[Forgot Password]
Login  Register Subscribe

23631

 
 

115083

 
 

97147

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*


oval:gov.nist.usgcb.rhel:def:201745
The telnet service should be disabled.

oval:gov.nist.usgcb.rhel:def:20306
The nosuid option should be enabled for all NFS mounts

oval:gov.nist.usgcb.rhel:def:20303
The nfs service should be disabled

oval:gov.nist.usgcb.rhel:def:20304
The rpcsvcgssd service should be disabled

oval:gov.nist.usgcb.rhel:def:141130
The password dcredit should meet minimum requirements using pam_cracklib

oval:gov.nist.usgcb.rhel:def:2034011
Require packet signing of clients who mount Samba shares using the mount.cifs program (e.g., those who specify shares in /etc/fstab). To do so, ensure that signing options (either sec=krb5i or sec=ntlmv2i) are used.

oval:gov.nist.usgcb.rhel:def:2034010
Require samba clients running smbclient to use packet signing. A Samba client should only communicate with servers who can support SMB packet signing.

oval:gov.nist.usgcb.rhel:def:20208
The /etc/crontab file should be owned by the appropriate group.

oval:gov.nist.usgcb.rhel:def:20209
The /etc/crontab file should be owned by the appropriate user.

oval:gov.nist.usgcb.rhel:def:20205
The crond service should be enabled.

oval:gov.nist.usgcb.rhel:def:20323
The httpd package should be uninstalled.

oval:gov.nist.usgcb.rhel:def:20200
The bluetooth service should be disabled.

oval:gov.nist.usgcb.rhel:def:20201
The hidd service should be disabled.

oval:gov.nist.usgcb.rhel:def:20322
The httpd service should be disabled.

oval:gov.nist.usgcb.rhel:def:20317
The vsftpd service should be disabled.

oval:gov.nist.usgcb.rhel:def:20312
The bind package should be uninstalled.

oval:gov.nist.usgcb.rhel:def:20311
The named service should be disabled.

oval:gov.nist.usgcb.rhel:def:200855
Check each directory in root's path and make use it does not grant write permission to group and other

oval:gov.nist.usgcb.rhel:def:201825
The tftp service should be disabled.

oval:gov.nist.usgcb.rhel:def:20107
The SELinux policy should be set appropriately.

oval:gov.nist.usgcb.rhel:def:20228
File permissions for /etc/cron.d should be set correctly.

oval:gov.nist.usgcb.rhel:def:20226
File permissions for /etc/cron.weekly should be set correctly.

oval:gov.nist.usgcb.rhel:def:20106
The SELinux state should be set appropriately.

oval:gov.nist.usgcb.rhel:def:20227
File permissions for /etc/cron.monthly should be set correctly.

oval:gov.nist.usgcb.rhel:def:20103
The direct gnome login warning banner should be set correctly.

oval:gov.nist.usgcb.rhel:def:20224
File permissions for /etc/cron.hourly should be set correctly.

oval:gov.nist.usgcb.rhel:def:20104
SELinux should be enabled

oval:gov.nist.usgcb.rhel:def:20225
File permissions for /etc/cron.daily should be set correctly.

oval:gov.nist.usgcb.rhel:def:20101
The vlock package should be installed

oval:gov.nist.usgcb.rhel:def:20222
The /etc/cron.monthly file should be owned by the appropriate user.

oval:gov.nist.usgcb.rhel:def:20102
The system login banner text should be set correctly.

oval:gov.nist.usgcb.rhel:def:20223
The /etc/cron.d file should be owned by the appropriate user.

oval:gov.nist.usgcb.rhel:def:20220
The /etc/cron.daily file should be owned by the appropriate user.

oval:gov.nist.usgcb.rhel:def:20341
The squid service should be disabled.

oval:gov.nist.usgcb.rhel:def:20100
The allowed period of inactivity gnome desktop lockout should be configured correctly.

oval:gov.nist.usgcb.rhel:def:20221
The /etc/cron.weekly file should be owned by the appropriate user.

oval:gov.nist.usgcb.rhel:def:20342
The squid package should be uninstalled.

oval:gov.nist.usgcb.rhel:def:20340
The smb service should be disabled.

