| OVAL Definition Results |
|
|
| ID |
Result |
Class |
Reference ID |
Title |
| oval:ssg-system_info_architecture_x86:def:1 |
false |
compliance |
[system_info_architecture_x86] |
Test for x86 Architecture |
| oval:ssg-system_info_architecture_ppc_64:def:1 |
false |
compliance |
[system_info_architecture_ppc_64] |
Test for PPC and PPCLE Architecture |
| oval:ssg-sysctl_static_net_ipv6_conf_default_accept_source_route:def:1 |
false |
compliance |
[sysctl_static_net_ipv6_conf_default_accept_source_route] |
Kernel "net.ipv6.conf.default.accept_source_route" Parameter Configuration Check |
| oval:ssg-sysctl_static_net_ipv6_conf_default_accept_redirects:def:1 |
false |
compliance |
[sysctl_static_net_ipv6_conf_default_accept_redirects] |
Kernel "net.ipv6.conf.default.accept_redirects" Parameter Configuration Check |
| oval:ssg-sysctl_static_net_ipv6_conf_default_accept_ra:def:1 |
false |
compliance |
[sysctl_static_net_ipv6_conf_default_accept_ra] |
Kernel "net.ipv6.conf.default.accept_ra" Parameter Configuration Check |
| oval:ssg-sysctl_static_net_ipv6_conf_all_forwarding:def:1 |
false |
compliance |
[sysctl_static_net_ipv6_conf_all_forwarding] |
Kernel "net.ipv6.conf.all.forwarding" Parameter Configuration Check |
| oval:ssg-sysctl_static_net_ipv6_conf_all_disable_ipv6:def:1 |
false |
compliance |
[sysctl_static_net_ipv6_conf_all_disable_ipv6] |
Kernel "net.ipv6.conf.all.disable_ipv6" Parameter Configuration Check |
| oval:ssg-sysctl_static_net_ipv6_conf_all_accept_source_route:def:1 |
false |
compliance |
[sysctl_static_net_ipv6_conf_all_accept_source_route] |
Kernel "net.ipv6.conf.all.accept_source_route" Parameter Configuration Check |
| oval:ssg-sysctl_static_net_ipv6_conf_all_accept_redirects:def:1 |
false |
compliance |
[sysctl_static_net_ipv6_conf_all_accept_redirects] |
Kernel "net.ipv6.conf.all.accept_redirects" Parameter Configuration Check |
| oval:ssg-sysctl_static_net_ipv6_conf_all_accept_ra:def:1 |
false |
compliance |
[sysctl_static_net_ipv6_conf_all_accept_ra] |
Kernel "net.ipv6.conf.all.accept_ra" Parameter Configuration Check |
| oval:ssg-sysctl_static_net_ipv4_tcp_syncookies:def:1 |
false |
compliance |
[sysctl_static_net_ipv4_tcp_syncookies] |
Kernel "net.ipv4.tcp_syncookies" Parameter Configuration Check |
| oval:ssg-sysctl_static_net_ipv4_ip_forward:def:1 |
false |
compliance |
[sysctl_static_net_ipv4_ip_forward] |
Kernel "net.ipv4.ip_forward" Parameter Configuration Check |
| oval:ssg-sysctl_static_net_ipv4_icmp_ignore_bogus_error_responses:def:1 |
false |
compliance |
[sysctl_static_net_ipv4_icmp_ignore_bogus_error_responses] |
Kernel "net.ipv4.icmp_ignore_bogus_error_responses" Parameter Configuration Check |
| oval:ssg-sysctl_static_net_ipv4_icmp_echo_ignore_broadcasts:def:1 |
false |
compliance |
[sysctl_static_net_ipv4_icmp_echo_ignore_broadcasts] |
Kernel "net.ipv4.icmp_echo_ignore_broadcasts" Parameter Configuration Check |
| oval:ssg-sysctl_static_net_ipv4_conf_default_send_redirects:def:1 |
false |
compliance |
[sysctl_static_net_ipv4_conf_default_send_redirects] |
Kernel "net.ipv4.conf.default.send_redirects" Parameter Configuration Check |
| oval:ssg-sysctl_static_net_ipv4_conf_default_secure_redirects:def:1 |
false |
compliance |
[sysctl_static_net_ipv4_conf_default_secure_redirects] |
Kernel "net.ipv4.conf.default.secure_redirects" Parameter Configuration Check |
| oval:ssg-sysctl_static_net_ipv4_conf_default_log_martians:def:1 |
false |
compliance |
[sysctl_static_net_ipv4_conf_default_log_martians] |
Kernel "net.ipv4.conf.default.log_martians" Parameter Configuration Check |
| oval:ssg-sysctl_static_net_ipv4_conf_default_accept_redirects:def:1 |
false |
compliance |
[sysctl_static_net_ipv4_conf_default_accept_redirects] |
Kernel "net.ipv4.conf.default.accept_redirects" Parameter Configuration Check |
| oval:ssg-sysctl_static_net_ipv4_conf_all_send_redirects:def:1 |
false |
compliance |
[sysctl_static_net_ipv4_conf_all_send_redirects] |
Kernel "net.ipv4.conf.all.send_redirects" Parameter Configuration Check |
| oval:ssg-sysctl_static_net_ipv4_conf_all_secure_redirects:def:1 |
false |
compliance |
[sysctl_static_net_ipv4_conf_all_secure_redirects] |
Kernel "net.ipv4.conf.all.secure_redirects" Parameter Configuration Check |
| oval:ssg-sysctl_static_net_ipv4_conf_all_log_martians:def:1 |
false |
compliance |
[sysctl_static_net_ipv4_conf_all_log_martians] |
Kernel "net.ipv4.conf.all.log_martians" Parameter Configuration Check |
| oval:ssg-sysctl_static_net_ipv4_conf_all_accept_redirects:def:1 |
false |
compliance |
[sysctl_static_net_ipv4_conf_all_accept_redirects] |
Kernel "net.ipv4.conf.all.accept_redirects" Parameter Configuration Check |
| oval:ssg-sysctl_static_kernel_randomize_va_space:def:1 |
false |
compliance |
[sysctl_static_kernel_randomize_va_space] |
Kernel "kernel.randomize_va_space" Parameter Configuration Check |
| oval:ssg-sysctl_static_kernel_dmesg_restrict:def:1 |
false |
compliance |
[sysctl_static_kernel_dmesg_restrict] |
Kernel "kernel.dmesg_restrict" Parameter Configuration Check |
| oval:ssg-sysctl_static_fs_suid_dumpable:def:1 |
false |
compliance |
[sysctl_static_fs_suid_dumpable] |
Kernel "fs.suid_dumpable" Parameter Configuration Check |
| oval:ssg-sysctl_runtime_net_ipv6_conf_all_disable_ipv6:def:1 |
false |
compliance |
[sysctl_runtime_net_ipv6_conf_all_disable_ipv6] |
Kernel "net.ipv6.conf.all.disable_ipv6" Parameter Runtime Check |
| oval:ssg-sysctl_runtime_net_ipv4_conf_default_send_redirects:def:1 |
false |
compliance |
[sysctl_runtime_net_ipv4_conf_default_send_redirects] |
Kernel "net.ipv4.conf.default.send_redirects" Parameter Runtime Check |
| oval:ssg-sysctl_runtime_net_ipv4_conf_all_send_redirects:def:1 |
false |
compliance |
[sysctl_runtime_net_ipv4_conf_all_send_redirects] |
Kernel "net.ipv4.conf.all.send_redirects" Parameter Runtime Check |
| oval:ssg-sysctl_runtime_kernel_dmesg_restrict:def:1 |
false |
compliance |
[sysctl_runtime_kernel_dmesg_restrict] |
Kernel "kernel.dmesg_restrict" Parameter Runtime Check |
| oval:ssg-sysctl_net_ipv6_conf_default_accept_source_route:def:1 |
false |
compliance |
[sysctl_net_ipv6_conf_default_accept_source_route] |
Kernel "net.ipv6.conf.default.accept_source_route" Parameter Configuration and Runtime Check |
| oval:ssg-sysctl_net_ipv6_conf_default_accept_redirects:def:1 |
false |
compliance |
[sysctl_net_ipv6_conf_default_accept_redirects] |
Kernel "net.ipv6.conf.default.accept_redirects" Parameter Configuration and Runtime Check |
| oval:ssg-sysctl_net_ipv6_conf_default_accept_ra:def:1 |
false |
compliance |
[sysctl_net_ipv6_conf_default_accept_ra] |
Kernel "net.ipv6.conf.default.accept_ra" Parameter Configuration and Runtime Check |
| oval:ssg-sysctl_net_ipv6_conf_all_forwarding:def:1 |
false |
compliance |
[sysctl_net_ipv6_conf_all_forwarding] |
Kernel "net.ipv6.conf.all.forwarding" Parameter Configuration and Runtime Check |
| oval:ssg-sysctl_net_ipv6_conf_all_accept_source_route:def:1 |
false |
compliance |
[sysctl_net_ipv6_conf_all_accept_source_route] |
Kernel "net.ipv6.conf.all.accept_source_route" Parameter Configuration and Runtime Check |
| oval:ssg-sysctl_net_ipv6_conf_all_accept_redirects:def:1 |
false |
compliance |
[sysctl_net_ipv6_conf_all_accept_redirects] |
Kernel "net.ipv6.conf.all.accept_redirects" Parameter Configuration and Runtime Check |
| oval:ssg-sysctl_net_ipv6_conf_all_accept_ra:def:1 |
false |
compliance |
[sysctl_net_ipv6_conf_all_accept_ra] |
Kernel "net.ipv6.conf.all.accept_ra" Parameter Configuration and Runtime Check |
| oval:ssg-sysctl_net_ipv4_tcp_syncookies:def:1 |
false |
compliance |
[sysctl_net_ipv4_tcp_syncookies] |
Kernel "net.ipv4.tcp_syncookies" Parameter Configuration and Runtime Check |
| oval:ssg-sysctl_net_ipv4_ip_forward:def:1 |
false |
compliance |
[sysctl_net_ipv4_ip_forward] |
Kernel "net.ipv4.ip_forward" Parameter Configuration and Runtime Check |
| oval:ssg-sysctl_net_ipv4_icmp_ignore_bogus_error_responses:def:1 |
false |
compliance |
[sysctl_net_ipv4_icmp_ignore_bogus_error_responses] |
Kernel "net.ipv4.icmp_ignore_bogus_error_responses" Parameter Configuration and Runtime Check |
| oval:ssg-sysctl_net_ipv4_icmp_echo_ignore_broadcasts:def:1 |
false |
compliance |
[sysctl_net_ipv4_icmp_echo_ignore_broadcasts] |
Kernel "net.ipv4.icmp_echo_ignore_broadcasts" Parameter Configuration and Runtime Check |
| oval:ssg-sysctl_net_ipv4_conf_default_send_redirects:def:1 |
false |
compliance |
[sysctl_net_ipv4_conf_default_send_redirects] |
Kernel "net.ipv4.conf.default.send_redirects" Parameter Configuration and Runtime Check |
| oval:ssg-sysctl_net_ipv4_conf_default_secure_redirects:def:1 |
false |
compliance |
[sysctl_net_ipv4_conf_default_secure_redirects] |
Kernel "net.ipv4.conf.default.secure_redirects" Parameter Configuration and Runtime Check |
| oval:ssg-sysctl_net_ipv4_conf_default_log_martians:def:1 |
false |
compliance |
[sysctl_net_ipv4_conf_default_log_martians] |
Kernel "net.ipv4.conf.default.log_martians" Parameter Configuration and Runtime Check |
| oval:ssg-sysctl_net_ipv4_conf_default_accept_redirects:def:1 |
false |
compliance |
[sysctl_net_ipv4_conf_default_accept_redirects] |
Kernel "net.ipv4.conf.default.accept_redirects" Parameter Configuration and Runtime Check |
| oval:ssg-sysctl_net_ipv4_conf_all_send_redirects:def:1 |
false |
compliance |
[sysctl_net_ipv4_conf_all_send_redirects] |
Kernel "net.ipv4.conf.all.send_redirects" Parameter Configuration and Runtime Check |
| oval:ssg-sysctl_net_ipv4_conf_all_secure_redirects:def:1 |
false |
compliance |
[sysctl_net_ipv4_conf_all_secure_redirects] |
Kernel "net.ipv4.conf.all.secure_redirects" Parameter Configuration and Runtime Check |
| oval:ssg-sysctl_net_ipv4_conf_all_log_martians:def:1 |
false |
compliance |
[sysctl_net_ipv4_conf_all_log_martians] |
Kernel "net.ipv4.conf.all.log_martians" Parameter Configuration and Runtime Check |
| oval:ssg-sysctl_net_ipv4_conf_all_accept_redirects:def:1 |
false |
compliance |
[sysctl_net_ipv4_conf_all_accept_redirects] |
Kernel "net.ipv4.conf.all.accept_redirects" Parameter Configuration and Runtime Check |
| oval:ssg-sysctl_kernel_randomize_va_space:def:1 |
false |
compliance |
[sysctl_kernel_randomize_va_space] |
Kernel "kernel.randomize_va_space" Parameter Configuration and Runtime Check |
| oval:ssg-sysctl_kernel_ipv6_disable:def:1 |
false |
compliance |
[sysctl_kernel_ipv6_disable] |
Kernel Runtime Parameter IPv6 Check |
| oval:ssg-sysctl_kernel_dmesg_restrict:def:1 |
false |
compliance |
[sysctl_kernel_dmesg_restrict] |
Kernel "kernel.dmesg_restrict" Parameter Configuration and Runtime Check |
| oval:ssg-sysctl_fs_suid_dumpable:def:1 |
false |
compliance |
[sysctl_fs_suid_dumpable] |
Kernel "fs.suid_dumpable" Parameter Configuration and Runtime Check |
| oval:ssg-sysconfig_networking_bootproto_ifcfg:def:1 |
false |
compliance |
[sysconfig_networking_bootproto_ifcfg] |
Disable DHCP Client |
| oval:ssg-sssd_enable_pam_services:def:1 |
false |
compliance |
[sssd_enable_pam_services] |
Configure PAM in SSSD Services |
| oval:ssg-sssd_conf_exists:def:1 |
false |
compliance |
[sssd_conf_exists] |
Verify The SSSD Configuration File Exists |
| oval:ssg-sshd_use_strong_macs:def:1 |
false |
compliance |
[sshd_use_strong_macs] |
Use Only Strong MACs |
| oval:ssg-sshd_use_strong_ciphers:def:1 |
false |
compliance |
[sshd_use_strong_ciphers] |
Use Only Strong Ciphers |
| oval:ssg-sshd_use_approved_macs:def:1 |
false |
compliance |
[sshd_use_approved_macs] |
Use Only FIPS MACs |
| oval:ssg-sshd_use_approved_ciphers:def:1 |
false |
compliance |
[sshd_use_approved_ciphers] |
Use Only Approved Ciphers |
| oval:ssg-sshd_set_max_auth_tries:def:1 |
false |
compliance |
[sshd_set_max_auth_tries] |
Set OpenSSH authentication attempt limit (MaxAuthTries) |
| oval:ssg-sshd_set_loglevel_info:def:1 |
false |
compliance |
[sshd_set_loglevel_info] |
Set OpenSSH LogLevel to INFO |
| oval:ssg-sshd_do_not_permit_user_env:def:1 |
false |
compliance |
[sshd_do_not_permit_user_env] |
Do Not Allow Users to Set Environment Options |
| oval:ssg-sshd_disable_root_login:def:1 |
false |
compliance |
[sshd_disable_root_login] |
Disable root Login via SSH |
| oval:ssg-service_sssd_enabled:def:1 |
false |
compliance |
[service_sssd_enabled] |
Service sssd Enabled |
| oval:ssg-service_sshd_disabled:def:1 |
false |
compliance |
[service_sshd_disabled] |
Service sshd Disabled |
| oval:ssg-service_psacct_enabled:def:1 |
false |
compliance |
[service_psacct_enabled] |
Service psacct Enabled |
| oval:ssg-service_ntpd_enabled:def:1 |
false |
compliance |
[service_ntpd_enabled] |
Service ntpd Enabled |
| oval:ssg-service_kdump_disabled:def:1 |
false |
compliance |
[service_kdump_disabled] |
Service kdump Disabled |
| oval:ssg-service_docker_enabled:def:1 |
false |
compliance |
[service_docker_enabled] |
Service docker Enabled |
| oval:ssg-selinux_all_devicefiles_labeled:def:1 |
false |
compliance |
[selinux_all_devicefiles_labeled] |
Device Files Have Proper SELinux Context |
| oval:ssg-securetty_root_login_console_only:def:1 |
false |
compliance |
[securetty_root_login_console_only] |
Restrict Virtual Console Root Logins |
| oval:ssg-sebool_virt_sandbox_use_samba:def:1 |
false |
compliance |
[sebool_virt_sandbox_use_samba] |
SELinux "virt_sandbox_use_samba" Boolean Check |
| oval:ssg-sebool_virt_sandbox_use_nfs:def:1 |
false |
compliance |
[sebool_virt_sandbox_use_nfs] |
SELinux "virt_sandbox_use_nfs" Boolean Check |
| oval:ssg-sebool_sftpd_write_ssh_home:def:1 |
false |
compliance |
[sebool_sftpd_write_ssh_home] |
SELinux "sftpd_write_ssh_home" Boolean Check |
| oval:ssg-sebool_sftpd_full_access:def:1 |
false |
compliance |
[sebool_sftpd_full_access] |
SELinux "sftpd_full_access" Boolean Check |
| oval:ssg-sebool_sftpd_enable_homedirs:def:1 |
false |
compliance |
[sebool_sftpd_enable_homedirs] |
SELinux "sftpd_enable_homedirs" Boolean Check |
| oval:ssg-sebool_sftpd_anon_write:def:1 |
false |
compliance |
[sebool_sftpd_anon_write] |
SELinux "sftpd_anon_write" Boolean Check |
| oval:ssg-sebool_ftp_home_dir:def:1 |
false |
compliance |
[sebool_ftp_home_dir] |
SELinux "ftp_home_dir" Boolean Check |
| oval:ssg-sebool_docker_transition_unconfined:def:1 |
false |
compliance |
[sebool_docker_transition_unconfined] |
SELinux "docker_transition_unconfined" Boolean Check |
| oval:ssg-sebool_docker_connect_any:def:1 |
false |
compliance |
[sebool_docker_connect_any] |
SELinux "docker_connect_any" Boolean Check |
| oval:ssg-sebool_SELinux:def:1 |
false |
compliance |
[sebool_SELinux] |
SELinux "SELinux" Boolean Check |
| oval:ssg-rsyslog_remote_loghost:def:1 |
false |
compliance |
[rsyslog_remote_loghost] |
Send Logs to a Remote Loghost |
| oval:ssg-restrict_serial_port_logins:def:1 |
false |
compliance |
[restrict_serial_port_logins] |
Restrict Serial Port Root Logins |
| oval:ssg-postfix_server_banner:def:1 |
false |
compliance |
[postfix_server_banner] |
Configure Postfix Against Unnecessary Release of Information |
| oval:ssg-partition_for_var_log_audit:def:1 |
false |
compliance |
[partition_for_var_log_audit] |
Ensure /var/log/audit Located On Separate Partition |
| oval:ssg-partition_for_var_log:def:1 |
false |
compliance |
[partition_for_var_log] |
Ensure /var/log Located On Separate Partition |
| oval:ssg-partition_for_var:def:1 |
false |
compliance |
[partition_for_var] |
Ensure /var Located On Separate Partition |
| oval:ssg-partition_for_tmp:def:1 |
false |
compliance |
[partition_for_tmp] |
Ensure /tmp Located On Separate Partition |
| oval:ssg-partition_for_home:def:1 |
false |
compliance |
[partition_for_home] |
Ensure /home Located On Separate Partition |
| oval:ssg-package_xinetd_installed:def:1 |
false |
compliance |
[package_xinetd_installed] |
Package xinetd Installed |
| oval:ssg-package_vsftpd_installed:def:1 |
false |
compliance |
[package_vsftpd_installed] |
Package vsftpd Installed |
| oval:ssg-package_tcp_wrappers_installed:def:1 |
false |
compliance |
[package_tcp_wrappers_installed] |
Package tcp_wrappers Installed |
| oval:ssg-package_sssd_installed:def:1 |
false |
compliance |
[package_sssd_installed] |
Package sssd Installed |
| oval:ssg-package_samba-common_installed:def:1 |
false |
compliance |
[package_samba-common_installed] |
Package samba-common Installed |
| oval:ssg-package_psacct_installed:def:1 |
false |
compliance |
[package_psacct_installed] |
Package psacct Installed |
| oval:ssg-package_openssh-server_removed:def:1 |
false |
compliance |
[package_openssh-server_removed] |
Package openssh-server Removed |
| oval:ssg-package_ntp_installed:def:1 |
false |
compliance |
[package_ntp_installed] |
Package ntp Installed |
| oval:ssg-package_libreswan_installed:def:1 |
false |
compliance |
[package_libreswan_installed] |
Package libreswan Installed |
| oval:ssg-package_kexec-tools_removed:def:1 |
false |
compliance |
[package_kexec-tools_removed] |
Package kexec-tools Removed |
| oval:ssg-package_kernel-tools_removed:def:1 |
false |
compliance |
[package_kernel-tools_removed] |
Package kernel-tools Removed |
| oval:ssg-package_iputils_removed:def:1 |
false |
compliance |
