[Forgot Password]
Login  Register Subscribe

24003

 
 

131425

 
 

104705

 
 

909

 
 

84119

 
 

133

Paid content will be excluded from the download.


Download | Alert*


oval:org.secpod.oval:def:31330
Only SSH protocol version 2 connections should be permitted.

oval:org.secpod.oval:def:31331
The RPM package telnet should be installed.

oval:org.secpod.oval:def:31210
The mod_security package installation should be configured appropriately.

oval:org.secpod.oval:def:31211
Directory permissions for /var/log/httpd should be set appropriately.

oval:org.secpod.oval:def:31332
Limit the ciphers to those which are FIPS-approved and only use ciphers in counter (CTR) mode.

oval:org.secpod.oval:def:31205
Disable CGI Support (/etc/httpd/conf/httpd.conf) should be configured appropriately.

oval:org.secpod.oval:def:31326
System Audit Logs Must Have Mode 0640 or Less Permissive (/var/log/audit/*) should be configured appropriately.

oval:org.secpod.oval:def:31327
The file /etc/pam.d/system-auth should not contain the nullok option

oval:org.secpod.oval:def:31206
Restrict Root Directory (/etc/httpd/conf/httpd.conf) should be configured appropriately.

oval:org.secpod.oval:def:31207
The kernel module jffs2 should be disabled.

oval:org.secpod.oval:def:31328
Emulation of the rsh command through the ssh server should be disabled (and dependencies are met)

oval:org.secpod.oval:def:31329
The /etc/group file should be owned by the appropriate group.

oval:org.secpod.oval:def:31208
Restrict Web Directory (/etc/httpd/conf/httpd.conf) should be configured appropriately.

oval:org.secpod.oval:def:31201
Disable Web Server Configuration Display (/etc/httpd/conf/httpd.conf) should be configured appropriately.

oval:org.secpod.oval:def:31322
PermitUserEnvironment should be disabled

oval:org.secpod.oval:def:31202
Disable URL Correction on Misspelled Entries (/etc/httpd/conf/httpd.conf) should be configured appropriately.

oval:org.secpod.oval:def:31323
The password ucredit should meet minimum requirements using pam_cracklib

oval:org.secpod.oval:def:31203
The HTTPD Proxy Module Support should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:31324
The gpgcheck option should be used to ensure that checking of an RPM package's signature always occurs prior to its installation.

oval:org.secpod.oval:def:31325
The minimum password age policy should be set appropriately.

oval:org.secpod.oval:def:31204
Disable Cache Support (/etc/httpd/conf/httpd.conf) should be configured appropriately.

oval:org.secpod.oval:def:31209
mod_ssl package installation should be configured appropriately.

oval:org.secpod.oval:def:31200
Disable Server Activity Status (/etc/httpd/conf/httpd.conf) should be configured appropriately.

oval:org.secpod.oval:def:31315
The /etc/group file should be owned by the appropriate user.

oval:org.secpod.oval:def:31316
Root login via SSH should be disabled (and dependencies are met)

oval:org.secpod.oval:def:31317
File permissions for '/etc/group' should be set correctly.

oval:org.secpod.oval:def:31311
Ensure all yum repositories utilize signature checking.

oval:org.secpod.oval:def:31312
This test makes sure that '/etc/passwd' has proper permission. If the target file or directory has an extended ACL then it will fail the mode check.

oval:org.secpod.oval:def:31313
The number of allowed failed logins should be set correctly.

oval:org.secpod.oval:def:31314
The passwords to remember should be set correctly.

oval:org.secpod.oval:def:31319
Verify that Shared Library Files Have Restrictive Permissions (/lib, /lib64, /usr/lib or /usr/lib64) should be configured appropriately.

oval:org.secpod.oval:def:31310
The abrtd service should be disabled if possible.

oval:org.secpod.oval:def:31304
The kernel module dccp should be disabled.

oval:org.secpod.oval:def:31305
The /etc/gshadow file should be owned by the appropriate group.

