[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*


CCE-91261-8
Verify User/Group Ownership on /etc/group (Scored) The /etc/group file contains a list of all the valid groups defined in the system. The command below allows read/write access for root and read access for everyone else.

CCE-91237-8
Disable SSH Root Login (Scored) The PermitRootLogin parameter specifies if the root user can log in using ssh(1). The default is no.

CCE-91260-0
Verify User/Group Ownership on /etc/shadow (Scored) The /etc/shadow file contains the one-way cipher text passwords for each user defined in the /etc/passwd file. The command below sets the user and group ownership of the file to root.

CCE-91230-3
Set SSH Protocol to 2 (Scored) SSH supports two different and incompatible protocols: SSH1 and SSH2. SSH1 was the original protocol and was subject to security issues. SSH2 is more advanced and secure.

CCE-91257-6
Verify Permissions on /etc/shadow (Scored) The /etc/shadow file is used to store the information about user accounts that is critical to the security of those accounts, such as the hashed password and other security information.

CCE-91232-9
Set Permissions on /etc/ssh/sshd_config (Scored) The /etc/ssh/sshd_config file contains configuration specifications for sshd. The command below sets the owner and group of the file to root.

CCE-91259-2
Verify User/Group Ownership on /etc/passwd (Scored) The /etc/passwd file contains a list of all the valid userIDs defined in the system, but not the passwords. The command below sets the owner and group of the file to root.

CCE-91227-9
Set Password Creation Requirement Parameters Using pam_cracklib (Scored) The pam_cracklib module checks the strength of passwords. It performs checks such as making sure a password is not a dictionary word, it is a certain length, contains a mix of characters (e.g. alphabet, numeric, other) and mor ...

CCE-91228-7
Set Lockout for Failed Password Attempts (Not Scored) Lock out users after n unsuccessful consecutive login attempts. The first sets of changes are made to the PAM configuration file /etc/pam.d/login. The second set of changes are applied to the program specific PAM configuration file. The second s ...

CCE-91176-8
Disable IPv6 Router Advertisements (Not Scored) This setting disables the systems ability to accept router advertisements

CCE-91247-7
The PASS_MIN_DAYS parameter in /etc/login.defs allows an administrator to prevent users from changing their password until a minimum number of days have passed since the last time the user changed their password. It is recommended that PASS_MIN_DAYS parameter be set to 7 or more days. Rationale: By ...

CCE-91246-9
The PASS_MAX_DAYS parameter in /etc/login.defs allows an administrator to force passwords to expire once they reach a defined age. It is recommended that the PASS_MAX_DAYS parameter be set to less than or equal to 60 days. Rationale: The window of opportunity for an attacker to leverage compromised ...

CPE    1
cpe:/o:ubuntu:ubuntu_linux:14.04
*XCCDF
xccdf_org.secpod_benchmark_SecPod_Ubuntu_14_04
OVAL    12
oval:org.secpod.oval:def:33926
oval:org.secpod.oval:def:33935
oval:org.secpod.oval:def:33957
oval:org.secpod.oval:def:33925
...

© SecPod Technologies