Download
| Alert*
oval:org.secpod.oval:def:21967
The smartd service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:21968 The kernel runtime parameter "net.ipv4.conf.all.secure_redirects" should be set to "0". oval:org.secpod.oval:def:21965 The rhnsd service should be disabled if possible. oval:org.secpod.oval:def:21966 The kdump service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:21963 The telnet service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:21964 The number of allowed failed logins should be set correctly. oval:org.secpod.oval:def:21961 The allowed period of inactivity before the screensaver is activated. oval:org.secpod.oval:def:21962 The kernel runtime parameter "net.ipv4.conf.default.secure_redirects" should be set to "0". oval:org.secpod.oval:def:21969 Preventing direct root login to virtual console devices helps ensure accountability for actions taken on the system using the root account. oval:org.secpod.oval:def:21970 The /etc/passwd file should be owned by the appropriate group. oval:org.secpod.oval:def:21971 The RPM package openldap-servers should be removed. oval:org.secpod.oval:def:21956 The rsyslog service should be enabled if possible. oval:org.secpod.oval:def:21957 The RPM package rsyslog should be installed. oval:org.secpod.oval:def:21954 Syslog logs should be sent to a remote loghost oval:org.secpod.oval:def:21955 rsyslogd should reject remote messages oval:org.secpod.oval:def:21953 The kernel module hfs should be disabled. oval:org.secpod.oval:def:21950 Postfix network listening should be disabled oval:org.secpod.oval:def:21959 The /etc/group file should be owned by the appropriate user. oval:org.secpod.oval:def:26170 System Audit Logs Must Be Owned By Root (/var/log/*) should be configured appropriately. oval:org.secpod.oval:def:26171 System Audit Logs Must Have Mode 0640 or Less Permissive (/var/log/audit/*) should be configured appropriately. oval:org.secpod.oval:def:21946 The passwords to remember should be set correctly. oval:org.secpod.oval:def:21943 The gpgcheck option should be used to ensure that checking of an RPM package's signature always occurs prior to its installation. oval:org.secpod.oval:def:21944 Audit rules about the Unauthorized Access Attempts to Files (unsuccessful) are enabled oval:org.secpod.oval:def:21941 Audit rules should be configured to log successful and unsuccessful logon and logout events. oval:org.secpod.oval:def:21942 The kernel module tipc should be disabled. oval:org.secpod.oval:def:21940 Require the use of TLS for ldap clients. oval:org.secpod.oval:def:21948 The kernel module bluetooth should be disabled. oval:org.secpod.oval:def:26167 Set Password to Maximum of Three Consecutive Repeating Characters should be configured appropriately. oval:org.secpod.oval:def:26166 Restrict Access to Anonymous Users should be configured appropriately. oval:org.secpod.oval:def:26169 Specify UID and GID for Anonymous NFS Connections (/etc/exports) should be configured appropriately. oval:org.secpod.oval:def:26168 Specify Additional Remote NTP Servers (/etc/ntp.conf) should be configured appropriately. oval:org.secpod.oval:def:26161 Ensure Default Password Is Not Used (/etc/snmp/snmpd.conf) should be configured appropriately. oval:org.secpod.oval:def:26160 Disable Prelinking (/etc/sysconfig/prelink) should be configured appropriately. oval:org.secpod.oval:def:26163 The mod_security package installation should be configured appropriately. oval:org.secpod.oval:def:26162 Ensure Insecure File Locking is Not Allowed (/etc/exports) should be configured appropriately. oval:org.secpod.oval:def:26165 Limit Users SSH Access should be configured appropriately. oval:org.secpod.oval:def:26164 mod_ssl package installation should be configured appropriately. oval:org.secpod.oval:def:21934 Audit actions taken by system administrators on the system. oval:org.secpod.oval:def:21935 Audit rules should detect modification to system files that hold information about users and groups. oval:org.secpod.oval:def:21932 Audit files deletion events. oval:org.secpod.oval:def:21933 Audit rules that detect changes to the system's mandatory access controls (SELinux) are enabled. oval:org.secpod.oval:def:21930 Ensure all yum repositories utilize signature checking. oval:org.secpod.oval:def:21931 The network environment should not be modified by anything other than administrator action. Any change to network parameters should be audited. oval:org.secpod.oval:def:21938 The kernel module udf should be enabled or disabled as