oval:gov.nist.usgcb.rhel:def:20219
The /etc/cron.hourly file should be owned by the appropriate user.

oval:gov.nist.usgcb.rhel:def:20217
The /etc/cron.monthly file should be owned by the appropriate group.

oval:gov.nist.usgcb.rhel:def:20218
The /etc/cron.d file should be owned by the appropriate group.

oval:gov.nist.usgcb.rhel:def:20215
The /etc/cron.daily file should be owned by the appropriate group.

oval:gov.nist.usgcb.rhel:def:20216
The /etc/cron.weekly file should be owned by the appropriate group.

oval:gov.nist.usgcb.rhel:def:20213
File permissions for /etc/anacrontab should be set correctly.

oval:gov.nist.usgcb.rhel:def:20214
The /etc/cron.hourly file should be owned by the appropriate group.

oval:gov.nist.usgcb.rhel:def:20211
The /etc/anacrontab file should be owned by the appropriate group.

oval:gov.nist.usgcb.rhel:def:20332
The dovecot package should be uninstalled.

oval:gov.nist.usgcb.rhel:def:20212
The /etc/anacrontab file should be owned by the appropriate user.

oval:gov.nist.usgcb.rhel:def:20210
File permissions for /etc/crontab should be set correctly.

oval:gov.nist.usgcb.rhel:def:20331
The dovecot service should be disabled.

oval:gov.nist.usgcb.rhel:def:20008
The yum-updatesd service should be disabled

oval:gov.nist.usgcb.rhel:def:20006
If user home directories will be stored locally, create a separate partition for /home. If /home will be mounted from another system such as an NFS server, then creating a separate partition is not necessary at this time, and the mountpoi ...

oval:gov.nist.usgcb.rhel:def:20248
Disable the ability to provide remote graphical display

oval:gov.nist.usgcb.rhel:def:20007
The rhnsd service should be disabled.

oval:gov.nist.usgcb.rhel:def:20128
All wireless interfaces should be disabled.

oval:gov.nist.usgcb.rhel:def:20249
Enable warning banner for GUI login

oval:gov.nist.usgcb.rhel:def:20004
System logs are stored in the /var/log directory. Ensure that it has its own partition or logical volume.

oval:gov.nist.usgcb.rhel:def:20125
Performing source validation by reverse path should be enabled or disabled for all interfaces as appropriate.

oval:gov.nist.usgcb.rhel:def:20005
Audit logs are stored in the /var/log/audit directory. Ensure that it has its own partition or logical volume. Make absolutely certain that it is large enough to store all audit logs that will be created by the auditing ...

oval:gov.nist.usgcb.rhel:def:20126
The default setting for performing source validation by reverse path should be enabled or disabled for network interfaces as appropriate.

oval:gov.nist.usgcb.rhel:def:20002
The /var directory is used by daemons and other system services to store frequently-changing data. It is not uncommon for the /var directory to contain world-writable directories, installed by other software packages. ...

oval:gov.nist.usgcb.rhel:def:20123
Ignoring bogus ICMP responses to broadcasts should be enabled or disabled as appropriate.

oval:gov.nist.usgcb.rhel:def:20244
Remote connections from accounts with empty passwords should be disabled (and dependencies are met)

oval:gov.nist.usgcb.rhel:def:20365
The snmpd service should be disabled.

oval:gov.nist.usgcb.rhel:def:20124
Sending TCP syncookies should be enabled or disabled as appropriate.

oval:gov.nist.usgcb.rhel:def:20245
SSH warning banner should be enabled (and dependencies are met)

oval:gov.nist.usgcb.rhel:def:20366
The net-snmp package should be uninstalled.

oval:gov.nist.usgcb.rhel:def:20000
The /tmp directory is a world-writable directory used for temporary ���le storage. Verify that it has its own partition or logical volume.

oval:gov.nist.usgcb.rhel:def:20121
The default setting for accepting "secure" ICMP redirects (those from gateways listed in the default gateways list) should be enabled or disabled for network interfaces as appropriate.

