[Forgot Password]
Login  Register Subscribe

24436

 
 

131815

 
 

115190

 
 

909

 
 

90025

 
 

140

Paid content will be excluded from the download.


Download | Alert*


CCE-91992-8
Record Events That Modify Date and Time Information "Capture events where the system date and/or time has been modified. The parameters in this section are set to determine if the adjtimex (tune kernel clock), settimeofday (Set time, using timeval and timezone structures) stime (using seconds since ...

CCE-91928-2
Ensure IMAP and POP server is not enabled Dovecot is an open source IMAP and POP3 server for Linux based systems.

CCE-91905-0
Disable Mounting of hfs Filesystems The hfs filesystem type is a hierarchical filesystem that allows you to mount Mac OS filesystems.

CCE-91920-9
Ensure echo is not enabled echo is a network service that responds to clients with the data sent to it by the client. This service is intended for debugging and testing purposes. It is recommended that this service be disabled.

CCE-91989-4
Disable System on Audit Log Full The auditd daemon can be configured to halt the system when the audit logs are full.

CCE-92004-1
Collect Kernel Module Loading and Unloading "Monitor the loading and unloading of kernel modules. The programs insmod (install a kernel module), rmmod (remove a kernel module), and modprobe (a more sophisticated program to load and unload modules, as well as some other features) control loading and ...

CCE-91966-2
Set Password Creation Requirement Parameters Using pam_cracklib The pam_cracklib module checks the strength of passwords. It performs checks such as making sure a password is not a dictionary word, it is a certain length, contains a mix of characters (e.g. alphabet, numeric, other) and more. The fo ...

CCE-91943-1
Enable TCP SYN Cookies When tcp_syncookies is set, the kernel will handle TCP SYN packets normally until the half-open connection queue is full, at which time, the SYN cookie functionality kicks in. SYN cookies work by not using the SYN queue at all. Instead, the kernel simply replies to the SYN wi ...

CCE-91981-1
Set Default umask for Users The default umask determines the permissions of files created by users. The user creating the file has the discretion of making their files and directories readable by others via the chmod command. Users who wish to allow their files and directories to be readable by oth ...

CCE-91917-5
Ensure xinetd is not enabled The eXtended InterNET Daemon (xinetd) is an open source super daemon that replaced the original inetd daemon. The xinetd daemon listens for well known services and dispatches the appropriate daemon to properly respond to service requests. Note: Several other services re ...

CCE-91978-7
Set Password Change Minimum Number of Days The PASS_MIN_DAYS parameter in /etc/login.defs allows an administrator to prevent users from changing their password until a minimum number of days have passed since the last time the user changed their password. It is recommended that PASS_MIN_DAYS parame ...

CCE-92016-5
Install the rsyslog package The rsyslog package is a third party package that provides many enhancements to syslog, such as multi-threading, TCP communication, message filtering and data base support.

CCE-91955-5
Configure rsyslog to Send Logs to a Remote Log Host The rsyslog utility supports the ability to send logs it gathers to a remote log host running syslogd(8) or to receive messages from remote hosts, reducing administrative overhead.

CCE-91999-3
Collect Unsuccessful Unauthorized Access Attempts to Files "Monitor for unsuccessful attempts to access files. The parameters below are associated with system calls that control creation (creat), opening (open, openat) and truncation (truncate, ftruncate) of files. An audit log record will only be ...

CCE-91976-1
Restrict Access to the su Command The su command allows a user to run a command or shell as another user. The program has been superseded by sudo, which allows for more granular control over privileged access. Normally, the su command can be executed by any user. By uncommenting the pam_wheel.so st ...

CCE-91991-0
Enable Auditing for Processes That Start Prior to auditd Configure grub or lilo so that processes that are capable of being audited can be audited even if they start up prior to auditd startup.

CCE-91953-0
Configure Audit Log Storage Size Configure the maximum size of the audit log file. Once the log reaches the maximum size, it will be rotated and a new log file will be started.

CCE-91927-4
Ensure FTP Server is not enabled The File Transfer Protocol (FTP) provides networked computers with the ability to transfer files.

CCE-92005-8
Make the Audit Configuration Immutable "Set system audit so that audit rules cannot be modified with auditctl. Setting the flag ""-e 2"" forces audit to be put in immutable mode. Audit changes can only be made on system reboot."