appropriate. oval:org.secpod.oval:def:21939 The RPM package vsftpd should be removed. oval:org.secpod.oval:def:21936 The default umask for all users should be set correctly oval:org.secpod.oval:def:21937 The kernel module jffs2 should be disabled. oval:org.secpod.oval:def:26156 Disable Web Server Configuration Display (/etc/httpd/conf/httpd.conf) should be configured appropriately. oval:org.secpod.oval:def:26155 Disable URL Correction on Misspelled Entries (/etc/httpd/conf/httpd.conf) should be configured appropriately. oval:org.secpod.oval:def:26157 Disable WebDAV (Distributed Authoring and Versioning) (/etc/httpd/conf/httpd.conf) should be configured appropriately. oval:org.secpod.oval:def:26150 Disable LDAP Support (/etc/httpd/conf/httpd.conf) should be configured appropriately. oval:org.secpod.oval:def:26152 Disable MIME Magic (/etc/httpd/conf/httpd.conf) should be configured appropriately. oval:org.secpod.oval:def:26151 Disable Logwatch on Clients if a Logserver Exists (/etc/cron.daily/0logwatch) should be configured appropriately. oval:org.secpod.oval:def:26154 Disable Server Side Includes (/etc/httpd/conf/httpd.conf) should be configured appropriately. oval:org.secpod.oval:def:26153 Disable Server Activity Status (/etc/httpd/conf/httpd.conf) should be configured appropriately. oval:org.secpod.oval:def:21893 Record Events that Modify the System's Discretionary Access Controls - chmod. The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:21894 The SSH ClientAliveCountMax should be set to an appropriate value (and dependencies are met) oval:org.secpod.oval:def:21891 The kernel module rds should be disabled. oval:org.secpod.oval:def:21892 Record attempts to alter time through adjtimex. oval:org.secpod.oval:def:21890 Idle activation of the screen lock should be enabled. oval:org.secpod.oval:def:21998 The /etc/shadow file should be owned by the appropriate user. oval:org.secpod.oval:def:21999 The vsftpd service should be disabled if possible. oval:org.secpod.oval:def:21996 The RPM package screen should be installed. oval:org.secpod.oval:def:21997 The RPM package tftp-server should be removed. oval:org.secpod.oval:def:21994 The Apache qpidd service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:21995 The /etc/group file should be owned by the appropriate group. oval:org.secpod.oval:def:21989 The kernel runtime parameter "net.ipv4.conf.default.rp_filter" should be set to "1". oval:org.secpod.oval:def:21988 The messagebus service should be disabled if possible. oval:org.secpod.oval:def:21985 The cups service should be disabled if possible. oval:org.secpod.oval:def:21986 The snmpd service should be disabled if possible. oval:org.secpod.oval:def:21983 Logins through the Direct root Logins Not Allowed should be enabled or disabled as appropriate. oval:org.secpod.oval:def:21984 The ypbind service should be disabled if possible. oval:org.secpod.oval:def:21992 The dovecot service should be disabled if possible. oval:org.secpod.oval:def:21990 The default umask for users of the bash shell oval:org.secpod.oval:def:21991 The SSH idle timeout interval should be set to an appropriate value. oval:org.secpod.oval:def:21979 The named service should be disabled if possible. oval:org.secpod.oval:def:21976 This test makes sure that '/etc/passwd' has proper permission. If the target file or directory has an extended ACL then it will fail the mode check. oval:org.secpod.oval:def:21977 The rpcidmapd service should be disabled if possible. oval:org.secpod.oval:def:21974 The rlogin service should be disabled if possible. oval:org.secpod.oval:def:21975 The kernel runtime parameter "net.ipv4.ip_forward" should be set to "0". oval:org.secpod.oval:def:21973 The rpcgssd service should be disabled if possible. oval:org.secpod.oval:def:21981 The kernel runtime parameter "net.ipv4.icmp_echo_ignore_broadcasts" should be set to "1". oval:org.secpod.oval:def:21982 Remote connections (SSH) from accounts with empty passwords should be disabled (and dependencies are met). oval:org.secpod.oval:def:21980 The SELinux policy should be set appropriately. oval:org.secpod.oval:def:22095 File uploads via vsftpd should be enabled or disabled as appropriate oval:org.secpod.oval:def:22094 The mountd service should be configured to use a static port or a dynamic portmapper port as appropriate oval:org.secpod.oval:def:22093 SSH warning banner should be enabled (and dependencies are met). oval:org.secpod.oval:def:22092 The SELinux state should be set appropriately. oval:org.secpod.oval:def:22091 The