[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*


oval:org.secpod.oval:def:21967
The smartd service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:21968
The kernel runtime parameter "net.ipv4.conf.all.secure_redirects" should be set to "0".

oval:org.secpod.oval:def:21965
The rhnsd service should be disabled if possible.

oval:org.secpod.oval:def:21966
The kdump service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:21963
The telnet service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:21964
The number of allowed failed logins should be set correctly.

oval:org.secpod.oval:def:21961
The allowed period of inactivity before the screensaver is activated.

oval:org.secpod.oval:def:21962
The kernel runtime parameter "net.ipv4.conf.default.secure_redirects" should be set to "0".

oval:org.secpod.oval:def:21969
Preventing direct root login to virtual console devices helps ensure accountability for actions taken on the system using the root account.

oval:org.secpod.oval:def:21970
The /etc/passwd file should be owned by the appropriate group.

oval:org.secpod.oval:def:21971
The RPM package openldap-servers should be removed.

oval:org.secpod.oval:def:21956
The rsyslog service should be enabled if possible.

oval:org.secpod.oval:def:21957
The RPM package rsyslog should be installed.

oval:org.secpod.oval:def:21954
Syslog logs should be sent to a remote loghost

oval:org.secpod.oval:def:21955
rsyslogd should reject remote messages

oval:org.secpod.oval:def:21952
Require packet signing of clients who mount Samba shares using the mount.cifs program (e.g., those who specify shares in /etc/fstab). To do so, ensure that signing options (either sec=krb5i or sec=ntlmv2i) are used.

oval:org.secpod.oval:def:21953
The kernel module hfs should be disabled.

oval:org.secpod.oval:def:21950
Postfix network listening should be disabled

oval:org.secpod.oval:def:21951
Look for argument audit=1 in the kernel line in /etc/grub.conf.

oval:org.secpod.oval:def:21959
The /etc/group file should be owned by the appropriate user.

oval:org.secpod.oval:def:26170
System Audit Logs Must Be Owned By Root (/var/log/*) should be configured appropriately.

oval:org.secpod.oval:def:21960
The environment variable PATH should be set correctly for the root user.

oval:org.secpod.oval:def:26172
Verify that Shared Library Files Have Restrictive Permissions (/lib, /lib64, /usr/lib or /usr/lib64) should be configured appropriately.

oval:org.secpod.oval:def:26171
System Audit Logs Must Have Mode 0640 or Less Permissive (/var/log/audit/*) should be configured appropriately.

oval:org.secpod.oval:def:26174
Verify that System Executables Have Restrictive Permissions (/bin, /usr/bin, /usr/local/bin, /sbin, /usr/sbin or /usr/local/sbin) should be configured appropriately.

oval:org.secpod.oval:def:26173
Verify that Shared Library Files Have Root Ownership (/lib, /lib64, /usr/lib or /usr/lib64) should be configured appropriately.

oval:org.secpod.oval:def:21945
It can be dangerous to allow the execution of binaries from world-writable temporary storage directories such as /tmp. The noexec mount option prevents binaries from being executed out of /tmp.

oval:org.secpod.oval:def:21946
The passwords to remember should be set correctly.

oval:org.secpod.oval:def:21943
The gpgcheck option should be used to ensure that checking of an RPM package's signature always occurs prior to its installation.

oval:org.secpod.oval:def:21944
Audit rules about the Unauthorized Access Attempts to Files (unsuccessful) are enabled

oval:org.secpod.oval:def:21941
Audit rules should be configured to log successful and unsuccessful logon and logout events.

oval:org.secpod.oval:def:21942
The kernel module tipc should be disabled.

oval:org.secpod.oval:def:21940
Require the use of TLS for ldap clients.

oval:org.secpod.oval:def:21949
Legitimate character and block devices should not exist within temporary directories like /dev/shm. The nodev mount option should be specified for /dev/shm.

oval:org.secpod.oval:def:21947
The nosuid mount option should be set for temporary storage partitions such as /tmp. The suid/sgid permissions should not be required in these world-writable directories.

oval:org.secpod.oval:def:21948
The kernel module bluetooth should be disabled.

oval:org.secpod.oval:def:26167
Set Password to Maximum of Three Consecutive Repeating Characters should be configured appropriately.

oval:org.secpod.oval:def:26166
Restrict Access to Anonymous Users should be configured appropriately.

oval:org.secpod.oval:def:26169
Specify UID and GID for Anonymous NFS Connections (/etc/exports) should be configured appropriately.

oval:org.secpod.oval:def:26168
Specify Additional Remote NTP Servers (/etc/ntp.conf) should be configured appropriately.

oval:org.secpod.oval:def:26161
Ensure Default Password Is Not Used (/etc/snmp/snmpd.conf) should be configured appropriately.