[package_iputils_removed] |
Package iputils Removed |
| oval:ssg-package_gdm_installed:def:1 |
false |
compliance |
[package_gdm_installed] |
Package gdm Installed |
| oval:ssg-package_dracut-fips_installed:def:1 |
false |
compliance |
[package_dracut-fips_installed] |
Package dracut-fips Installed |
| oval:ssg-package_docker_installed:def:1 |
false |
compliance |
[package_docker_installed] |
Package docker Installed |
| oval:ssg-package_dconf_installed:def:1 |
false |
compliance |
[package_dconf_installed] |
Package dconf Installed |
| oval:ssg-package_dbus_removed:def:1 |
false |
compliance |
[package_dbus_removed] |
Package dbus Removed |
| oval:ssg-package_aide_installed:def:1 |
false |
compliance |
[package_aide_installed] |
Package aide Installed |
| oval:ssg-ntpd_specify_remote_server:def:1 |
false |
compliance |
[ntpd_specify_remote_server] |
Specify a Remote ntpd NTP Server for Time Data |
| oval:ssg-ntpd_specify_multiple_servers:def:1 |
false |
compliance |
[ntpd_specify_multiple_servers] |
Specify Multiple Remote ntpd NTP Server for Time Data |
| oval:ssg-ntp_set_maxpoll:def:1 |
false |
compliance |
[ntp_set_maxpoll] |
Configure NTP Maxpoll Interval |
| oval:ssg-no_direct_root_logins:def:1 |
false |
compliance |
[no_direct_root_logins] |
Direct root Logins Not Allowed |
| oval:ssg-network_ipv6_static_address:def:1 |
false |
compliance |
[network_ipv6_static_address] |
Manually Assign Global IPv6 Address |
| oval:ssg-network_ipv6_privacy_extensions:def:1 |
false |
compliance |
[network_ipv6_privacy_extensions] |
Enable Privacy Extensions for IPv6 |
| oval:ssg-network_ipv6_default_gateway:def:1 |
false |
compliance |
[network_ipv6_default_gateway] |
Manually Assign IPv6 Router Address |
| oval:ssg-network_disable_zeroconf:def:1 |
false |
compliance |
[network_disable_zeroconf] |
Disable Zeroconf Networking |
| oval:ssg-network_configure_name_resolution:def:1 |
false |
compliance |
[network_configure_name_resolution] |
Configure Multiple DNS Servers in /etc/resolv.conf |
| oval:ssg-mount_option_var_tmp_bind:def:1 |
false |
compliance |
[mount_option_var_tmp_bind] |
Bind Mount /var/tmp To /tmp |
| oval:ssg-mount_option_tmp_nosuid:def:1 |
false |
compliance |
[mount_option_tmp_nosuid] |
Add nosuid Option to /tmp |
| oval:ssg-mount_option_tmp_noexec:def:1 |
false |
compliance |
[mount_option_tmp_noexec] |
Add noexec Option to /tmp |
| oval:ssg-mount_option_tmp_nodev:def:1 |
false |
compliance |
[mount_option_tmp_nodev] |
Add nodev Option to /tmp |
| oval:ssg-mount_option_smb_client_signing:def:1 |
false |
compliance |
[mount_option_smb_client_signing] |
Require Client SMB Packet Signing, if using
mount.cifs |
| oval:ssg-mount_option_nodev_nonroot_local_partitions:def:1 |
false |
compliance |
[mount_option_nodev_nonroot_local_partitions] |
Add nodev Option to Non-Root Local Partitions |
| oval:ssg-mount_option_home_nosuid:def:1 |
false |
compliance |
[mount_option_home_nosuid] |
Add nosuid Option to /home |
| oval:ssg-mount_option_dev_shm_noexec:def:1 |
false |
compliance |
[mount_option_dev_shm_noexec] |
Add noexec Option to /dev/shm |
| oval:ssg-logwatch_configured_splithosts:def:1 |
false |
compliance |
[logwatch_configured_splithosts] |
Ensure Logwatch SplitHosts Configured |
| oval:ssg-logwatch_configured_hostlimit:def:1 |
false |
compliance |
[logwatch_configured_hostlimit] |
Ensure Logwatch HostLimit Configured |
| oval:ssg-kernel_module_usb-storage_disabled:def:1 |
false |
compliance |
[kernel_module_usb-storage_disabled] |
Disable usb-storage Kernel Module |
| oval:ssg-kernel_module_udf_disabled:def:1 |
false |
compliance |
[kernel_module_udf_disabled] |
Disable udf Kernel Module |
| oval:ssg-kernel_module_squashfs_disabled:def:1 |
false |
compliance |
[kernel_module_squashfs_disabled] |
Disable squashfs Kernel Module |
| oval:ssg-kernel_module_sctp_disabled:def:1 |
false |
compliance |
[kernel_module_sctp_disabled] |
Disable sctp Kernel Module |
| oval:ssg-kernel_module_jffs2_disabled:def:1 |
false |
compliance |
[kernel_module_jffs2_disabled] |
Disable jffs2 Kernel Module |
| oval:ssg-kernel_module_hfsplus_disabled:def:1 |
false |
compliance |
[kernel_module_hfsplus_disabled] |
Disable hfsplus Kernel Module |
| oval:ssg-kernel_module_hfs_disabled:def:1 |
false |
compliance |
[kernel_module_hfs_disabled] |
Disable hfs Kernel Module |
| oval:ssg-kernel_module_freevxfs_disabled:def:1 |
false |
compliance |
[kernel_module_freevxfs_disabled] |
Disable freevxfs Kernel Module |
| oval:ssg-kernel_module_dccp_disabled:def:1 |
false |
compliance |
[kernel_module_dccp_disabled] |
Disable dccp Kernel Module |
| oval:ssg-kernel_module_cramfs_disabled:def:1 |
false |
compliance |
[kernel_module_cramfs_disabled] |
Disable cramfs Kernel Module |
| oval:ssg-kernel_module_bluetooth_disabled:def:1 |
false |
compliance |
[kernel_module_bluetooth_disabled] |
Disable bluetooth Kernel Module |
| oval:ssg-installed_OS_is_certified:def:1 |
false |
compliance |
[installed_OS_is_certified] |
Vendor Certified Operating System |
| oval:ssg-install_mcafee_hbss_pa:def:1 |
false |
compliance |
[install_mcafee_hbss_pa] |
Install the Policy Auditor (PA) Module |
| oval:ssg-install_mcafee_hbss_hips:def:1 |
false |
compliance |
[install_mcafee_hbss_hips] |
Install the Host Intrusion Prevention System (HIPS) Module |
| oval:ssg-install_mcafee_hbss_accm:def:1 |
false |
compliance |
[install_mcafee_hbss_accm] |
Install the Asset Configuration Compliance Module (ACCM) |
| oval:ssg-install_mcafee_hbss:def:1 |
false |
compliance |
[install_mcafee_hbss] |
Install McAfee Host-Based Intrusion Detection Software (HBSS) |
| oval:ssg-install_mcafee_cma_rt:def:1 |
false |
compliance |
[install_mcafee_cma_rt] |
Install the McAfee Runtime Libraries and Linux Agent |
| oval:ssg-install_mcafee_antivirus:def:1 |
false |
compliance |
[install_mcafee_antivirus] |
Package McAfeeVSEForLinux Installed |
| oval:ssg-install_antivirus:def:1 |
false |
compliance |
[install_antivirus] |
Package Antivirus Installed |
| oval:ssg-grub2_enable_fips_mode:def:1 |
false |
compliance |
[grub2_enable_fips_mode] |
Enable FIPS Mode in GRUB2 |
| oval:ssg-firewalld_sshd_disabled:def:1 |
false |
compliance |
[firewalld_sshd_disabled] |
Disallow inbound firewall access to the SSH Server port |
| oval:ssg-file_permissions_grub2_cfg:def:1 |
false |
compliance |
[file_permissions_grub2_cfg] |
File grub.cfg Permissions |
| oval:ssg-ensure_logrotate_activated:def:1 |
false |
compliance |
[ensure_logrotate_activated] |
Ensure the logrotate utility performs the automatic rotation of log files on daily basis |
| oval:ssg-disable_users_coredumps:def:1 |
false |
compliance |
[disable_users_coredumps] |
Disable Core Dumps |
| oval:ssg-disable_prelink:def:1 |
false |
compliance |
[disable_prelink] |
Disable Prelinking |
| oval:ssg-cups_disable_printserver:def:1 |
false |
compliance |
[cups_disable_printserver] |
Disable Printer Server if Possible |
| oval:ssg-cups_disable_browsing:def:1 |
false |
compliance |
[cups_disable_browsing] |
Disable Printer Browsing Entirely if Possible |
| oval:ssg-bootloader_password:def:1 |
false |
compliance |
[bootloader_password] |
Set Boot Loader Password |
| oval:ssg-bootloader_nousb_argument:def:1 |
false |
compliance |
[bootloader_nousb_argument] |
Disable Kernel Support for USB via Bootloader Configuration |
| oval:ssg-bootloader_audit_argument:def:1 |
false |
compliance |
[bootloader_audit_argument] |
Enable Auditing for Processes Which Start Prior to the Audit Daemon |
| oval:ssg-banner_etc_issue:def:1 |
false |
compliance |
[banner_etc_issue] |
System Login Banner Compliance |
| oval:ssg-auditd_conf_log_group_not_root:def:1 |
false |
compliance |
[auditd_conf_log_group_not_root] |
'log_group' Not Set To 'root' In /etc/audit/auditd.conf |
| oval:ssg-auditd_audispd_syslog_plugin_activated:def:1 |
false |
compliance |
[auditd_audispd_syslog_plugin_activated] |
The syslog Plugin Of the Audit Event Multiplexor (audispd) Is Activated |
| oval:ssg-audit_rules_usergroup_modification_shadow:def:1 |
false |
compliance |
[audit_rules_usergroup_modification_shadow] |
Audit User/Group Modification |
| oval:ssg-audit_rules_usergroup_modification_passwd:def:1 |
false |
compliance |
[audit_rules_usergroup_modification_passwd] |
Audit User/Group Modification |
| oval:ssg-audit_rules_usergroup_modification_opasswd:def:1 |
false |
compliance |
[audit_rules_usergroup_modification_opasswd] |
Audit User/Group Modification |
| oval:ssg-audit_rules_usergroup_modification_gshadow:def:1 |
false |
compliance |
[audit_rules_usergroup_modification_gshadow] |
Audit User/Group Modification |
| oval:ssg-audit_rules_usergroup_modification_group:def:1 |
false |
compliance |
[audit_rules_usergroup_modification_group] |
Audit User/Group Modification |
| oval:ssg-audit_rules_usergroup_modification:def:1 |
false |
compliance |
[audit_rules_usergroup_modification] |
Audit User/Group Modification |
| oval:ssg-audit_rules_unsuccessful_file_modification_truncate:def:1 |
false |
compliance |
[audit_rules_unsuccessful_file_modification_truncate] |
Ensure auditd Collects Unauthorized Access Attempts to Files (unsuccessful) - truncate |
| oval:ssg-audit_rules_unsuccessful_file_modification_openat:def:1 |
false |
compliance |
[audit_rules_unsuccessful_file_modification_openat] |
Ensure auditd Collects Unauthorized Access Attempts to Files (unsuccessful) - openat |
| oval:ssg-audit_rules_unsuccessful_file_modification_open_by_handle_at:def:1 |
false |
compliance |
[audit_rules_unsuccessful_file_modification_open_by_handle_at] |
Ensure auditd Collects Unauthorized Access Attempts to Files (unsuccessful) - open_by_handle_at |
| oval:ssg-audit_rules_unsuccessful_file_modification_open:def:1 |
false |
compliance |
[audit_rules_unsuccessful_file_modification_open] |
Ensure auditd Collects Unauthorized Access Attempts to Files (unsuccessful) - open |
| oval:ssg-audit_rules_unsuccessful_file_modification_ftruncate:def:1 |
false |
compliance |
[audit_rules_unsuccessful_file_modification_ftruncate] |
Ensure auditd Collects Unauthorized Access Attempts to Files (unsuccessful) - ftruncate |
| oval:ssg-audit_rules_unsuccessful_file_modification_creat:def:1 |
false |
compliance |
[audit_rules_unsuccessful_file_modification_creat] |
Ensure auditd Collects Unauthorized Access Attempts to Files (unsuccessful) - creat |
| oval:ssg-audit_rules_unsuccessful_file_modification:def:1 |
false |
compliance |
[audit_rules_unsuccessful_file_modification] |
Ensure auditd Collects Unauthorized Access Attempts to Files (unsuccessful) |
| oval:ssg-audit_rules_time_watch_localtime:def:1 |
false |
compliance |
[audit_rules_time_watch_localtime] |
Record Attempts to Alter Time Through the Localtime File |
| oval:ssg-audit_rules_time_stime:def:1 |
false |
compliance |
[audit_rules_time_stime] |
Record Attempts to Alter Time Through Stime |
| oval:ssg-audit_rules_time_settimeofday:def:1 |
false |
compliance |
[audit_rules_time_settimeofday] |
Record Attempts to Alter Time Through Settimeofday |
| oval:ssg-audit_rules_time_clock_settime:def:1 |
false |
compliance |
[audit_rules_time_clock_settime] |
Record Attempts to Alter Time Through Clock_settime |
| oval:ssg-audit_rules_time_adjtimex:def:1 |
false |
compliance |
[audit_rules_time_adjtimex] |
Record Attempts to Alter Time Through Adjtimex |
| oval:ssg-audit_rules_system_shutdown:def:1 |
false |
compliance |
[audit_rules_system_shutdown] |
Shutdown System When Auditing Failures Occur |
| oval:ssg-audit_rules_sysadmin_actions:def:1 |
false |
compliance |
[audit_rules_sysadmin_actions] |
Audit System Administrator Actions |
| oval:ssg-audit_rules_session_events:def:1 |
false |
compliance |
[audit_rules_session_events] |
Record Attempts to Alter Process and Session Initiation Information |
| oval:ssg-audit_rules_privileged_commands_userhelper:def:1 |
false |
compliance |
[audit_rules_privileged_commands_userhelper] |
Ensure auditd Collects Information on the Use of Privileged Commands - userhelper |
| oval:ssg-audit_rules_privileged_commands_unix_chkpwd:def:1 |
false |
compliance |
[audit_rules_privileged_commands_unix_chkpwd] |
Ensure auditd Collects Information on the Use of Privileged Commands - unix_chkpwd |
| oval:ssg-audit_rules_privileged_commands_umount:def:1 |
false |
compliance |
[audit_rules_privileged_commands_umount] |
Ensure auditd Collects Information on the Use of Privileged Commands - umount |
| oval:ssg-audit_rules_privileged_commands_sudoedit:def:1 |
false |
compliance |
[audit_rules_privileged_commands_sudoedit] |
Ensure auditd Collects Information on the Use of Privileged Commands - sudoedit |
| oval:ssg-audit_rules_privileged_commands_sudo:def:1 |
false |
compliance |
[audit_rules_privileged_commands_sudo] |
Ensure auditd Collects Information on the Use of Privileged Commands - sudo |
| oval:ssg-audit_rules_privileged_commands_su:def:1 |
false |
compliance |
[audit_rules_privileged_commands_su] |
Ensure auditd Collects Information on the Use of Privileged Commands - su |
| oval:ssg-audit_rules_privileged_commands_ssh_keysign:def:1 |
false |
compliance |
[audit_rules_privileged_commands_ssh_keysign] |
Ensure auditd Collects Information on the Use of Privileged Commands - ssh_keysign |
| oval:ssg-audit_rules_privileged_commands_pt_chown:def:1 |
false |
compliance |
[audit_rules_privileged_commands_pt_chown] |
Ensure auditd Collects Information on the Use of Privileged Commands - pt_chown |
| oval:ssg-audit_rules_privileged_commands_postqueue:def:1 |
false |
compliance |
[audit_rules_privileged_commands_postqueue] |
Ensure auditd Collects Information on the Use of Privileged Commands - postqueue |
| oval:ssg-audit_rules_privileged_commands_postdrop:def:1 |
false |
compliance |
[audit_rules_privileged_commands_postdrop] |
Ensure auditd Collects Information on the Use of Privileged Commands - postdrop |
| oval:ssg-audit_rules_privileged_commands_passwd:def:1 |
false |
compliance |
[audit_rules_privileged_commands_passwd] |
Ensure auditd Collects Information on the Use of Privileged Commands - passwd |
| oval:ssg-audit_rules_privileged_commands_pam_timestamp_check:def:1 |
false |
compliance |
[audit_rules_privileged_commands_pam_timestamp_check] |
Ensure auditd Collects Information on the Use of Privileged Commands - pam_timestamp_check |
| oval:ssg-audit_rules_privileged_commands_newgrp:def:1 |
false |
compliance |
[audit_rules_privileged_commands_newgrp] |
Ensure auditd Collects Information on the Use of Privileged Commands - newgrp |
| oval:ssg-audit_rules_privileged_commands_gpasswd:def:1 |
false |
compliance |
[audit_rules_privileged_commands_gpasswd] |
Ensure auditd Collects Information on the Use of Privileged Commands - gpasswd |
| oval:ssg-audit_rules_privileged_commands_crontab:def:1 |
false |
compliance |
[audit_rules_privileged_commands_crontab] |
Ensure auditd Collects Information on the Use of Privileged Commands - crontab |
| oval:ssg-audit_rules_privileged_commands_chsh:def:1 |
false |
compliance |
[audit_rules_privileged_commands_chsh] |
Ensure auditd Collects Information on the Use of Privileged Commands - chsh |
| oval:ssg-audit_rules_privileged_commands_chage:def:1 |
false |
compliance |
[audit_rules_privileged_commands_chage] |
Ensure auditd Collects Information on the Use of Privileged Commands - chage |
| oval:ssg-audit_rules_privileged_commands:def:1 |
false |
compliance |
[audit_rules_privileged_commands] |
Ensure auditd Collects Information on the Use of Privileged Commands |
| oval:ssg-audit_rules_networkconfig_modification_hostname:def:1 |
false |
compliance |
[audit_rules_networkconfig_modification_hostname] |
Record Events that Modify the System's Network Environment |
| oval:ssg-audit_rules_networkconfig_modification_domainname:def:1 |
false |
compliance |
[audit_rules_networkconfig_modification_domainname] |
Record Events that Modify the System's Network Environment |
| oval:ssg-audit_rules_networkconfig_modification:def:1 |
false |
compliance |
[audit_rules_networkconfig_modification] |
Record Events that Modify the System's Network Environment |
| oval:ssg-audit_rules_media_export:def:1 |
false |
compliance |
[audit_rules_media_export] |
Audit Information Export To Media |
| oval:ssg-audit_rules_mac_modification:def:1 |
false |
compliance |
[audit_rules_mac_modification] |
Record Events that Modify the System's Mandatory Access Controls |
| oval:ssg-audit_rules_login_events_tallylog:def:1 |
false |
compliance |
[audit_rules_login_events_tallylog] |
Record Attempts to Alter Login and Logout Events - tallylog |
| oval:ssg-audit_rules_login_events_lastlog:def:1 |
false |
compliance |
[audit_rules_login_events_lastlog] |
Record Attempts to Alter Login and Logout Events - lastlog |
| oval:ssg-audit_rules_login_events_faillock:def:1 |
false |
compliance |
[audit_rules_login_events_faillock] |
Record Attempts to Alter Login and Logout Events - faillock |
| oval:ssg-audit_rules_login_events:def:1 |
false |
compliance |
[audit_rules_login_events] |
Record Attempts to Alter Login and Logout Events |
| oval:ssg-audit_rules_kernel_module_loading_rmmod:def:1 |