CCE-91904-3
Disable Mounting of jffs2 Filesystems The jffs2 (journaling flash filesystem 2) filesystem type is a log-structured filesystem used in flash memory devices.

CCE-91988-6
Verify User/Group Ownership on /etc/group The /etc/group file contains a list of all the valid groups defined in the system. The command below allows read/write access for root and read access for everyone else.

CCE-92020-7
Set SSH HostbasedAuthentication to No The HostbasedAuthentication parameter specifies if authentication is allowed through trusted hosts via the user of .rhosts, or /etc/hosts.equiv, along with successful public key client host authentication. This option only applies to SSH Protocol Version 2.

CCE-91942-3
Enable RFC-recommended Source Route Validation Setting net.ipv4.conf.all.rp_filter and net.ipv4.conf.default.rp_filter to 1 forces the Linux kernel to utilize reverse path filtering on a received packet to determine if the packet was valid. Essentially, with reverse path filtering, if the return pa ...

CCE-91980-3
Disable System Accounts There are a number of accounts provided with Ubuntu that are used to manage applications and are not intended to provide an interactive shell.

CCE-92017-3
Install AIDE In some installations, AIDE is not installed automatically.

CCE-91977-9
Set Password Expiration Days The PASS_MAX_DAYS parameter in /etc/login.defs allows an administrator to force passwords to expire once they reach a defined age. It is recommended that the PASS_MAX_DAYS parameter be set to less than or equal to 90 days.

CCE-91954-8
Ensure the rsyslog Service is activated Once the rsyslog package is installed it needs to be activated.

CCE-91931-6
Ensure SNMP Server is not enabled The Simple Network Management Protocol (SNMP) server is used to listen for SNMP commands from an SNMP management system, execute the commands or collect the information and then send results back to the requesting system.

CCE-91916-7
Ensure tftp-server is not enabled Trivial File Transfer Protocol (TFTP) is a simple file transfer protocol, typically used to automatically transfer configuration or boot machines from a boot server. The packages tftp and atftp are both used to define and support a TFTP server.

CCE-91939-9
Log Suspicious Packets When enabled, this feature logs packets with un-routable source addresses to the kernel log.

CCE-91975-3
Limit Access via SSH There are several options available to limit which users and group can access the system via SSH. It is recommended that at least one of the following options be leveraged: AllowUsers The AllowUsers variable gives the system administrator the option of allowing specific users t ...

CCE-91990-2
Keep All Auditing Information Normally, auditd will hold 4 logs of maximum log file size before deleting older log files.

CCE-91952-2
Disable TIPC The Transparent Inter-Process Communication (TIPC) protocol is designed to provide communication between cluster nodes.

CCE-92025-6
Install and Enable auditd Service Install and turn on the auditd daemon to record system events.

CCE-91903-5
Disable Mounting of freevxfs Filesystems The freevxfs filesystem type is a free version of the Veritas type filesystem. This is the primary filesystem type for HP-UX operating systems.

CCE-92002-5
Collect Changes to System Administration Scope (sudoers) "Monitor scope changes for system administrations. If the system has been properly configured to force system administrators to log in as themselves first and then use the sudo command to execute privileged commands, it is possible to monitor ...

CCE-91926-6
Ensure NFS and RPC are not enabled The Network File System (NFS) is one of the first and most widely distributed file systems in the UNIX environment. It provides the ability for systems to mount file systems of other servers through the network.

CCE-91964-7
Set User/Group Owner and Permission on /etc/cron.d The /etc/cron.d directory contains system cron jobs that need to run in a similar manner to the hourly, daily weekly and monthly jobs from /etc/crontab, but require more granular control as to when they run. The files in this directory cannot be ma ...

CCE-91987-8
Verify User/Group Ownership on /etc/shadow The /etc/shadow file contains the one-way cipher text passwords for each user defined in the /etc/passwd file. The command below sets the user and group ownership of the file to root.

CCE-91949-8
Disable DCCP The Datagram Congestion Control Protocol (DCCP) is a transport layer protocol that supports streaming media and telephony. DCCP provides a way to gain access to congestion control, without having to do it at the application layer, but does not provide in- sequence delivery.

CCE-91941-5
Enable Bad Error Message Protection Setting icmp_ignore_bogus_error_responses to 1 prevents the kernel from logging bogus responses (RFC-1122 non-compliant) from broadcast reframes, keeping file systems from filling up with useless log messages.