oval:org.secpod.oval:def:26160
Disable Prelinking (/etc/sysconfig/prelink) should be configured appropriately.

oval:org.secpod.oval:def:26163
The mod_security package installation should be configured appropriately.

oval:org.secpod.oval:def:26162
Ensure Insecure File Locking is Not Allowed (/etc/exports) should be configured appropriately.

oval:org.secpod.oval:def:26165
Limit Users SSH Access should be configured appropriately.

oval:org.secpod.oval:def:26164
mod_ssl package installation should be configured appropriately.

oval:org.secpod.oval:def:21934
Audit actions taken by system administrators on the system.

oval:org.secpod.oval:def:21935
Audit rules should detect modification to system files that hold information about users and groups.

oval:org.secpod.oval:def:21932
Audit files deletion events.

oval:org.secpod.oval:def:21933
Audit rules that detect changes to the system's mandatory access controls (SELinux) are enabled.

oval:org.secpod.oval:def:21930
Ensure all yum repositories utilize signature checking.

oval:org.secpod.oval:def:21931
The network environment should not be modified by anything other than administrator action. Any change to network parameters should be audited.

oval:org.secpod.oval:def:21938
The kernel module udf should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:21939
The RPM package vsftpd should be removed.

oval:org.secpod.oval:def:21936
The default umask for all users should be set correctly

oval:org.secpod.oval:def:21937
The kernel module jffs2 should be disabled.

oval:org.secpod.oval:def:26156
Disable Web Server Configuration Display (/etc/httpd/conf/httpd.conf) should be configured appropriately.

oval:org.secpod.oval:def:26155
Disable URL Correction on Misspelled Entries (/etc/httpd/conf/httpd.conf) should be configured appropriately.

oval:org.secpod.oval:def:26158
Restrict Root Directory (/etc/httpd/conf/httpd.conf) should be configured appropriately.

oval:org.secpod.oval:def:26157
Disable WebDAV (Distributed Authoring and Versioning) (/etc/httpd/conf/httpd.conf) should be configured appropriately.

oval:org.secpod.oval:def:26159
Restrict Web Directory (/etc/httpd/conf/httpd.conf) should be configured appropriately.

oval:org.secpod.oval:def:26150
Disable LDAP Support (/etc/httpd/conf/httpd.conf) should be configured appropriately.

oval:org.secpod.oval:def:26152
Disable MIME Magic (/etc/httpd/conf/httpd.conf) should be configured appropriately.

oval:org.secpod.oval:def:26151
Disable Logwatch on Clients if a Logserver Exists (/etc/cron.daily/0logwatch) should be configured appropriately.

oval:org.secpod.oval:def:26154
Disable Server Side Includes (/etc/httpd/conf/httpd.conf) should be configured appropriately.

oval:org.secpod.oval:def:26153
Disable Server Activity Status (/etc/httpd/conf/httpd.conf) should be configured appropriately.

oval:org.secpod.oval:def:21889
System logs are stored in the /var/log directory. Ensure that it has its own partition or logical volume.

oval:org.secpod.oval:def:21893
Record Events that Modify the System's Discretionary Access Controls - chmod. The changing of file permissions and attributes should be audited.

oval:org.secpod.oval:def:21894
The SSH ClientAliveCountMax should be set to an appropriate value (and dependencies are met)

oval:org.secpod.oval:def:21891
The kernel module rds should be disabled.

oval:org.secpod.oval:def:21892
Record attempts to alter time through adjtimex.

oval:org.secpod.oval:def:21890
Idle activation of the screen lock should be enabled.

oval:org.secpod.oval:def:21998
The /etc/shadow file should be owned by the appropriate user.

oval:org.secpod.oval:def:21999
The vsftpd service should be disabled if possible.

oval:org.secpod.oval:def:21996
The RPM package screen should be installed.

oval:org.secpod.oval:def:21997
The RPM package tftp-server should be removed.

oval:org.secpod.oval:def:21994
The Apache qpidd service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:21995
The /etc/group file should be owned by the appropriate group.

oval:org.secpod.oval:def:21989
The kernel runtime parameter "net.ipv4.conf.default.rp_filter" should be set to "1".

oval:org.secpod.oval:def:21987
The grub boot loader should have password protection enabled.

oval:org.secpod.oval:def:21988
The messagebus service should be disabled if possible.

oval:org.secpod.oval:def:21985
The cups service should be disabled if possible.

oval:org.secpod.oval:def:21986
The snmpd service should be disabled if possible.

oval:org.secpod.oval:def:21983
Logins through the Direct root Logins Not Allowed should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:21984
The ypbind service should be disabled if possible.

oval:org.secpod.oval:def:21992
The dovecot service should be disabled if possible.