false |
compliance |
[audit_rules_kernel_module_loading_rmmod] |
Audit Kernel Module Loading and Unloading - rmmod |
| oval:ssg-audit_rules_kernel_module_loading_modprobe:def:1 |
false |
compliance |
[audit_rules_kernel_module_loading_modprobe] |
Audit Kernel Module Loading and Unloading - modprobe |
| oval:ssg-audit_rules_kernel_module_loading_insmod:def:1 |
false |
compliance |
[audit_rules_kernel_module_loading_insmod] |
Audit Kernel Module Loading and Unloading - insmod |
| oval:ssg-audit_rules_kernel_module_loading_init:def:1 |
false |
compliance |
[audit_rules_kernel_module_loading_init] |
Audit Kernel Module Loading and Unloading - init_module |
| oval:ssg-audit_rules_kernel_module_loading_delete:def:1 |
false |
compliance |
[audit_rules_kernel_module_loading_delete] |
Audit Kernel Module Loading and Unloading - delete_module |
| oval:ssg-audit_rules_kernel_module_loading:def:1 |
false |
compliance |
[audit_rules_kernel_module_loading] |
Audit Kernel Module Loading and Unloading |
| oval:ssg-audit_rules_immutable:def:1 |
false |
compliance |
[audit_rules_immutable] |
Make Audit Configuration Immutable |
| oval:ssg-audit_rules_file_deletion_events_unlinkat:def:1 |
false |
compliance |
[audit_rules_file_deletion_events_unlinkat] |
Audit File Deletion Events - unlinkat |
| oval:ssg-audit_rules_file_deletion_events_unlink:def:1 |
false |
compliance |
[audit_rules_file_deletion_events_unlink] |
Audit File Deletion Events - unlink |
| oval:ssg-audit_rules_file_deletion_events_rmdir:def:1 |
false |
compliance |
[audit_rules_file_deletion_events_rmdir] |
Audit File Deletion Events - rmdir |
| oval:ssg-audit_rules_file_deletion_events_renameat:def:1 |
false |
compliance |
[audit_rules_file_deletion_events_renameat] |
Audit File Deletion Events - renameat |
| oval:ssg-audit_rules_file_deletion_events_rename:def:1 |
false |
compliance |
[audit_rules_file_deletion_events_rename] |
Audit File Deletion Events - rename |
| oval:ssg-audit_rules_file_deletion_events:def:1 |
false |
compliance |
[audit_rules_file_deletion_events] |
Audit File Deletion Events |
| oval:ssg-audit_rules_execution_setsebool:def:1 |
false |
compliance |
[audit_rules_execution_setsebool] |
Record Any Attempts to Run setsebool |
| oval:ssg-audit_rules_execution_semanage:def:1 |
false |
compliance |
[audit_rules_execution_semanage] |
Record Any Attempts to Run semanage |
| oval:ssg-audit_rules_execution_restorecon:def:1 |
false |
compliance |
[audit_rules_execution_restorecon] |
Record Any Attempts to Run restorecon |
| oval:ssg-audit_rules_execution_chcon:def:1 |
false |
compliance |
[audit_rules_execution_chcon] |
Record Any Attempts to Run chcon |
| oval:ssg-audit_rules_dac_modification_setxattr:def:1 |
false |
compliance |
[audit_rules_dac_modification_setxattr] |
Audit Discretionary Access Control Modification Events - setxattr |
| oval:ssg-audit_rules_dac_modification_removexattr:def:1 |
false |
compliance |
[audit_rules_dac_modification_removexattr] |
Audit Discretionary Access Control Modification Events - removexattr |
| oval:ssg-audit_rules_dac_modification_lsetxattr:def:1 |
false |
compliance |
[audit_rules_dac_modification_lsetxattr] |
Audit Discretionary Access Control Modification Events - lsetxattr |
| oval:ssg-audit_rules_dac_modification_lremovexattr:def:1 |
false |
compliance |
[audit_rules_dac_modification_lremovexattr] |
Audit Discretionary Access Control Modification Events - lremovexattr |
| oval:ssg-audit_rules_dac_modification_lchown:def:1 |
false |
compliance |
[audit_rules_dac_modification_lchown] |
Audit Discretionary Access Control Modification Events - lchown |
| oval:ssg-audit_rules_dac_modification_fsetxattr:def:1 |
false |
compliance |
[audit_rules_dac_modification_fsetxattr] |
Audit Discretionary Access Control Modification Events - fsetxattr |
| oval:ssg-audit_rules_dac_modification_fremovexattr:def:1 |
false |
compliance |
[audit_rules_dac_modification_fremovexattr] |
Audit Discretionary Access Control Modification Events - fremovexattr |
| oval:ssg-audit_rules_dac_modification_fchownat:def:1 |
false |
compliance |
[audit_rules_dac_modification_fchownat] |
Audit Discretionary Access Control Modification Events - fchownat |
| oval:ssg-audit_rules_dac_modification_fchown:def:1 |
false |
compliance |
[audit_rules_dac_modification_fchown] |
Audit Discretionary Access Control Modification Events - fchown |
| oval:ssg-audit_rules_dac_modification_fchmodat:def:1 |
false |
compliance |
[audit_rules_dac_modification_fchmodat] |
Audit Discretionary Access Control Modification Events - fchmodat |
| oval:ssg-audit_rules_dac_modification_fchmod:def:1 |
false |
compliance |
[audit_rules_dac_modification_fchmod] |
Audit Discretionary Access Control Modification Events - fchmod |
| oval:ssg-audit_rules_dac_modification_chown:def:1 |
false |
compliance |
[audit_rules_dac_modification_chown] |
Audit Discretionary Access Control Modification Events - chown |
| oval:ssg-audit_rules_dac_modification_chmod:def:1 |
false |
compliance |
[audit_rules_dac_modification_chmod] |
Audit Discretionary Access Control Modification Events - chmod |
| oval:ssg-audit_rules_auditctl:def:1 |
false |
compliance |
[audit_rules_auditctl] |
Record Any Attempts to Run semanage |
| oval:ssg-aide_verify_ext_attributes:def:1 |
false |
compliance |
[aide_verify_ext_attributes] |
Configure AIDE to Verify Extended Attributes |
| oval:ssg-aide_verify_acls:def:1 |
false |
compliance |
[aide_verify_acls] |
Configure AIDE to Verify Access Control Lists (ACLs) |
| oval:ssg-aide_use_fips_hashes:def:1 |
false |
compliance |
[aide_use_fips_hashes] |
Configure AIDE to Use FIPS 140-2 for Validating Hashes |
| oval:ssg-aide_scan_notification:def:1 |
false |
compliance |
[aide_scan_notification] |
Configure Notification of Post-AIDE Scan Details |
| oval:ssg-aide_periodic_cron_checking:def:1 |
false |
compliance |
[aide_periodic_cron_checking] |
Configure Periodic Execution of AIDE |
| oval:ssg-aide_build_database:def:1 |
false |
compliance |
[aide_build_database] |
Aide Database Must Exist |
| oval:ssg-accounts_passwords_pam_faillock_deny_root:def:1 |
false |
compliance |
[accounts_passwords_pam_faillock_deny_root] |
Lock out the root account after failed login attempts |
| oval:ssg-accounts_password_pam_retry:def:1 |
false |
compliance |
[accounts_password_pam_retry] |
Set Password retry Requirements |
| oval:ssg-accounts_have_homedir_login_defs:def:1 |
false |
compliance |
[accounts_have_homedir_login_defs] |
Ensure new users receive home directories |
| oval:ssg-var_removable_partition_is_cd_dvd_drive:def:1 |
unknown |
compliance |
[var_removable_partition_is_cd_dvd_drive] |
Value of 'var_removable_partition' variable is set to '/dev/cdrom' |
| oval:ssg-umask_for_daemons:def:1 |
error |
compliance |
[umask_for_daemons] |
Set Daemon umask |
| oval:ssg-sysctl_static_net_ipv4_conf_default_rp_filter:def:1 |
error |
compliance |
[sysctl_static_net_ipv4_conf_default_rp_filter] |
Kernel "net.ipv4.conf.default.rp_filter" Parameter Configuration Check |
| oval:ssg-sysctl_static_net_ipv4_conf_default_accept_source_route:def:1 |
error |
compliance |
[sysctl_static_net_ipv4_conf_default_accept_source_route] |
Kernel "net.ipv4.conf.default.accept_source_route" Parameter Configuration Check |
| oval:ssg-sysctl_static_net_ipv4_conf_all_rp_filter:def:1 |
error |
compliance |
[sysctl_static_net_ipv4_conf_all_rp_filter] |
Kernel "net.ipv4.conf.all.rp_filter" Parameter Configuration Check |
| oval:ssg-sysctl_static_net_ipv4_conf_all_accept_source_route:def:1 |
error |
compliance |
[sysctl_static_net_ipv4_conf_all_accept_source_route] |
Kernel "net.ipv4.conf.all.accept_source_route" Parameter Configuration Check |
| oval:ssg-sysctl_runtime_net_ipv6_conf_default_accept_source_route:def:1 |
error |
compliance |
[sysctl_runtime_net_ipv6_conf_default_accept_source_route] |
Kernel "net.ipv6.conf.default.accept_source_route" Parameter Runtime Check |
| oval:ssg-sysctl_runtime_net_ipv6_conf_default_accept_redirects:def:1 |
error |
compliance |
[sysctl_runtime_net_ipv6_conf_default_accept_redirects] |
Kernel "net.ipv6.conf.default.accept_redirects" Parameter Runtime Check |
| oval:ssg-sysctl_runtime_net_ipv6_conf_default_accept_ra:def:1 |
error |
compliance |
[sysctl_runtime_net_ipv6_conf_default_accept_ra] |
Kernel "net.ipv6.conf.default.accept_ra" Parameter Runtime Check |
| oval:ssg-sysctl_runtime_net_ipv6_conf_all_forwarding:def:1 |
error |
compliance |
[sysctl_runtime_net_ipv6_conf_all_forwarding] |
Kernel "net.ipv6.conf.all.forwarding" Parameter Runtime Check |
| oval:ssg-sysctl_runtime_net_ipv6_conf_all_accept_source_route:def:1 |
error |
compliance |
[sysctl_runtime_net_ipv6_conf_all_accept_source_route] |
Kernel "net.ipv6.conf.all.accept_source_route" Parameter Runtime Check |
| oval:ssg-sysctl_runtime_net_ipv6_conf_all_accept_redirects:def:1 |
error |
compliance |
[sysctl_runtime_net_ipv6_conf_all_accept_redirects] |
Kernel "net.ipv6.conf.all.accept_redirects" Parameter Runtime Check |
| oval:ssg-sysctl_runtime_net_ipv6_conf_all_accept_ra:def:1 |
error |
compliance |
[sysctl_runtime_net_ipv6_conf_all_accept_ra] |
Kernel "net.ipv6.conf.all.accept_ra" Parameter Runtime Check |
| oval:ssg-sysctl_runtime_net_ipv4_tcp_syncookies:def:1 |
error |
compliance |
[sysctl_runtime_net_ipv4_tcp_syncookies] |
Kernel "net.ipv4.tcp_syncookies" Parameter Runtime Check |
| oval:ssg-sysctl_runtime_net_ipv4_icmp_ignore_bogus_error_responses:def:1 |
error |
compliance |
[sysctl_runtime_net_ipv4_icmp_ignore_bogus_error_responses] |
Kernel "net.ipv4.icmp_ignore_bogus_error_responses" Parameter Runtime Check |
| oval:ssg-sysctl_runtime_net_ipv4_icmp_echo_ignore_broadcasts:def:1 |
error |
compliance |
[sysctl_runtime_net_ipv4_icmp_echo_ignore_broadcasts] |
Kernel "net.ipv4.icmp_echo_ignore_broadcasts" Parameter Runtime Check |
| oval:ssg-sysctl_runtime_net_ipv4_conf_default_secure_redirects:def:1 |
error |
compliance |
[sysctl_runtime_net_ipv4_conf_default_secure_redirects] |
Kernel "net.ipv4.conf.default.secure_redirects" Parameter Runtime Check |
| oval:ssg-sysctl_runtime_net_ipv4_conf_default_rp_filter:def:1 |
error |
compliance |
[sysctl_runtime_net_ipv4_conf_default_rp_filter] |
Kernel "net.ipv4.conf.default.rp_filter" Parameter Runtime Check |
| oval:ssg-sysctl_runtime_net_ipv4_conf_default_log_martians:def:1 |
error |
compliance |
[sysctl_runtime_net_ipv4_conf_default_log_martians] |
Kernel "net.ipv4.conf.default.log_martians" Parameter Runtime Check |
| oval:ssg-sysctl_runtime_net_ipv4_conf_default_accept_source_route:def:1 |
error |
compliance |
[sysctl_runtime_net_ipv4_conf_default_accept_source_route] |
Kernel "net.ipv4.conf.default.accept_source_route" Parameter Runtime Check |
| oval:ssg-sysctl_runtime_net_ipv4_conf_default_accept_redirects:def:1 |
error |
compliance |
[sysctl_runtime_net_ipv4_conf_default_accept_redirects] |
Kernel "net.ipv4.conf.default.accept_redirects" Parameter Runtime Check |
| oval:ssg-sysctl_runtime_net_ipv4_conf_all_secure_redirects:def:1 |
error |
compliance |
[sysctl_runtime_net_ipv4_conf_all_secure_redirects] |
Kernel "net.ipv4.conf.all.secure_redirects" Parameter Runtime Check |
| oval:ssg-sysctl_runtime_net_ipv4_conf_all_rp_filter:def:1 |
error |
compliance |
[sysctl_runtime_net_ipv4_conf_all_rp_filter] |
Kernel "net.ipv4.conf.all.rp_filter" Parameter Runtime Check |
| oval:ssg-sysctl_runtime_net_ipv4_conf_all_log_martians:def:1 |
error |
compliance |
[sysctl_runtime_net_ipv4_conf_all_log_martians] |
Kernel "net.ipv4.conf.all.log_martians" Parameter Runtime Check |
| oval:ssg-sysctl_runtime_net_ipv4_conf_all_accept_source_route:def:1 |
error |
compliance |
[sysctl_runtime_net_ipv4_conf_all_accept_source_route] |
Kernel "net.ipv4.conf.all.accept_source_route" Parameter Runtime Check |
| oval:ssg-sysctl_runtime_net_ipv4_conf_all_accept_redirects:def:1 |
error |
compliance |
[sysctl_runtime_net_ipv4_conf_all_accept_redirects] |
Kernel "net.ipv4.conf.all.accept_redirects" Parameter Runtime Check |
| oval:ssg-sysctl_net_ipv4_conf_default_rp_filter:def:1 |
error |
compliance |
[sysctl_net_ipv4_conf_default_rp_filter] |
Kernel "net.ipv4.conf.default.rp_filter" Parameter Configuration and Runtime Check |
| oval:ssg-sysctl_net_ipv4_conf_default_accept_source_route:def:1 |
error |
compliance |
[sysctl_net_ipv4_conf_default_accept_source_route] |
Kernel "net.ipv4.conf.default.accept_source_route" Parameter Configuration and Runtime Check |
| oval:ssg-sysctl_net_ipv4_conf_all_rp_filter:def:1 |
error |
compliance |
[sysctl_net_ipv4_conf_all_rp_filter] |
Kernel "net.ipv4.conf.all.rp_filter" Parameter Configuration and Runtime Check |
| oval:ssg-sysctl_net_ipv4_conf_all_accept_source_route:def:1 |
error |
compliance |
[sysctl_net_ipv4_conf_all_accept_source_route] |
Kernel "net.ipv4.conf.all.accept_source_route" Parameter Configuration and Runtime Check |
| oval:ssg-sshd_set_idle_timeout:def:1 |
error |
compliance |
[sshd_set_idle_timeout] |
Set OpenSSH Idle Timeout Interval |
| oval:ssg-selinux_state:def:1 |
error |
compliance |
[selinux_state] |
SELinux Enforcing |
| oval:ssg-selinux_policytype:def:1 |
error |
compliance |
[selinux_policytype] |
Enable SELinux |
| oval:ssg-sebool_zoneminder_run_sudo:def:1 |
error |
compliance |
[sebool_zoneminder_run_sudo] |
SELinux "zoneminder_run_sudo" Boolean Check |
| oval:ssg-sebool_zoneminder_anon_write:def:1 |
error |
compliance |
[sebool_zoneminder_anon_write] |
SELinux "zoneminder_anon_write" Boolean Check |
| oval:ssg-sebool_zebra_write_config:def:1 |
error |
compliance |
[sebool_zebra_write_config] |
SELinux "zebra_write_config" Boolean Check |
| oval:ssg-sebool_zarafa_setrlimit:def:1 |
error |
compliance |
[sebool_zarafa_setrlimit] |
SELinux "zarafa_setrlimit" Boolean Check |
| oval:ssg-sebool_zabbix_can_network:def:1 |
error |
compliance |
[sebool_zabbix_can_network] |
SELinux "zabbix_can_network" Boolean Check |
| oval:ssg-sebool_xserver_object_manager:def:1 |
error |
compliance |
[sebool_xserver_object_manager] |
SELinux "xserver_object_manager" Boolean Check |
| oval:ssg-sebool_xserver_execmem:def:1 |
error |
compliance |
[sebool_xserver_execmem] |
SELinux "xserver_execmem" Boolean Check |
| oval:ssg-sebool_xserver_clients_write_xshm:def:1 |
error |
compliance |
[sebool_xserver_clients_write_xshm] |
SELinux "xserver_clients_write_xshm" Boolean Check |
| oval:ssg-sebool_xguest_use_bluetooth:def:1 |
error |
compliance |
[sebool_xguest_use_bluetooth] |
SELinux "xguest_use_bluetooth" Boolean Check |
| oval:ssg-sebool_xguest_mount_media:def:1 |
error |
compliance |
[sebool_xguest_mount_media] |
SELinux "xguest_mount_media" Boolean Check |
| oval:ssg-sebool_xguest_exec_content:def:1 |
error |
compliance |
[sebool_xguest_exec_content] |
SELinux "xguest_exec_content" Boolean Check |
| oval:ssg-sebool_xguest_connect_network:def:1 |
error |
compliance |
[sebool_xguest_connect_network] |
SELinux "xguest_connect_network" Boolean Check |
| oval:ssg-sebool_xend_run_qemu:def:1 |
error |
compliance |
[sebool_xend_run_qemu] |
SELinux "xend_run_qemu" Boolean Check |
| oval:ssg-sebool_xend_run_blktap:def:1 |
error |
compliance |
[sebool_xend_run_blktap] |
SELinux "xend_run_blktap" Boolean Check |
| oval:ssg-sebool_xen_use_nfs:def:1 |
error |
compliance |
[sebool_xen_use_nfs] |
SELinux "xen_use_nfs" Boolean Check |
| oval:ssg-sebool_xdm_write_home:def:1 |
error |
compliance |
[sebool_xdm_write_home] |
SELinux "xdm_write_home" Boolean Check |
| oval:ssg-sebool_xdm_sysadm_login:def:1 |
error |
compliance |
[sebool_xdm_sysadm_login] |
SELinux "xdm_sysadm_login" Boolean Check |
| oval:ssg-sebool_xdm_exec_bootloader:def:1 |
error |
compliance |
[sebool_xdm_exec_bootloader] |
SELinux "xdm_exec_bootloader" Boolean Check |
| oval:ssg-sebool_xdm_bind_vnc_tcp_port:def:1 |
error |
compliance |
[sebool_xdm_bind_vnc_tcp_port] |
SELinux "xdm_bind_vnc_tcp_port" Boolean Check |
| oval:ssg-sebool_wine_mmap_zero_ignore:def:1 |
error |
compliance |
[sebool_wine_mmap_zero_ignore] |
SELinux "wine_mmap_zero_ignore" Boolean Check |
| oval:ssg-sebool_webadm_read_user_files:def:1 |
error |
compliance |
[sebool_webadm_read_user_files] |
SELinux "webadm_read_user_files" Boolean Check |
| oval:ssg-sebool_webadm_manage_user_files:def:1 |
error |
compliance |
[sebool_webadm_manage_user_files] |
SELinux "webadm_manage_user_files" Boolean Check |
| oval:ssg-sebool_virt_use_xserver:def:1 |
error |
compliance |
[sebool_virt_use_xserver] |
SELinux "virt_use_xserver" Boolean Check |
| oval:ssg-sebool_virt_use_usb:def:1 |
error |
compliance |
[sebool_virt_use_usb] |
SELinux "virt_use_usb" Boolean Check |
| oval:ssg-sebool_virt_use_sanlock:def:1 |
error |
compliance |
[sebool_virt_use_sanlock] |
SELinux "virt_use_sanlock" Boolean Check |
| oval:ssg-sebool_virt_use_samba:def:1 |
error |
compliance |
[sebool_virt_use_samba] |
SELinux "virt_use_samba" Boolean Check |
| oval:ssg-sebool_virt_use_rawip:def:1 |
error |
compliance |
[sebool_virt_use_rawip] |
SELinux "virt_use_rawip" Boolean Check |
| oval:ssg-sebool_virt_use_nfs:def:1 |
error |
compliance |
[sebool_virt_use_nfs] |