CCE-91930-8
Ensure HTTP Proxy Server is not enabled Squid is a standard proxy server used in many distributions and environments.

CCE-91938-1
Disable Secure ICMP Redirect Acceptance Secure ICMP redirects are the same as ICMP redirects, except they come from gateways listed on the default gateway list. It is assumed that these gateways are known to your system, and that they are likely to be secure.

CCE-91915-9
Ensure talk server is not enabled The talk software makes it possible for users to send and receive messages across systems through a terminal session. The talk client (allows initiate of talk sessions) is installed by default.

CCE-92014-0
Ensure LDAP is not enabled The Lightweight Directory Access Protocol (LDAP) was introduced as a replacement for NIS/YP. It is a service that provides a method for looking up information from a central database.

CCE-91974-6
Do Not Allow Users to Set Environment Options The PermitUserEnvironment option allows users to present environment options to the ssh daemon.

CCE-91951-4
Disable RDS The Reliable Datagram Sockets (RDS) protocol is a transport layer protocol designed to provide low-latency, high-bandwidth communications between cluster nodes. It was developed by the Oracle Corporation.

CCE-91902-7
Disable Mounting of cramfs Filesystems The cramfs filesystem type is a compressed read-only Linux filesystem embedded in small footprint systems. A cramfs image can be used without having to first decompress the image.

CCE-92003-3
Collect System Administrator Actions (sudolog) Monitor the sudo log file. If the system has been properly configured to disable the use of the su command and force all administrators to have to log in first and then use sudo to execute privileged commands, then all administrator commands will be lo ...

CCE-91925-8
Ensure DHCP Server is not enabled The Dynamic Host Configuration Protocol (DHCP) is a service that allows machines to be dynamically assigned IP addresses.

CCE-91963-9
Set User/Group Owner and Permission on /etc/cron.monthly The /etc/cron.monthly directory contains system cron jobs that need to run on a monthly basis. The files in this directory cannot be manipulated by the crontab command, but are instead edited by system administrators using a text editor. The ...

CCE-91948-0
Verify Permissions on /etc/hosts.deny The /etc/hosts.deny file contains network information that is used by many system applications and therefore must be readable for these applications to operate.

CCE-91986-0
Verify User/Group Ownership on /etc/passwd The /etc/passwd file contains a list of all the valid userIDs defined in the system, but not the passwords. The command below sets the owner and group of the file to root.

CCE-91940-7
Enable Ignore Broadcast Requests Setting net.ipv4.icmp_echo_ignore_broadcasts to 1 will cause the system to ignore all ICMP echo and timestamp requests to broadcast and multicast addresses.

CCE-91914-2
Ensure rsh server is not enabled The Berkeley rsh-server (rsh, rlogin, rcp) package contains legacy services that exchange credentials in clear-text.

CCE-91937-3
Disable ICMP Redirect Acceptance ICMP redirect messages are packets that convey routing information and tell your host (acting as a router) to send packets via an alternate path. It is a way of allowing an outside routing device to update your system routing tables. By setting net.ipv4.conf.all.acc ...

CCE-92015-7
Install TCP Wrappers TCP Wrappers provides a simple access list and standardized logging method for services capable of supporting it. In the past, services that were called from inetd and xinetd supported the use of tcp wrappers. As inetd and xinetd have been falling in disuse, any service that ca ...

CCE-91998-5
Collect Discretionary Access Control Permission Modification Events "Monitor changes to file permissions, attributes, ownership and group. The parameters in this section track changes for system calls that affect file permissions and attributes. The chmod, fchmod and fchmodat system calls affect th ...

CCE-91950-6
Disable SCTP The Stream Control Transmission Protocol (SCTP) is a transport layer protocol used to support message oriented communication, with several streams of messages in one connection. It serves a similar function as TCP and UDP, incorporating features of both. It is message-oriented like UDP ...

CCE-92000-9
Collect Successful File System Mounts Monitor the use of the mount system call. The mount (and umount) system call controls the mounting and unmounting of file systems. The parameters below configure the system to create an audit record when the mount system call is used by a non-privileged user

CCE-91901-9
Ensure Firewall is active IPtables is an application that allows a system administrator to configure the IPv4 tables, chains and rules provided by the Linux kernel firewall. ufw was developed to ease IPtables firewall configuration.

CCE-91909-2
Disable Automounting autofs allows automatic mounting of devices, typically including CD/DVDs and USB drives.