oval:org.secpod.oval:def:21993
Configure the system boot firmware (historically called BIOS on PC systems) to disallow booting from USB drives

oval:org.secpod.oval:def:21990
The default umask for users of the bash shell

oval:org.secpod.oval:def:21991
The SSH idle timeout interval should be set to an appropriate value.

oval:org.secpod.oval:def:21978
All files should be owned by a group

oval:org.secpod.oval:def:21979
The named service should be disabled if possible.

oval:org.secpod.oval:def:21976
This test makes sure that '/etc/passwd' has proper permission. If the target file or directory has an extended ACL then it will fail the mode check.

oval:org.secpod.oval:def:21977
The rpcidmapd service should be disabled if possible.

oval:org.secpod.oval:def:21974
The rlogin service should be disabled if possible.

oval:org.secpod.oval:def:21975
The kernel runtime parameter "net.ipv4.ip_forward" should be set to "0".

oval:org.secpod.oval:def:21972
The nodev mount option prevents files from being interpreted as character or block devices. Legitimate character and block devices should exist in the /dev directory on the root partition or within chroot jails built for system services. All other locations should not allow character and block devic ...

oval:org.secpod.oval:def:21973
The rpcgssd service should be disabled if possible.

oval:org.secpod.oval:def:21981
The kernel runtime parameter "net.ipv4.icmp_echo_ignore_broadcasts" should be set to "1".

oval:org.secpod.oval:def:21982
Remote connections (SSH) from accounts with empty passwords should be disabled (and dependencies are met).

oval:org.secpod.oval:def:21980
The SELinux policy should be set appropriately.

oval:org.secpod.oval:def:22095
File uploads via vsftpd should be enabled or disabled as appropriate

oval:org.secpod.oval:def:22094
The mountd service should be configured to use a static port or a dynamic portmapper port as appropriate

oval:org.secpod.oval:def:22093
SSH warning banner should be enabled (and dependencies are met).

oval:org.secpod.oval:def:22092
The SELinux state should be set appropriately.

oval:org.secpod.oval:def:22091
The number of allowed failed logins should be set correctly.

oval:org.secpod.oval:def:22090
The CUPS print service can be configured to broadcast a list of available printers to the network. Other machines on the network, also running the CUPS print service, can be configured to listen to these broadcasts and add and configure these printers for immediate use. By disabling this browsing ca ...

oval:org.secpod.oval:def:22099
The rpcsvcgssd service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:22098
Restriction of NFS clients to privileged ports should be enabled or disabled as appropriate

oval:org.secpod.oval:def:22097
The RPM package dhcpd should be removed.

oval:org.secpod.oval:def:22096
Checks /etc/inittab to ensure that default runlevel is set to 3.

oval:org.secpod.oval:def:22084
The ntpd service should be enable or disable as appropriate.

oval:org.secpod.oval:def:22083
SSH's cryptographic host-based authentication is more secure than .rhosts authentication. However, it is not recommended that hosts unilaterally trust one another, even within an organization.

oval:org.secpod.oval:def:22082
The nodev option should be enabled for all NFS mounts in /etc/fstab.

oval:org.secpod.oval:def:22081
The avahi-daemon service should be disabled if possible.

oval:org.secpod.oval:def:22080
The haldaemon service should be disabled if possible.

oval:org.secpod.oval:def:22089
By default, locally configured printers will not be shared over the network, but if this functionality has somehow been enabled, these recommendations will disable it again. Be sure to disable outgoing printer list broadcasts, or remote users will still be able to see the locally configured printers ...

oval:org.secpod.oval:def:22088
DHCPDECLINE messages should be accepted or denied by the DHCP server as appropriate

oval:org.secpod.oval:def:22087
The nfslock service should be disabled if possible.

oval:org.secpod.oval:def:22086
Root login via SSH should be disabled (and dependencies are met)

oval:org.secpod.oval:def:22085
A remote NTP Server for time synchronization should be specified (and dependencies are met)

oval:org.secpod.oval:def:22073
Only SSH protocol version 2 connections should be permitted.

oval:org.secpod.oval:def:22194
Directory permissions for /etc/httpd/conf/ should be set as appropriate.

oval:org.secpod.oval:def:22193
In the event temporary or emergency accounts are required, configure the system to terminate them after a documented time period.

oval:org.secpod.oval:def:22072
The crond service should be enabled if possible.

oval:org.secpod.oval:def:22071
Check if SplitHosts line in logwatch.conf is set appropriately.

oval:org.secpod.oval:def:22192
Dovecot plaintext authentication of clients should be enabled or disabled as necessary

oval:org.secpod.oval:def:22191
The maximum number of concurrent login sessions per user should meet minimum requirements.