SELinux "virt_use_nfs" Boolean Check |
| oval:ssg-sebool_virt_use_fusefs:def:1 |
error |
compliance |
[sebool_virt_use_fusefs] |
SELinux "virt_use_fusefs" Boolean Check |
| oval:ssg-sebool_virt_use_execmem:def:1 |
error |
compliance |
[sebool_virt_use_execmem] |
SELinux "virt_use_execmem" Boolean Check |
| oval:ssg-sebool_virt_use_comm:def:1 |
error |
compliance |
[sebool_virt_use_comm] |
SELinux "virt_use_comm" Boolean Check |
| oval:ssg-sebool_virt_transition_userdomain:def:1 |
error |
compliance |
[sebool_virt_transition_userdomain] |
SELinux "virt_transition_userdomain" Boolean Check |
| oval:ssg-sebool_virt_sandbox_use_sys_admin:def:1 |
error |
compliance |
[sebool_virt_sandbox_use_sys_admin] |
SELinux "virt_sandbox_use_sys_admin" Boolean Check |
| oval:ssg-sebool_virt_sandbox_use_netlink:def:1 |
error |
compliance |
[sebool_virt_sandbox_use_netlink] |
SELinux "virt_sandbox_use_netlink" Boolean Check |
| oval:ssg-sebool_virt_sandbox_use_mknod:def:1 |
error |
compliance |
[sebool_virt_sandbox_use_mknod] |
SELinux "virt_sandbox_use_mknod" Boolean Check |
| oval:ssg-sebool_virt_sandbox_use_audit:def:1 |
error |
compliance |
[sebool_virt_sandbox_use_audit] |
SELinux "virt_sandbox_use_audit" Boolean Check |
| oval:ssg-sebool_virt_sandbox_use_all_caps:def:1 |
error |
compliance |
[sebool_virt_sandbox_use_all_caps] |
SELinux "virt_sandbox_use_all_caps" Boolean Check |
| oval:ssg-sebool_virt_rw_qemu_ga_data:def:1 |
error |
compliance |
[sebool_virt_rw_qemu_ga_data] |
SELinux "virt_rw_qemu_ga_data" Boolean Check |
| oval:ssg-sebool_virt_read_qemu_ga_data:def:1 |
error |
compliance |
[sebool_virt_read_qemu_ga_data] |
SELinux "virt_read_qemu_ga_data" Boolean Check |
| oval:ssg-sebool_varnishd_connect_any:def:1 |
error |
compliance |
[sebool_varnishd_connect_any] |
SELinux "varnishd_connect_any" Boolean Check |
| oval:ssg-sebool_user_exec_content:def:1 |
error |
compliance |
[sebool_user_exec_content] |
SELinux "user_exec_content" Boolean Check |
| oval:ssg-sebool_use_samba_home_dirs:def:1 |
error |
compliance |
[sebool_use_samba_home_dirs] |
SELinux "use_samba_home_dirs" Boolean Check |
| oval:ssg-sebool_use_nfs_home_dirs:def:1 |
error |
compliance |
[sebool_use_nfs_home_dirs] |
SELinux "use_nfs_home_dirs" Boolean Check |
| oval:ssg-sebool_use_lpd_server:def:1 |
error |
compliance |
[sebool_use_lpd_server] |
SELinux "use_lpd_server" Boolean Check |
| oval:ssg-sebool_use_fusefs_home_dirs:def:1 |
error |
compliance |
[sebool_use_fusefs_home_dirs] |
SELinux "use_fusefs_home_dirs" Boolean Check |
| oval:ssg-sebool_use_ecryptfs_home_dirs:def:1 |
error |
compliance |
[sebool_use_ecryptfs_home_dirs] |
SELinux "use_ecryptfs_home_dirs" Boolean Check |
| oval:ssg-sebool_unprivuser_use_svirt:def:1 |
error |
compliance |
[sebool_unprivuser_use_svirt] |
SELinux "unprivuser_use_svirt" Boolean Check |
| oval:ssg-sebool_unconfined_mozilla_plugin_transition:def:1 |
error |
compliance |
[sebool_unconfined_mozilla_plugin_transition] |
SELinux "unconfined_mozilla_plugin_transition" Boolean Check |
| oval:ssg-sebool_unconfined_login:def:1 |
error |
compliance |
[sebool_unconfined_login] |
SELinux "unconfined_login" Boolean Check |
| oval:ssg-sebool_unconfined_chrome_sandbox_transition:def:1 |
error |
compliance |
[sebool_unconfined_chrome_sandbox_transition] |
SELinux "unconfined_chrome_sandbox_transition" Boolean Check |
| oval:ssg-sebool_tor_can_network_relay:def:1 |
error |
compliance |
[sebool_tor_can_network_relay] |
SELinux "tor_can_network_relay" Boolean Check |
| oval:ssg-sebool_tor_bind_all_unreserved_ports:def:1 |
error |
compliance |
[sebool_tor_bind_all_unreserved_ports] |
SELinux "tor_bind_all_unreserved_ports" Boolean Check |
| oval:ssg-sebool_tmpreaper_use_samba:def:1 |
error |
compliance |
[sebool_tmpreaper_use_samba] |
SELinux "tmpreaper_use_samba" Boolean Check |
| oval:ssg-sebool_tmpreaper_use_nfs:def:1 |
error |
compliance |
[sebool_tmpreaper_use_nfs] |
SELinux "tmpreaper_use_nfs" Boolean Check |
| oval:ssg-sebool_tftp_home_dir:def:1 |
error |
compliance |
[sebool_tftp_home_dir] |
SELinux "tftp_home_dir" Boolean Check |
| oval:ssg-sebool_tftp_anon_write:def:1 |
error |
compliance |
[sebool_tftp_anon_write] |
SELinux "tftp_anon_write" Boolean Check |
| oval:ssg-sebool_telepathy_tcp_connect_generic_network_ports:def:1 |
error |
compliance |
[sebool_telepathy_tcp_connect_generic_network_ports] |
SELinux "telepathy_tcp_connect_generic_network_ports" Boolean Check |
| oval:ssg-sebool_telepathy_connect_all_ports:def:1 |
error |
compliance |
[sebool_telepathy_connect_all_ports] |
SELinux "telepathy_connect_all_ports" Boolean Check |
| oval:ssg-sebool_sysadm_exec_content:def:1 |
error |
compliance |
[sebool_sysadm_exec_content] |
SELinux "sysadm_exec_content" Boolean Check |
| oval:ssg-sebool_swift_can_network:def:1 |
error |
compliance |
[sebool_swift_can_network] |
SELinux "swift_can_network" Boolean Check |
| oval:ssg-sebool_staff_use_svirt:def:1 |
error |
compliance |
[sebool_staff_use_svirt] |
SELinux "staff_use_svirt" Boolean Check |
| oval:ssg-sebool_staff_exec_content:def:1 |
error |
compliance |
[sebool_staff_exec_content] |
SELinux "staff_exec_content" Boolean Check |
| oval:ssg-sebool_ssh_sysadm_login:def:1 |
error |
compliance |
[sebool_ssh_sysadm_login] |
SELinux "ssh_sysadm_login" Boolean Check |
| oval:ssg-sebool_ssh_keysign:def:1 |
error |
compliance |
[sebool_ssh_keysign] |
SELinux "ssh_keysign" Boolean Check |
| oval:ssg-sebool_ssh_chroot_rw_homedirs:def:1 |
error |
compliance |
[sebool_ssh_chroot_rw_homedirs] |
SELinux "ssh_chroot_rw_homedirs" Boolean Check |
| oval:ssg-sebool_squid_use_tproxy:def:1 |
error |
compliance |
[sebool_squid_use_tproxy] |
SELinux "squid_use_tproxy" Boolean Check |
| oval:ssg-sebool_squid_connect_any:def:1 |
error |
compliance |
[sebool_squid_connect_any] |
SELinux "squid_connect_any" Boolean Check |
| oval:ssg-sebool_spamd_enable_home_dirs:def:1 |
error |
compliance |
[sebool_spamd_enable_home_dirs] |
SELinux "spamd_enable_home_dirs" Boolean Check |
| oval:ssg-sebool_spamassassin_can_network:def:1 |
error |
compliance |
[sebool_spamassassin_can_network] |
SELinux "spamassassin_can_network" Boolean Check |
| oval:ssg-sebool_smbd_anon_write:def:1 |
error |
compliance |
[sebool_smbd_anon_write] |
SELinux "smbd_anon_write" Boolean Check |
| oval:ssg-sebool_smartmon_3ware:def:1 |
error |
compliance |
[sebool_smartmon_3ware] |
SELinux "smartmon_3ware" Boolean Check |
| oval:ssg-sebool_sge_use_nfs:def:1 |
error |
compliance |
[sebool_sge_use_nfs] |
SELinux "sge_use_nfs" Boolean Check |
| oval:ssg-sebool_sge_domain_can_network_connect:def:1 |
error |
compliance |
[sebool_sge_domain_can_network_connect] |
SELinux "sge_domain_can_network_connect" Boolean Check |
| oval:ssg-sebool_selinuxuser_use_ssh_chroot:def:1 |
error |
compliance |
[sebool_selinuxuser_use_ssh_chroot] |
SELinux "selinuxuser_use_ssh_chroot" Boolean Check |
| oval:ssg-sebool_selinuxuser_udp_server:def:1 |
error |
compliance |
[sebool_selinuxuser_udp_server] |
SELinux "selinuxuser_udp_server" Boolean Check |
| oval:ssg-sebool_selinuxuser_tcp_server:def:1 |
error |
compliance |
[sebool_selinuxuser_tcp_server] |
SELinux "selinuxuser_tcp_server" Boolean Check |
| oval:ssg-sebool_selinuxuser_share_music:def:1 |
error |
compliance |
[sebool_selinuxuser_share_music] |
SELinux "selinuxuser_share_music" Boolean Check |
| oval:ssg-sebool_selinuxuser_rw_noexattrfile:def:1 |
error |
compliance |
[sebool_selinuxuser_rw_noexattrfile] |
SELinux "selinuxuser_rw_noexattrfile" Boolean Check |
| oval:ssg-sebool_selinuxuser_postgresql_connect_enabled:def:1 |
error |
compliance |
[sebool_selinuxuser_postgresql_connect_enabled] |
SELinux "selinuxuser_postgresql_connect_enabled" Boolean Check |
| oval:ssg-sebool_selinuxuser_ping:def:1 |
error |
compliance |
[sebool_selinuxuser_ping] |
SELinux "selinuxuser_ping" Boolean Check |
| oval:ssg-sebool_selinuxuser_mysql_connect_enabled:def:1 |
error |
compliance |
[sebool_selinuxuser_mysql_connect_enabled] |
SELinux "selinuxuser_mysql_connect_enabled" Boolean Check |
| oval:ssg-sebool_selinuxuser_execstack:def:1 |
error |
compliance |
[sebool_selinuxuser_execstack] |
SELinux "selinuxuser_execstack" Boolean Check |
| oval:ssg-sebool_selinuxuser_execmod:def:1 |
error |
compliance |
[sebool_selinuxuser_execmod] |
SELinux "selinuxuser_execmod" Boolean Check |
| oval:ssg-sebool_selinuxuser_execheap:def:1 |
error |
compliance |
[sebool_selinuxuser_execheap] |
SELinux "selinuxuser_execheap" Boolean Check |
| oval:ssg-sebool_selinuxuser_direct_dri_enabled:def:1 |
error |
compliance |
[sebool_selinuxuser_direct_dri_enabled] |
SELinux "selinuxuser_direct_dri_enabled" Boolean Check |
| oval:ssg-sebool_secure_mode_policyload:def:1 |
error |
compliance |
[sebool_secure_mode_policyload] |
SELinux "secure_mode_policyload" Boolean Check |
| oval:ssg-sebool_secure_mode_insmod:def:1 |
error |
compliance |
[sebool_secure_mode_insmod] |
SELinux "secure_mode_insmod" Boolean Check |
| oval:ssg-sebool_secure_mode:def:1 |
error |
compliance |
[sebool_secure_mode] |
SELinux "secure_mode" Boolean Check |
| oval:ssg-sebool_secadm_exec_content:def:1 |
error |
compliance |
[sebool_secadm_exec_content] |
SELinux "secadm_exec_content" Boolean Check |
| oval:ssg-sebool_saslauthd_read_shadow:def:1 |
error |
compliance |
[sebool_saslauthd_read_shadow] |
SELinux "saslauthd_read_shadow" Boolean Check |
| oval:ssg-sebool_sanlock_use_samba:def:1 |
error |
compliance |
[sebool_sanlock_use_samba] |
SELinux "sanlock_use_samba" Boolean Check |
| oval:ssg-sebool_sanlock_use_nfs:def:1 |
error |
compliance |
[sebool_sanlock_use_nfs] |
SELinux "sanlock_use_nfs" Boolean Check |
| oval:ssg-sebool_sanlock_use_fusefs:def:1 |
error |
compliance |
[sebool_sanlock_use_fusefs] |
SELinux "sanlock_use_fusefs" Boolean Check |
| oval:ssg-sebool_samba_share_nfs:def:1 |
error |
compliance |
[sebool_samba_share_nfs] |
SELinux "samba_share_nfs" Boolean Check |
| oval:ssg-sebool_samba_share_fusefs:def:1 |
error |
compliance |
[sebool_samba_share_fusefs] |
SELinux "samba_share_fusefs" Boolean Check |
| oval:ssg-sebool_samba_run_unconfined:def:1 |
error |
compliance |
[sebool_samba_run_unconfined] |
SELinux "samba_run_unconfined" Boolean Check |
| oval:ssg-sebool_samba_portmapper:def:1 |
error |
compliance |
[sebool_samba_portmapper] |
SELinux "samba_portmapper" Boolean Check |
| oval:ssg-sebool_samba_load_libgfapi:def:1 |
error |
compliance |
[sebool_samba_load_libgfapi] |
SELinux "samba_load_libgfapi" Boolean Check |
| oval:ssg-sebool_samba_export_all_rw:def:1 |
error |
compliance |
[sebool_samba_export_all_rw] |
SELinux "samba_export_all_rw" Boolean Check |
| oval:ssg-sebool_samba_export_all_ro:def:1 |
error |
compliance |
[sebool_samba_export_all_ro] |
SELinux "samba_export_all_ro" Boolean Check |
| oval:ssg-sebool_samba_enable_home_dirs:def:1 |
error |
compliance |
[sebool_samba_enable_home_dirs] |
SELinux "samba_enable_home_dirs" Boolean Check |
| oval:ssg-sebool_samba_domain_controller:def:1 |
error |
compliance |
[sebool_samba_domain_controller] |
SELinux "samba_domain_controller" Boolean Check |
| oval:ssg-sebool_samba_create_home_dirs:def:1 |
error |
compliance |
[sebool_samba_create_home_dirs] |
SELinux "samba_create_home_dirs" Boolean Check |
| oval:ssg-sebool_rsync_full_access:def:1 |
error |
compliance |
[sebool_rsync_full_access] |
SELinux "rsync_full_access" Boolean Check |
| oval:ssg-sebool_rsync_export_all_ro:def:1 |
error |
compliance |
[sebool_rsync_export_all_ro] |
SELinux "rsync_export_all_ro" Boolean Check |
| oval:ssg-sebool_rsync_client:def:1 |
error |
compliance |
[sebool_rsync_client] |
SELinux "rsync_client" Boolean Check |
| oval:ssg-sebool_rsync_anon_write:def:1 |
error |
compliance |
[sebool_rsync_anon_write] |
SELinux "rsync_anon_write" Boolean Check |
| oval:ssg-sebool_racoon_read_shadow:def:1 |
error |
compliance |
[sebool_racoon_read_shadow] |
SELinux "racoon_read_shadow" Boolean Check |
| oval:ssg-sebool_puppetmaster_use_db:def:1 |
error |
compliance |
[sebool_puppetmaster_use_db] |
SELinux "puppetmaster_use_db" Boolean Check |
| oval:ssg-sebool_puppetagent_manage_all_files:def:1 |
error |
compliance |
[sebool_puppetagent_manage_all_files] |
SELinux "puppetagent_manage_all_files" Boolean Check |
| oval:ssg-sebool_prosody_bind_http_port:def:1 |
error |
compliance |
[sebool_prosody_bind_http_port] |
SELinux "prosody_bind_http_port" Boolean Check |
| oval:ssg-sebool_privoxy_connect_any:def:1 |
error |
compliance |
[sebool_privoxy_connect_any] |
SELinux "privoxy_connect_any" Boolean Check |
| oval:ssg-sebool_pppd_for_user:def:1 |
error |
compliance |
[sebool_pppd_for_user] |
SELinux "pppd_for_user" Boolean Check |
| oval:ssg-sebool_pppd_can_insmod:def:1 |
error |
compliance |
[sebool_pppd_can_insmod] |
SELinux "pppd_can_insmod" Boolean Check |
| oval:ssg-sebool_postgresql_selinux_users_ddl:def:1 |
error |
compliance |
[sebool_postgresql_selinux_users_ddl] |
SELinux "postgresql_selinux_users_ddl" Boolean Check |
| oval:ssg-sebool_postgresql_selinux_unconfined_dbadm:def:1 |
error |
compliance |
[sebool_postgresql_selinux_unconfined_dbadm] |
SELinux "postgresql_selinux_unconfined_dbadm" Boolean Check |
| oval:ssg-sebool_postgresql_selinux_transmit_client_label:def:1 |
error |
compliance |
[sebool_postgresql_selinux_transmit_client_label] |
SELinux "postgresql_selinux_transmit_client_label" Boolean Check |
| oval:ssg-sebool_postgresql_can_rsync:def:1 |
error |
compliance |
[sebool_postgresql_can_rsync] |
SELinux "postgresql_can_rsync" Boolean Check |
| oval:ssg-sebool_postfix_local_write_mail_spool:def:1 |
error |
compliance |
[sebool_postfix_local_write_mail_spool] |
SELinux "postfix_local_write_mail_spool" Boolean Check |
| oval:ssg-sebool_polyinstantiation_enabled:def:1 |
error |
compliance |
[sebool_polyinstantiation_enabled] |
SELinux "polyinstantiation_enabled" Boolean Check |
| oval:ssg-sebool_polipo_use_nfs:def:1 |
error |
compliance |
[sebool_polipo_use_nfs] |
SELinux "polipo_use_nfs" Boolean Check |
| oval:ssg-sebool_polipo_use_cifs:def:1 |
error |
compliance |
[sebool_polipo_use_cifs] |
SELinux "polipo_use_cifs" Boolean Check |
| oval:ssg-sebool_polipo_session_users:def:1 |
error |
compliance |
[sebool_polipo_session_users] |
SELinux "polipo_session_users" Boolean Check |
| oval:ssg-sebool_polipo_session_bind_all_unreserved_ports:def:1 |
error |
compliance |
[sebool_polipo_session_bind_all_unreserved_ports] |
SELinux "polipo_session_bind_all_unreserved_ports" Boolean Check |
| oval:ssg-sebool_polipo_connect_all_unreserved:def:1 |
error |
compliance |
[sebool_polipo_connect_all_unreserved] |
SELinux "polipo_connect_all_unreserved" Boolean Check |
| oval:ssg-sebool_piranha_lvs_can_network_connect:def:1 |
error |
compliance |
[sebool_piranha_lvs_can_network_connect] |
SELinux "piranha_lvs_can_network_connect" Boolean Check |
| oval:ssg-sebool_pcp_read_generic_logs:def:1 |
error |
compliance |
[sebool_pcp_read_generic_logs] |
SELinux "pcp_read_generic_logs" Boolean Check |
| oval:ssg-sebool_pcp_bind_all_unreserved_ports:def:1 |
error |
compliance |
[sebool_pcp_bind_all_unreserved_ports] |
SELinux "pcp_bind_all_unreserved_ports" Boolean Check |
| oval:ssg-sebool_openvpn_run_unconfined:def:1 |
error |
compliance |
[sebool_openvpn_run_unconfined] |
SELinux "openvpn_run_unconfined" Boolean Check |
| oval:ssg-sebool_openvpn_enable_homedirs:def:1 |
error |
compliance |
[sebool_openvpn_enable_homedirs] |
SELinux "openvpn_enable_homedirs" Boolean Check |
| oval:ssg-sebool_openvpn_can_network_connect:def:1 |
error |
compliance |
[sebool_openvpn_can_network_connect] |
SELinux "openvpn_can_network_connect" Boolean Check |
| oval:ssg-sebool_openshift_use_nfs:def:1 |
error |
compliance |
[sebool_openshift_use_nfs] |
SELinux "openshift_use_nfs" Boolean Check |
| oval:ssg-sebool_nscd_use_shm:def:1 |
error |
compliance |
[sebool_nscd_use_shm] |
SELinux "nscd_use_shm" Boolean Check |
| oval:ssg-sebool_nis_enabled:def:1 |
error |
compliance |
[sebool_nis_enabled] |
SELinux "nis_enabled" Boolean Check |
| oval:ssg-sebool_nfsd_anon_write:def:1 |
error |
compliance |
[sebool_nfsd_anon_write] |
SELinux "nfsd_anon_write" Boolean Check |
| oval:ssg-sebool_nfs_export_all_rw:def:1 |
error |
compliance |
[sebool_nfs_export_all_rw] |
SELinux "nfs_export_all_rw" Boolean Check |
| oval:ssg-sebool_nfs_export_all_ro:def:1 |
error |
compliance |
[sebool_nfs_export_all_ro] |
SELinux "nfs_export_all_ro" Boolean Check |
| oval:ssg-sebool_neutron_can_network:def:1 |
error |
compliance |
[sebool_neutron_can_network] |
SELinux "neutron_can_network" Boolean Check |
| oval:ssg-sebool_named_write_master_zones:def:1 |
error |
compliance |
[sebool_named_write_master_zones] |
SELinux "named_write_master_zones" Boolean Check |
| oval:ssg-sebool_named_tcp_bind_http_port:def:1 |
error |
compliance |
[sebool_named_tcp_bind_http_port] |
SELinux "named_tcp_bind_http_port" Boolean Check |
| oval:ssg-sebool_nagios_run_sudo:def:1 |
error |
compliance |
[sebool_nagios_run_sudo] |
SELinux "nagios_run_sudo" Boolean Check |
| oval:ssg-sebool_nagios_run_pnp4nagios:def:1 |
error |