number of allowed failed logins should be set correctly. oval:org.secpod.oval:def:22090 The CUPS print service can be configured to broadcast a list of available printers to the network. Other machines on the network, also running the CUPS print service, can be configured to listen to these broadcasts and add and configure these printers for immediate use. By disabling this browsing ca ... oval:org.secpod.oval:def:22099 The rpcsvcgssd service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:22098 Restriction of NFS clients to privileged ports should be enabled or disabled as appropriate oval:org.secpod.oval:def:22097 The RPM package dhcpd should be removed. oval:org.secpod.oval:def:22096 Checks /etc/inittab to ensure that default runlevel is set to 3. oval:org.secpod.oval:def:22084 The ntpd service should be enable or disable as appropriate. oval:org.secpod.oval:def:22083 SSH's cryptographic host-based authentication is more secure than .rhosts authentication. However, it is not recommended that hosts unilaterally trust one another, even within an organization. oval:org.secpod.oval:def:22081 The avahi-daemon service should be disabled if possible. oval:org.secpod.oval:def:22080 The haldaemon service should be disabled if possible. oval:org.secpod.oval:def:22089 By default, locally configured printers will not be shared over the network, but if this functionality has somehow been enabled, these recommendations will disable it again. Be sure to disable outgoing printer list broadcasts, or remote users will still be able to see the locally configured printers ... oval:org.secpod.oval:def:22088 DHCPDECLINE messages should be accepted or denied by the DHCP server as appropriate oval:org.secpod.oval:def:22087 The nfslock service should be disabled if possible. oval:org.secpod.oval:def:22086 Root login via SSH should be disabled (and dependencies are met) oval:org.secpod.oval:def:22085 A remote NTP Server for time synchronization should be specified (and dependencies are met) oval:org.secpod.oval:def:22073 Only SSH protocol version 2 connections should be permitted. oval:org.secpod.oval:def:22194 Directory permissions for /etc/httpd/conf/ should be set as appropriate. oval:org.secpod.oval:def:22072 The crond service should be enabled if possible. oval:org.secpod.oval:def:22071 Check if SplitHosts line in logwatch.conf is set appropriately. oval:org.secpod.oval:def:22192 Dovecot plaintext authentication of clients should be enabled or disabled as necessary oval:org.secpod.oval:def:22191 The maximum number of concurrent login sessions per user should meet minimum requirements. oval:org.secpod.oval:def:22070 The kernel runtime parameter "net.ipv4.conf.all.log_martians" should be set to "1". oval:org.secpod.oval:def:22190 The HTTPD Proxy Module Support should be enabled or disabled as appropriate. oval:org.secpod.oval:def:22079 The bluetooth service should be disabled if possible. oval:org.secpod.oval:def:22078 The RPM package ypserv should be removed. oval:org.secpod.oval:def:22198 max_log_file setting in /etc/audit/auditd.conf is set to at least a certain value oval:org.secpod.oval:def:22077 BOOTP queries should be accepted or denied by the DHCP server as appropriate. oval:org.secpod.oval:def:22197 num_logs setting in /etc/audit/auditd.conf is set to at least a certain value oval:org.secpod.oval:def:22076 The httpd service should be disabled if possible. oval:org.secpod.oval:def:22075 The dhcpd service should be disabled if possible. oval:org.secpod.oval:def:22196 The RPM package sendmail should be removed. oval:org.secpod.oval:def:22074 The RPM package telnet-server should be removed. oval:org.secpod.oval:def:22195 Protect against unnecessary release of information. oval:org.secpod.oval:def:21923 The audit rules should be configured to log information about kernel module loading and unloading. oval:org.secpod.oval:def:21924 Force a reboot to change audit rules is enabled oval:org.secpod.oval:def:21921 The password ucredit should meet minimum requirements using pam_cracklib oval:org.secpod.oval:def:21922 Audit rules should capture information about session initiation. oval:org.secpod.oval:def:21920 Idle activation of the screen saver should be enabled. oval:org.secpod.oval:def:21927 The password lcredit should meet minimum requirements using pam_cracklib oval:org.secpod.oval:def:21928 The screen saver should be blank. oval:org.secpod.oval:def:21925 The password difok should meet minimum requirements using pam_cracklib oval:org.secpod.oval:def:26145 Disable