oval:org.secpod.oval:def:31306
The yum-updatesd service should be disabled

oval:org.secpod.oval:def:31307
The '/boot/grub2/grub.cfg' file should be owned by appropriate User.

oval:org.secpod.oval:def:31300
The /etc/shadow file should be owned by the appropriate user.

oval:org.secpod.oval:def:31301
The SELinux state should be enforcing the local policy.

oval:org.secpod.oval:def:31303
Verify which group owns the /boot/grub2/grub.cfg file.

oval:org.secpod.oval:def:31308
Remote connections (SSH) from accounts with empty passwords should be disabled (and dependencies are met).

oval:org.secpod.oval:def:31309
SSH's cryptographic host-based authentication is more secure than .rhosts authentication. However, it is not recommended that hosts unilaterally trust one another, even within an organization.

oval:org.secpod.oval:def:31090
The RPM package rsh-server should be removed.

oval:org.secpod.oval:def:31091
The rexec service should be disabled if possible.

oval:org.secpod.oval:def:31093
The rsh service should be disabled if possible.

oval:org.secpod.oval:def:31098
The tftp service should be disabled if possible.

oval:org.secpod.oval:def:31099
The RPM package tftp-server should be removed.

oval:org.secpod.oval:def:31094
The rlogin service should be disabled if possible.

oval:org.secpod.oval:def:31095
The '.rhosts' or 'hosts.equiv' files should exists or doesn't exists on the system.

oval:org.secpod.oval:def:31096
The RPM package ypserv should be removed.

oval:org.secpod.oval:def:31097
The ypbind service should be disabled if possible.

oval:org.secpod.oval:def:31080
Audit rules should be configured to log successful and unsuccessful logon and logout events.

oval:org.secpod.oval:def:31082
Audit rules should capture information about session initiation.

oval:org.secpod.oval:def:31087
Force a reboot to change audit rules is enabled

oval:org.secpod.oval:def:31088
The xinetd service should be disabled if possible.

oval:org.secpod.oval:def:31089
The RPM package xinetd should be removed.

oval:org.secpod.oval:def:31083
Audit rules about the Unauthorized Access Attempts to Files (unsuccessful) are enabled

oval:org.secpod.oval:def:31084
Audit rules about the Information on the Use of Privileged Commands are enabled

oval:org.secpod.oval:def:31085
Audit rules that detect the mounting of filesystems should be enabled.

oval:org.secpod.oval:def:31086
Audit actions taken by system administrators on the system.

oval:org.secpod.oval:def:31190
The RPM package httpd should be removed.

oval:org.secpod.oval:def:31191
The apache2 server's ServerTokens value should be set appropriately

oval:org.secpod.oval:def:31071
The changing of file permissions and attributes should be audited.

oval:org.secpod.oval:def:31192
The apache2 server's ServerSignature value should be set appropriately.

oval:org.secpod.oval:def:31197
Disable Server Side Includes (/etc/httpd/conf/httpd.conf) should be configured appropriately.

oval:org.secpod.oval:def:31076
The changing of file permissions and attributes should be audited.

oval:org.secpod.oval:def:31198
Disable MIME Magic (/etc/httpd/conf/httpd.conf) should be configured appropriately.

oval:org.secpod.oval:def:31077
The changing of file permissions and attributes should be audited.

oval:org.secpod.oval:def:31199
Disable WebDAV (Distributed Authoring and Versioning) (/etc/httpd/conf/httpd.conf) should be configured appropriately.

oval:org.secpod.oval:def:31078
The changing of file permissions and attributes should be audited.

oval:org.secpod.oval:def:31079
The changing of file permissions and attributes should be audited.

oval:org.secpod.oval:def:31193
Disable HTTP Digest Authentication (/etc/httpd/conf/httpd.conf) should be configured appropriately.

oval:org.secpod.oval:def:31072
The changing of file permissions and attributes should be audited.

oval:org.secpod.oval:def:31194
Disable HTTP mod_rewrite (/etc/httpd/conf/httpd.conf) should be configured appropriately.

oval:org.secpod.oval:def:31073
The changing of file permissions and attributes should be audited.