compliance |
[sebool_nagios_run_pnp4nagios] |
SELinux "nagios_run_pnp4nagios" Boolean Check |
| oval:ssg-sebool_mysql_connect_any:def:1 |
error |
compliance |
[sebool_mysql_connect_any] |
SELinux "mysql_connect_any" Boolean Check |
| oval:ssg-sebool_mplayer_execstack:def:1 |
error |
compliance |
[sebool_mplayer_execstack] |
SELinux "mplayer_execstack" Boolean Check |
| oval:ssg-sebool_mpd_use_nfs:def:1 |
error |
compliance |
[sebool_mpd_use_nfs] |
SELinux "mpd_use_nfs" Boolean Check |
| oval:ssg-sebool_mpd_use_cifs:def:1 |
error |
compliance |
[sebool_mpd_use_cifs] |
SELinux "mpd_use_cifs" Boolean Check |
| oval:ssg-sebool_mpd_enable_homedirs:def:1 |
error |
compliance |
[sebool_mpd_enable_homedirs] |
SELinux "mpd_enable_homedirs" Boolean Check |
| oval:ssg-sebool_mozilla_read_content:def:1 |
error |
compliance |
[sebool_mozilla_read_content] |
SELinux "mozilla_read_content" Boolean Check |
| oval:ssg-sebool_mozilla_plugin_use_spice:def:1 |
error |
compliance |
[sebool_mozilla_plugin_use_spice] |
SELinux "mozilla_plugin_use_spice" Boolean Check |
| oval:ssg-sebool_mozilla_plugin_use_gps:def:1 |
error |
compliance |
[sebool_mozilla_plugin_use_gps] |
SELinux "mozilla_plugin_use_gps" Boolean Check |
| oval:ssg-sebool_mozilla_plugin_use_bluejeans:def:1 |
error |
compliance |
[sebool_mozilla_plugin_use_bluejeans] |
SELinux "mozilla_plugin_use_bluejeans" Boolean Check |
| oval:ssg-sebool_mozilla_plugin_can_network_connect:def:1 |
error |
compliance |
[sebool_mozilla_plugin_can_network_connect] |
SELinux "mozilla_plugin_can_network_connect" Boolean Check |
| oval:ssg-sebool_mozilla_plugin_bind_unreserved_ports:def:1 |
error |
compliance |
[sebool_mozilla_plugin_bind_unreserved_ports] |
SELinux "mozilla_plugin_bind_unreserved_ports" Boolean Check |
| oval:ssg-sebool_mount_anyfile:def:1 |
error |
compliance |
[sebool_mount_anyfile] |
SELinux "mount_anyfile" Boolean Check |
| oval:ssg-sebool_mock_enable_homedirs:def:1 |
error |
compliance |
[sebool_mock_enable_homedirs] |
SELinux "mock_enable_homedirs" Boolean Check |
| oval:ssg-sebool_mmap_low_allowed:def:1 |
error |
compliance |
[sebool_mmap_low_allowed] |
SELinux "mmap_low_allowed" Boolean Check |
| oval:ssg-sebool_minidlna_read_generic_user_content:def:1 |
error |
compliance |
[sebool_minidlna_read_generic_user_content] |
SELinux "minidlna_read_generic_user_content" Boolean Check |
| oval:ssg-sebool_mcelog_server:def:1 |
error |
compliance |
[sebool_mcelog_server] |
SELinux "mcelog_server" Boolean Check |
| oval:ssg-sebool_mcelog_foreground:def:1 |
error |
compliance |
[sebool_mcelog_foreground] |
SELinux "mcelog_foreground" Boolean Check |
| oval:ssg-sebool_mcelog_exec_scripts:def:1 |
error |
compliance |
[sebool_mcelog_exec_scripts] |
SELinux "mcelog_exec_scripts" Boolean Check |
| oval:ssg-sebool_mcelog_client:def:1 |
error |
compliance |
[sebool_mcelog_client] |
SELinux "mcelog_client" Boolean Check |
| oval:ssg-sebool_mailman_use_fusefs:def:1 |
error |
compliance |
[sebool_mailman_use_fusefs] |
SELinux "mailman_use_fusefs" Boolean Check |
| oval:ssg-sebool_lsmd_plugin_connect_any:def:1 |
error |
compliance |
[sebool_lsmd_plugin_connect_any] |
SELinux "lsmd_plugin_connect_any" Boolean Check |
| oval:ssg-sebool_logwatch_can_network_connect_mail:def:1 |
error |
compliance |
[sebool_logwatch_can_network_connect_mail] |
SELinux "logwatch_can_network_connect_mail" Boolean Check |
| oval:ssg-sebool_logrotate_use_nfs:def:1 |
error |
compliance |
[sebool_logrotate_use_nfs] |
SELinux "logrotate_use_nfs" Boolean Check |
| oval:ssg-sebool_login_console_enabled:def:1 |
error |
compliance |
[sebool_login_console_enabled] |
SELinux "login_console_enabled" Boolean Check |
| oval:ssg-sebool_logging_syslogd_use_tty:def:1 |
error |
compliance |
[sebool_logging_syslogd_use_tty] |
SELinux "logging_syslogd_use_tty" Boolean Check |
| oval:ssg-sebool_logging_syslogd_run_nagios_plugins:def:1 |
error |
compliance |
[sebool_logging_syslogd_run_nagios_plugins] |
SELinux "logging_syslogd_run_nagios_plugins" Boolean Check |
| oval:ssg-sebool_logging_syslogd_can_sendmail:def:1 |
error |
compliance |
[sebool_logging_syslogd_can_sendmail] |
SELinux "logging_syslogd_can_sendmail" Boolean Check |
| oval:ssg-sebool_logadm_exec_content:def:1 |
error |
compliance |
[sebool_logadm_exec_content] |
SELinux "logadm_exec_content" Boolean Check |
| oval:ssg-sebool_ksmtuned_use_nfs:def:1 |
error |
compliance |
[sebool_ksmtuned_use_nfs] |
SELinux "ksmtuned_use_nfs" Boolean Check |
| oval:ssg-sebool_ksmtuned_use_cifs:def:1 |
error |
compliance |
[sebool_ksmtuned_use_cifs] |
SELinux "ksmtuned_use_cifs" Boolean Check |
| oval:ssg-sebool_kerberos_enabled:def:1 |
error |
compliance |
[sebool_kerberos_enabled] |
SELinux "kerberos_enabled" Boolean Check |
| oval:ssg-sebool_kdumpgui_run_bootloader:def:1 |
error |
compliance |
[sebool_kdumpgui_run_bootloader] |
SELinux "kdumpgui_run_bootloader" Boolean Check |
| oval:ssg-sebool_irssi_use_full_network:def:1 |
error |
compliance |
[sebool_irssi_use_full_network] |
SELinux "irssi_use_full_network" Boolean Check |
| oval:ssg-sebool_irc_use_any_tcp_ports:def:1 |
error |
compliance |
[sebool_irc_use_any_tcp_ports] |
SELinux "irc_use_any_tcp_ports" Boolean Check |
| oval:ssg-sebool_icecast_use_any_tcp_ports:def:1 |
error |
compliance |
[sebool_icecast_use_any_tcp_ports] |
SELinux "icecast_use_any_tcp_ports" Boolean Check |
| oval:ssg-sebool_httpd_verify_dns:def:1 |
error |
compliance |
[sebool_httpd_verify_dns] |
SELinux "httpd_verify_dns" Boolean Check |
| oval:ssg-sebool_httpd_use_sasl:def:1 |
error |
compliance |
[sebool_httpd_use_sasl] |
SELinux "httpd_use_sasl" Boolean Check |
| oval:ssg-sebool_httpd_use_openstack:def:1 |
error |
compliance |
[sebool_httpd_use_openstack] |
SELinux "httpd_use_openstack" Boolean Check |
| oval:ssg-sebool_httpd_use_nfs:def:1 |
error |
compliance |
[sebool_httpd_use_nfs] |
SELinux "httpd_use_nfs" Boolean Check |
| oval:ssg-sebool_httpd_use_gpg:def:1 |
error |
compliance |
[sebool_httpd_use_gpg] |
SELinux "httpd_use_gpg" Boolean Check |
| oval:ssg-sebool_httpd_use_fusefs:def:1 |
error |
compliance |
[sebool_httpd_use_fusefs] |
SELinux "httpd_use_fusefs" Boolean Check |
| oval:ssg-sebool_httpd_use_cifs:def:1 |
error |
compliance |
[sebool_httpd_use_cifs] |
SELinux "httpd_use_cifs" Boolean Check |
| oval:ssg-sebool_httpd_unified:def:1 |
error |
compliance |
[sebool_httpd_unified] |
SELinux "httpd_unified" Boolean Check |
| oval:ssg-sebool_httpd_tty_comm:def:1 |
error |
compliance |
[sebool_httpd_tty_comm] |
SELinux "httpd_tty_comm" Boolean Check |
| oval:ssg-sebool_httpd_tmp_exec:def:1 |
error |
compliance |
[sebool_httpd_tmp_exec] |
SELinux "httpd_tmp_exec" Boolean Check |
| oval:ssg-sebool_httpd_sys_script_anon_write:def:1 |
error |
compliance |
[sebool_httpd_sys_script_anon_write] |
SELinux "httpd_sys_script_anon_write" Boolean Check |
| oval:ssg-sebool_httpd_ssi_exec:def:1 |
error |
compliance |
[sebool_httpd_ssi_exec] |
SELinux "httpd_ssi_exec" Boolean Check |
| oval:ssg-sebool_httpd_setrlimit:def:1 |
error |
compliance |
[sebool_httpd_setrlimit] |
SELinux "httpd_setrlimit" Boolean Check |
| oval:ssg-sebool_httpd_serve_cobbler_files:def:1 |
error |
compliance |
[sebool_httpd_serve_cobbler_files] |
SELinux "httpd_serve_cobbler_files" Boolean Check |
| oval:ssg-sebool_httpd_run_stickshift:def:1 |
error |
compliance |
[sebool_httpd_run_stickshift] |
SELinux "httpd_run_stickshift" Boolean Check |
| oval:ssg-sebool_httpd_run_preupgrade:def:1 |
error |
compliance |
[sebool_httpd_run_preupgrade] |
SELinux "httpd_run_preupgrade" Boolean Check |
| oval:ssg-sebool_httpd_run_ipa:def:1 |
error |
compliance |
[sebool_httpd_run_ipa] |
SELinux "httpd_run_ipa" Boolean Check |
| oval:ssg-sebool_httpd_read_user_content:def:1 |
error |
compliance |
[sebool_httpd_read_user_content] |
SELinux "httpd_read_user_content" Boolean Check |
| oval:ssg-sebool_httpd_mod_auth_pam:def:1 |
error |
compliance |
[sebool_httpd_mod_auth_pam] |
SELinux "httpd_mod_auth_pam" Boolean Check |
| oval:ssg-sebool_httpd_mod_auth_ntlm_winbind:def:1 |
error |
compliance |
[sebool_httpd_mod_auth_ntlm_winbind] |
SELinux "httpd_mod_auth_ntlm_winbind" Boolean Check |
| oval:ssg-sebool_httpd_manage_ipa:def:1 |
error |
compliance |
[sebool_httpd_manage_ipa] |
SELinux "httpd_manage_ipa" Boolean Check |
| oval:ssg-sebool_httpd_graceful_shutdown:def:1 |
error |
compliance |
[sebool_httpd_graceful_shutdown] |
SELinux "httpd_graceful_shutdown" Boolean Check |
| oval:ssg-sebool_httpd_execmem:def:1 |
error |
compliance |
[sebool_httpd_execmem] |
SELinux "httpd_execmem" Boolean Check |
| oval:ssg-sebool_httpd_enable_homedirs:def:1 |
error |
compliance |
[sebool_httpd_enable_homedirs] |
SELinux "httpd_enable_homedirs" Boolean Check |
| oval:ssg-sebool_httpd_enable_ftp_server:def:1 |
error |
compliance |
[sebool_httpd_enable_ftp_server] |
SELinux "httpd_enable_ftp_server" Boolean Check |
| oval:ssg-sebool_httpd_enable_cgi:def:1 |
error |
compliance |
[sebool_httpd_enable_cgi] |
SELinux "httpd_enable_cgi" Boolean Check |
| oval:ssg-sebool_httpd_dontaudit_search_dirs:def:1 |
error |
compliance |
[sebool_httpd_dontaudit_search_dirs] |
SELinux "httpd_dontaudit_search_dirs" Boolean Check |
| oval:ssg-sebool_httpd_dbus_sssd:def:1 |
error |
compliance |
[sebool_httpd_dbus_sssd] |
SELinux "httpd_dbus_sssd" Boolean Check |
| oval:ssg-sebool_httpd_dbus_avahi:def:1 |
error |
compliance |
[sebool_httpd_dbus_avahi] |
SELinux "httpd_dbus_avahi" Boolean Check |
| oval:ssg-sebool_httpd_can_sendmail:def:1 |
error |
compliance |
[sebool_httpd_can_sendmail] |
SELinux "httpd_can_sendmail" Boolean Check |
| oval:ssg-sebool_httpd_can_network_relay:def:1 |
error |
compliance |
[sebool_httpd_can_network_relay] |
SELinux "httpd_can_network_relay" Boolean Check |
| oval:ssg-sebool_httpd_can_network_memcache:def:1 |
error |
compliance |
[sebool_httpd_can_network_memcache] |
SELinux "httpd_can_network_memcache" Boolean Check |
| oval:ssg-sebool_httpd_can_network_connect_db:def:1 |
error |
compliance |
[sebool_httpd_can_network_connect_db] |
SELinux "httpd_can_network_connect_db" Boolean Check |
| oval:ssg-sebool_httpd_can_network_connect_cobbler:def:1 |
error |
compliance |
[sebool_httpd_can_network_connect_cobbler] |
SELinux "httpd_can_network_connect_cobbler" Boolean Check |
| oval:ssg-sebool_httpd_can_network_connect:def:1 |
error |
compliance |
[sebool_httpd_can_network_connect] |
SELinux "httpd_can_network_connect" Boolean Check |
| oval:ssg-sebool_httpd_can_connect_zabbix:def:1 |
error |
compliance |
[sebool_httpd_can_connect_zabbix] |
SELinux "httpd_can_connect_zabbix" Boolean Check |
| oval:ssg-sebool_httpd_can_connect_mythtv:def:1 |
error |
compliance |
[sebool_httpd_can_connect_mythtv] |
SELinux "httpd_can_connect_mythtv" Boolean Check |
| oval:ssg-sebool_httpd_can_connect_ldap:def:1 |
error |
compliance |
[sebool_httpd_can_connect_ldap] |
SELinux "httpd_can_connect_ldap" Boolean Check |
| oval:ssg-sebool_httpd_can_connect_ftp:def:1 |
error |
compliance |
[sebool_httpd_can_connect_ftp] |
SELinux "httpd_can_connect_ftp" Boolean Check |
| oval:ssg-sebool_httpd_can_check_spam:def:1 |
error |
compliance |
[sebool_httpd_can_check_spam] |
SELinux "httpd_can_check_spam" Boolean Check |
| oval:ssg-sebool_httpd_builtin_scripting:def:1 |
error |
compliance |
[sebool_httpd_builtin_scripting] |
SELinux "httpd_builtin_scripting" Boolean Check |
| oval:ssg-sebool_httpd_anon_write:def:1 |
error |
compliance |
[sebool_httpd_anon_write] |
SELinux "httpd_anon_write" Boolean Check |
| oval:ssg-sebool_haproxy_connect_any:def:1 |
error |
compliance |
[sebool_haproxy_connect_any] |
SELinux "haproxy_connect_any" Boolean Check |
| oval:ssg-sebool_guest_exec_content:def:1 |
error |
compliance |
[sebool_guest_exec_content] |
SELinux "guest_exec_content" Boolean Check |
| oval:ssg-sebool_gssd_read_tmp:def:1 |
error |
compliance |
[sebool_gssd_read_tmp] |
SELinux "gssd_read_tmp" Boolean Check |
| oval:ssg-sebool_gpg_web_anon_write:def:1 |
error |
compliance |
[sebool_gpg_web_anon_write] |
SELinux "gpg_web_anon_write" Boolean Check |
| oval:ssg-sebool_gluster_export_all_rw:def:1 |
error |
compliance |
[sebool_gluster_export_all_rw] |
SELinux "gluster_export_all_rw" Boolean Check |
| oval:ssg-sebool_gluster_export_all_ro:def:1 |
error |
compliance |
[sebool_gluster_export_all_ro] |
SELinux "gluster_export_all_ro" Boolean Check |
| oval:ssg-sebool_gluster_anon_write:def:1 |
error |
compliance |
[sebool_gluster_anon_write] |
SELinux "gluster_anon_write" Boolean Check |
| oval:ssg-sebool_global_ssp:def:1 |
error |
compliance |
[sebool_global_ssp] |
SELinux "global_ssp" Boolean Check |
| oval:ssg-sebool_glance_use_fusefs:def:1 |
error |
compliance |
[sebool_glance_use_fusefs] |
SELinux "glance_use_fusefs" Boolean Check |
| oval:ssg-sebool_glance_use_execmem:def:1 |
error |
compliance |
[sebool_glance_use_execmem] |
SELinux "glance_use_execmem" Boolean Check |
| oval:ssg-sebool_glance_api_can_network:def:1 |
error |
compliance |
[sebool_glance_api_can_network] |
SELinux "glance_api_can_network" Boolean Check |
| oval:ssg-sebool_gitosis_can_sendmail:def:1 |
error |
compliance |
[sebool_gitosis_can_sendmail] |
SELinux "gitosis_can_sendmail" Boolean Check |
| oval:ssg-sebool_git_system_use_nfs:def:1 |
error |
compliance |
[sebool_git_system_use_nfs] |
SELinux "git_system_use_nfs" Boolean Check |
| oval:ssg-sebool_git_system_use_cifs:def:1 |
error |
compliance |
[sebool_git_system_use_cifs] |
SELinux "git_system_use_cifs" Boolean Check |
| oval:ssg-sebool_git_system_enable_homedirs:def:1 |
error |
compliance |
[sebool_git_system_enable_homedirs] |
SELinux "git_system_enable_homedirs" Boolean Check |
| oval:ssg-sebool_git_session_users:def:1 |
error |
compliance |
[sebool_git_session_users] |
SELinux "git_session_users" Boolean Check |
| oval:ssg-sebool_git_session_bind_all_unreserved_ports:def:1 |
error |
compliance |
[sebool_git_session_bind_all_unreserved_ports] |
SELinux "git_session_bind_all_unreserved_ports" Boolean Check |
| oval:ssg-sebool_git_cgi_use_nfs:def:1 |
error |
compliance |
[sebool_git_cgi_use_nfs] |
SELinux "git_cgi_use_nfs" Boolean Check |
| oval:ssg-sebool_git_cgi_use_cifs:def:1 |
error |
compliance |
[sebool_git_cgi_use_cifs] |
SELinux "git_cgi_use_cifs" Boolean Check |
| oval:ssg-sebool_git_cgi_enable_homedirs:def:1 |
error |
compliance |
[sebool_git_cgi_enable_homedirs] |
SELinux "git_cgi_enable_homedirs" Boolean Check |
| oval:ssg-sebool_ftpd_use_passive_mode:def:1 |
error |
compliance |
[sebool_ftpd_use_passive_mode] |
SELinux "ftpd_use_passive_mode" Boolean Check |
| oval:ssg-sebool_ftpd_use_nfs:def:1 |
error |
compliance |
[sebool_ftpd_use_nfs] |
SELinux "ftpd_use_nfs" Boolean Check |
| oval:ssg-sebool_ftpd_use_fusefs:def:1 |
error |
compliance |
[sebool_ftpd_use_fusefs] |
SELinux "ftpd_use_fusefs" Boolean Check |
| oval:ssg-sebool_ftpd_use_cifs:def:1 |
error |
compliance |
[sebool_ftpd_use_cifs] |
SELinux "ftpd_use_cifs" Boolean Check |
| oval:ssg-sebool_ftpd_full_access:def:1 |
error |
compliance |
[sebool_ftpd_full_access] |
SELinux "ftpd_full_access" Boolean Check |
| oval:ssg-sebool_ftpd_connect_db:def:1 |
error |
compliance |
[sebool_ftpd_connect_db] |
SELinux "ftpd_connect_db" Boolean Check |
| oval:ssg-sebool_ftpd_connect_all_unreserved:def:1 |
error |
compliance |
[sebool_ftpd_connect_all_unreserved] |
SELinux "ftpd_connect_all_unreserved" Boolean Check |
| oval:ssg-sebool_ftpd_anon_write:def:1 |
error |
compliance |
[sebool_ftpd_anon_write] |
SELinux "ftpd_anon_write" Boolean Check |
| oval:ssg-sebool_fips_mode:def:1 |
error |
compliance |
[sebool_fips_mode] |
SELinux "fips_mode" Boolean Check |
| oval:ssg-sebool_fenced_can_ssh:def:1 |
error |
compliance |
[sebool_fenced_can_ssh] |
SELinux "fenced_can_ssh" Boolean Check |
| oval:ssg-sebool_fenced_can_network_connect:def:1 |
error |
compliance |
[sebool_fenced_can_network_connect] |
SELinux "fenced_can_network_connect" Boolean Check |
| oval:ssg-sebool_fcron_crond:def:1 |
error |
compliance |
[sebool_fcron_crond] |
SELinux "fcron_crond" Boolean Check |
| oval:ssg-sebool_exim_read_user_files:def:1 |
error |
compliance |
[sebool_exim_read_user_files] |
SELinux "exim_read_user_files" Boolean Check |
| oval:ssg-sebool_exim_manage_user_files:def:1 |
error |
compliance |
[sebool_exim_manage_user_files] |
SELinux "exim_manage_user_files" Boolean Check |
| oval:ssg-sebool_exim_can_connect_db:def:1 |
error |
compliance |
[sebool_exim_can_connect_db] |
SELinux "exim_can_connect_db" Boolean Check |
| oval:ssg-sebool_entropyd_use_audio:def:1 |
error |
compliance |
[sebool_entropyd_use_audio] |
SELinux "entropyd_use_audio" Boolean Check |
| oval:ssg-sebool_domain_kernel_load_modules:def:1 |
error |
compliance |
[sebool_domain_kernel_load_modules] |
SELinux "domain_kernel_load_modules" Boolean Check |
| oval:ssg-sebool_domain_fd_use:def:1 |
error |
compliance |
[sebool_domain_fd_use] |
SELinux "domain_fd_use" Boolean Check |
| oval:ssg-sebool_dhcpd_use_ldap:def:1 |
error |
compliance |
[sebool_dhcpd_use_ldap] |
SELinux "dhcpd_use_ldap" Boolean Check |
| oval:ssg-sebool_dhcpc_exec_iptables:def:1 |
