enabled or disabled as appropriate

CCE-4236-6
Accepting source routed packets should be enabled or disabled for all interfaces as appropriate.

CCE-14824-7
Auditing should be configured to record administrator and security personnel action events as appropriate.

CCE-14847-8
The default umask for all users should be set correctly in /etc/profile

CCE-14703-3
The noexec option should be enabled or disabled for /dev/shm.

CCE-14911-2
Disable or enable support for TIPC as appropriate.

CCE-4421-4
The readahead_early service should be enabled or disabled as appropriate.

CCE-14306-5
The nosuid option should be enabled or disabled for /dev/shm.

CCE-3988-3
The /etc/shadow file should be owned by the appropriate group.

CCE-14957-5
The PATH variable for root includes or does not include any world-writable or group-writable directories as appropriate.

CCE-4060-0
The system login banner text should be set correctly.

CCE-3844-8
The default umask for all users should be set correctly for the bash shell

CCE-15029-2
Client SMB packet signing should be required or not required for mount.cifs as appropriate.

CCE-4203-6
File permissions for /etc/cron.weekly should be set correctly.

CCE-3276-3
The /etc/group file should be owned by the appropriate user.

CCE-4324-0
The crond service should be enabled or disabled as appropriate.

CCE-3833-1
The /etc/cron.weekly file should be owned by the appropriate user.

CCE-4422-2
X Windows should be installed or removed as appropriate

CCE-4249-9
The nodev option should be enabled or disabled as appropriate for all non-root partitions.

CCE-18200-6
The talk package should be installed or uninstalled as appropriate.

CCE-15007-8
The nodev option should be enabled or disabled for /dev/shm.

CCE-4313-3
Accepting redirects from IPv6 routers should be enabled or disabled as appropriate for all network interfaces.

CCE-3472-8
Accepting "secure" ICMP redirects (those from gateways listed in the default gateways list) should be enabled or disabled for all interfaces as appropriate.

CCE-3845-5
The SSH idle timout interval should be set to an appropriate value

CCE-4227-5
The default umask for all users should be set correctly for the csh shell

CCE-14089-7
Support for cramfs filesystems should be enabeld or disabled as appropriate.

CCE-4182-2
The logrotate (syslog rotater) service should be enabled or disabled as appropriate.

CCE-3649-1
Firewall access to printing service should be enabled or disabled as appropriate

CCE-3495-9
The /etc/passwd file should be owned by the appropriate group.

CCE-3626-9
The /etc/crontab file should be owned by the appropriate group.

CCE-3910-7
The vlock package should be installed or not as appropriate

CCE-4336-4
The dhcpd service should be enabled or disabled as appropriate.

CCE-4106-1
File permissions for /etc/cron.hourly should be set correctly.

CCE-4072-5
The autofs service should be enabled or disabled as appropriate.

CCE-15018-5
Postfix network listening should be enabled or disabled for as appropriate.

CCE-4238-2
Login access to accounts without passwords should be enabled or disabled as appropriate

CCE-14701-7
The password strength parameters should require new passwords to differ from old ones by the appropriate minimum number of characters.

CCE-3967-7
File permissions for /etc/group should be set correctly.

CCE-4348-9
The ypserv package should be installed or uninstalled as appropriate.

CCE-4325-7
SSH version 1 protocol support should be enabled or disabled as appropriate.

CCE-4533-6
The netfs service should be enabled or disabled as appropriate.

CCE-18037-2
The firewall should allow or reject access to the avahi service.

CCE-4302-6
The readahead_later service should be enabled or disabled as appropriate.

CCE-4556-7
The squid service should be enabled or disabled as appropriate.

CCE-14023-6
The screen lock (password protection) function of the gnome desktop screensaver should be enabled or disabled as appropriate as a mandatory setting for all users.

CCE-4024-6
The nosuid option should be enabled or disabled for all NFS mounts as appropriate

CCE-14735-5
The screen blanking function of the gnome desktop screensaver should be enabled or disabled as appropriate as a mandatory setting for all users.

CCE-14712-4
The minimum number of lower case characters required for new passwords should be set as appropriate.

CCE-4473-5
The nfs service should be enabled or disabled as appropriate

CCE-14495-6
The sendmail package should be installed or uninstalled as appropriate.

CCE-4450-3
File permissions for /etc/cron.daily should be set correctly.

CCE-4220-0
The daemon umask should be set as appropriate

CCE-4168-1
ExecShield should be enabled or disabled as appropriate

CCE-4387-7
Root login via SSH should be enabled or disabled as appropriate

CCE-14821-3
Auditing should be configured to record changes to the system's mandatory access controls as appropriate.

CCE-14058-2
Auditing should be configured to record changes to discretionary access control permissions as appropriate.

CCE-14931-0
All installed software packages verify or do not verify against the package database.

CCE-14264-6
The default policy for iptables INPUT table should be set as appropriate.