oval:org.secpod.oval:def:31195
Disable LDAP Support (/etc/httpd/conf/httpd.conf) should be configured appropriately.

oval:org.secpod.oval:def:31074
The changing of file permissions and attributes should be audited.

oval:org.secpod.oval:def:31196
The kernel module freevxfs should be disabled.

oval:org.secpod.oval:def:31075
The changing of file permissions and attributes should be audited.

oval:org.secpod.oval:def:31069
The changing of file permissions and attributes should be audited.

oval:org.secpod.oval:def:31180
The RPM package bind should be removed.

oval:org.secpod.oval:def:31181
The vsftpd service should be disabled if possible.

oval:org.secpod.oval:def:31060
Record attempts to alter time through stime, note that this is only relevant on 32bit architecture.

oval:org.secpod.oval:def:31186
The kernel module cramfs should be disabled.

oval:org.secpod.oval:def:31065
Audit rules that detect changes to the system's mandatory access controls (SELinux) are enabled.

oval:org.secpod.oval:def:31066
Record Events that Modify the System's Discretionary Access Controls - chmod. The changing of file permissions and attributes should be audited.

oval:org.secpod.oval:def:31187
Restrict Access to Anonymous Users should be configured appropriately.

oval:org.secpod.oval:def:31188
File uploads via vsftpd should be enabled or disabled as appropriate

oval:org.secpod.oval:def:31067
The changing of file permissions and attributes should be audited.

oval:org.secpod.oval:def:31189
The httpd service should be disabled if possible.

oval:org.secpod.oval:def:31068
The changing of file permissions and attributes should be audited.

oval:org.secpod.oval:def:31182
The RPM package vsftpd should be removed.

oval:org.secpod.oval:def:31061
Record attempts to alter time through clock_settime.

oval:org.secpod.oval:def:31062
Record attempts to alter time through /etc/localtime

oval:org.secpod.oval:def:31184
Logging of vsftpd transactions should be enabled or disabled as appropriate

oval:org.secpod.oval:def:31063
The network environment should not be modified by anything other than administrator action. Any change to network parameters should be audited.

oval:org.secpod.oval:def:31185
A warning banner for all FTP users should be enabled or disabled as appropriate

oval:org.secpod.oval:def:31064
System Audit Logs Must Be Owned By Root (/var/log/*) should be configured appropriately.

oval:org.secpod.oval:def:31058
Record attempts to alter time through settimeofday.

oval:org.secpod.oval:def:31179
The named service should be disabled if possible.

oval:org.secpod.oval:def:31252
The SELinux state should be set appropriately.

oval:org.secpod.oval:def:31131
If inbound SSH access is not needed, the firewall should disallow or reject access to the SSH port (22).

oval:org.secpod.oval:def:31253
Logins through the Direct root Logins Not Allowed should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:31132
Limit Users SSH Access should be configured appropriately.

oval:org.secpod.oval:def:31254
Preventing direct root login to virtual console devices helps ensure accountability for actions taken on the system using the root account.

oval:org.secpod.oval:def:31134
The avahi-daemon service should be disabled if possible.

oval:org.secpod.oval:def:31255
Preventing direct root login to serial port interfaces helps ensure accountability for actions taken on the system using the root account.

oval:org.secpod.oval:def:31250
The kernel runtime parameter "kernel.dmesg_restrict" should be set to "1".

oval:org.secpod.oval:def:31130
The sshd service should be disabled if possible.

oval:org.secpod.oval:def:31249
Systems that are using the 64-bit x86 kernel package do not need to install the kernel-PAE package because the 64-bit x86 kernel already includes this support. However, if the system is 32-bit and also supports the PAE and NX features as determined in the previous section, the kernel-PAE package sho ...

oval:org.secpod.oval:def:31128
The anacron service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:31129
The atd service should be disabled if possible.

oval:org.secpod.oval:def:31245
Core dumps for all users should be disabled

oval:org.secpod.oval:def:31124
The sysstat service should be disabled if possible.

oval:org.secpod.oval:def:31125
Disable Prelinking (/etc/sysconfig/prelink) should be configured appropriately.