error |
compliance |
[sebool_dhcpc_exec_iptables] |
SELinux "dhcpc_exec_iptables" Boolean Check |
| oval:ssg-sebool_deny_ptrace:def:1 |
error |
compliance |
[sebool_deny_ptrace] |
SELinux "deny_ptrace" Boolean Check |
| oval:ssg-sebool_deny_execmem:def:1 |
error |
compliance |
[sebool_deny_execmem] |
SELinux "deny_execmem" Boolean Check |
| oval:ssg-sebool_dbadm_read_user_files:def:1 |
error |
compliance |
[sebool_dbadm_read_user_files] |
SELinux "dbadm_read_user_files" Boolean Check |
| oval:ssg-sebool_dbadm_manage_user_files:def:1 |
error |
compliance |
[sebool_dbadm_manage_user_files] |
SELinux "dbadm_manage_user_files" Boolean Check |
| oval:ssg-sebool_dbadm_exec_content:def:1 |
error |
compliance |
[sebool_dbadm_exec_content] |
SELinux "dbadm_exec_content" Boolean Check |
| oval:ssg-sebool_daemons_use_tty:def:1 |
error |
compliance |
[sebool_daemons_use_tty] |
SELinux "daemons_use_tty" Boolean Check |
| oval:ssg-sebool_daemons_use_tcp_wrapper:def:1 |
error |
compliance |
[sebool_daemons_use_tcp_wrapper] |
SELinux "daemons_use_tcp_wrapper" Boolean Check |
| oval:ssg-sebool_daemons_enable_cluster_mode:def:1 |
error |
compliance |
[sebool_daemons_enable_cluster_mode] |
SELinux "daemons_enable_cluster_mode" Boolean Check |
| oval:ssg-sebool_daemons_dump_core:def:1 |
error |
compliance |
[sebool_daemons_dump_core] |
SELinux "daemons_dump_core" Boolean Check |
| oval:ssg-sebool_cvs_read_shadow:def:1 |
error |
compliance |
[sebool_cvs_read_shadow] |
SELinux "cvs_read_shadow" Boolean Check |
| oval:ssg-sebool_cups_execmem:def:1 |
error |
compliance |
[sebool_cups_execmem] |
SELinux "cups_execmem" Boolean Check |
| oval:ssg-sebool_cron_userdomain_transition:def:1 |
error |
compliance |
[sebool_cron_userdomain_transition] |
SELinux "cron_userdomain_transition" Boolean Check |
| oval:ssg-sebool_cron_system_cronjob_use_shares:def:1 |
error |
compliance |
[sebool_cron_system_cronjob_use_shares] |
SELinux "cron_system_cronjob_use_shares" Boolean Check |
| oval:ssg-sebool_cron_can_relabel:def:1 |
error |
compliance |
[sebool_cron_can_relabel] |
SELinux "cron_can_relabel" Boolean Check |
| oval:ssg-sebool_conman_can_network:def:1 |
error |
compliance |
[sebool_conman_can_network] |
SELinux "conman_can_network" Boolean Check |
| oval:ssg-sebool_condor_tcp_network_connect:def:1 |
error |
compliance |
[sebool_condor_tcp_network_connect] |
SELinux "condor_tcp_network_connect" Boolean Check |
| oval:ssg-sebool_collectd_tcp_network_connect:def:1 |
error |
compliance |
[sebool_collectd_tcp_network_connect] |
SELinux "collectd_tcp_network_connect" Boolean Check |
| oval:ssg-sebool_cobbler_use_nfs:def:1 |
error |
compliance |
[sebool_cobbler_use_nfs] |
SELinux "cobbler_use_nfs" Boolean Check |
| oval:ssg-sebool_cobbler_use_cifs:def:1 |
error |
compliance |
[sebool_cobbler_use_cifs] |
SELinux "cobbler_use_cifs" Boolean Check |
| oval:ssg-sebool_cobbler_can_network_connect:def:1 |
error |
compliance |
[sebool_cobbler_can_network_connect] |
SELinux "cobbler_can_network_connect" Boolean Check |
| oval:ssg-sebool_cobbler_anon_write:def:1 |
error |
compliance |
[sebool_cobbler_anon_write] |
SELinux "cobbler_anon_write" Boolean Check |
| oval:ssg-sebool_cluster_use_execmem:def:1 |
error |
compliance |
[sebool_cluster_use_execmem] |
SELinux "cluster_use_execmem" Boolean Check |
| oval:ssg-sebool_cluster_manage_all_files:def:1 |
error |
compliance |
[sebool_cluster_manage_all_files] |
SELinux "cluster_manage_all_files" Boolean Check |
| oval:ssg-sebool_cluster_can_network_connect:def:1 |
error |
compliance |
[sebool_cluster_can_network_connect] |
SELinux "cluster_can_network_connect" Boolean Check |
| oval:ssg-sebool_cdrecord_read_content:def:1 |
error |
compliance |
[sebool_cdrecord_read_content] |
SELinux "cdrecord_read_content" Boolean Check |
| oval:ssg-sebool_boinc_execmem:def:1 |
error |
compliance |
[sebool_boinc_execmem] |
SELinux "boinc_execmem" Boolean Check |
| oval:ssg-sebool_awstats_purge_apache_log_files:def:1 |
error |
compliance |
[sebool_awstats_purge_apache_log_files] |
SELinux "awstats_purge_apache_log_files" Boolean Check |
| oval:ssg-sebool_authlogin_yubikey:def:1 |
error |
compliance |
[sebool_authlogin_yubikey] |
SELinux "authlogin_yubikey" Boolean Check |
| oval:ssg-sebool_authlogin_radius:def:1 |
error |
compliance |
[sebool_authlogin_radius] |
SELinux "authlogin_radius" Boolean Check |
| oval:ssg-sebool_authlogin_nsswitch_use_ldap:def:1 |
error |
compliance |
[sebool_authlogin_nsswitch_use_ldap] |
SELinux "authlogin_nsswitch_use_ldap" Boolean Check |
| oval:ssg-sebool_auditadm_exec_content:def:1 |
error |
compliance |
[sebool_auditadm_exec_content] |
SELinux "auditadm_exec_content" Boolean Check |
| oval:ssg-sebool_antivirus_use_jit:def:1 |
error |
compliance |
[sebool_antivirus_use_jit] |
SELinux "antivirus_use_jit" Boolean Check |
| oval:ssg-sebool_antivirus_can_scan_system:def:1 |
error |
compliance |
[sebool_antivirus_can_scan_system] |
SELinux "antivirus_can_scan_system" Boolean Check |
| oval:ssg-sebool_abrt_upload_watch_anon_write:def:1 |
error |
compliance |
[sebool_abrt_upload_watch_anon_write] |
SELinux "abrt_upload_watch_anon_write" Boolean Check |
| oval:ssg-sebool_abrt_handle_event:def:1 |
error |
compliance |
[sebool_abrt_handle_event] |
SELinux "abrt_handle_event" Boolean Check |
| oval:ssg-sebool_abrt_anon_write:def:1 |
error |
compliance |
[sebool_abrt_anon_write] |
SELinux "abrt_anon_write" Boolean Check |
| oval:ssg-auditd_data_retention_space_left_action:def:1 |
error |
compliance |
[auditd_data_retention_space_left_action] |
Auditd Action to Take When Disk Starting to Run Low on Space |
| oval:ssg-auditd_data_retention_num_logs:def:1 |
error |
compliance |
[auditd_data_retention_num_logs] |
Auditd Maximum Number of Logs to Retain |
| oval:ssg-auditd_data_retention_max_log_file_action:def:1 |
error |
compliance |
[auditd_data_retention_max_log_file_action] |
Auditd Action to Take When Maximum Log Size Reached |
| oval:ssg-auditd_data_retention_max_log_file:def:1 |
error |
compliance |
[auditd_data_retention_max_log_file] |
Auditd Maximum Log File Size |
| oval:ssg-auditd_data_retention_flush:def:1 |
error |
compliance |
[auditd_data_retention_flush] |
Auditd priority for flushing data to disk |
| oval:ssg-auditd_data_retention_admin_space_left_action:def:1 |
error |
compliance |
[auditd_data_retention_admin_space_left_action] |
Auditd Action to Take When Disk is Low on Space |
| oval:ssg-auditd_data_retention_action_mail_acct:def:1 |
error |
compliance |
[auditd_data_retention_action_mail_acct] |
Auditd Email Account to Notify Upon Action |
| oval:ssg-accounts_umask_etc_profile:def:1 |
error |
compliance |
[accounts_umask_etc_profile] |
Ensure that Users Have Sensible Umask Values in /etc/profile |
| oval:ssg-accounts_umask_etc_login_defs:def:1 |
error |
compliance |
[accounts_umask_etc_login_defs] |
Ensure that Users Have Sensible Umask Values in /etc/login.defs |
| oval:ssg-accounts_umask_etc_csh_cshrc:def:1 |
error |
compliance |
[accounts_umask_etc_csh_cshrc] |
Ensure that Users Have Sensible Umask Values set for csh |
| oval:ssg-accounts_umask_etc_bashrc:def:1 |
error |
compliance |
[accounts_umask_etc_bashrc] |
Ensure that Users Have Sensible Umask Values set for bash |
| oval:ssg-accounts_tmout:def:1 |
error |
compliance |
[accounts_tmout] |
Set Interactive Session Timeout |
| oval:ssg-accounts_passwords_pam_faillock_unlock_time:def:1 |
error |
compliance |
[accounts_passwords_pam_faillock_unlock_time] |
Lock out account after failed login attempts |
| oval:ssg-accounts_passwords_pam_faillock_interval:def:1 |
error |
compliance |
[accounts_passwords_pam_faillock_interval] |
Lock out account after failed login attempts |
| oval:ssg-accounts_passwords_pam_faillock_deny:def:1 |
error |
compliance |
[accounts_passwords_pam_faillock_deny] |
Lock out account after failed login attempts |
| oval:ssg-accounts_password_warn_age_login_defs:def:1 |
error |
compliance |
[accounts_password_warn_age_login_defs] |
Set Password Expiration Parameters |
| oval:ssg-accounts_password_pam_unix_remember:def:1 |
error |
compliance |
[accounts_password_pam_unix_remember] |
Limit Password Reuse |
| oval:ssg-accounts_password_pam_ucredit:def:1 |
error |
compliance |
[accounts_password_pam_ucredit] |
Set Password ucredit Requirements |
| oval:ssg-accounts_password_pam_ocredit:def:1 |
error |
compliance |
[accounts_password_pam_ocredit] |
Set Password ocredit Requirements |
| oval:ssg-accounts_password_pam_minlen:def:1 |
error |
compliance |
[accounts_password_pam_minlen] |
Set Password minlen Requirements |
| oval:ssg-accounts_password_pam_minclass:def:1 |
error |
compliance |
[accounts_password_pam_minclass] |
Set Password minclass Requirements |
| oval:ssg-accounts_password_pam_maxrepeat:def:1 |
error |
compliance |
[accounts_password_pam_maxrepeat] |
Set Password maxrepeat Requirements |
| oval:ssg-accounts_password_pam_maxclassrepeat:def:1 |
error |
compliance |
[accounts_password_pam_maxclassrepeat] |
Set Password maxclassrepeat Requirements |
| oval:ssg-accounts_password_pam_lcredit:def:1 |
error |
compliance |
[accounts_password_pam_lcredit] |
Set Password lcredit Requirements |
| oval:ssg-accounts_password_pam_difok:def:1 |
error |
compliance |
[accounts_password_pam_difok] |
Set Password difok Requirements |
| oval:ssg-accounts_password_pam_dcredit:def:1 |
error |
compliance |
[accounts_password_pam_dcredit] |
Set Password dcredit Requirements |
| oval:ssg-accounts_password_minlen_login_defs:def:1 |
error |
compliance |
[accounts_password_minlen_login_defs] |
Set Password Expiration Parameters |
| oval:ssg-accounts_minimum_age_login_defs:def:1 |
error |
compliance |
[accounts_minimum_age_login_defs] |
Set Password Expiration Parameters |
| oval:ssg-accounts_maximum_age_login_defs:def:1 |
error |
compliance |
[accounts_maximum_age_login_defs] |
Set Password Expiration Parameters |
| oval:ssg-accounts_max_concurrent_login_sessions:def:1 |
error |
compliance |
[accounts_max_concurrent_login_sessions] |
Set Maximum Number of Concurrent Login Sessions Per User |
| oval:ssg-accounts_logon_fail_delay:def:1 |
error |
compliance |
[accounts_logon_fail_delay] |
Ensure that FAIL_DELAY is Configured in /etc/login.defs |
| oval:ssg-account_disable_post_pw_expiration:def:1 |
error |
compliance |
[account_disable_post_pw_expiration] |
Set Accounts to Expire Following Password Expiration |
| oval:ssg-installed_env_is_a_machine:def:1 |
true |
inventory |
[cpe:/a:machine], [installed_env_is_a_machine] |
Check if the scan target is a machine |
| oval:ssg-installed_env_is_a_container:def:1 |
false |
inventory |
[cpe:/a:container], [installed_env_is_a_container] |
Check if the scan target is a container |
| oval:ssg-installed_OS_is_wrlinux:def:1 |
false |
inventory |
[cpe:/o:windriver:wrlinux], [installed_OS_is_wrlinux] |
WRLinux |
| oval:ssg-installed_OS_is_sl7:def:1 |
false |
inventory |
[cpe:/o:scientificlinux:scientificlinux:6], [installed_OS_is_sl7] |
Scientific Linux 7 |
| oval:ssg-installed_OS_is_sl6:def:1 |
false |
inventory |
[cpe:/o:scientificlinux:scientificlinux:6], [installed_OS_is_sl6] |
Scientific Linux 6 |
| oval:ssg-installed_OS_is_rhel7:def:1 |
false |
inventory |
[cpe:/o:redhat:enterprise_linux:7], [installed_OS_is_rhel7] |
Red Hat Enterprise Linux 7 |
| oval:ssg-installed_OS_is_rhel6:def:1 |
false |
inventory |
[cpe:/o:redhat:enterprise_linux:6], [installed_OS_is_rhel6] |
Red Hat Enterprise Linux 6 |
| oval:ssg-installed_OS_is_part_of_Unix_family:def:1 |
true |
inventory |
[installed_OS_is_part_of_Unix_family] |
Installed operating system is part of the Unix family |
| oval:ssg-installed_OS_is_fedora:def:1 |
false |
inventory |
[cpe:/o:fedoraproject:fedora:22], [cpe:/o:fedoraproject:fedora:23], [cpe:/o:fedoraproject:fedora:24], [cpe:/o:fedoraproject:fedora:25], [installed_OS_is_fedora] |
Installed operating system is Fedora |
| oval:ssg-installed_OS_is_centos7:def:1 |
true |
inventory |
[cpe:/o:centos:centos:7], [installed_OS_is_centos7] |
CentOS 7 |
| oval:ssg-installed_OS_is_centos6:def:1 |
false |
inventory |
[cpe:/o:centos:centos:6], [installed_OS_is_centos6] |
CentOS 6 |
| oval:ssg-xwindows_runlevel_setting:def:1 |
true |
compliance |
[xwindows_runlevel_setting] |
Disable X Windows Startup By Setting Default SystemD Target |
| oval:ssg-wireless_disable_interfaces:def:1 |
true |
compliance |
[wireless_disable_interfaces] |
Deactivate Wireless Interfaces |
| oval:ssg-var_umask_for_daemons_as_number:def:1 |
true |
compliance |
[var_umask_for_daemons_as_number] |
Value of 'var_umask_for_daemons' variable represented as octal number |
| oval:ssg-var_accounts_user_umask_as_number:def:1 |
true |
compliance |
[var_accounts_user_umask_as_number] |
Value of 'var_accounts_user_umask' variable represented as octal number |
| oval:ssg-userowner_shadow_file:def:1 |
true |
compliance |
[userowner_shadow_file] |
Verify user who owns 'shadow' file |
| oval:ssg-use_kerberos_security_all_exports:def:1 |
true |
compliance |
[use_kerberos_security_all_exports] |
Use Kerberos Security on All Exports |
| oval:ssg-tftpd_uses_secure_mode:def:1 |
true |
compliance |
[tftpd_uses_secure_mode] |
TFTP Daemon Uses Secure Mode |
| oval:ssg-system_info_architecture_x86_64:def:1 |
true |
compliance |
[system_info_architecture_x86_64] |
Test for x86_64 Architecture |
| oval:ssg-system_info_architecture_64bit:def:1 |
true |
compliance |
[system_info_architecture_64bit] |
Test for 64-bit Architecture |
| oval:ssg-sysctl_runtime_net_ipv4_ip_forward:def:1 |
true |
compliance |
[sysctl_runtime_net_ipv4_ip_forward] |
Kernel "net.ipv4.ip_forward" Parameter Runtime Check |
| oval:ssg-sysctl_runtime_kernel_randomize_va_space:def:1 |
true |
compliance |
[sysctl_runtime_kernel_randomize_va_space] |
Kernel "kernel.randomize_va_space" Parameter Runtime Check |
| oval:ssg-sysctl_runtime_fs_suid_dumpable:def:1 |
true |
compliance |
[sysctl_runtime_fs_suid_dumpable] |
Kernel "fs.suid_dumpable" Parameter Runtime Check |
| oval:ssg-sysctl_kernel_exec_shield:def:1 |
true |
compliance |
[sysctl_kernel_exec_shield] |
Kernel Runtime Parameter "kernel.exec-shield" Check |
| oval:ssg-sudo_remove_nopasswd:def:1 |
true |
compliance |
[sudo_remove_nopasswd] |
Ensure NOPASSWD Is Not Used in Sudo |
| oval:ssg-sudo_remove_no_authenticate:def:1 |
true |
compliance |
[sudo_remove_no_authenticate] |
Ensure !authenticate Is Not Used in Sudo |
| oval:ssg-sssd_ssh_known_hosts_timeout:def:1 |
true |
compliance |
[sssd_ssh_known_hosts_timeout] |
Configure SSSD to Expire SSH Known Hosts |
| oval:ssg-sssd_offline_cred_expiration:def:1 |
true |
compliance |
[sssd_offline_cred_expiration] |
Configure SSSD to Expire Offline Credentials |
| oval:ssg-sssd_memcache_timeout:def:1 |
true |
compliance |
[sssd_memcache_timeout] |
Configure SSSD's Memory Cache to Expire |
| oval:ssg-sshd_use_priv_separation:def:1 |
true |
compliance |
[sshd_use_priv_separation] |
Use Priviledge Separation |
| oval:ssg-sshd_set_keepalive:def:1 |
true |
compliance |
[sshd_set_keepalive] |
Set ClientAliveCountMax for User Logins |
| oval:ssg-sshd_print_last_log:def:1 |
true |
compliance |
[sshd_print_last_log] |
Enable Print Last Log |
| oval:ssg-sshd_enable_x11_forwarding:def:1 |
true |
compliance |
[sshd_enable_x11_forwarding] |
Enable X11 Forwarding |
| oval:ssg-sshd_enable_warning_banner:def:1 |
true |
compliance |
[sshd_enable_warning_banner] |
Enable a Warning Banner |
| oval:ssg-sshd_enable_strictmodes:def:1 |
true |
compliance |
[sshd_enable_strictmodes] |
Enable SSH Server's Strict Mode |
| oval:ssg-sshd_disable_user_known_hosts:def:1 |
true |
compliance |
[sshd_disable_user_known_hosts] |
Disable SSH Support for User Known Hosts |
| oval:ssg-sshd_disable_rhosts_rsa:def:1 |
true |
compliance |
[sshd_disable_rhosts_rsa] |
Disable SSH Support for Rhosts RSA Authentication |
| oval:ssg-sshd_disable_rhosts:def:1 |
true |
compliance |
[sshd_disable_rhosts] |
Disable .rhosts Files |
| oval:ssg-sshd_disable_kerb_auth:def:1 |
true |
compliance |
[sshd_disable_kerb_auth] |
Disable Kerberos Authentication |
| oval:ssg-sshd_disable_gssapi_auth:def:1 |
true |
compliance |
[sshd_disable_gssapi_auth] |
Disable GSSAPI Authentication |
| oval:ssg-sshd_disable_empty_passwords:def:1 |
true |
compliance |
[sshd_disable_empty_passwords] |
Disable Empty Passwords |
| oval:ssg-sshd_disable_compression:def:1 |
true |
compliance |
[sshd_disable_compression] |
Disable Compression Or Set Compression to delayed |
| oval:ssg-sshd_allow_only_protocol2:def:1 |
true |
compliance |
[sshd_allow_only_protocol2] |
Ensure Only Protocol 2 Connections Allowed |
| oval:ssg-snmpd_use_newer_protocol:def:1 |
true |
compliance |
[snmpd_use_newer_protocol] |
SNMP use newer protocols |
| oval:ssg-snmpd_not_default_password:def:1 |
true |
compliance |
[snmpd_not_default_password] |
SNMP default communities disabled |
| oval:ssg-smartcard_auth:def:1 |
true |
compliance |
[smartcard_auth] |
Enable Smart Card Login |
| oval:ssg-set_password_hashing_algorithm_systemauth:def:1 |
true |
compliance |
[set_password_hashing_algorithm_systemauth] |