oval:gov.nist.usgcb.rhel:def:20242
SSH host-based authentication should be disabled (and dependencies are met)

oval:gov.nist.usgcb.rhel:def:20122
Ignoring ICMP echo requests (pings) sent to broadcast / multicast addresses should be enabled or disabled as appropriate.

oval:gov.nist.usgcb.rhel:def:20243
Root login via SSH should be disabled (and dependencies are met)

oval:gov.nist.usgcb.rhel:def:20240
The SSH ClientAliveCountMax should be set to an appropriate value (and dependencies are met)

oval:gov.nist.usgcb.rhel:def:20120
The default setting for accepting ICMP redirects should be enabled or disabled for network interfaces as appropriate.

oval:gov.nist.usgcb.rhel:def:20241
Emulation of the rsh command through the ssh server should be disabled (and dependencies are met)

oval:gov.nist.usgcb.rhel:def:200801
The "account deny" policy should meet minimum requirements.

oval:gov.nist.usgcb.rhel:def:20118
Logging of "martian" packets (those with impossible addresses) should be enabled or disabled for all interfaces as appropriate.

oval:gov.nist.usgcb.rhel:def:20239
The SSH idle timout interval should be set to an appropriate value (and dependencies are met)

oval:gov.nist.usgcb.rhel:def:20119
The default setting for accepting source routed packets should be enabled or disabled for network interfaces as appropriate.

oval:gov.nist.usgcb.rhel:def:20116
Accepting ICMP redirects should be enabled or disabled for all interfaces as appropriate.

oval:gov.nist.usgcb.rhel:def:20117
Accepting "secure" ICMP redirects (those from gateways listed in the default gateways list) should be enabled or disabled for all interfaces as appropriate.

oval:gov.nist.usgcb.rhel:def:20238
SSH version 1 protocol support should be disabled. (and dependencies are met)

oval:gov.nist.usgcb.rhel:def:20114
IP forwarding should be disabled.

oval:gov.nist.usgcb.rhel:def:20115
Accepting source routed packets should be enabled or disabled for all interfaces as appropriate.

oval:gov.nist.usgcb.rhel:def:20112
The default setting for sending ICMP redirects should be disabled for network interfaces.

oval:gov.nist.usgcb.rhel:def:20113
Sending ICMP redirects should be disabled for all interfaces.

oval:gov.nist.usgcb.rhel:def:20110
The mcstrans service should be disabled.

oval:gov.nist.usgcb.rhel:def:20028
prevents usage of this uncommon ���lesystems.

oval:gov.nist.usgcb.rhel:def:20149
All rsyslog log files should be owned by root user.

oval:gov.nist.usgcb.rhel:def:20029
prevents usage of this uncommon ���lesystems.

oval:gov.nist.usgcb.rhel:def:20147
The iptables service should be enabled.

oval:gov.nist.usgcb.rhel:def:20268
The dhcpd service should be enabled or disabled as appropriate.

oval:gov.nist.usgcb.rhel:def:20027
prevents usage of this uncommon ���lesystems.

oval:gov.nist.usgcb.rhel:def:20148
The syslog service should be enabled or disabled as appropriate.

oval:gov.nist.usgcb.rhel:def:20269
The dhcp package should be uninstalled.

oval:gov.nist.usgcb.rhel:def:20266
The hplip service should be disabled.

oval:gov.nist.usgcb.rhel:def:20146
The ip6tables service should be enabled.

oval:gov.nist.usgcb.rhel:def:202052
The atd service should be disabled.

oval:gov.nist.usgcb.rhel:def:20019
The nosuid option should be enabled for all removable media.

oval:gov.nist.usgcb.rhel:def:20017
The nodev option should be enabled for all removable media.

oval:gov.nist.usgcb.rhel:def:20018
The noexec option should be enabled for all removable media.

oval:gov.nist.usgcb.rhel:def:20136
Accepting redirects from IPv6 routers should be disabled as appropriate for all network interfaces. (and dependencies are met)

oval:gov.nist.usgcb.rhel:def:20016
The nodev option should be enabled for all non-root partitions.