oval:org.secpod.oval:def:31246
The kernel runtime parameter "fs.suid_dumpable" should be set to "0".

oval:org.secpod.oval:def:31247
The kernel runtime parameter "kernel.exec-shield" should be set to "1".

oval:org.secpod.oval:def:31126
The kernel module usb-storage should be disabled.

oval:org.secpod.oval:def:31248
The kernel runtime parameter "kernel.randomize_va_space" should be set to "2".

oval:org.secpod.oval:def:31127
The crond service should be enabled if possible.

oval:org.secpod.oval:def:31362
Audit files deletion events.

oval:org.secpod.oval:def:31120
The rhnsd service should be disabled if possible.

oval:org.secpod.oval:def:31363
The system login banner text should be set correctly.

oval:org.secpod.oval:def:31121
The rhsmcertd service should be disabled if possible.

oval:org.secpod.oval:def:31243
Configure Periodic Execution of AIDE (/etc/crontab) should be configured appropriately.

oval:org.secpod.oval:def:31364
SSH warning banner should be enabled (and dependencies are met).

oval:org.secpod.oval:def:31122
The saslauthd service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:31244
The daemon umask should be set as appropriate

oval:org.secpod.oval:def:31123
The smartd service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:31240
The kernel module udf should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:31361
Audit rules should detect modification to system files that hold information about users and groups.

oval:org.secpod.oval:def:31238
The RPM package talk-server should be installed.

oval:org.secpod.oval:def:31117
The Apache qpidd service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:31239
The RPM package talk should be installed.

oval:org.secpod.oval:def:31118
The quota_nld service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:31119
The rdisc service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:31234
The RPM package rsh should be installed.

oval:org.secpod.oval:def:31355
This test makes sure that '/etc/gshadow' is setted appropriate permission. If the target file or directory has an extended ACL then it will fail the mode check.

oval:org.secpod.oval:def:31113
The oddjobd service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:31235
The RPM package ypbind should be installed.

oval:org.secpod.oval:def:31356
The password dcredit should meet minimum requirements using pam_cracklib

oval:org.secpod.oval:def:31236
The RPM package tftp should be installed.

oval:org.secpod.oval:def:31357
The RPM package telnet-server should be removed.

oval:org.secpod.oval:def:31115
The portreserve service should be disabled if possible.

oval:org.secpod.oval:def:31237
The squashfs Kernel Module should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:31358
The requirement for a password to boot into single-user mode should be configured correctly.

oval:org.secpod.oval:def:31116
The psacct service should be enabled if possible.

oval:org.secpod.oval:def:31351
All password hashes should be shadowed.

oval:org.secpod.oval:def:31230
Ensure Default Password Is Not Used (/etc/snmp/snmpd.conf) should be configured appropriately.

oval:org.secpod.oval:def:31231
The maximum password age policy should meet minimum requirements.

oval:org.secpod.oval:def:31352
The password ocredit should meet minimum requirements using pam_cracklib

oval:org.secpod.oval:def:31110
The messagebus service should be disabled if possible.

oval:org.secpod.oval:def:31232
The RPM package setroubleshoot should be installed.

oval:org.secpod.oval:def:31353
The telnet service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:31111
The netconsole service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:31233
The RPM package mcstrans should be installed.

oval:org.secpod.oval:def:31354
The /etc/gshadow file should be owned by the appropriate user.

oval:org.secpod.oval:def:31112
The ntpdate service should be disabled if possible.

oval:org.secpod.oval:def:31350
The /etc/passwd file should be owned by the appropriate user.

oval:org.secpod.oval:def:31227
The snmpd service should be disabled if possible.

oval:org.secpod.oval:def:31348
The password retry should meet minimum requirements using pam_cracklib

oval:org.secpod.oval:def:31106
The cpuspeed service should be disabled if possible.

oval:org.secpod.oval:def:31349
The SELinux policy should be set appropriately.

oval:org.secpod.oval:def:31228
The RPM package net-snmp should be removed.