Set Password Hashing Algorithm in /etc/pam.d/system-auth |
| oval:ssg-set_password_hashing_algorithm_logindefs:def:1 |
true |
compliance |
[set_password_hashing_algorithm_logindefs] |
Set SHA512 Password Hashing Algorithm in /etc/login.defs |
| oval:ssg-set_password_hashing_algorithm_libuserconf:def:1 |
true |
compliance |
[set_password_hashing_algorithm_libuserconf] |
Set SHA512 Password Hashing Algorithm in /etc/libuser.conf |
| oval:ssg-set_firewalld_default_zone:def:1 |
true |
compliance |
[set_firewalld_default_zone] |
Change the default firewalld zone to drop |
| oval:ssg-service_zebra_disabled:def:1 |
true |
compliance |
[service_zebra_disabled] |
Service zebra Disabled |
| oval:ssg-service_ypbind_disabled:def:1 |
true |
compliance |
[service_ypbind_disabled] |
Service ypbind Disabled |
| oval:ssg-service_xinetd_disabled:def:1 |
true |
compliance |
[service_xinetd_disabled] |
Service xinetd Disabled |
| oval:ssg-service_vsftpd_disabled:def:1 |
true |
compliance |
[service_vsftpd_disabled] |
Service vsftpd Disabled |
| oval:ssg-service_tftp_disabled:def:1 |
true |
compliance |
[service_tftp_disabled] |
Service tftp Disabled |
| oval:ssg-service_telnet_disabled:def:1 |
true |
compliance |
[service_telnet_disabled] |
Service telnet Disabled |
| oval:ssg-service_sysstat_disabled:def:1 |
true |
compliance |
[service_sysstat_disabled] |
Service sysstat Disabled |
| oval:ssg-service_sssd_disabled:def:1 |
true |
compliance |
[service_sssd_disabled] |
Service sssd Disabled |
| oval:ssg-service_sshd_enabled:def:1 |
true |
compliance |
[service_sshd_enabled] |
Service sshd Enabled |
| oval:ssg-service_squid_disabled:def:1 |
true |
compliance |
[service_squid_disabled] |
Service squid Disabled |
| oval:ssg-service_snmpd_disabled:def:1 |
true |
compliance |
[service_snmpd_disabled] |
Service snmpd Disabled |
| oval:ssg-service_smb_disabled:def:1 |
true |
compliance |
[service_smb_disabled] |
Service smb Disabled |
| oval:ssg-service_smartd_disabled:def:1 |
true |
compliance |
[service_smartd_disabled] |
Service smartd Disabled |
| oval:ssg-service_saslauthd_disabled:def:1 |
true |
compliance |
[service_saslauthd_disabled] |
Service saslauthd Disabled |
| oval:ssg-service_rsyslog_enabled:def:1 |
true |
compliance |
[service_rsyslog_enabled] |
Service rsyslog Enabled |
| oval:ssg-service_rsh_disabled:def:1 |
true |
compliance |
[service_rsh_disabled] |
Service rsh Disabled |
| oval:ssg-service_rpcsvcgssd_disabled:def:1 |
true |
compliance |
[service_rpcsvcgssd_disabled] |
Service rpcsvcgssd Disabled |
| oval:ssg-service_rpcidmapd_disabled:def:1 |
true |
compliance |
[service_rpcidmapd_disabled] |
Service rpcidmapd Disabled |
| oval:ssg-service_rpcgssd_disabled:def:1 |
true |
compliance |
[service_rpcgssd_disabled] |
Service rpcgssd Disabled |
| oval:ssg-service_rpcbind_disabled:def:1 |
true |
compliance |
[service_rpcbind_disabled] |
Service rpcbind Disabled |
| oval:ssg-service_rlogin_disabled:def:1 |
true |
compliance |
[service_rlogin_disabled] |
Service rlogin Disabled |
| oval:ssg-service_rhsmcertd_disabled:def:1 |
true |
compliance |
[service_rhsmcertd_disabled] |
Service rhsmcertd Disabled |
| oval:ssg-service_rhnsd_disabled:def:1 |
true |
compliance |
[service_rhnsd_disabled] |
Service rhnsd Disabled |
| oval:ssg-service_rexec_disabled:def:1 |
true |
compliance |
[service_rexec_disabled] |
Service rexec Disabled |
| oval:ssg-service_rdisc_disabled:def:1 |
true |
compliance |
[service_rdisc_disabled] |
Service rdisc Disabled |
| oval:ssg-service_quota_nld_disabled:def:1 |
true |
compliance |
[service_quota_nld_disabled] |
Service quota_nld Disabled |
| oval:ssg-service_qpidd_disabled:def:1 |
true |
compliance |
[service_qpidd_disabled] |
Service qpidd Disabled |
| oval:ssg-service_postfix_enabled:def:1 |
true |
compliance |
[service_postfix_enabled] |
Service postfix Enabled |
| oval:ssg-service_portreserve_disabled:def:1 |
true |
compliance |
[service_portreserve_disabled] |
Service portreserve Disabled |
| oval:ssg-service_oddjobd_disabled:def:1 |
true |
compliance |
[service_oddjobd_disabled] |
Service oddjobd Disabled |
| oval:ssg-service_ntpdate_disabled:def:1 |
true |
compliance |
[service_ntpdate_disabled] |
Service ntpdate Disabled |
| oval:ssg-service_nfslock_disabled:def:1 |
true |
compliance |
[service_nfslock_disabled] |
Service nfslock Disabled |
| oval:ssg-service_nfs_disabled:def:1 |
true |
compliance |
[service_nfs_disabled] |
Service nfs Disabled |
| oval:ssg-service_netconsole_disabled:def:1 |
true |
compliance |
[service_netconsole_disabled] |
Service netconsole Disabled |
| oval:ssg-service_named_disabled:def:1 |
true |
compliance |
[service_named_disabled] |
Service named Disabled |
| oval:ssg-service_nails_enabled:def:1 |
true |
compliance |
[service_nails_enabled] |
Service nails Enabled |
| oval:ssg-service_messagebus_disabled:def:1 |
true |
compliance |
[service_messagebus_disabled] |
Service messagebus Disabled |
| oval:ssg-service_mdmonitor_disabled:def:1 |
true |
compliance |
[service_mdmonitor_disabled] |
Service mdmonitor Disabled |
| oval:ssg-service_irqbalance_enabled:def:1 |
true |
compliance |
[service_irqbalance_enabled] |
Service irqbalance Enabled |
| oval:ssg-service_httpd_disabled:def:1 |
true |
compliance |
[service_httpd_disabled] |
Service httpd Disabled |
| oval:ssg-service_firewalld_enabled:def:1 |
true |
compliance |
[service_firewalld_enabled] |
Service firewalld Enabled |
| oval:ssg-service_dovecot_disabled:def:1 |
true |
compliance |
[service_dovecot_disabled] |
Service dovecot Disabled |
| oval:ssg-service_dhcpd_disabled:def:1 |
true |
compliance |
[service_dhcpd_disabled] |
Service dhcpd Disabled |
| oval:ssg-service_debug-shell_disabled:def:1 |
true |
compliance |
[service_debug-shell_disabled] |
Service debug-shell Disabled |
| oval:ssg-service_cups_disabled:def:1 |
true |
compliance |
[service_cups_disabled] |
Service cups Disabled |
| oval:ssg-service_crond_enabled:def:1 |
true |
compliance |
[service_crond_enabled] |
Service crond Enabled |
| oval:ssg-service_cpupower_disabled:def:1 |
true |
compliance |
[service_cpupower_disabled] |
Service cpupower Disabled |
| oval:ssg-service_chronyd_or_ntpd_enabled:def:1 |
true |
compliance |
[service_chronyd_or_ntpd_enabled] |
Service chronyd Or Service ntpd Enabled |
| oval:ssg-service_chronyd_enabled:def:1 |
true |
compliance |
[service_chronyd_enabled] |
Service chronyd Enabled |
| oval:ssg-service_cgred_disabled:def:1 |
true |
compliance |
[service_cgred_disabled] |
Service cgred Disabled |
| oval:ssg-service_cgconfig_disabled:def:1 |
true |
compliance |
[service_cgconfig_disabled] |
Service cgconfig Disabled |
| oval:ssg-service_certmonger_disabled:def:1 |
true |
compliance |
[service_certmonger_disabled] |
Service certmonger Disabled |
| oval:ssg-service_bluetooth_disabled:def:1 |
true |
compliance |
[service_bluetooth_disabled] |
Service bluetooth Disabled |
| oval:ssg-service_avahi-daemon_disabled:def:1 |
true |
compliance |
[service_avahi-daemon_disabled] |
Service avahi-daemon Disabled |
| oval:ssg-service_autofs_disabled:def:1 |
true |
compliance |
[service_autofs_disabled] |
Service autofs Disabled |
| oval:ssg-service_auditd_enabled:def:1 |
true |
compliance |
[service_auditd_enabled] |
Service auditd Enabled |
| oval:ssg-service_atd_disabled:def:1 |
true |
compliance |
[service_atd_disabled] |
Service atd Disabled |
| oval:ssg-service_acpid_disabled:def:1 |
true |
compliance |
[service_acpid_disabled] |
Service acpid Disabled |
| oval:ssg-service_abrtd_disabled:def:1 |
true |
compliance |
[service_abrtd_disabled] |
Service abrtd Disabled |
| oval:ssg-selinux_confinement_of_daemons:def:1 |
true |
compliance |
[selinux_confinement_of_daemons] |
Ensure No Daemons are Unconfined by SELinux |
| oval:ssg-rsyslog_nolisten:def:1 |
true |
compliance |
[rsyslog_nolisten] |
Disable Rsyslogd from Accepting Remote Messages on Loghosts
Only |
| oval:ssg-rsyslog_files_permissions:def:1 |
true |
compliance |
[rsyslog_files_permissions] |
Confirm Existence and Permissions of System Log Files |
| oval:ssg-rsyslog_files_ownership:def:1 |
true |
compliance |
[rsyslog_files_ownership] |
Confirm Existence and Permissions of System Log Files |
| oval:ssg-rsyslog_files_groupownership:def:1 |
true |
compliance |
[rsyslog_files_groupownership] |
Confirm Existence and Permissions of System Log Files |
| oval:ssg-rsyslog_cron_logging:def:1 |
true |
compliance |
[rsyslog_cron_logging] |
Verify Cron is Logging to Rsyslog |
| oval:ssg-rpm_verify_permissions:def:1 |
true |
compliance |
[rpm_verify_permissions] |
Verify File Ownership And Permissions Using RPM |
| oval:ssg-rpm_verify_hashes:def:1 |
true |
compliance |
[rpm_verify_hashes] |
Verify File Hashes with RPM |
| oval:ssg-root_path_no_dot:def:1 |
true |
compliance |
[root_path_no_dot] |
Ensure that No Dangerous Directories Exist in Root's Path |
| oval:ssg-require_smb_client_signing:def:1 |
true |
compliance |
[require_smb_client_signing] |
Require Client SMB Packet Signing in smb.conf |
| oval:ssg-require_singleuser_auth:def:1 |
true |
compliance |
[require_singleuser_auth] |
Require Authentication for Single-User Mode |
| oval:ssg-removable_partition_doesnt_exist:def:1 |
true |
compliance |
[removable_partition_doesnt_exist] |
Device Files for Removable Media Partitions Does Not Exist on the System |
| oval:ssg-postfix_network_listening_disabled:def:1 |
true |
compliance |
[postfix_network_listening_disabled] |
Postfix network listening should be disabled |
| oval:ssg-pcscd_activation_socket_enabled:def:1 |
true |
compliance |
[pcscd_activation_socket_enabled] |
pcscd.socket Activation Socket Enabled |
| oval:ssg-package_ypserv_removed:def:1 |
true |
compliance |
[package_ypserv_removed] |
Package ypserv Removed |
| oval:ssg-package_ypbind_removed:def:1 |
true |
compliance |
[package_ypbind_removed] |
Package ypbind Removed |
| oval:ssg-package_xorg-x11-server-common_removed:def:1 |
true |
compliance |
[package_xorg-x11-server-common_removed] |
Package xorg-x11-server-common Removed |
| oval:ssg-package_xinetd_removed:def:1 |
true |
compliance |
[package_xinetd_removed] |
Package xinetd Removed |
| oval:ssg-package_vsftpd_removed:def:1 |
true |
compliance |
[package_vsftpd_removed] |
Package vsftpd Removed |
| oval:ssg-package_tftp_removed:def:1 |
true |
compliance |
[package_tftp_removed] |
Package tftp Removed |
| oval:ssg-package_tftp-server_removed:def:1 |
true |
compliance |
[package_tftp-server_removed] |
Package tftp-server Removed |
| oval:ssg-package_telnet_removed:def:1 |
true |
compliance |
[package_telnet_removed] |
Package telnet Removed |
| oval:ssg-package_telnet-server_removed:def:1 |
true |
compliance |
[package_telnet-server_removed] |
Package telnet-server Removed |
| oval:ssg-package_talk_removed:def:1 |
true |
compliance |
[package_talk_removed] |
Package talk Removed |
| oval:ssg-package_talk-server_removed:def:1 |
true |
compliance |
[package_talk-server_removed] |
Package talk-server Removed |
| oval:ssg-package_sysstat_removed:def:1 |
true |
compliance |
[package_sysstat_removed] |
Package sysstat Removed |
| oval:ssg-package_subscription-manager_removed:def:1 |
true |
compliance |
[package_subscription-manager_removed] |
Package subscription-manager Removed |
| oval:ssg-package_sssd_removed:def:1 |
true |
compliance |
[package_sssd_removed] |
Package sssd Removed |
| oval:ssg-package_squid_removed:def:1 |
true |
compliance |
[package_squid_removed] |
Package squid Removed |
| oval:ssg-package_smartmontools_removed:def:1 |
true |
compliance |
[package_smartmontools_removed] |
Package smartmontools Removed |
| oval:ssg-package_setroubleshoot_removed:def:1 |
true |
compliance |
[package_setroubleshoot_removed] |
Package setroubleshoot Removed |
| oval:ssg-package_sendmail_removed:def:1 |
true |
compliance |
[package_sendmail_removed] |
Package sendmail Removed |
| oval:ssg-package_screen_installed:def:1 |
true |
compliance |
[package_screen_installed] |
Package screen Installed |
| oval:ssg-package_samba_removed:def:1 |
true |
compliance |
[package_samba_removed] |
Package samba Removed |
| oval:ssg-package_samba-common_removed:def:1 |
true |
compliance |
[package_samba-common_removed] |
Package samba-common Removed |
| oval:ssg-package_rsyslog_installed:def:1 |
true |
compliance |
[package_rsyslog_installed] |
Package rsyslog Installed |
| oval:ssg-package_rsh_removed:def:1 |
true |
compliance |
[package_rsh_removed] |
Package rsh Removed |
| oval:ssg-package_rsh-server_removed:def:1 |
true |
compliance |
[package_rsh-server_removed] |
Package rsh-server Removed |
| oval:ssg-package_rhnsd_removed:def:1 |
true |
compliance |
[package_rhnsd_removed] |
Package rhnsd Removed |
| oval:ssg-package_quota-nld_removed:def:1 |
true |
compliance |
[package_quota-nld_removed] |
Package quota-nld Removed |
| oval:ssg-package_quagga_removed:def:1 |
true |
compliance |
[package_quagga_removed] |
Package quagga Removed |
| oval:ssg-package_qpid-cpp-server_removed:def:1 |
true |
compliance |
[package_qpid-cpp-server_removed] |
Package qpid-cpp-server Removed |
| oval:ssg-package_prelink_removed:def:1 |
true |
compliance |
[package_prelink_removed] |
Package prelink Removed |
| oval:ssg-package_postfix_installed:def:1 |
true |
compliance |
[package_postfix_installed] |
Package postfix Installed |
| oval:ssg-package_portreserve_removed:def:1 |
true |
compliance |
[package_portreserve_removed] |
Package portreserve Removed |
| oval:ssg-package_pcsc-lite_installed:def:1 |
true |
compliance |
[package_pcsc-lite_installed] |
Package pcsc-lite Installed |
| oval:ssg-package_pam_pkcs11_installed:def:1 |
true |
compliance |
[package_pam_pkcs11_installed] |
Package pam_pkcs11 Installed |
| oval:ssg-package_openssh-server_installed:def:1 |
true |
compliance |
[package_openssh-server_installed] |
Package openssh-server Installed |
| oval:ssg-package_openldap-servers_removed:def:1 |
true |
compliance |
[package_openldap-servers_removed] |
Package openldap-servers Removed |
| oval:ssg-package_oddjob_removed:def:1 |
true |
compliance |
[package_oddjob_removed] |
Package oddjob Removed |
| oval:ssg-package_ntpdate_removed:def:1 |
true |
compliance |
[package_ntpdate_removed] |
Package ntpdate Removed |
| oval:ssg-package_nss-pam-ldapd_removed:def:1 |
true |
compliance |
[package_nss-pam-ldapd_removed] |
Package nss-pam-ldapd Removed |
| oval:ssg-package_nfs-utils_removed:def:1 |
true |
compliance |
[package_nfs-utils_removed] |
Package nfs-utils Removed |
| oval:ssg-package_net-snmp_removed:def:1 |
true |
compliance |
[package_net-snmp_removed] |
Package net-snmp Removed |
| oval:ssg-package_mdadm_removed:def:1 |
true |
compliance |
[package_mdadm_removed] |
Package mdadm Removed |
| oval:ssg-package_mcstrans_removed:def:1 |
true |
compliance |
[package_mcstrans_removed] |
Package mcstrans Removed |
| oval:ssg-package_libcgroup_removed:def:1 |
true |
compliance |
[package_libcgroup_removed] |
Package libcgroup Removed |
| oval:ssg-package_libcgroup-tools_removed:def:1 |
true |
compliance |
[package_libcgroup-tools_removed] |
Package libcgroup-tools Removed |
| oval:ssg-package_irqbalance_installed:def:1 |
true |
compliance |
[package_irqbalance_installed] |
Package irqbalance Installed |
| oval:ssg-package_httpd_removed:def:1 |
true |
compliance |
[package_httpd_removed] |
Package httpd Removed |
| oval:ssg-package_firewalld_installed:def:1 |
true |
compliance |
[package_firewalld_installed] |
Package firewalld Installed |
| oval:ssg-package_esc_installed:def:1 |
true |
compliance |
[package_esc_installed] |
Package esc Installed |
| oval:ssg-package_dovecot_removed:def:1 |
true |
compliance |
[package_dovecot_removed] |
Package dovecot Removed |
| oval:ssg-package_dhcp_removed:def:1 |
true |
compliance |
[package_dhcp_removed] |
Package dhcp Removed |
| oval:ssg-package_cyrus-sasl_removed:def:1 |
true |
compliance |
[package_cyrus-sasl_removed] |
Package cyrus-sasl Removed |
| oval:ssg-package_cups_removed:def:1 |
true |
compliance |
[package_cups_removed] |
Package cups Removed |
| oval:ssg-package_cronie_installed:def:1 |
true |
compliance |
[package_cronie_installed] |
Package cronie Installed |
| oval:ssg-package_chrony_installed:def:1 |
true |
compliance |
[package_chrony_installed] |
Package chrony Installed |
| oval:ssg-package_certmonger_removed:def:1 |
true |
compliance |
[package_certmonger_removed] |
Package certmonger Removed |
| oval:ssg-package_bluez_removed:def:1 |
true |
compliance |
[package_bluez_removed] |
Package bluez Removed |
| oval:ssg-package_bind_removed:def:1 |
true |
compliance |
[package_bind_removed] |
Package bind Removed |
| oval:ssg-package_avahi_removed:def:1 |
true |
compliance |
[package_avahi_removed] |
Package avahi Removed |
| oval:ssg-package_autofs_removed:def:1 |
true |
compliance |
[package_autofs_removed] |
Package autofs Removed |
| oval:ssg-package_audit_installed:def:1 |
true |
compliance |
[package_audit_installed] |
Package audit Installed |
| oval:ssg-package_at_removed:def:1 |
true |
compliance |
[package_at_removed] |