oval:org.secpod.oval:def:22070
The kernel runtime parameter "net.ipv4.conf.all.log_martians" should be set to "1".

oval:org.secpod.oval:def:22190
The HTTPD Proxy Module Support should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:22079
The bluetooth service should be disabled if possible.

oval:org.secpod.oval:def:22199
Ctrl-Alt-Del Reboot Activation should be set as appropriate.

oval:org.secpod.oval:def:22078
The RPM package ypserv should be removed.

oval:org.secpod.oval:def:22198
max_log_file setting in /etc/audit/auditd.conf is set to at least a certain value

oval:org.secpod.oval:def:22077
BOOTP queries should be accepted or denied by the DHCP server as appropriate.

oval:org.secpod.oval:def:22197
num_logs setting in /etc/audit/auditd.conf is set to at least a certain value

oval:org.secpod.oval:def:22076
The httpd service should be disabled if possible.

oval:org.secpod.oval:def:22075
The dhcpd service should be disabled if possible.

oval:org.secpod.oval:def:22196
The RPM package sendmail should be removed.

oval:org.secpod.oval:def:22074
The RPM package telnet-server should be removed.

oval:org.secpod.oval:def:22195
Protect against unnecessary release of information.

oval:org.secpod.oval:def:21923
The audit rules should be configured to log information about kernel module loading and unloading.

oval:org.secpod.oval:def:21924
Force a reboot to change audit rules is enabled

oval:org.secpod.oval:def:21921
The password ucredit should meet minimum requirements using pam_cracklib

oval:org.secpod.oval:def:21922
Audit rules should capture information about session initiation.

oval:org.secpod.oval:def:21920
Idle activation of the screen saver should be enabled.

oval:org.secpod.oval:def:21929
Ensuring that /var is mounted on its own partition enables the setting of more restrictive mount options, which is used as temporary storage by many program, particularly system services such as daemons. It is not uncommon for the /var directory to contain world-writable directories, installed by ot ...

oval:org.secpod.oval:def:21927
The password lcredit should meet minimum requirements using pam_cracklib

oval:org.secpod.oval:def:21928
The screen saver should be blank.

oval:org.secpod.oval:def:21925
The password difok should meet minimum requirements using pam_cracklib

oval:org.secpod.oval:def:21926
It can be dangerous to allow the execution of binaries from world-writable temporary storage directories such as /dev/shm. The noexec mount option prevents binaries from being executed out of /dev/shm.

oval:org.secpod.oval:def:26145
Disable Avahi Publishing (/etc/avahi/avahi-daemon.conf) should be configured appropriately.

oval:org.secpod.oval:def:26144
Configure statd to use static port (/etc/sysconfig/nfs) should be configured appropriately.

oval:org.secpod.oval:def:26147
Disable Cache Support (/etc/httpd/conf/httpd.conf) should be configured appropriately.

oval:org.secpod.oval:def:26146
Disable CGI Support (/etc/httpd/conf/httpd.conf) should be configured appropriately.

oval:org.secpod.oval:def:26149
Disable HTTP mod_rewrite (/etc/httpd/conf/httpd.conf) should be configured appropriately.

oval:org.secpod.oval:def:26148
Disable HTTP Digest Authentication (/etc/httpd/conf/httpd.conf) should be configured appropriately.

oval:org.secpod.oval:def:26141
Configure Periodic Execution of AIDE (/etc/crontab) should be configured appropriately.

oval:org.secpod.oval:def:26140
Logging (/etc/rsyslog.conf) should be configured appropriately.

oval:org.secpod.oval:def:26143
Configure auditd to use audispd plugin (/etc/audisp/plugins.d/syslog.conf) should be configured appropriately.

oval:org.secpod.oval:def:26142
Configure SNMP Service to Use Only SNMPv3 or Newer (/etc/snmp/snmpd.conf) should be configured appropriately.

oval:org.secpod.oval:def:21912
The nosuid mount option should be set for temporary storage partitions such as /dev/shm. The suid/sgid permissions should not be required in these world-writable directories.

oval:org.secpod.oval:def:21913
Legitimate character and block devices should not exist within temporary directories like /tmp. The nodev mount option should be specified for /tmp.

oval:org.secpod.oval:def:21910
Audit rules about the Information on the Use of Privileged Commands are enabled

oval:org.secpod.oval:def:21911
All password hashes should be shadowed.

oval:org.secpod.oval:def:21918
Audit rules that detect the mounting of filesystems should be enabled.

oval:org.secpod.oval:def:21919
The /var/tmp directory should be bind mounted to /tmp in order to consolidate temporary storage into one location protected by the same techniques as /tmp.

oval:org.secpod.oval:def:21916
Limit the ciphers to those which are FIPS-approved and only use ciphers in counter (CTR) mode.