oval:org.secpod.oval:def:31107
The irqbalance service should be enabled if possible.

oval:org.secpod.oval:def:31108
The kdump service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:31229
Configure SNMP Service to Use Only SNMPv3 or Newer (/etc/snmp/snmpd.conf) should be configured appropriately.

oval:org.secpod.oval:def:31109
The mdmonitor service should be disabled if possible.

oval:org.secpod.oval:def:31344
The password minimum length should be set appropriately.

oval:org.secpod.oval:def:31102
The certmonger service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:31224
The squid service should be disabled if possible.

oval:org.secpod.oval:def:31345
The password hashing algorithm should be set correctly in /etc/login.defs.

oval:org.secpod.oval:def:31346
The '/etc/shadow' file should be owned by the appropriate group.

oval:org.secpod.oval:def:31225
The RPM package squid should be removed.

oval:org.secpod.oval:def:31104
The cgconfig service should be disabled if possible.

oval:org.secpod.oval:def:31226
The kernel module hfsplus should be disabled.

oval:org.secpod.oval:def:31347
The audit rules should be configured to log information about kernel module loading and unloading.

oval:org.secpod.oval:def:31105
The cgred service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:31340
The kernel module sctp should be disabled.

oval:org.secpod.oval:def:31220
Plaintext authentication of mail clients should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:31341
The password lcredit should meet minimum requirements using pam_cracklib

oval:org.secpod.oval:def:31221
The Samba (SMB) service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:31100
The TFTP daemon should use secure mode.

oval:org.secpod.oval:def:31222
Require samba clients which use smb.conf, such as smbclient, to use packet signing. A Samba client should only communicate with servers who can support SMB packet signing.

oval:org.secpod.oval:def:31343
File permissions for /bin, /usr/bin, /usr/local/bin, /sbin, /usr/sbin and /usr/local/sbin should be set correctly.

oval:org.secpod.oval:def:31101
The acpid service should be disabled if possible.

oval:org.secpod.oval:def:31216
The kernel module hfs should be disabled.

oval:org.secpod.oval:def:31337
The maximum number of concurrent login sessions per user should meet minimum requirements.

oval:org.secpod.oval:def:31338
This test makes sure that '/etc/shadow' file permission is setted as appropriate. If the target file or directory has an extended ACL then it will fail the mode check.

oval:org.secpod.oval:def:31217
SSL capabilities should be enabled for the mail server.

oval:org.secpod.oval:def:31218
Dovecot plaintext authentication of clients should be enabled or disabled as necessary

oval:org.secpod.oval:def:31339
The password hashing algorithm should be set correctly in /etc/pam.d/system-auth.

oval:org.secpod.oval:def:31219
Configure Dovecot to Use the SSL Key file should be configured appropriately.

oval:org.secpod.oval:def:31212
Directory permissions for /etc/httpd/conf/ should be set as appropriate.

oval:org.secpod.oval:def:31333
The password hashing algorithm should be set correctly in /etc/libuser.conf.

oval:org.secpod.oval:def:31213
The /etc/httpd/conf/* files should have the appropriate permissions.

oval:org.secpod.oval:def:31334
File permissions for '/boot/grub2/grub.cfg' should be set appropriate.

oval:org.secpod.oval:def:31335
The SSH ClientAliveCountMax should be set to an appropriate value (and dependencies are met)

oval:org.secpod.oval:def:31214
The dovecot service should be disabled if possible.

oval:org.secpod.oval:def:31215
The RPM package dovecot should be removed.

oval:org.secpod.oval:def:31291
The root account is the only system account that should have a login shell.

oval:org.secpod.oval:def:31170
The mountd service should be configured to use a static port or a dynamic portmapper port as appropriate

oval:org.secpod.oval:def:31296
The /etc/passwd file should be owned by the appropriate group.

oval:org.secpod.oval:def:31054
admin_space_left_action setting in /etc/audit/auditd.conf is set to a certain action

oval:org.secpod.oval:def:31176
Root squashing should be enabled or disabled as appropriate for all NFS shares.

