[Forgot Password]
Login  Register Subscribe

24436

 
 

131815

 
 

115228

 
 

909

 
 

90132

 
 

140

Paid content will be excluded from the download.


Download | Alert*


CCE-91301-2
Hide or display the sleep, restart, and shutdown buttons, in the login window. Hide or display the sleep, restart, and shutdown buttons, as a group, in the login window.

CCE-91302-0
Hide or display the restart button in the login window. Hide or display the restart button in the login window.

CCE-91338-4
Extended ACL is applied or not for /etc/passwd file The /etc/passwd file should not have an extended ACL.

CCE-91369-9
Numeric Character in Passwords Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. Password complexity is ...

CCE-91371-5
Maximum password lifetime restriction Any password, no matter how complex, can eventually be cracked. Therefore, passwords need to be changed periodically. One method of minimizing this risk is to use complex passwords and periodically change them. If the operating system does not limit the lifeti ...

CCE-91372-3
Prevent usage of previously used password Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. If the information system or application allows the user to consecutively reuse their password when that password ha ...

CCE-91394-7
Disable the Insecure SSH Version (privileged accounts) The SSH Version should be explicity set to Version 2. Version 2 supports strong crypto and was rewritten from scratch to resolve several weaknesses in Version 1 that make it extremely vulnerable to attackers. The weaker crypto in Version 1 is p ...

CCE-91408-5
Lock Emergency Accounts after 72 Hours Emergency administrator accounts are privileged accounts which are established in response to crisis situations where the need for rapid account activation is required. Therefore, emergency account activation may bypass normal account authorization processes. ...

CCE-91414-3
Prevent Users from Logging in as Root Directly Administrator users must never log in directly as root. To assure individual accountability and prevent unauthorized access, logging in as root over a remote connection must be disabled. Administrators should only run commands as root after first authe ...

CCE-91358-2
Audit Account Creation Once an attacker establishes initial access to a system, the attacker often attempts to create a persistent method of re-establishing access. One way to accomplish this is for the attacker to create a new account. Auditing of account creation mitigates this risk. To address ...

CCE-91316-0
Verify user who owns the init files The owner of bash init files must be root. /etc/profile it is used to set system wide environmental variables on users shells. /etc/bashrc file is meant for setting command aliases and functions used by bash shell users.

CCE-91357-4
Lock User Accounts after 'n' Failed Login Attempts By limiting the number of failed login attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute forcing, is reduced. Limits are imposed by locking the account. Setting a lockout expiration of 15 minutes ...

CCE-91317-8
Verify group who owns the init files The group of bash init files must be wheel. /etc/profile it is used to set system wide environmental variables on users shells. /etc/bashrc file is meant for setting command aliases and functions used by bash shell users.

CCE-91416-8
Set Minimum Password Length to 15 Characters The minimum password length must be set to 15 characters. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. Password length is one factor of several that helps to ...

CCE-91417-6
Set the SSH Idle Timeout Interval and the Timeout for the Login Prompt SSH should be configured to log users out after a 15 minute interval of inactivity and to only wait 30 seconds before timing out login attempts. Terminating an idle session within a short time period reduces the window of opport ...

CPE    1
cpe:/o:apple:mac_os_x:10.11
*XCCDF
xccdf_org.secpod_benchmark_SecPod_MAC_OS_X_10_11
OVAL    15
oval:org.secpod.oval:def:44037
oval:org.secpod.oval:def:43968
oval:org.secpod.oval:def:44039
oval:org.secpod.oval:def:43965
...

© SecPod Technologies