oval:org.secpod.oval:def:21917
If user home directories will be stored locally, create a separate partition for /home. If /home will be mounted from another system such as an NFS server, then creating a separate partition is not necessary at this time, and the mountpoint can instead be configured later.

oval:org.secpod.oval:def:21914
The CentOS release and auxiliary key packages are required to be installed.

oval:org.secpod.oval:def:21915
The kernel module freevxfs should be disabled.

oval:org.secpod.oval:def:26139
Configure Dovecot to Use the SSL Key file should be configured appropriately.

oval:org.secpod.oval:def:21901
The default umask for all users specified in /etc/login.defs

oval:org.secpod.oval:def:21902
The password dcredit should meet minimum requirements using pam_cracklib

oval:org.secpod.oval:def:21900
The kernel module hfsplus should be disabled.

oval:org.secpod.oval:def:21909
The kernel module dccp should be disabled.

oval:org.secpod.oval:def:21907
Audit logs are stored in the /var/log/audit directory. Ensure that it has its own partition or logical volume. Make absolutely certain that it is large enough to store all audit logs that will be created by the auditing daemon.

oval:org.secpod.oval:def:21908
Change the default policy to DROP (from ACCEPT) for the INPUT built-in chain (/etc/sysconfig/iptables).

oval:org.secpod.oval:def:21905
The kernel module sctp should be disabled.

oval:org.secpod.oval:def:21906
The /tmp directory is a world-writable directory used for temporary file storage. Verify that it has its own partition or logical volume.

oval:org.secpod.oval:def:21903
The squashfs Kernel Module should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:21904
The password ocredit should meet minimum requirements using pam_cracklib

oval:org.secpod.oval:def:22019
The irqbalance service should be enabled if possible.

oval:org.secpod.oval:def:22018
The password warning age should be set appropriately.

oval:org.secpod.oval:def:22139
The mdmonitor service should be disabled if possible.

oval:org.secpod.oval:def:22017
The maximum password age policy should meet minimum requirements.

oval:org.secpod.oval:def:22016
The Kernel Parameter for Accepting Source-Routed Packets By Default should be enabled or disabled as appropriate. The kernel runtime parameter "net.ipv4.conf.default.accept_source_route" should be set to "0".

oval:org.secpod.oval:def:22137
Require the use of TLS for ldap clients.

oval:org.secpod.oval:def:22026
The kernel runtime parameter "net.ipv4.conf.default.send_redirects" should be set to "0".

oval:org.secpod.oval:def:22147
The rexec service should be disabled if possible.

oval:org.secpod.oval:def:22025
The kernel runtime parameter "kernel.randomize_va_space" should be set to "2".

oval:org.secpod.oval:def:22146
Record attempts to alter time through settimeofday.

oval:org.secpod.oval:def:22024
The 'grub.conf' file should be owned by appropriate user. By default, this file is located at /boot/grub/grub.conf or, for EFI systems, at /etc/grub.conf.

oval:org.secpod.oval:def:22145
PermitUserEnvironment should be disabled

oval:org.secpod.oval:def:22023
The rsh service should be disabled if possible.

oval:org.secpod.oval:def:22144
The nfs service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:22022
The kernel runtime parameter "net.ipv4.icmp_ignore_bogus_error_responses" should be set to "1".

oval:org.secpod.oval:def:22143
The RPM package xorg-x11-server-common should be removed.

oval:org.secpod.oval:def:22021
This test makes sure that '/etc/shadow' file permission is setted as appropriate. If the target file or directory has an extended ACL then it will fail the mode check.

oval:org.secpod.oval:def:22142
Test if HostLimit line in logwatch.conf is set appropriately. On a central logserver, you want Logwatch to summarize all syslog entries, including those which did not originate on the logserver itself. The HostLimit setting tells Logwatch to report on all hosts, not just the one on which it is runni ...

oval:org.secpod.oval:def:22141
The noexec mount option prevents the direct execution of binaries on the mounted filesystem. Users should not be allowed to execute binaries that exist on partitions mounted from removable media (such as a USB key). The noexec option prevents code from being executed directly from the media itself, ...

oval:org.secpod.oval:def:22020
The restorecond service should be enabled if possible.

oval:org.secpod.oval:def:22140
Enable the GUI warning banner.

oval:org.secpod.oval:def:22009
The nosuid option should be enabled for all NFS mounts in /etc/fstab.

oval:org.secpod.oval:def:22008
Only the root account should be assigned a user id of 0.

oval:org.secpod.oval:def:22129
The changing of file permissions and attributes should be audited.

oval:org.secpod.oval:def:22007
The SELinux state should be enforcing the local policy.

oval:org.secpod.oval:def:22128
The changing of file permissions and attributes should be audited.