oval:org.secpod.oval:def:31055
action_mail_acct setting in /etc/audit/auditd.conf is set to a certain account

oval:org.secpod.oval:def:31297
Verify that Shared Library Files Have Root Ownership (/lib, /lib64, /usr/lib or /usr/lib64) should be configured appropriately.

oval:org.secpod.oval:def:31177
Restriction of NFS clients to privileged ports should be enabled or disabled as appropriate

oval:org.secpod.oval:def:31298
The RPM package aide should be installed.

oval:org.secpod.oval:def:31056
Configure auditd to use audispd plugin (/etc/audisp/plugins.d/syslog.conf) should be configured appropriately.

oval:org.secpod.oval:def:31057
Record attempts to alter time through adjtimex.

oval:org.secpod.oval:def:31178
Ensure Insecure File Locking is Not Allowed (/etc/exports) should be configured appropriately.

oval:org.secpod.oval:def:31299
The number of allowed failed logins should be set correctly.

oval:org.secpod.oval:def:31292
The password warning age should be set appropriately.

oval:org.secpod.oval:def:31050
num_logs setting in /etc/audit/auditd.conf is set to at least a certain value

oval:org.secpod.oval:def:31171
Specify UID and GID for Anonymous NFS Connections (/etc/exports) should be configured appropriately.

oval:org.secpod.oval:def:31051
max_log_file setting in /etc/audit/auditd.conf is set to at least a certain value

oval:org.secpod.oval:def:31172
The nfs service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:31293
The SSH idle timeout interval should be set to an appropriate value.

oval:org.secpod.oval:def:31052
max_log_file_action setting in /etc/audit/auditd.conf is set to a certain action

oval:org.secpod.oval:def:31173
The rpcsvcgssd service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:31294
The password minclass should meet minimum requirements using pam_cracklib

oval:org.secpod.oval:def:31053
space_left_action setting in /etc/audit/auditd.conf is set to a certain action

oval:org.secpod.oval:def:31295
The password difok should meet minimum requirements using pam_cracklib

oval:org.secpod.oval:def:31168
The autofs service should be disabled if possible.

oval:org.secpod.oval:def:31289
The disable option will allow the IPv6 module to be inserted, but prevent address assignment and activation of the network stack.

oval:org.secpod.oval:def:31047
The auditd service should be enabled if possible.

oval:org.secpod.oval:def:31169
Configure statd to use static port (/etc/sysconfig/nfs) should be configured appropriately.

oval:org.secpod.oval:def:31280
The kernel runtime parameter "net.ipv4.conf.default.secure_redirects" should be set to "0".

oval:org.secpod.oval:def:31043
The logrotate (syslog rotater) service should be enabled.

oval:org.secpod.oval:def:31164
The rpcidmapd service should be disabled if possible.

oval:org.secpod.oval:def:31285
The kernel runtime parameter "net.ipv4.conf.default.rp_filter" should be set to "1".

oval:org.secpod.oval:def:31044
Test if HostLimit line in logwatch.conf is set appropriately. On a central logserver, you want Logwatch to summarize all syslog entries, including those which did not originate on the logserver itself. The HostLimit setting tells Logwatch to report on all hosts, not just the one on which it is runni ...

oval:org.secpod.oval:def:31165
The netfs service should be disabled if possible.

oval:org.secpod.oval:def:31045
Check if SplitHosts line in logwatch.conf is set appropriately.

oval:org.secpod.oval:def:31287
The bluetooth service should be disabled if possible.

oval:org.secpod.oval:def:31166
The lockd service should be configured to use a static port or a dynamic portmapper port for TCP as appropriate.

oval:org.secpod.oval:def:31046
Disable Logwatch on Clients if a Logserver Exists (/etc/cron.daily/0logwatch) should be configured appropriately.

oval:org.secpod.oval:def:31288
The kernel module bluetooth should be disabled.

oval:org.secpod.oval:def:31167
The lockd service should be configured to use a static port or a dynamic portmapper port for UDP as appropriate.

oval:org.secpod.oval:def:31160
Require the use of TLS for ldap clients.