Avahi Publishing (/etc/avahi/avahi-daemon.conf) should be configured appropriately. oval:org.secpod.oval:def:26144 Configure statd to use static port (/etc/sysconfig/nfs) should be configured appropriately. oval:org.secpod.oval:def:26147 Disable Cache Support (/etc/httpd/conf/httpd.conf) should be configured appropriately. oval:org.secpod.oval:def:26146 Disable CGI Support (/etc/httpd/conf/httpd.conf) should be configured appropriately. oval:org.secpod.oval:def:26149 Disable HTTP mod_rewrite (/etc/httpd/conf/httpd.conf) should be configured appropriately. oval:org.secpod.oval:def:26148 Disable HTTP Digest Authentication (/etc/httpd/conf/httpd.conf) should be configured appropriately. oval:org.secpod.oval:def:26141 Configure Periodic Execution of AIDE (/etc/crontab) should be configured appropriately. oval:org.secpod.oval:def:26140 Logging (/etc/rsyslog.conf) should be configured appropriately. oval:org.secpod.oval:def:26143 Configure auditd to use audispd plugin (/etc/audisp/plugins.d/syslog.conf) should be configured appropriately. oval:org.secpod.oval:def:26142 Configure SNMP Service to Use Only SNMPv3 or Newer (/etc/snmp/snmpd.conf) should be configured appropriately. oval:org.secpod.oval:def:21910 Audit rules about the Information on the Use of Privileged Commands are enabled oval:org.secpod.oval:def:21918 Audit rules that detect the mounting of filesystems should be enabled. oval:org.secpod.oval:def:21916 Limit the ciphers to those which are FIPS-approved and only use ciphers in counter (CTR) mode. oval:org.secpod.oval:def:21915 The kernel module freevxfs should be disabled. oval:org.secpod.oval:def:26139 Configure Dovecot to Use the SSL Key file should be configured appropriately. oval:org.secpod.oval:def:21901 The default umask for all users specified in /etc/login.defs oval:org.secpod.oval:def:21902 The password dcredit should meet minimum requirements using pam_cracklib oval:org.secpod.oval:def:21900 The kernel module hfsplus should be disabled. oval:org.secpod.oval:def:21909 The kernel module dccp should be disabled. oval:org.secpod.oval:def:21908 Change the default policy to DROP (from ACCEPT) for the INPUT built-in chain (/etc/sysconfig/iptables). oval:org.secpod.oval:def:21905 The kernel module sctp should be disabled. oval:org.secpod.oval:def:21903 The squashfs Kernel Module should be enabled or disabled as appropriate. oval:org.secpod.oval:def:21904 The password ocredit should meet minimum requirements using pam_cracklib oval:org.secpod.oval:def:22019 The irqbalance service should be enabled if possible. oval:org.secpod.oval:def:22018 The password warning age should be set appropriately. oval:org.secpod.oval:def:22139 The mdmonitor service should be disabled if possible. oval:org.secpod.oval:def:22017 The maximum password age policy should meet minimum requirements. oval:org.secpod.oval:def:22016 The Kernel Parameter for Accepting Source-Routed Packets By Default should be enabled or disabled as appropriate. The kernel runtime parameter "net.ipv4.conf.default.accept_source_route" should be set to "0". oval:org.secpod.oval:def:22137 Require the use of TLS for ldap clients. oval:org.secpod.oval:def:22026 The kernel runtime parameter "net.ipv4.conf.default.send_redirects" should be set to "0". oval:org.secpod.oval:def:22147 The rexec service should be disabled if possible. oval:org.secpod.oval:def:22025 The kernel runtime parameter "kernel.randomize_va_space" should be set to "2". oval:org.secpod.oval:def:22146 Record attempts to alter time through settimeofday. oval:org.secpod.oval:def:22145 PermitUserEnvironment should be disabled oval:org.secpod.oval:def:22023 The rsh service should be disabled if possible. oval:org.secpod.oval:def:22144 The nfs service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:22022 The kernel runtime parameter "net.ipv4.icmp_ignore_bogus_error_responses" should be set to "1". oval:org.secpod.oval:def:22021 This test makes sure that '/etc/shadow' file permission is setted as appropriate. If the target file or directory has an extended ACL then it will fail the mode check. oval:org.secpod.oval:def:22142 Test if HostLimit line in logwatch.conf is set appropriately. On a central logserver, you want Logwatch to summarize all syslog entries, including those which did not originate on the logserver itself. The HostLimit setting tells Logwatch to report on all hosts, not just the one on which it is runni ... oval:org.secpod.oval:def:22020 The restorecond service should be enabled if possible. oval:org.secpod.oval:def:22140 