oval:org.secpod.oval:def:22006
The '/etc/shadow' file should be owned by the appropriate group.

oval:org.secpod.oval:def:22127
The changing of file permissions and attributes should be audited.

oval:org.secpod.oval:def:22005
The root account is the only system account that should have a login shell.

oval:org.secpod.oval:def:22126
The changing of file permissions and attributes should be audited.

oval:org.secpod.oval:def:22015
The kernel runtime parameter "net.ipv4.conf.all.rp_filter" should be set to "1".

oval:org.secpod.oval:def:22135
IP forwarding should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:22014
The RPM package squid should be removed.

oval:org.secpod.oval:def:22013
The autofs service should be disabled if possible.

oval:org.secpod.oval:def:22134
The changing of file permissions and attributes should be audited.

oval:org.secpod.oval:def:22012
The /etc/gshadow file should be owned by the appropriate group.

oval:org.secpod.oval:def:22133
The changing of file permissions and attributes should be audited.

oval:org.secpod.oval:def:22011
The system login banner text should be set correctly.

oval:org.secpod.oval:def:22132
The changing of file permissions and attributes should be audited.

oval:org.secpod.oval:def:22131
The changing of file permissions and attributes should be audited.

oval:org.secpod.oval:def:22010
The cpuspeed service should be disabled if possible.

oval:org.secpod.oval:def:22130
The changing of file permissions and attributes should be audited.

oval:org.secpod.oval:def:22119
The kernel runtime parameter "net.ipv6.conf.default.accept_redirects" should be set to "0".

oval:org.secpod.oval:def:22118
The kernel runtime parameter "net.ipv6.conf.default.accept_ra" should be set to "0".

oval:org.secpod.oval:def:22117
Global IPv6 initialization should be disabled.

oval:org.secpod.oval:def:22116
The anacron service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:22115
Enable privacy extensions for IPv6

oval:org.secpod.oval:def:22004
The SELinux in /etc/grub.conf should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:22125
The changing of file permissions and attributes should be audited.

oval:org.secpod.oval:def:22003
File permissions for '/etc/group' should be set correctly.

oval:org.secpod.oval:def:22124
The changing of file permissions and attributes should be audited.

oval:org.secpod.oval:def:22002
The /etc/passwd file should be owned by the appropriate user.

oval:org.secpod.oval:def:22123
The changing of file permissions and attributes should be audited.

oval:org.secpod.oval:def:22001
This test makes sure that '/etc/gshadow' is setted appropriate permission. If the target file or directory has an extended ACL then it will fail the mode check.

oval:org.secpod.oval:def:22122
Record attempts to alter time through /etc/localtime

oval:org.secpod.oval:def:22000
File permissions for '/boot/grub/grub.conf' should be set appropriate.

oval:org.secpod.oval:def:22121
Record attempts to alter time through clock_settime.

oval:org.secpod.oval:def:22120
Record attempts to alter time through stime, note that this is only relevant on 32bit architecture.

oval:org.secpod.oval:def:22109
A warning banner for all FTP users should be enabled or disabled as appropriate

oval:org.secpod.oval:def:22108
Plaintext authentication of mail clients should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:22107
The Samba (SMB) service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:22106
Logging of vsftpd transactions should be enabled or disabled as appropriate

oval:org.secpod.oval:def:22105
Root squashing should be enabled or disabled as appropriate for all NFS shares.

oval:org.secpod.oval:def:22104
The netfs service should be disabled if possible.

oval:org.secpod.oval:def:22114
The disable option will allow the IPv6 module to be inserted, but prevent address assignment and activation of the network stack.

oval:org.secpod.oval:def:22113
Disable Zeroconf automatic route assignment in the 169.254.0.0 subnet.

oval:org.secpod.oval:def:22112
Directory permissions for /var/log/httpd should be set appropriately.

oval:org.secpod.oval:def:22111
The lockd service should be configured to use a static port or a dynamic portmapper port for TCP as appropriate.

oval:org.secpod.oval:def:22110
The squid service should be disabled if possible.

oval:org.secpod.oval:def:22062
The tftp service should be disabled if possible.

oval:org.secpod.oval:def:22183
Avahi should be configured to allow other stacks from binding to port 5353 or not as appropriate.

oval:org.secpod.oval:def:22061
The sshd service should be disabled if possible.

oval:org.secpod.oval:def:22182
Avahi publishing of IP addresses should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:22181
Configure the system to notify users of last logon/access using pam_lastlog.

oval:org.secpod.oval:def:22060
The kernel runtime parameter "net.ipv4.tcp_syncookies" should be set to "1".

oval:org.secpod.oval:def:22180
The accounts should be configured to expire automatically following inactivity.

oval:org.secpod.oval:def:22069
The lockd service should be configured to use a static port or a dynamic portmapper port for UDP as appropriate.