CCE-92008-2
Ensure NIS is not installed The Network Information Service (NIS), formerly known as Yellow Pages, is a client-server directory service protocol used to distribute system configuration files.

CCE-91947-2
Verify Permissions on /etc/hosts.allow The /etc/hosts.allow file contains networking information that is used by many applications and therefore must be readable for these applications to operate.

CCE-92023-1
Set SSH Banner The Banner parameter specifies a file whose contents must be sent to the remote user before authentication is permitted. By default, no banner is displayed.

CCE-91985-2
Verify Permissions on /etc/group The /etc/group file contains a list of all the valid groups defined in the system. The command below allows read/write access for root and read access for everyone else.

CCE-91924-1
Ensure print server is not enabled The Common Unix Print System (CUPS) provides the ability to print to both local and network printers. A system running CUPS can also accept print jobs from remote systems and print them to local printers. It also provides a web based remote administration capabili ...

CCE-91962-1
Set User/Group Owner and Permission on /etc/cron.weekly The /etc/cron.weekly directory contains system cron jobs that need to run on a weekly basis. The files in this directory cannot be manipulated by the crontab command, but are instead edited by system administrators using a text editor. The com ...

CCE-91959-7
Set User/Group Owner and Permission on /etc/crontab The /etc/crontab file is used by cron to control its own jobs. The commands in this item make sure that root is the user and group owner of the file and that only the owner can access the file.

CCE-91936-5
Disable Source Routed Packet Acceptance In networking, source routing allows a sender to partially or fully specify the route packets take through a network. In contrast, non-source routed packets travel a path determined by routers in the network. In some cases, systems may not be routable or reac ...

CCE-91913-4
Enable Randomized Virtual Memory Region Placement Set the system flag to force randomized virtual memory region placement.

CCE-91997-7
Collect Session Initiation Information "Monitor session initiation events. The parameters in this section track changes to the files associated with session events. The file /var/run/utmp file tracks all currently logged in users. The /var/log/wtmp file tracks logins, logouts, shutdown and reboot e ...

CCE-92012-4
Ensure the X Window system is not installed The X Window system provides a Graphical User Interface (GUI) where users can have multiple windows in which to run programs and various add on. The X Window system is typically used on desktops where users login, but not on servers where users typically ...

CCE-91972-0
Set SSH MaxAuthTries to 4 or Less The MaxAuthTries parameter specifies the maximum number of authentication attempts permitted per connection. When the login failure count reaches half the number, error messages will be written to the syslog file detailing the login failure.

CCE-91995-1
Record Events That Modify the System's Mandatory Access Controls Monitor SELinux mandatory access controls. The parameters below monitor any write access (potential additional, deletion or modification of files in the directory) or attribute changes to the /etc/selinux directory.

CCE-91957-1
Configure logrotate The system includes the capability of rotating log files regularly to avoid filling up the system with logs or making the logs unmanageable large. The file /etc/logrotate.d/rsyslog is the configuration file used to rotate log files created by rsyslog.

CCE-91934-0
Disable IP Forwarding The net.ipv4.ip_forward flag is used to tell the server whether it can forward packets or not. If the server is not to be used as a router, set the flag to 0.

CCE-92001-7
Collect File Deletion Events by User "Monitor the use of system calls associated with the deletion or renaming of files and file attributes. This configuration statement sets up monitoring for the unlink (remove a file), unlinkat (remove a file attribute), rename (rename a file) and renameat (renam ...

CCE-92009-0
Ensure rsh client is not installed The rsh package contains the client commands for the rsh services.

CCE-91969-6
Set LogLevel to INFO The INFO parameter specifices that record login and logout activity will be logged.

CCE-91946-4
Disable IPv6 Although IPv6 has many advantages over IPv4, few organizations have implemented IPv6.

CCE-91923-3
Ensure Avahi Server is not enabled Avahi is a free zeroconf implementation, including a system for multicast DNS/DNS-SD service discovery. Avahi allows programs to publish and discover services and hosts running on a local network with no specific configuration. For example, a user can plug a compu ...

CCE-92024-9
Restrict root Login to System Console The file /etc/securetty contains a list of valid terminals that may be logged in directly as root.

CCE-91908-4
Disable Mounting of udf Filesystems The udf filesystem type is the universal disk format used to implement ISO/IEC 13346 and ECMA-167 specifications. This is an open vendor filesystem type for data storage on a broad range of media. This filesystem type is necessary to support writing DVDs and newe ...