oval:gov.nist.usgcb.rhel:def:20014
The AIDE package should be installed

oval:gov.nist.usgcb.rhel:def:20135
The default setting for accepting IPv6 router advertisements should be disabled for network interfaces. (and dependencies are met)

oval:gov.nist.usgcb.rhel:def:20011
To ensure that signature checking is not disabled for any repos, ensure that the following line DOES NOT appear in any repo con���guration ���les in /etc/yum.repos.d or elsewhere

oval:gov.nist.usgcb.rhel:def:20130
Automatic IPv6 address assignment should be disabled.

oval:gov.nist.usgcb.rhel:def:20010
The gpgcheck option should be used to ensure that checking of an RPM package���s signature always occurs prior to its installation./

oval:gov.nist.usgcb.rhel:def:20250
The avahi-daemon service should be disabled.

oval:gov.nist.usgcb.rhel:def:144120
Add nodev Option to /tmp Partition

oval:gov.nist.usgcb.rhel:def:20048
The sgid bit should be set only for specified files.

oval:gov.nist.usgcb.rhel:def:20169
Force a reboot to change audit rules is enabled

oval:gov.nist.usgcb.rhel:def:20049
The suid bit should be set only for specified files.

oval:gov.nist.usgcb.rhel:def:20046
The sticky bit should be set for all world-writable directories.

oval:gov.nist.usgcb.rhel:def:20167
Audit rules about the Files Deletion Events by User (successful and unsuccessful) are enabled

oval:gov.nist.usgcb.rhel:def:20047
The world-write permission should be disabled for all files.

oval:gov.nist.usgcb.rhel:def:20168
Audit rules about the System Administrator Actions are enabled

oval:gov.nist.usgcb.rhel:def:20289
The ldap service should be disabled.

oval:gov.nist.usgcb.rhel:def:20044
File permissions for /etc/gshadow should be set correctly.

oval:gov.nist.usgcb.rhel:def:20165
Audit rules about the Information on the Use of Privileged Commands are enabled

oval:gov.nist.usgcb.rhel:def:20045
File permissions for /etc/passwd should be set correctly.

oval:gov.nist.usgcb.rhel:def:20166
Audit rules about the Information on Exporting to Media (successful) are enabled

oval:gov.nist.usgcb.rhel:def:20042
File permissions for /etc/shadow should be set correctly.

oval:gov.nist.usgcb.rhel:def:20163
Audit rules about the Discretionary Access Control Permission Modi���cation Events are enabled

oval:gov.nist.usgcb.rhel:def:20043
File permissions for /etc/group should be set correctly.

oval:gov.nist.usgcb.rhel:def:20164
Audit rules about the Unauthorized Access Attempts to Files (unsuccessful) are enabled

oval:gov.nist.usgcb.rhel:def:20040
The /etc/passwd file should be owned by the appropriate user.

oval:gov.nist.usgcb.rhel:def:20041
The /etc/passwd file should be owned by the appropriate group.

oval:gov.nist.usgcb.rhel:def:20283
A remote NTP Server for time synchronization should be specified (and dependencies are met)

oval:gov.nist.usgcb.rhel:def:20160
Audit rules about the System���s Mandatory Access Controls are enabled

oval:gov.nist.usgcb.rhel:def:20281
The ntpd service should be enabled.

oval:gov.nist.usgcb.rhel:def:20039
The /etc/gshadow file should be owned by the appropriate group.

oval:gov.nist.usgcb.rhel:def:20037
The /etc/group file should be owned by the appropriate group.

oval:gov.nist.usgcb.rhel:def:20158
Audit rules about User/Group Information are enabled

oval:gov.nist.usgcb.rhel:def:203175
The vsftpd service should be uninstalled.

oval:gov.nist.usgcb.rhel:def:20038
The /etc/gshadow file should be owned by the appropriate user.

oval:gov.nist.usgcb.rhel:def:20159
Audit rules about the System���s Network Environment are enabled

oval:gov.nist.usgcb.rhel:def:20035
The /etc/shadow file should be owned by the appropriate group.

oval:gov.nist.usgcb.rhel:def:20156
The auditd service should be enabled.

oval:gov.nist.usgcb.rhel:def:20036
The /etc/group file should be owned by the appropriate user.