Package at Removed |
| oval:ssg-package_acpid_removed:def:1 |
true |
compliance |
[package_acpid_removed] |
Package acpid Removed |
| oval:ssg-package_abrt_removed:def:1 |
true |
compliance |
[package_abrt_removed] |
Package abrt Removed |
| oval:ssg-no_shelllogin_for_systemaccounts:def:1 |
true |
compliance |
[no_shelllogin_for_systemaccounts] |
System Accounts Do Not Run a Shell |
| oval:ssg-no_rsh_trust_files:def:1 |
true |
compliance |
[no_rsh_trust_files] |
No Legacy .rhosts Or hosts.equiv Files |
| oval:ssg-no_netrc_files:def:1 |
true |
compliance |
[no_netrc_files] |
Verify No netrc Files Exist |
| oval:ssg-no_insecure_locks_exports:def:1 |
true |
compliance |
[no_insecure_locks_exports] |
Ensure insecure_locks is disabled |
| oval:ssg-no_files_unowned_by_user:def:1 |
true |
compliance |
[no_files_unowned_by_user] |
Find files unowned by a user |
| oval:ssg-no_empty_passwords:def:1 |
true |
compliance |
[no_empty_passwords] |
No nullok Option in /etc/pam.d/system-auth |
| oval:ssg-no_cd_dvd_drive_in_etc_fstab:def:1 |
true |
compliance |
[no_cd_dvd_drive_in_etc_fstab] |
No CD/DVD drive is configured to automount in /etc/fstab |
| oval:ssg-network_sniffer_disabled:def:1 |
true |
compliance |
[network_sniffer_disabled] |
Disable the network sniffer |
| oval:ssg-network_ipv6_disable_rpc:def:1 |
true |
compliance |
[network_ipv6_disable_rpc] |
Disable Support for RPC IPv6 |
| oval:ssg-network_disable_ddns_interfaces:def:1 |
true |
compliance |
[network_disable_ddns_interfaces] |
Disable Client Dynamic DNS Updates |
| oval:ssg-mount_option_nosuid_removable_partitions:def:1 |
true |
compliance |
[mount_option_nosuid_removable_partitions] |
Add nosuid Option to Removable Media Partitions |
| oval:ssg-mount_option_nosuid_remote_filesystems:def:1 |
true |
compliance |
[mount_option_nosuid_remote_filesystems] |
Mount Remote Filesystems with nosuid |
| oval:ssg-mount_option_noexec_removable_partitions:def:1 |
true |
compliance |
[mount_option_noexec_removable_partitions] |
Add noexec Option to Removable Media Partitions |
| oval:ssg-mount_option_noexec_remote_filesystems:def:1 |
true |
compliance |
[mount_option_noexec_remote_filesystems] |
Mount Remote Filesystems with noexec |
| oval:ssg-mount_option_nodev_removable_partitions:def:1 |
true |
compliance |
[mount_option_nodev_removable_partitions] |
Add nodev Option to Removable Media Partitions |
| oval:ssg-mount_option_nodev_remote_filesystems:def:1 |
true |
compliance |
[mount_option_nodev_remote_filesystems] |
Mount Remote Filesystems with nodev |
| oval:ssg-mount_option_krb_sec_remote_filesystems:def:1 |
true |
compliance |
[mount_option_krb_sec_remote_filesystems] |
Mount Remote Filesystems with Kerberos Security |
| oval:ssg-mount_option_dev_shm_nosuid:def:1 |
true |
compliance |
[mount_option_dev_shm_nosuid] |
Add nosuid Option to /dev/shm |
| oval:ssg-mount_option_dev_shm_nodev:def:1 |
true |
compliance |
[mount_option_dev_shm_nodev] |
Add nodev Option to /dev/shm |
| oval:ssg-ldap_client_tls_cacertpath:def:1 |
true |
compliance |
[ldap_client_tls_cacertpath] |
Configure LDAP CA Certificate Path |
| oval:ssg-ldap_client_start_tls:def:1 |
true |
compliance |
[ldap_client_start_tls] |
Configure LDAP to Use TLS for All Transactions |
| oval:ssg-install_hids:def:1 |
true |
compliance |
[install_hids] |
Install Intrusion Detection Software |
| oval:ssg-install_PAE_kernel_on_x86-32:def:1 |
true |
compliance |
[install_PAE_kernel_on_x86-32] |
Package kernel-PAE Installed |
| oval:ssg-groupowner_shadow_file:def:1 |
true |
compliance |
[groupowner_shadow_file] |
Verify group who owns 'shadow' file |
| oval:ssg-gnome_gdm_disable_guest_login:def:1 |
true |
compliance |
[gnome_gdm_disable_guest_login] |
Disable GDM Guest Login |
| oval:ssg-gnome_gdm_disable_automatic_login:def:1 |
true |
compliance |
[gnome_gdm_disable_automatic_login] |
Disable GDM Automatic Login |
| oval:ssg-gid_passwd_group_same:def:1 |
true |
compliance |
[gid_passwd_group_same] |
All GIDs Are Present In /etc/group |
| oval:ssg-ftp_present_banner:def:1 |
true |
compliance |
[ftp_present_banner] |
Banner for FTP Users |
| oval:ssg-ftp_log_transactions:def:1 |
true |
compliance |
[ftp_log_transactions] |
Banner for FTP Users |
| oval:ssg-firewalld_sshd_port_enabled:def:1 |
true |
compliance |
[firewalld_sshd_port_enabled] |
Allow inbound firewall access to the SSH Server port |
| oval:ssg-file_user_owner_grub2_cfg:def:1 |
true |
compliance |
[file_user_owner_grub2_cfg] |
File grub.cfg Owned By root User |
| oval:ssg-file_permissions_var_log_audit:def:1 |
true |
compliance |
[file_permissions_var_log_audit] |
Verify /var/log/audit Permissions |
| oval:ssg-file_permissions_ungroupowned:def:1 |
true |
compliance |
[file_permissions_ungroupowned] |
Find files unowned by a group |
| oval:ssg-file_permissions_unauthorized_world_writable:def:1 |
true |
compliance |
[file_permissions_unauthorized_world_writable] |
Find Unauthorized World-Writable Files |
| oval:ssg-file_permissions_unauthorized_suid:def:1 |
true |
compliance |
[file_permissions_unauthorized_suid] |
Find setuid files from system packages |
| oval:ssg-file_permissions_unauthorized_sgid:def:1 |
true |
compliance |
[file_permissions_unauthorized_sgid] |
Find setgid files system packages |
| oval:ssg-file_permissions_sshd_pub_key:def:1 |
true |
compliance |
[file_permissions_sshd_pub_key] |
SSHD Service Public Key Permissions |
| oval:ssg-file_permissions_sshd_private_key:def:1 |
true |
compliance |
[file_permissions_sshd_private_key] |
SSH Server Private Key Permissions |
| oval:ssg-file_permissions_library_dirs:def:1 |
true |
compliance |
[file_permissions_library_dirs] |
Verify that Shared Library Files Have Restrictive Permissions |
| oval:ssg-file_permissions_httpd_server_modules_files:def:1 |
true |
compliance |
[file_permissions_httpd_server_modules_files] |
Verify Permissions On Apache Web Server Configuration Files |
| oval:ssg-file_permissions_httpd_server_conf_files:def:1 |
true |
compliance |
[file_permissions_httpd_server_conf_files] |
Verify Permissions On Apache Web Server Configuration Files |
| oval:ssg-file_permissions_httpd_server_conf_d_files:def:1 |
true |
compliance |
[file_permissions_httpd_server_conf_d_files] |
Verify Permissions On Apache Web Server Configuration Files |
| oval:ssg-file_permissions_home_dirs:def:1 |
true |
compliance |
[file_permissions_home_dirs] |
Proper Permissions User Home Directories |
| oval:ssg-file_permissions_etc_shadow:def:1 |
true |
compliance |
[file_permissions_etc_shadow] |
Verify /etc/shadow Permissions |
| oval:ssg-file_permissions_etc_passwd:def:1 |
true |
compliance |
[file_permissions_etc_passwd] |
Verify /etc/passwd Permissions |
| oval:ssg-file_permissions_etc_gshadow:def:1 |
true |
compliance |
[file_permissions_etc_gshadow] |
Verify /etc/gshadow Permissions |
| oval:ssg-file_permissions_etc_group:def:1 |
true |
compliance |
[file_permissions_etc_group] |
Verify permissions on 'group' file |
| oval:ssg-file_permissions_binary_dirs:def:1 |
true |
compliance |
[file_permissions_binary_dirs] |
Verify that System Executables Have Restrictive Permissions |
| oval:ssg-file_ownership_var_log_audit:def:1 |
true |
compliance |
[file_ownership_var_log_audit] |
Verify /var/log/audit Ownership |
| oval:ssg-file_ownership_library_dirs:def:1 |
true |
compliance |
[file_ownership_library_dirs] |
Verify that Shared Library Files Have Root Ownership |
| oval:ssg-file_ownership_binary_dirs:def:1 |
true |
compliance |
[file_ownership_binary_dirs] |
Verify that System Executables Have Root Ownership |
| oval:ssg-file_owner_etc_passwd:def:1 |
true |
compliance |
[file_owner_etc_passwd] |
Verify user who owns 'passwd' file |
| oval:ssg-file_owner_etc_gshadow:def:1 |
true |
compliance |
[file_owner_etc_gshadow] |
Verify user who owns 'gshadow' file |
| oval:ssg-file_owner_etc_group:def:1 |
true |
compliance |
[file_owner_etc_group] |
Verify user who owns 'group' file |
| oval:ssg-file_owner_cron_allow:def:1 |
true |
compliance |
[file_owner_cron_allow] |
Verify user who owns 'cron.allow' file |
| oval:ssg-file_groupowner_etc_passwd:def:1 |
true |
compliance |
[file_groupowner_etc_passwd] |
Verify group who owns 'passwd' file |
| oval:ssg-file_groupowner_etc_gshadow:def:1 |
true |
compliance |
[file_groupowner_etc_gshadow] |
Verify group who owns 'gshadow' file |
| oval:ssg-file_groupowner_etc_group:def:1 |
true |
compliance |
[file_groupowner_etc_group] |
Verify group who owns 'group' file |
| oval:ssg-file_groupowner_cron_allow:def:1 |
true |
compliance |
[file_groupowner_cron_allow] |
Verify group who owns 'cron.allow' file |
| oval:ssg-file_group_owner_grub2_cfg:def:1 |
true |
compliance |
[file_group_owner_grub2_cfg] |
File grub.cfg Owned By root Group |
| oval:ssg-ensure_redhat_gpgkey_installed:def:1 |
true |
compliance |
[ensure_redhat_gpgkey_installed] |
Red Hat Release and Auxiliary gpg-pubkey Packages Installed |
| oval:ssg-ensure_gpgcheck_repo_metadata:def:1 |
true |
compliance |
[ensure_gpgcheck_repo_metadata] |
Ensure gpgcheck Enabled for Repository Metadata |
| oval:ssg-ensure_gpgcheck_never_disabled:def:1 |
true |
compliance |
[ensure_gpgcheck_never_disabled] |
Ensure gpgcheck Enabled For All Yum or Dnf Package Repositories |
| oval:ssg-ensure_gpgcheck_local_packages:def:1 |
true |
compliance |
[ensure_gpgcheck_local_packages] |
Ensure gpgcheck Enabled for Local Packages |
| oval:ssg-ensure_gpgcheck_globally_activated:def:1 |
true |
compliance |
[ensure_gpgcheck_globally_activated] |
Ensure Yum gpgcheck Globally Activated |
| oval:ssg-enable_selinux_bootloader:def:1 |
true |
compliance |
[enable_selinux_bootloader] |
Enable SELinux in the GRUB2 Bootloader" |
| oval:ssg-enable_dconf_user_profile:def:1 |
true |
compliance |
[enable_dconf_user_profile] |
Implement Local DB for DConf User Profile |
| oval:ssg-dovecot_enable_ssl:def:1 |
true |
compliance |
[dovecot_enable_ssl] |
Enable SSL in Dovecot |
| oval:ssg-dovecot_disable_plaintext_auth:def:1 |
true |
compliance |
[dovecot_disable_plaintext_auth] |
Disable Plaintext Authentication in Dovecot |
| oval:ssg-docker_storage_configured:def:1 |
true |
compliance |
[docker_storage_configured] |
Use direct-lvm with device mapper storage driver |
| oval:ssg-docker_selinux_enabled:def:1 |
true |
compliance |
[docker_selinux_enabled] |
Ensure SELinux support is enabled in Docker |
| oval:ssg-display_login_attempts:def:1 |
true |
compliance |
[display_login_attempts] |
Set Last Login/Access Notification |
| oval:ssg-disable_interactive_boot:def:1 |
true |
compliance |
[disable_interactive_boot] |
Verify that Interactive Boot is Disabled |
| oval:ssg-disable_host_auth:def:1 |
true |
compliance |
[disable_host_auth] |
Disable Host-Based Authentication |
| oval:ssg-disable_ctrlaltdel_reboot:def:1 |
true |
compliance |
[disable_ctrlaltdel_reboot] |
Disable Ctrl-Alt-Del Reboot Activation |
| oval:ssg-dir_perms_world_writable_system_owned:def:1 |
true |
compliance |
[dir_perms_world_writable_system_owned] |
Find world writable directories not owned by a system account |
| oval:ssg-dir_perms_world_writable_sticky_bits:def:1 |
true |
compliance |
[dir_perms_world_writable_sticky_bits] |
Verify that All World-Writable Directories Have Sticky Bits Set |
| oval:ssg-dir_perms_var_log_httpd:def:1 |
true |
compliance |
[dir_perms_var_log_httpd] |
Directory /var/log/httpd/ Permissions |
| oval:ssg-dir_perms_etc_httpd_conf:def:1 |
true |
compliance |
[dir_perms_etc_httpd_conf] |
Directory /etc/httpd/conf/ Permissions |
| oval:ssg-dconf_gnome_session_user_locks:def:1 |
true |
compliance |
[dconf_gnome_session_user_locks] |
Ensure Users Cannot Change GNOME3 Session Settings |
| oval:ssg-dconf_gnome_screensaver_user_info:def:1 |
true |
compliance |
[dconf_gnome_screensaver_user_info] |
Disable Full User Name on Splash Shield |
| oval:ssg-dconf_gnome_screensaver_mode_blank:def:1 |
true |
compliance |
[dconf_gnome_screensaver_mode_blank] |
Implement Blank Screensaver |
| oval:ssg-dconf_gnome_screensaver_lock_enabled:def:1 |
true |
compliance |
[dconf_gnome_screensaver_lock_enabled] |
Enable GNOME3 Screensaver Lock After Idle Period |
| oval:ssg-dconf_gnome_screensaver_lock_delay:def:1 |
true |
compliance |
[dconf_gnome_screensaver_lock_delay] |
Enable GNOME3 Screensaver Lock Delay After Idle Period |
| oval:ssg-dconf_gnome_screensaver_idle_delay:def:1 |
true |
compliance |
[dconf_gnome_screensaver_idle_delay] |
Configure the GNOME3 GUI Screen locking |
| oval:ssg-dconf_gnome_screensaver_idle_activation_enabled:def:1 |
true |
compliance |
[dconf_gnome_screensaver_idle_activation_enabled] |
Enable GNOME3 Screensaver Idle Activation |
| oval:ssg-dconf_gnome_remote_access_encryption:def:1 |
true |
compliance |
[dconf_gnome_remote_access_encryption] |
Require Encryption for Remote Access in GNOME3 |
| oval:ssg-dconf_gnome_remote_access_credential_prompt:def:1 |
true |
compliance |
[dconf_gnome_remote_access_credential_prompt] |
Require Credential Prompting for Remote Access in GNOME3 |
| oval:ssg-dconf_gnome_login_retries:def:1 |
true |
compliance |
[dconf_gnome_login_retries] |
Set the GNOME3 Login Number of Failures |
| oval:ssg-dconf_gnome_login_banner_text:def:1 |
true |
compliance |
[dconf_gnome_login_banner_text] |
Enable GUI Warning Banner |
| oval:ssg-dconf_gnome_enable_smartcard_auth:def:1 |
true |
compliance |
[dconf_gnome_enable_smartcard_auth] |
Enable the GNOME3 Login Smartcard Authentication |
| oval:ssg-dconf_gnome_disable_wifi_notification:def:1 |
true |
compliance |
[dconf_gnome_disable_wifi_notification] |
Disable WIFI Network Notification in GNOME3 |
| oval:ssg-dconf_gnome_disable_wifi_create:def:1 |
true |
compliance |
[dconf_gnome_disable_wifi_create] |
Disable WIFI Network Connection Creation in GNOME3 |
| oval:ssg-dconf_gnome_disable_user_list:def:1 |
true |
compliance |
[dconf_gnome_disable_user_list] |
Disable the GNOME3 Login User List |
| oval:ssg-dconf_gnome_disable_user_admin:def:1 |
true |
compliance |
[dconf_gnome_disable_user_admin] |
Disable User Administration in GNOME3 |
| oval:ssg-dconf_gnome_disable_thumbnailers:def:1 |
true |
compliance |
[dconf_gnome_disable_thumbnailers] |
Disable All GNOME3 Thumbnailers |
| oval:ssg-dconf_gnome_disable_restart_shutdown:def:1 |
true |
compliance |
[dconf_gnome_disable_restart_shutdown] |
Disable the GNOME3 Login Restart and Shutdown Buttons |
| oval:ssg-dconf_gnome_disable_power_settings:def:1 |
true |
compliance |
[dconf_gnome_disable_power_settings] |
Disable Power Settings in GNOME3 |
| oval:ssg-dconf_gnome_disable_geolocation:def:1 |
true |
compliance |
[dconf_gnome_disable_geolocation] |
Disable Geolocation in GNOME3 |
| oval:ssg-dconf_gnome_disable_ctrlaltdel_reboot:def:1 |
true |
compliance |
[dconf_gnome_disable_ctrlaltdel_reboot] |
Disable Ctrl-Alt-Del Reboot Key Sequence in GNOME3 |
| oval:ssg-dconf_gnome_disable_automount:def:1 |
true |
compliance |
[dconf_gnome_disable_automount] |
Disable GNOME3 Automounting |
| oval:ssg-dconf_gnome_banner_enabled:def:1 |
true |
compliance |
[dconf_gnome_banner_enabled] |
Enable GNOME3 Login Warning Banner |
| oval:ssg-clean_components_post_updating:def:1 |
true |
compliance |
[clean_components_post_updating] |
Ensure YUM Removes Previous Package Versions |
| oval:ssg-chronyd_specify_remote_server:def:1 |
true |
compliance |
[chronyd_specify_remote_server] |
Specify a Remote NTP Server for Time Data |
| oval:ssg-chronyd_specify_multiple_servers:def:1 |
true |
compliance |
[chronyd_specify_multiple_servers] |
Specify Multiple Remote chronyd NTP Servers for Time Data |
| oval:ssg-chronyd_or_ntpd_specify_remote_server:def:1 |
true |
compliance |
[chronyd_or_ntpd_specify_remote_server] |
Specify Remote NTP chronyd Or ntpd Server for Time Data |
| oval:ssg-chronyd_or_ntpd_specify_multiple_servers:def:1 |
true |
compliance |
[chronyd_or_ntpd_specify_multiple_servers] |
Specify Multiple Remote chronyd Or ntpd NTP Servers for Time Data |
| oval:ssg-bootloader_uefi_password:def:1 |
true |
compliance |
[bootloader_uefi_password] |
Set the UEFI Boot Loader Password |
| oval:ssg-bootloader_disable_recovery_set_to_true:def:1 |
true |
compliance |
[bootloader_disable_recovery_set_to_true] |
Verify GRUB_DISABLE_RECOVERY Set to true |
| oval:ssg-audit_rules_augenrules:def:1 |
true |
compliance |
[audit_rules_augenrules] |
Record Any Attempts to Run semanage |
| oval:ssg-accounts_root_path_dirs_no_write:def:1 |
true |
compliance |
[accounts_root_path_dirs_no_write] |
Write permissions are disabled for group and other in all
directories in Root's Path |
| oval:ssg-accounts_password_pam_pwquality:def:1 |
true |
compliance |
[accounts_password_pam_pwquality] |
Check pam_pwquality Existence in system-auth |
| oval:ssg-accounts_password_all_shadowed:def:1 |
true |
compliance |
[accounts_password_all_shadowed] |
All Password Hashes Shadowed |
| oval:ssg-accounts_no_uid_except_zero:def:1 |
true |
compliance |
[accounts_no_uid_except_zero] |
UID 0 Belongs Only To Root |
| oval:ssg-account_unique_name:def:1 |
true |
compliance |
[account_unique_name] |
Set All Accounts To Have Unique Names |