CCE-91984-5
Verify Permissions on /etc/shadow The /etc/shadow file is used to store the information about user accounts that is critical to the security of those accounts, such as the hashed password and other security information.

CCE-91961-3
Set User/Group Owner and Permission on /etc/cron.daily The /etc/cron.daily directory contains system cron jobs that need to run on a daily basis. The files in this directory cannot be manipulated by the crontab command, but are instead edited by system administrators using a text editor. The comman ...

CCE-91935-7
Disable Send Packet Redirects ICMP Redirects are used to send routing information to other hosts. As a host itself does not act as a router (in a host only configuration), there is no need to send redirects.

CCE-91912-6
Restrict Core Dumps A core dump is the memory of an executable program. It is generally used to determine why a program aborted. It can also be used to glean confidential information from a core file. The system provides the ability to set a soft limit for core dumps, but this can be overridden by ...

CCE-91973-8
Disable SSH Root Login The PermitRootLogin parameter specifies if the root user can log in using ssh(1). The default is no.

CCE-91996-9
Collect Login and Logout Events Monitor login and logout events. The parameters below track changes to files associated with login/logout events. The file /var/log/faillog tracks failed events from login. The file /var/log/lastlog maintain records of the last time a user successfully logged in. The ...

CCE-92013-2
Configure Network Time Protocol (NTP) The Network Time Protocol (NTP) is designed to synchronize system clocks across a variety of systems and use a source that is highly accurate. More information on NTP can be found at http://www.ntp.org. NTP can be configured to be a client and/or a server.

CCE-91958-9
Enable cron Daemon The cron daemon is used to execute batch jobs on the system.

CCE-91994-4
Record Events That Modify the System's Network Environment Record changes to network environment files or system calls. The below parameters monitor the sethostname (set the systems host name) or setdomainname (set the systems domainname) system calls, and write an audit event on system call exit. ...

CCE-91933-2
Ensure rsync service is not enabled The rsyncd service can be used to synchronize files between systems over network links.

CCE-91910-0
Set User/Group Owner on bootloader config Set the owner and group of your boot loaders config file to the root user. These instructions default to GRUB stored at /boot/grub/grub.cfg.

CCE-91971-2
Disable SSH X11 Forwarding The X11Forwarding parameter provides the ability to tunnel X11 traffic through the connection to enable remote graphic connections.

CCE-91968-8
Limit Password Reuse The /etc/security/opasswd file stores the users' old passwords and can be checked to ensure that users are not recycling recent passwords.

CCE-91922-5
Ensure time is not enabled time is a network service that responds with the server's current date and time as a 32 bit integer. This service is intended for debugging and testing purposes. It is recommended that this service be disabled.

CCE-92006-6
Accept Remote rsyslog Messages Only on Designated Log Hosts By default, rsyslog does not listen for log messages coming in from remote systems. The ModLoad tells rsyslog to load the imtcp.so module so it can listen over a network via TCP. The InputTCPServerRun option instructs rsyslogd to listen on ...

CCE-91945-6
Disable IPv6 Redirect Acceptance This setting prevents the system from accepting ICMP redirects. ICMP redirects tell the system about alternate routes for sending traffic.

CCE-91907-6
Disable Mounting of squashfs Filesystems The squashfs filesystem type is a compressed read-only Linux filesystem embedded in small footprint systems (similar to cramfs). A squashfs image can be used without having to first decompress the image.

CCE-92021-5
Set SSH PermitEmptyPasswords to No The PermitEmptyPasswords parameter specifies if the server allows login to accounts with empty password strings.

CCE-91983-7
Verify Permissions on /etc/passwd The /etc/passwd file contains user account information that is used by many system utilities and therefore must be readable for these utilities to operate.

CCE-91960-5
Set User/Group Owner and Permission on /etc/cron.hourly This directory contains system cron jobs that need to run on an hourly basis. The files in this directory cannot be manipulated by the crontab command, but are instead edited by system administrators using a text editor. The commands below res ...

CCE-91919-1
Ensure daytime is not enabled daytime is a network service that responds with the server's current date and time. This service is intended for debugging and testing purposes. It is recommended that this service be disabled.