oval:org.secpod.oval:def:22189
The pcscd service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:22068
The RPM package rsh-server should be removed.

oval:org.secpod.oval:def:22067
The acpid service should be disabled if possible.

oval:org.secpod.oval:def:22188
The apache2 server's ServerTokens value should be set appropriately

oval:org.secpod.oval:def:22187
The kernel runtime parameter "kernel.dmesg_restrict" should be set to "1".

oval:org.secpod.oval:def:22066
If inbound SSH access is not needed, the firewall should disallow or reject access to the SSH port (22).

oval:org.secpod.oval:def:22065
The auditd service should be enabled if possible.

oval:org.secpod.oval:def:22186
Avahi should be configured to accept packets with a TTL field not equal to 255 or not as appropriate.

oval:org.secpod.oval:def:22064
All wireless interfaces should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:22185
Change the default policy to DROP (from ACCEPT) for the INPUT built-in chain (/etc/sysconfig/ip6tables).

oval:org.secpod.oval:def:22063
The nosuid mount option prevents set-user-identifier (suid) and set-group-identifier (sgid) permissions from taking effect. These permissions allow users to execute binaries with the same permissions as the owner and group of the file respectively. Users should not be allowed to introduce suid and g ...

oval:org.secpod.oval:def:22184
The /etc/httpd/conf/* files should have the appropriate permissions.

oval:org.secpod.oval:def:22049
The default umask for users of the csh shell

oval:org.secpod.oval:def:22051
The kernel runtime parameter "net.ipv4.conf.all.accept_source_route" should be set to "0".

oval:org.secpod.oval:def:22172
The quota_nld service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:22050
The system's default desktop environment, GNOME, will mount devices and removable media (such as DVDs, CDs and USB flash drives) whenever they are inserted into the system. Disable automount and autorun within GNOME.

oval:org.secpod.oval:def:22171
The psacct service should be enabled if possible.

oval:org.secpod.oval:def:22170
The portreserve service should be disabled if possible.

oval:org.secpod.oval:def:22059
The dynamic DNS feature of the DHCP server should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:22058
Preventing direct root login to serial port interfaces helps ensure accountability for actions taken on the system using the root account.

oval:org.secpod.oval:def:22179
The TFTP daemon should use secure mode.

oval:org.secpod.oval:def:22057
The xinetd service should be disabled if possible.

oval:org.secpod.oval:def:22178
The '.rhosts' or 'hosts.equiv' files should exists or doesn't exists on the system.

oval:org.secpod.oval:def:22056
The kernel runtime parameter "fs.suid_dumpable" should be set to "0".

oval:org.secpod.oval:def:22177
The certmonger service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:22055
The ability for users to perform interactive startups should be disabled.

oval:org.secpod.oval:def:22176
The sysstat service should be disabled if possible.

oval:org.secpod.oval:def:22054
The requirement for a password to boot into single-user mode should be configured correctly.

oval:org.secpod.oval:def:22175
The saslauthd service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:22174
The rhsmcertd service should be disabled if possible.

oval:org.secpod.oval:def:22053
The RPM package dovecot should be removed.

oval:org.secpod.oval:def:22052
The file /etc/pam.d/system-auth should not contain the nullok option

oval:org.secpod.oval:def:22173
The rdisc service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:22039
The iptables service should be enabled if possible.

oval:org.secpod.oval:def:22038
Enable warning banner for GUI login

oval:org.secpod.oval:def:22159
max_log_file_action setting in /etc/audit/auditd.conf is set to a certain action

oval:org.secpod.oval:def:22161
admin_space_left_action setting in /etc/audit/auditd.conf is set to a certain action

oval:org.secpod.oval:def:22040
DHCP configuration should be static for all interfaces.

oval:org.secpod.oval:def:22160
space_left_action setting in /etc/audit/auditd.conf is set to a certain action

oval:org.secpod.oval:def:22048
Core dumps for all users should be disabled

oval:org.secpod.oval:def:22169
The oddjobd service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:22047
All files should be owned by a user

oval:org.secpod.oval:def:22168
The ntpdate service should be disabled if possible.

oval:org.secpod.oval:def:22046
The daemon umask should be set as appropriate

oval:org.secpod.oval:def:22167
The netconsole service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:22166
The cgred service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:22045
The RPM package bind should be removed.

oval:org.secpod.oval:def:22044
The kernel runtime parameter "net.ipv4.conf.all.accept_redirects" should be set to "0".

oval:org.secpod.oval:def:22165
The cgconfig service should be disabled if possible.

oval:org.secpod.oval:def:22043
The /etc/gshadow file should be owned by the appropriate user.

oval:org.secpod.oval:def:22164
The atd service should be disabled if possible.