oval:gov.nist.usgcb.rhel:def:20157
Look for argument audit=1 in the kernel line in /boot/grub/grub.conf

oval:gov.nist.usgcb.rhel:def:20033
prevents usage of this uncommon ���lesystems.

oval:gov.nist.usgcb.rhel:def:20154
The logrotate (syslog rotater) service should be enabled.

oval:gov.nist.usgcb.rhel:def:20034
The /etc/shadow file should be owned by the appropriate user.

oval:gov.nist.usgcb.rhel:def:20031
prevents usage of this uncommon ���lesystems.

oval:gov.nist.usgcb.rhel:def:20152
Syslog logs should be sent to a remote loghost

oval:gov.nist.usgcb.rhel:def:20032
prevents usage of this uncommon ���lesystems.

oval:gov.nist.usgcb.rhel:def:20153
RSyslogd should reject remote messages

oval:gov.nist.usgcb.rhel:def:20150
All syslog log files should be owned by the appropriate group.

oval:gov.nist.usgcb.rhel:def:20030
prevents usage of this uncommon ���lesystems.

oval:gov.nist.usgcb.rhel:def:20151
File permissions for all syslog log files should be set correctly.

oval:gov.nist.usgcb.rhel:def:20068
Login access to non-root system accounts should be disabled

oval:gov.nist.usgcb.rhel:def:20069
Login access to accounts without passwords should be disabled

oval:gov.nist.usgcb.rhel:def:20066
Command access to the root account should be restricted to the wheel group.

oval:gov.nist.usgcb.rhel:def:20187
The kdump service should be disabled.

oval:gov.nist.usgcb.rhel:def:20064
Login prompts on serial ports should be disabled.

oval:gov.nist.usgcb.rhel:def:20065
The wheel group should exist

oval:gov.nist.usgcb.rhel:def:20186
The isdn service should be disabled.

oval:gov.nist.usgcb.rhel:def:20181
The ypbind service should be disabled.

oval:gov.nist.usgcb.rhel:def:20182
The tftp-server package should be uninstalled.

oval:gov.nist.usgcb.rhel:def:20180
The ypserv package should be uninstalled.

oval:gov.nist.usgcb.rhel:def:180372
The firewall should allow or reject access to the avahi service.

oval:gov.nist.usgcb.rhel:def:20059
Kernel support for the XD/NX processor feature should be enabled

oval:gov.nist.usgcb.rhel:def:20057
ExecShield should be enabled

oval:gov.nist.usgcb.rhel:def:20058
ExecShield randomized placement of virtual memory regions should be enabled

oval:gov.nist.usgcb.rhel:def:20055
Core dumps for all users should be disabled

oval:gov.nist.usgcb.rhel:def:20056
Core dumps for setuid programs should be disabled

oval:gov.nist.usgcb.rhel:def:20177
The rsh-server package should be uninstalled.

oval:gov.nist.usgcb.rhel:def:20053
The daemon umask should be set as appropriate

oval:gov.nist.usgcb.rhel:def:20174
The telnet-server package should be uninstalled.

oval:gov.nist.usgcb.rhel:def:20295
The netfs service should be disabled.

oval:gov.nist.usgcb.rhel:def:500116
Add noexec Option to /tmp Partition

oval:gov.nist.usgcb.rhel:def:20296
The portmap service should be disabled.

oval:gov.nist.usgcb.rhel:def:500115
Add noexec Option to /dev/shm Partition

oval:gov.nist.usgcb.rhel:def:20051
All files should be owned by a group

oval:gov.nist.usgcb.rhel:def:20172
The inetd package should be uninstalled.

oval:gov.nist.usgcb.rhel:def:20293
The rpcgssd service should be disabled.

oval:gov.nist.usgcb.rhel:def:500114
Add nosuid Option to /dev/shm Partition

oval:gov.nist.usgcb.rhel:def:20052
All world writable directories should be owned by a system user

oval:gov.nist.usgcb.rhel:def:20173
The xinetd package should be uninstalled.

oval:gov.nist.usgcb.rhel:def:20294
The rpcidmapd service should be disabled.

oval:gov.nist.usgcb.rhel:def:500113
Add nodev Option to /dev/shm Partition

oval:gov.nist.usgcb.rhel:def:20170
The inetd service should be disabled.