Enable the GUI warning banner. oval:org.secpod.oval:def:22129 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:22007 The SELinux state should be enforcing the local policy. oval:org.secpod.oval:def:22128 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:22006 The '/etc/shadow' file should be owned by the appropriate group. oval:org.secpod.oval:def:22127 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:22005 The root account is the only system account that should have a login shell. oval:org.secpod.oval:def:22126 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:22015 The kernel runtime parameter "net.ipv4.conf.all.rp_filter" should be set to "1". oval:org.secpod.oval:def:22135 IP forwarding should be enabled or disabled as appropriate. oval:org.secpod.oval:def:22014 The RPM package squid should be removed. oval:org.secpod.oval:def:22013 The autofs service should be disabled if possible. oval:org.secpod.oval:def:22134 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:22012 The /etc/gshadow file should be owned by the appropriate group. oval:org.secpod.oval:def:22133 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:22011 The system login banner text should be set correctly. oval:org.secpod.oval:def:22132 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:22131 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:22010 The cpuspeed service should be disabled if possible. oval:org.secpod.oval:def:22130 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:22119 The kernel runtime parameter "net.ipv6.conf.default.accept_redirects" should be set to "0". oval:org.secpod.oval:def:22118 The kernel runtime parameter "net.ipv6.conf.default.accept_ra" should be set to "0". oval:org.secpod.oval:def:22117 Global IPv6 initialization should be disabled. oval:org.secpod.oval:def:22116 The anacron service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:22115 Enable privacy extensions for IPv6 oval:org.secpod.oval:def:22125 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:22003 File permissions for '/etc/group' should be set correctly. oval:org.secpod.oval:def:22124 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:22002 The /etc/passwd file should be owned by the appropriate user. oval:org.secpod.oval:def:22123 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:22001 This test makes sure that '/etc/gshadow' is setted appropriate permission. If the target file or directory has an extended ACL then it will fail the mode check. oval:org.secpod.oval:def:22122 Record attempts to alter time through /etc/localtime oval:org.secpod.oval:def:22121 Record attempts to alter time through clock_settime. oval:org.secpod.oval:def:22120 Record attempts to alter time through stime, note that this is only relevant on 32bit architecture. oval:org.secpod.oval:def:22109 A warning banner for all FTP users should be enabled or disabled as appropriate oval:org.secpod.oval:def:22108 Plaintext authentication of mail clients should be enabled or disabled as appropriate. oval:org.secpod.oval:def:22107 The Samba (SMB) service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:22106 Logging of vsftpd transactions should be enabled or disabled as appropriate oval:org.secpod.oval:def:22105 Root squashing should be enabled or disabled as appropriate for all NFS shares. oval:org.secpod.oval:def:22104 The netfs service should be disabled if possible. oval:org.secpod.oval:def:22114 The disable option will allow the IPv6 module to be inserted, but prevent address assignment and activation of the network stack. oval:org.secpod.oval:def:22113 Disable Zeroconf automatic route assignment in the 169.254.0.0 subnet. oval:org.secpod.oval:def:22112 Directory permissions for /var/log/httpd should be set appropriately. oval:org.secpod.oval:def:22111 The lockd service should be configured to use a static port or a dynamic portmapper port for TCP as appropriate. oval:org.secpod.oval:def:22110 The squid service should be disabled if possible. oval:org.secpod.oval:def:22062 The tftp service should be disabled if possible. oval:org.secpod.oval:def:22183 Avahi should be configured to allow other stacks from binding to port 5353 or not as appropriate. oval:org.secpod.oval:def:22061 The sshd service should be disabled if possible. oval:org.secpod.oval:def:22182 Avahi publishing of IP addresses should be enabled or disabled as appropriate. oval:org.secpod.oval:def:22181 Configure the system to notify users of last logon/access using pam_lastlog. oval:org.secpod.oval:def:22060 