oval:org.secpod.oval:def:31281
The kernel runtime parameter "net.ipv4.icmp_echo_ignore_broadcasts" should be set to "1".

oval:org.secpod.oval:def:31161
The RPM package openldap-servers should be removed.

oval:org.secpod.oval:def:31282
The kernel runtime parameter "net.ipv4.icmp_ignore_bogus_error_responses" should be set to "1".

oval:org.secpod.oval:def:31040
rsyslogd should reject remote messages

oval:org.secpod.oval:def:31162
The nfslock service should be disabled if possible.

oval:org.secpod.oval:def:31283
The kernel runtime parameter "net.ipv4.tcp_syncookies" should be set to "1".

oval:org.secpod.oval:def:31041
The 'rsyslog' to Accept Messages via TCP, if Acting As Log Server should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:31163
The rpcgssd service should be disabled if possible.

oval:org.secpod.oval:def:31284
The kernel runtime parameter "net.ipv4.conf.all.rp_filter" should be set to "1".

oval:org.secpod.oval:def:31042
The rsyslog to Accept Messages via UDP, if Acting As Log Server should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:31157
Postfix network listening should be disabled

oval:org.secpod.oval:def:31278
The Kernel Parameter for Accepting Source-Routed Packets By Default should be enabled or disabled as appropriate. The kernel runtime parameter "net.ipv4.conf.default.accept_source_route" should be set to "0".

oval:org.secpod.oval:def:31158
Protect against unnecessary release of information.

oval:org.secpod.oval:def:31279
The kernel runtime parameter "net.ipv4.conf.default.accept_redirects" should be set to "0".

oval:org.secpod.oval:def:31159
Require the use of TLS for ldap clients.

oval:org.secpod.oval:def:31039
Syslog logs should be sent to a remote loghost

oval:org.secpod.oval:def:31032
The kernel module tipc should be disabled.

oval:org.secpod.oval:def:31274
The kernel runtime parameter "net.ipv4.conf.all.accept_source_route" should be set to "0".

oval:org.secpod.oval:def:31153
A remote NTP Server for time synchronization should be specified (and dependencies are met)

oval:org.secpod.oval:def:31033
The RPM package libreswan should be installed.

oval:org.secpod.oval:def:31275
The kernel runtime parameter "net.ipv4.conf.all.accept_redirects" should be set to "0".

oval:org.secpod.oval:def:31154
Specify Additional Remote NTP Servers (/etc/ntp.conf) should be configured appropriately.

oval:org.secpod.oval:def:31034
The RPM package rsyslog should be installed.

oval:org.secpod.oval:def:31155
The postfix service should be enabled if possible.

oval:org.secpod.oval:def:31276
The kernel runtime parameter "net.ipv4.conf.all.secure_redirects" should be set to "0".

oval:org.secpod.oval:def:31035
The rsyslog service should be enabled if possible.

oval:org.secpod.oval:def:31156
The RPM package sendmail should be removed.

oval:org.secpod.oval:def:31277
The kernel runtime parameter "net.ipv4.conf.all.log_martians" should be set to "1".

oval:org.secpod.oval:def:31270
Disable Zeroconf automatic route assignment in the 169.254.0.0 subnet.

oval:org.secpod.oval:def:31150
Logging (/etc/rsyslog.conf) should be configured appropriately.

oval:org.secpod.oval:def:31271
The kernel runtime parameter "net.ipv4.conf.default.send_redirects" should be set to "0".

oval:org.secpod.oval:def:31151
DHCP configuration should be static for all interfaces.

oval:org.secpod.oval:def:31030
IP forwarding should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:31272
The kernel runtime parameter "net.ipv4.conf.all.send_redirects" should be set to "0".

oval:org.secpod.oval:def:31031
The kernel module rds should be disabled.

oval:org.secpod.oval:def:31273
The kernel runtime parameter "net.ipv4.ip_forward" should be set to "0".

oval:org.secpod.oval:def:31152
The ntpd service should be enable or disable as appropriate.

oval:org.secpod.oval:def:31029
Change the default policy to DROP (from ACCEPT) for the INPUT built-in chain (/etc/sysconfig/iptables).