oval:gov.nist.usgcb.rhel:def:20050
All files should be owned by a user

oval:gov.nist.usgcb.rhel:def:20171
The xinetd service should be disabled.

oval:gov.nist.usgcb.rhel:def:20292
The nfslock service should be disabled.

oval:gov.nist.usgcb.rhel:def:500119
Postfix network listening should be disabled

oval:gov.nist.usgcb.rhel:def:500118
Disable the network sniffer

oval:gov.nist.usgcb.rhel:def:500117
Bind mount the /var/tmp directory to /var

oval:gov.nist.usgcb.rhel:def:182444
The irda service should be enabled or disabled as appropriate.

oval:gov.nist.usgcb.rhel:def:20088
The default umask for all users should be set correctly for the csh shell

oval:gov.nist.usgcb.rhel:def:20089
The default umask for all users should be set correctly

oval:gov.nist.usgcb.rhel:def:20086
File permissions should be set correctly for the home directories for all user accounts.

oval:gov.nist.usgcb.rhel:def:20087
The default umask for all users should be set correctly for the bash shell

oval:gov.nist.usgcb.rhel:def:20084
The passwords to remember should be set correctly.

oval:gov.nist.usgcb.rhel:def:20085
The PATH variable should be set correctly for user root

oval:gov.nist.usgcb.rhel:def:20083
The password hashing algorithm should be set correctly.

oval:gov.nist.usgcb.rhel:def:181560
The rawdevices service should be enabled or disabled as appropriate.

oval:gov.nist.usgcb.rhel:def:178160
The libuser library imports login_defs from a file as appropriate.

oval:gov.nist.usgcb.rhel:def:20077
NIS file inclusions should be set appropriately in the /etc/passwd file

oval:gov.nist.usgcb.rhel:def:20075
NIS file inclusions should be set appropriately in the /etc/shadow file

oval:gov.nist.usgcb.rhel:def:20196
The readahead_early service should be disabled.

oval:gov.nist.usgcb.rhel:def:573897
The talk package should be installed or uninstalled as appropriate.

oval:gov.nist.usgcb.rhel:def:20076
NIS file inclusions should be set appropriately in the /etc/group file

oval:gov.nist.usgcb.rhel:def:20197
The readahead_later service should be disabled.

oval:gov.nist.usgcb.rhel:def:573896
The talk-server package should be installed or uninstalled as appropriate.

oval:gov.nist.usgcb.rhel:def:20073
The "maximum password age" policy should meet minimum requirements.

oval:gov.nist.usgcb.rhel:def:573895
The pam_ccreds package should be installed or uninstalled as appropriate.

oval:gov.nist.usgcb.rhel:def:20074
The password warn age should be set appropriately

oval:gov.nist.usgcb.rhel:def:573894
The ipsec-tools package should be installed or uninstalled as appropriate.

oval:gov.nist.usgcb.rhel:def:20071
The password minimum length should be set appropriately

oval:gov.nist.usgcb.rhel:def:573893
The isdn4k-utils package should installed or uninstalled as appropriate.

oval:gov.nist.usgcb.rhel:def:20072
The "minimum password age" policy should meet minimum requirements.

oval:gov.nist.usgcb.rhel:def:20193
Disable Zeroconf automatic route assignment in the 169.245.0.0 subnet.

oval:gov.nist.usgcb.rhel:def:573892
The sendmail package should be installed or uninstalled as appropriate.

oval:gov.nist.usgcb.rhel:def:573891
The postfix package should be installed or uninstalled as appropriate.

oval:gov.nist.usgcb.rhel:def:20070
Anonymous root logins are disabled

oval:gov.nist.usgcb.rhel:def:573898
The irda-utils package should be installed or uninstalled as appropriate.

oval:gov.nist.usgcb.rhel:def:201480
The rsyslog package should be installed or uninstalled as appropriate.

oval:gov.nist.usgcb.rhel:def:201479
Support for TIPC should be disabled.

oval:gov.nist.usgcb.rhel:def:201115
Check for device ���le that is not labeled.

oval:gov.nist.usgcb.rhel:def:201478
Support for RDS should be disabled.