CCE-91911-8
Set Boot Loader Password Setting the boot loader password will require that anyone rebooting the system must enter a password before being able to set command line boot parameters

CCE-92018-1
Set SSH Protocol to 2 SSH supports two different and incompatible protocols: SSH1 and SSH2. SSH1 was the original protocol and was subject to security issues. SSH2 is more advanced and secure.

CCE-92010-8
Ensure talk client is not installed The talk software makes it possible for users to send and receive messages across systems through a terminal session.

CCE-91993-6
Record Events That Modify User/Group Information "Record events affecting the group, passwd (user IDs), shadow and gshadow (passwords) or /etc/security/opasswd (old passwords, based on remember parameter in the PAM configuration) files. The parameters in this section will watch the files to see if ...

CCE-92019-9
Set SSH IgnoreRhosts to Yes The IgnoreRhosts parameter specifies that .rhosts and .shosts files will not be used in RhostsRSAAuthentication or HostbasedAuthentication.

CCE-91932-4
Configure Mail Transfer Agent for Local-Only Mode Mail Transfer Agents (MTA), such as sendmail and Postfix, are used to listen for incoming mail and transfer the messages to the appropriate user or mail server. If the system is not intended to be a mail server, it is recommended that the MTA be con ...

CCE-91970-4
Set Permissions on /etc/ssh/sshd_config The /etc/ssh/sshd_config file contains configuration specifications for sshd. The command below sets the owner and group of the file to root.

CCE-91944-9
Disable IPv6 Router Advertisements This setting disables the systems ability to accept router advertisements

CCE-91929-0
Ensure Samba is not enabled The Samba daemon allows system administrators to configure their Linux systems to share file systems and directories with Windows desktops. Samba will advertise the file systems and directories via the Small Message Block (SMB) protocol. Windows desktop users will be abl ...

CCE-91921-7
Ensure discard is not enabled discard is a network service that simply discards all data it receives. This service is intended for debugging and testing purposes. It is recommended that this service be disabled.

CCE-92007-4
Disable Prelink The prelinking feature changes binaries in an attempt to decrease their startup time.

CCE-91906-8
Disable Mounting of hfsplus Filesystems The hfsplus filesystem type is a hierarchical filesystem designed to replace hfs that allows you to mount Mac OS filesystems.

CCE-92022-3
Set Idle Timeout Interval for User Login The two options ClientAliveInterval and ClientAliveCountMax control the timeout of ssh sessions. When the ClientAliveInterval variable is set, ssh sessions that have no activity for the specified length of time are terminated. When the ClientAliveCountMax va ...

CCE-91982-9
Lock Inactive User Accounts User accounts that have been inactive for over a given period of time can be automatically disabled. It is recommended that accounts that are inactive for 35 or more days be disabled.

CCE-91967-0
Set Lockout for Failed Password Attempts Lock out users after n unsuccessful consecutive login attempts. The first sets of changes are made to the PAM configuration file /etc/pam.d/login. The second set of changes are applied to the program specific PAM configuration file. The second set of changes ...

CCE-92011-6
Ensure telnet server is not enabled The telnet-server package contains the telnet daemon, which accepts connections from users from other systems via the telnet protocol.

CCE-91918-3
Ensure chargen is not enabled chargen is a network service that responds with 0 to 512 ASCII characters for each connection it receives. This service is intended for debugging and testing purposes. It is recommended that this service be disabled.

CCE-91979-5
Set Password Expiring Warning Days The PASS_WARN_AGE parameter in /etc/login.defs allows an administrator to notify users that their password will expire in a defined number of days. It is recommended that the PASS_WARN_AGE parameter be set to 7 or more days.

CCE-91956-3
Implement Periodic Execution of File Integrity Implement periodic file checking, in compliance with site policy.

CCE-91965-4
Restrict at/cron to Authorized Users Configure /etc/cron.allow and /etc/at.allow to allow specific users to use these services. If /etc/cron.allow or /etc/at.allow do not exist, then /etc/at.deny and /etc/cron.deny are checked. Any user not specifically defined in those files is allowed to use at a ...

CPE    1
cpe:/o:ubuntu:ubuntu_linux:16.04
*XCCDF
xccdf_org.secpod_benchmark_general_Ubuntu_16_04
OVAL    125
oval:org.secpod.oval:def:46228
oval:org.secpod.oval:def:46227
oval:org.secpod.oval:def:46229
oval:org.secpod.oval:def:46235
...

© SecPod Technologies