oval:org.secpod.oval:def:31146
The dynamic DNS feature of the DHCP server should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:31267
The ability for users to perform interactive startups should be disabled.

oval:org.secpod.oval:def:31268
The RPM package screen should be installed.

oval:org.secpod.oval:def:31026
Change the default policy to DROP (from ACCEPT) for the INPUT built-in chain (/etc/sysconfig/ip6tables).

oval:org.secpod.oval:def:31148
DHCPDECLINE messages should be accepted or denied by the DHCP server as appropriate

oval:org.secpod.oval:def:31269
The pcscd service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:31149
BOOTP queries should be accepted or denied by the DHCP server as appropriate.

oval:org.secpod.oval:def:31028
The iptables service should be enabled if possible.

oval:org.secpod.oval:def:31142
The CUPS print service can be configured to broadcast a list of available printers to the network. Other machines on the network, also running the CUPS print service, can be configured to listen to these broadcasts and add and configure these printers for immediate use. By disabling this browsing ca ...

oval:org.secpod.oval:def:31021
The kernel runtime parameter "net.ipv6.conf.default.accept_redirects" should be set to "0".

oval:org.secpod.oval:def:31263
The default umask for users of the csh shell

oval:org.secpod.oval:def:31143
By default, locally configured printers will not be shared over the network, but if this functionality has somehow been enabled, these recommendations will disable it again. Be sure to disable outgoing printer list broadcasts, or remote users will still be able to see the locally configured printers ...

oval:org.secpod.oval:def:31022
Manually configure addresses for IPv6

oval:org.secpod.oval:def:31264
The default umask for all users should be set correctly

oval:org.secpod.oval:def:31023
Enable privacy extensions for IPv6

oval:org.secpod.oval:def:31144
The dhcpd service should be disabled if possible.

oval:org.secpod.oval:def:31265
The default umask for all users specified in /etc/login.defs

oval:org.secpod.oval:def:31024
Define default gateways for IPv6 traffic

oval:org.secpod.oval:def:31145
The RPM package dhcpd should be removed.

oval:org.secpod.oval:def:31266
Ctrl-Alt-Del Reboot Activation should be set as appropriate.

oval:org.secpod.oval:def:31260
The number of allowed failed logins should be set correctly.

oval:org.secpod.oval:def:31140
Avahi publishing of IP addresses should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:31141
The cups service should be disabled if possible.

oval:org.secpod.oval:def:31020
The kernel runtime parameter "net.ipv6.conf.default.accept_ra" should be set to "0".

oval:org.secpod.oval:def:31262
The default umask for users of the bash shell

oval:org.secpod.oval:def:31139
Disable Avahi Publishing (/etc/avahi/avahi-daemon.conf) should be configured appropriately.

oval:org.secpod.oval:def:31018
Global IPv6 initialization should be disabled.

oval:org.secpod.oval:def:31019
The RPC IPv6 Support should be configured appropriately based rpc services.

oval:org.secpod.oval:def:31135
The Avahi daemon should be configured to serve via Ipv6 or not as appropriate.

oval:org.secpod.oval:def:31257
The .netrc files contain login information used to auto-login into FTP servers and reside in the user's home directory. Any .netrc files should be removed.

oval:org.secpod.oval:def:31137
Avahi should be configured to accept packets with a TTL field not equal to 255 or not as appropriate.

oval:org.secpod.oval:def:31258
Configure the system to notify users of last logon/access using pam_lastlog.

oval:org.secpod.oval:def:31138
Avahi should be configured to allow other stacks from binding to port 5353 or not as appropriate.

oval:org.secpod.oval:def:31259
Set Password to Maximum of Three Consecutive Repeating Characters should be configured appropriately.

CPE    1
cpe:/o:centos:centos:7
CCE    313
CCE-90924-2
CCE-90901-0
CCE-90947-3
CCE-90672-7
...
*XCCDF
xccdf_org.secpod_benchmark_general_CENTOS_7

© 2013 SecPod Technologies