oval:org.secpod.oval:def:22042
The RPM package aide should be installed.

oval:org.secpod.oval:def:22163
The abrtd service should be disabled if possible.

oval:org.secpod.oval:def:22041
Verify which group owns the grub.conf file.

oval:org.secpod.oval:def:22162
action_mail_acct setting in /etc/audit/auditd.conf is set to a certain account

oval:org.secpod.oval:def:22029
The RPM package xinetd should be removed.

oval:org.secpod.oval:def:22149
The system's default desktop environment, GNOME, uses a number of different thumbnailer programs to generate thumbnails for any new or modified content in an opened folder. Disable the execution of these thumbnail applications within GNOME.

oval:org.secpod.oval:def:22028
The kernel runtime parameter "net.ipv4.conf.all.send_redirects" should be set to "0".

oval:org.secpod.oval:def:22027
The password minimum length should be set appropriately.

oval:org.secpod.oval:def:22148
The number of allowed failed logins should be set correctly.

oval:org.secpod.oval:def:22150
The .netrc files contain login information used to auto-login into FTP servers and reside in the user's home directory. Any .netrc files should be removed.

oval:org.secpod.oval:def:22037
The kernel module usb-storage should be disabled.

oval:org.secpod.oval:def:22158
The rsyslog to Accept Messages via UDP, if Acting As Log Server should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:22036
The kernel runtime parameter "net.ipv4.conf.default.accept_redirects" should be set to "0".

oval:org.secpod.oval:def:22157
The 'rsyslog' to Accept Messages via TCP, if Acting As Log Server should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:22156
Define default gateways for IPv6 traffic

oval:org.secpod.oval:def:22035
The logrotate (syslog rotater) service should be enabled.

oval:org.secpod.oval:def:22034
The minimum password age policy should be set appropriately.

oval:org.secpod.oval:def:22155
Manually configure addresses for IPv6

oval:org.secpod.oval:def:22033
Look for argument "nousb" in the kernel line in /etc/grub.conf

oval:org.secpod.oval:def:22154
The RPC IPv6 Support should be configured appropriately based rpc services.

oval:org.secpod.oval:def:22032
Systems that are using the 64-bit x86 kernel package do not need to install the kernel-PAE package because the 64-bit x86 kernel already includes this support. However, if the system is 32-bit and also supports the PAE and NX features as determined in the previous section, the kernel-PAE package sho ...

oval:org.secpod.oval:def:22153
The direct gnome login warning banner should be set correctly.

oval:org.secpod.oval:def:22031
The kernel runtime parameter "kernel.exec-shield" should be set to "1".

oval:org.secpod.oval:def:22152
The password hashing algorithm should be set correctly in /etc/libuser.conf.

oval:org.secpod.oval:def:22151
The password hashing algorithm should be set correctly in /etc/login.defs.

oval:org.secpod.oval:def:22030
The ip6tables service should be enabled if possible.

oval:org.secpod.oval:def:21899
The kernel module cramfs should be disabled.

oval:org.secpod.oval:def:21897
Require samba clients which use smb.conf, such as smbclient, to use packet signing. A Samba client should only communicate with servers who can support SMB packet signing.

oval:org.secpod.oval:def:21898
The RPM package net-snmp should be removed.

oval:org.secpod.oval:def:21895
The password hashing algorithm should be set correctly in /etc/pam.d/system-auth.

oval:org.secpod.oval:def:21896
The postfix service should be enabled if possible.

oval:org.secpod.oval:def:22103
The RPM package httpd should be removed.

oval:org.secpod.oval:def:22102
The PATH variable should be set correctly for user root

oval:org.secpod.oval:def:22101
Emulation of the rsh command through the ssh server should be disabled (and dependencies are met)

oval:org.secpod.oval:def:22100
The password retry should meet minimum requirements using pam_cracklib

oval:org.secpod.oval:def:22205
The yum-updatesd service should be disabled

oval:org.secpod.oval:def:22204
The RPM package openswan should be installed.

oval:org.secpod.oval:def:22203
File permissions for /bin, /usr/bin, /usr/local/bin, /sbin, /usr/sbin and /usr/local/sbin should be set correctly.

oval:org.secpod.oval:def:22202
The Avahi daemon should be configured to serve via Ipv6 or not as appropriate.

oval:org.secpod.oval:def:22201
The apache2 server's ServerSignature value should be set appropriately.

oval:org.secpod.oval:def:22200
SSL capabilities should be enabled for the mail server.

CPE    1
cpe:/o:centos:centos:6
CCE    378
CCE-27137-9
CCE-26239-4
CCE-27114-8
CCE-26544-7
...
*XCCDF
xccdf_org.secpod_benchmark_general_CENTOS_6

© 2013 SecPod Technologies