The kernel runtime parameter "net.ipv4.tcp_syncookies" should be set to "1". oval:org.secpod.oval:def:22180 The accounts should be configured to expire automatically following inactivity. oval:org.secpod.oval:def:22069 The lockd service should be configured to use a static port or a dynamic portmapper port for UDP as appropriate. oval:org.secpod.oval:def:22189 The pcscd service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:22068 The RPM package rsh-server should be removed. oval:org.secpod.oval:def:22067 The acpid service should be disabled if possible. oval:org.secpod.oval:def:22188 The apache2 server's ServerTokens value should be set appropriately oval:org.secpod.oval:def:22187 The kernel runtime parameter "kernel.dmesg_restrict" should be set to "1". oval:org.secpod.oval:def:22066 If inbound SSH access is not needed, the firewall should disallow or reject access to the SSH port (22). oval:org.secpod.oval:def:22065 The auditd service should be enabled if possible. oval:org.secpod.oval:def:22186 Avahi should be configured to accept packets with a TTL field not equal to 255 or not as appropriate. oval:org.secpod.oval:def:22185 Change the default policy to DROP (from ACCEPT) for the INPUT built-in chain (/etc/sysconfig/ip6tables). oval:org.secpod.oval:def:22184 The /etc/httpd/conf/* files should have the appropriate permissions. oval:org.secpod.oval:def:22049 The default umask for users of the csh shell oval:org.secpod.oval:def:22051 The kernel runtime parameter "net.ipv4.conf.all.accept_source_route" should be set to "0". oval:org.secpod.oval:def:22172 The quota_nld service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:22050 The system's default desktop environment, GNOME, will mount devices and removable media (such as DVDs, CDs and USB flash drives) whenever they are inserted into the system. Disable automount and autorun within GNOME. oval:org.secpod.oval:def:22171 The psacct service should be enabled if possible. oval:org.secpod.oval:def:22170 The portreserve service should be disabled if possible. oval:org.secpod.oval:def:22059 The dynamic DNS feature of the DHCP server should be enabled or disabled as appropriate. oval:org.secpod.oval:def:22058 Preventing direct root login to serial port interfaces helps ensure accountability for actions taken on the system using the root account. oval:org.secpod.oval:def:22179 The TFTP daemon should use secure mode. oval:org.secpod.oval:def:22057 The xinetd service should be disabled if possible. oval:org.secpod.oval:def:22178 The '.rhosts' or 'hosts.equiv' files should exists or doesn't exists on the system. oval:org.secpod.oval:def:22056 The kernel runtime parameter "fs.suid_dumpable" should be set to "0". oval:org.secpod.oval:def:22177 The certmonger service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:22055 The ability for users to perform interactive startups should be disabled. oval:org.secpod.oval:def:22176 The sysstat service should be disabled if possible. oval:org.secpod.oval:def:22054 The requirement for a password to boot into single-user mode should be configured correctly. oval:org.secpod.oval:def:22175 The saslauthd service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:22174 The rhsmcertd service should be disabled if possible. oval:org.secpod.oval:def:22053 The RPM package dovecot should be removed. oval:org.secpod.oval:def:22052 The file /etc/pam.d/system-auth should not contain the nullok option oval:org.secpod.oval:def:22173 The rdisc service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:22039 The iptables service should be enabled if possible. oval:org.secpod.oval:def:22038 Enable warning banner for GUI login oval:org.secpod.oval:def:22159 max_log_file_action setting in /etc/audit/auditd.conf is set to a certain action oval:org.secpod.oval:def:22161 admin_space_left_action setting in /etc/audit/auditd.conf is set to a certain action oval:org.secpod.oval:def:22160 space_left_action setting in /etc/audit/auditd.conf is set to a certain action oval:org.secpod.oval:def:22048 Core dumps for all users should be disabled oval:org.secpod.oval:def:22169 The oddjobd service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:22168 The ntpdate service should be disabled if possible. oval:org.secpod.oval:def:22046 The daemon umask should be set as appropriate oval:org.secpod.oval:def:22167 The netconsole service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:22166 The cgred service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:22045 The RPM package bind