oval:gov.nist.usgcb.rhel:def:201474
Change the default policy to DROP (from ACCEPT) for the INPUT built-in chain.

oval:gov.nist.usgcb.rhel:def:201477
Support for SCTP should be disabled.

oval:gov.nist.usgcb.rhel:def:201476
Support for DCCP should be disabled.

oval:gov.nist.usgcb.rhel:def:40725
The autofs service should be enabled or disabled as appropriate.

oval:gov.nist.usgcb.rhel:def:20097
The ability for users to perform interactive startups should be disabled.

oval:gov.nist.usgcb.rhel:def:201006
Idle activation of the screen lock should be enabled.

oval:gov.nist.usgcb.rhel:def:201005
Idle activation of the screen saver should be enabled.

oval:gov.nist.usgcb.rhel:def:20095
The grub boot loader should have password protection enabled

oval:gov.nist.usgcb.rhel:def:20096
The requirement for a password to boot into single-user mode should be configured correctly.

oval:gov.nist.usgcb.rhel:def:201007
The screen saver should be blank.

oval:gov.nist.usgcb.rhel:def:20093
The /boot/grub/grub.conf file should be owned by the appropriate group.

oval:gov.nist.usgcb.rhel:def:200155
>Verify the integrity of installed packages by comparing the installed ���les with information about the ���les taken from the package metadata stored in the RPM database.

oval:gov.nist.usgcb.rhel:def:20094
File permissions for /boot/grub/grub.conf should be set correctly.

oval:gov.nist.usgcb.rhel:def:202456
Use only approved ciphers

oval:gov.nist.usgcb.rhel:def:20092
The /boot/grub/grub.conf file should be owned by the appropriate user.

oval:gov.nist.usgcb.rhel:def:202455
PermitUserEnvironment should be disabled

oval:gov.nist.usgcb.rhel:def:20090
The default umask for all users should be set correctly

oval:gov.nist.usgcb.rhel:def:500112
Add nosuid Option to /tmp Partition

oval:gov.nist.usgcb.rhel:def:200065
The GPG key should be installed.

oval:gov.nist.usgcb.rhel:def:36491
Firewall access to printing service should be enabled or disabled as appropriate

oval:gov.nist.usgcb.rhel:def:202885
Clients require LDAP servers to provide valid certificates for SSL communications.

oval:gov.nist.usgcb.rhel:def:201685
Audit rules about the Information on Kernel Module Loading and Unloading.

oval:gov.nist.usgcb.rhel:def:201575
Audit rules about time are enabled

oval:gov.nist.usgcb.rhel:def:200785
The password ocredit should meet minimum requirements using pam_cracklib

oval:gov.nist.usgcb.rhel:def:200786
The password lcredit should meet minimum requirements using pam_cracklib

oval:gov.nist.usgcb.rhel:def:200787
The password difok should meet minimum requirements using pam_cracklib

oval:gov.nist.usgcb.rhel:def:200781
The password retry should meet minimum requirements using pam_cracklib

oval:gov.nist.usgcb.rhel:def:200784
The password ucredit should meet minimum requirements using pam_cracklib

oval:gov.nist.usgcb.rhel:def:99900
User accounts may or may not be inactivated a specified number of days after account expiration.

oval:gov.nist.usgcb.rhel:def:201776
The rlogin service should be disabled.

oval:gov.nist.usgcb.rhel:def:201775
The rsh service should be disabled.

oval:gov.nist.usgcb.rhel:def:201774
The rcp service should be disabled.

oval:gov.nist.usgcb.rhel:def:200695
Check that passwords are shadowed

oval:gov.nist.usgcb.rhel:def:20063
Logins through the primary console device should be disabled

oval:gov.nist.usgcb.rhel:def:43680
CCE-4368-7:Mount Remote Filesystems with nodev

CPE    1
cpe:/o:redhat:enterprise_linux:5
CCE    257
CCE-14871-8
CCE-14457-6
CCE-4292-9
CCE-3537-8
...
*XCCDF
xccdf_gov.nist_benchmark_USGCB-RHEL-5-Desktop

© 2013 SecPod Technologies