CCE-18240-2
All rsyslog log files should be owned by the appropriate group.

CCE-4133-5
Ignoring bogus ICMP responses to broadcasts should be enabled or disabled as appropriate.

CCE-14604-3
The gnome desktop screensaver should be enabled or disabled as appropriate as a mandatory setting for all users.

CCE-4146-7
ExecShield randomized placement of virtual memory regions should be enabled or disabled as appropriate

CCE-4330-7
The telnet-server package should be installed or uninstalled as appropriate.

CCE-4376-0
The ntpd service should be enabled or disabled as appropriate.

CCE-14068-1
The postfix package should be installed or uninstalled as appropriate.

CCE-3958-6
The /etc/passwd file should be owned by the appropriate user.

CCE-17639-6
Rsyslog should accept remote messages or not as appropriate.

CCE-4365-3
The avahi-daemon service should be enabled or disabled as appropriate.

CCE-14340-4
Files with the setuid attribute enabled should be reviewed as appropriate to determine whether that condition is correct.

CCE-14820-5
Auditing should be configured to record file and program deletion events as appropriate.

CCE-14011-1
/var/log should be configured on an appropriate filesystem partition.

CCE-14692-8
Auditing should be configured to make auditd configuration immutable as appropriate.

CCE-3795-2
The world-write permission should be enabled or disabled as appropriate for all files.

CCE-14132-5
Disable or enable support for SCTP as appropriate.

CCE-15054-0
The number of times a user is prompted to provide a new password if it fails to meet configured password strength requirements (also known as the retry value) should be set appropriately.

CCE-3923-0
File permissions for /etc/grub.conf should be set correctly.

CCE-4388-5
File permissions for /etc/crontab should be set correctly.

CCE-4331-5
The /etc/cron.weekly file should be owned by the appropriate group.

CCE-18156-0
The rawdevices service should be enabled or disabled as appropriate.

CCE-17857-4
All rsyslog log files should be owned by the appropriate user.

CCE-14940-1
The nosuid option should be enabled or disabled as appropriate for /tmp.

CCE-4256-4
Login prompts on serial ports should be enabled or disabled as appropriate.

CCE-4475-0
Emulation of the rsh command through the ssh server should be enabled or disabled as appropriate

CCE-3573-3
All files should be owned by a group as appropriate

CCE-4377-8
The hidd service should be enabled or disabled as appropriate.

CCE-4090-7
File permissions should be set correctly for the home directories for all user accounts.

CCE-3561-8
IP forwarding should be enabled or disabled as appropriate.

CCE-4464-4
The dhcp package should be installed or uninstalled as appropriate.

CCE-4245-7
The ability for users to perform interactive startups should be enabled or disabled as appropriate.

CCE-4441-2
The /etc/cron.monthly file should be owned by the appropriate user.

CCE-4210-1
The /etc/gshadow file should be owned by the appropriate user.

CCE-4320-8
Logging of "martian" packets (those with impossible addresses) should be enabled or disabled for all interfaces as appropriate.

CCE-4355-4
The bluetooth service should be enabled or disabled as appropriate.

CCE-14853-6
Support for jffs2 filesystems should be enabeld or disabled as appropriate.

CCE-4080-8
Performing source validation by reverse path should be enabled or disabled for all interfaces as appropriate.

CCE-17248-6
Rsyslog logs should be sent to a remote loghost or not as appropriate.

CCE-4223-4
All files should be owned by a user as appropriate

CCE-3660-8
Remote connections from accounts with empty passwords should be enabled or disabled as appropriate

CCE-3705-1
The ypbind service should be enabled or disabled as appropriate.

CCE-14584-7
/var/tmp should be configured on an appropriate filesystem partition.

CCE-15087-0
Support for hfs filesystems should be enabeld or disabled as appropriate.

CCE-14122-6
The minimum number of special characters required for new passwords should be set as appropriate.

CCE-4091-5
The default setting for accepting source routed packets should be enabled or disabled for network interfaces as appropriate.

CCE-3717-6
Warning banners for gui login users should be enabled or disabled as appropriate

CCE-4269-7
Accepting IPv6 router advertisements should be enabled or disabled as appropriate for all network interfaces.

CCE-4234-1
The inetd service should be enabled or disabled as appropriate.

CCE-14440-2
The GPG Key for Red Hat Network should be installed or uninstalled as appropriate.

CCE-4514-6
The httpd package should be installed or uninstalled as appropriate.

CCE-4209-3
The AIDE package should be installed or not as appropriate

CCE-4250-7
File permissions for /etc/cron.d should be set correctly.

CCE-4273-9
The tftp service should be enabled or disabled as appropriate.

CCE-4164-0
The xinetd package should be installed or uninstalled as appropriate.

CCE-14027-7
Disable or enable support for RDS as appropriate.

CCE-14777-7
/var should be configured on an appropriate filesystem partition.

CCE-4141-8
The rsh service should be enabled or disabled as appropriate.