should be removed. oval:org.secpod.oval:def:22044 The kernel runtime parameter "net.ipv4.conf.all.accept_redirects" should be set to "0". oval:org.secpod.oval:def:22165 The cgconfig service should be disabled if possible. oval:org.secpod.oval:def:22043 The /etc/gshadow file should be owned by the appropriate user. oval:org.secpod.oval:def:22164 The atd service should be disabled if possible. oval:org.secpod.oval:def:22042 The RPM package aide should be installed. oval:org.secpod.oval:def:22163 The abrtd service should be disabled if possible. oval:org.secpod.oval:def:22162 action_mail_acct setting in /etc/audit/auditd.conf is set to a certain account oval:org.secpod.oval:def:22029 The RPM package xinetd should be removed. oval:org.secpod.oval:def:22149 The system's default desktop environment, GNOME, uses a number of different thumbnailer programs to generate thumbnails for any new or modified content in an opened folder. Disable the execution of these thumbnail applications within GNOME. oval:org.secpod.oval:def:22028 The kernel runtime parameter "net.ipv4.conf.all.send_redirects" should be set to "0". oval:org.secpod.oval:def:22027 The password minimum length should be set appropriately. oval:org.secpod.oval:def:22148 The number of allowed failed logins should be set correctly. oval:org.secpod.oval:def:22150 The .netrc files contain login information used to auto-login into FTP servers and reside in the user's home directory. Any .netrc files should be removed. oval:org.secpod.oval:def:22037 The kernel module usb-storage should be disabled. oval:org.secpod.oval:def:22158 The rsyslog to Accept Messages via UDP, if Acting As Log Server should be enabled or disabled as appropriate. oval:org.secpod.oval:def:22036 The kernel runtime parameter "net.ipv4.conf.default.accept_redirects" should be set to "0". oval:org.secpod.oval:def:22157 The 'rsyslog' to Accept Messages via TCP, if Acting As Log Server should be enabled or disabled as appropriate. oval:org.secpod.oval:def:22156 Define default gateways for IPv6 traffic oval:org.secpod.oval:def:22035 The logrotate (syslog rotater) service should be enabled. oval:org.secpod.oval:def:22034 The minimum password age policy should be set appropriately. oval:org.secpod.oval:def:22155 Manually configure addresses for IPv6 oval:org.secpod.oval:def:22154 The RPC IPv6 Support should be configured appropriately based rpc services. oval:org.secpod.oval:def:22032 Systems that are using the 64-bit x86 kernel package do not need to install the kernel-PAE package because the 64-bit x86 kernel already includes this support. However, if the system is 32-bit and also supports the PAE and NX features as determined in the previous section, the kernel-PAE package sho ... oval:org.secpod.oval:def:22153 The direct gnome login warning banner should be set correctly. oval:org.secpod.oval:def:22031 The kernel runtime parameter "kernel.exec-shield" should be set to "1". oval:org.secpod.oval:def:22152 The password hashing algorithm should be set correctly in /etc/libuser.conf. oval:org.secpod.oval:def:22151 The password hashing algorithm should be set correctly in /etc/login.defs. oval:org.secpod.oval:def:22030 The ip6tables service should be enabled if possible. oval:org.secpod.oval:def:21899 The kernel module cramfs should be disabled. oval:org.secpod.oval:def:21897 Require samba clients which use smb.conf, such as smbclient, to use packet signing. A Samba client should only communicate with servers who can support SMB packet signing. oval:org.secpod.oval:def:21898 The RPM package net-snmp should be removed. oval:org.secpod.oval:def:21895 The password hashing algorithm should be set correctly in /etc/pam.d/system-auth. oval:org.secpod.oval:def:21896 The postfix service should be enabled if possible. oval:org.secpod.oval:def:22103 The RPM package httpd should be removed. oval:org.secpod.oval:def:22101 Emulation of the rsh command through the ssh server should be disabled (and dependencies are met) oval:org.secpod.oval:def:22100 The password retry should meet minimum requirements using pam_cracklib oval:org.secpod.oval:def:22205 The yum-updatesd service should be disabled oval:org.secpod.oval:def:22204 The RPM package openswan should be installed. oval:org.secpod.oval:def:22202 The Avahi daemon should be configured to serve via Ipv6 or not as appropriate. oval:org.secpod.oval:def:22201 The apache2 server's ServerSignature value should be set appropriately. oval:org.secpod.oval:def:22200 SSL capabilities should be enabled for the mail server. |