CCE-3315-9
The allowed period of inactivity gnome desktop lockout should be configured correctly.

CCE-4054-3
The /etc/cron.hourly file should be owned by the appropriate group.

CCE-3883-6
The /etc/group file should be owned by the appropriate group.

CCE-14268-7
Disable or enable support for DCCP as appropriate.

CCE-14672-0
The minimum number of upper case characters required for new passwords should be set as appropriate.

CCE-4551-8
The smb service should be enabled or disabled as appropriate.

CCE-17816-0
The libuser library "login_defs" variable should be set correctly in libuser.conf.

CCE-4188-9
The direct gnome login warning banner should be set correctly.

CCE-4251-5
File permissions for /etc/cron.monthly should be set correctly.

CCE-3916-4
The tftp-server package should be installed or uninstalled as appropriate.

CCE-15047-4
Access to the root account via su should be restricted to the wheel group or not as appropriate.

CCE-14113-5
The minimum number of digits required for new passwords should be set as appropriate.

CCE-3568-3
The rpcidmapd service should be enabled or disabled as appropriate.

CCE-4286-1
The isdn service should be enabled or disabled as appropriate.

CCE-4550-0
The portmap service should be enabled or disabled as appropriate.

CCE-18031-5
The ipsec-tools package should be installed or uninstalled as appropriate.

CCE-4130-1
File permissions for /etc/shadow should be set correctly.

CCE-3522-0
The nodev option should be enabled or disabled as appropriate for all removable media.

CCE-4308-3
The rsh package should be installed or uninstalled as appropriate.

CCE-3390-2
The telnet service should be enabled or disabled as appropriate.

CCE-3301-9
The PATH variable should be set correctly for user root

CCE-4189-7
The iptables service should be enabled or disabled as appropriate.

CCE-4022-0
The /etc/cron.daily file should be owned by the appropriate user.

CCE-4252-3
The xinetd service should be enabled or disabled as appropriate.

CCE-4275-4
The noexec option should be enabled or disabled as appropriate for all removable media.

CCE-3851-3
The /etc/crontab file should be owned by the appropriate user.

CCE-3410-8
The "account lockout threshold" policy should meet minimum requirements.

CCE-4396-8
The nfslock service should be enabled or disabled as appropriate.

CCE-14071-5
NIS file inclusions should be set appropriately in the /etc/shadow file

CCE-3818-2
The grub boot loader should have password protection enabled or disabled as appropriate

CCE-4241-6
The requirement for a password to boot into single-user mode should be configured correctly.

CCE-3919-8
The vsftpd service should be enabled or disabled as appropriate.

CCE-14466-7
The at daemon should be enabled or disabled as appropriate.

CCE-4385-1
A remote NTP Server for time synchronization should be specified or not as appropriate

CCE-4154-1
The password minimum length should be set appropriately

CCE-3983-4
The /etc/cron.hourly file should be owned by the appropriate user.

CCE-14917-9
Auditing should be configured to record unauthorized attempts to access files as appropriate.

CCE-14081-4
The net-snmpd package should be installed or uninstalled as appropriate.

CCE-18151-1
The talk-server package should be installed or uninstalled as appropriate.

CCE-3578-2
The named service should be enabled or disabled as appropriate.

CCE-4276-2
All wireless interfaces should be enabled or disabled as appropriate.

CCE-4023-8
The inetd package should be installed or uninstalled as appropriate.

CCE-3918-0
The /etc/shadow file should be owned by the appropriate user.

CCE-4144-2
The /etc/grub.conf file should be owned by the appropriate user.

CCE-4167-3
The ip6tables service should be enabled or disabled as appropriate.

CCE-3566-7
File permissions for /etc/passwd should be set correctly.

CCE-4155-8
Sending ICMP redirects should be enabled or disabled for all interfaces as appropriate.

CCE-4265-5
Sending TCP syncookies should be enabled or disabled as appropriate.

CCE-14093-9
Support for hfsplus filesystems should be enabeld or disabled as appropriate.

CCE-14675-3
NIS file inclusions should be set appropriately in the /etc/group file

CCE-14970-8
Files with the setgid attribute enabled should be reviewed as appropriate to determine whether that condition is correct.

CCE-14300-8
Password hashes are shadowed or not shadowed for all accounts in /etc/passwd as appropriate.

CCE-3485-0
Logins through the specified virtual console device should be enabled or disabled as appropriate

CCE-4368-7
The nodev option should be enabled or disabled for all NFS mounts as appropriate

CPE    1
cpe:/o:redhat:enterprise_linux:5
*XCCDF
xccdf_gov.nist_benchmark_USGCB-RHEL-5-Desktop
OVAL    257
oval:gov.nist.usgcb.rhel:def:201745
oval:gov.nist.usgcb.rhel:def:20306
oval:gov.nist.usgcb.rhel:def:20303
oval:gov.nist.usgcb.rhel:def:20304
...

© 2013 SecPod Technologies