OVAL Definition Results |
|
ID |
Result |
Class |
Reference ID |
Title |
oval:ssg-system_info_architecture_x86:def:1 |
false |
compliance |
[system_info_architecture_x86] |
Test for x86 Architecture |
oval:ssg-system_info_architecture_ppc_64:def:1 |
false |
compliance |
[system_info_architecture_ppc_64] |
Test for PPC and PPCLE Architecture |
oval:ssg-sysctl_vm_mmap_min_addr:def:1 |
false |
compliance |
[sysctl_vm_mmap_min_addr] |
Kernel "vm.mmap_min_addr" Parameter Configuration and Runtime Check |
oval:ssg-sysctl_static_vm_mmap_min_addr:def:1 |
false |
compliance |
[sysctl_static_vm_mmap_min_addr] |
Kernel "vm.mmap_min_addr" Parameter Configuration Check |
oval:ssg-sysctl_static_net_ipv4_ip_forward:def:1 |
false |
compliance |
[sysctl_static_net_ipv4_ip_forward] |
Kernel "net.ipv4.ip_forward" Parameter Configuration Check |
oval:ssg-sysctl_static_kernel_sysrq:def:1 |
false |
compliance |
[sysctl_static_kernel_sysrq] |
Kernel "kernel.sysrq" Parameter Configuration Check |
oval:ssg-sysctl_static_kernel_randomize_va_space:def:1 |
false |
compliance |
[sysctl_static_kernel_randomize_va_space] |
Kernel "kernel.randomize_va_space" Parameter Configuration Check |
oval:ssg-sysctl_static_kernel_pid_max:def:1 |
false |
compliance |
[sysctl_static_kernel_pid_max] |
Kernel "kernel.pid_max" Parameter Configuration Check |
oval:ssg-sysctl_static_kernel_perf_event_paranoid:def:1 |
false |
compliance |
[sysctl_static_kernel_perf_event_paranoid] |
Kernel "kernel.perf_event_paranoid" Parameter Configuration Check |
oval:ssg-sysctl_static_kernel_perf_event_max_sample_rate:def:1 |
false |
compliance |
[sysctl_static_kernel_perf_event_max_sample_rate] |
Kernel "kernel.perf_event_max_sample_rate" Parameter Configuration Check |
oval:ssg-sysctl_static_kernel_perf_cpu_time_max_percent:def:1 |
false |
compliance |
[sysctl_static_kernel_perf_cpu_time_max_percent] |
Kernel "kernel.perf_cpu_time_max_percent" Parameter Configuration Check |
oval:ssg-sysctl_static_kernel_kptr_restrict:def:1 |
false |
compliance |
[sysctl_static_kernel_kptr_restrict] |
Kernel "kernel.kptr_restrict" Parameter Configuration Check |
oval:ssg-sysctl_static_kernel_dmesg_restrict:def:1 |
false |
compliance |
[sysctl_static_kernel_dmesg_restrict] |
Kernel "kernel.dmesg_restrict" Parameter Configuration Check |
oval:ssg-sysctl_static_fs_suid_dumpable:def:1 |
false |
compliance |
[sysctl_static_fs_suid_dumpable] |
Kernel "fs.suid_dumpable" Parameter Configuration Check |
oval:ssg-sysctl_static_fs_protected_symlinks:def:1 |
false |
compliance |
[sysctl_static_fs_protected_symlinks] |
Kernel "fs.protected_symlinks" Parameter Configuration Check |
oval:ssg-sysctl_static_fs_protected_hardlinks:def:1 |
false |
compliance |
[sysctl_static_fs_protected_hardlinks] |
Kernel "fs.protected_hardlinks" Parameter Configuration Check |
oval:ssg-sysctl_runtime_kernel_sysrq:def:1 |
false |
compliance |
[sysctl_runtime_kernel_sysrq] |
Kernel "kernel.sysrq" Parameter Runtime Check |
oval:ssg-sysctl_runtime_kernel_pid_max:def:1 |
false |
compliance |
[sysctl_runtime_kernel_pid_max] |
Kernel "kernel.pid_max" Parameter Runtime Check |
oval:ssg-sysctl_runtime_kernel_perf_event_paranoid:def:1 |
false |
compliance |
[sysctl_runtime_kernel_perf_event_paranoid] |
Kernel "kernel.perf_event_paranoid" Parameter Runtime Check |
oval:ssg-sysctl_runtime_kernel_perf_event_max_sample_rate:def:1 |
false |
compliance |
[sysctl_runtime_kernel_perf_event_max_sample_rate] |
Kernel "kernel.perf_event_max_sample_rate" Parameter Runtime Check |
oval:ssg-sysctl_runtime_kernel_perf_cpu_time_max_percent:def:1 |
false |
compliance |
[sysctl_runtime_kernel_perf_cpu_time_max_percent] |
Kernel "kernel.perf_cpu_time_max_percent" Parameter Runtime Check |
oval:ssg-sysctl_runtime_kernel_kptr_restrict:def:1 |
false |
compliance |
[sysctl_runtime_kernel_kptr_restrict] |
Kernel "kernel.kptr_restrict" Parameter Runtime Check |
oval:ssg-sysctl_net_ipv4_ip_forward:def:1 |
false |
compliance |
[sysctl_net_ipv4_ip_forward] |
Kernel "net.ipv4.ip_forward" Parameter Configuration and Runtime Check |
oval:ssg-sysctl_kernel_sysrq:def:1 |
false |
compliance |
[sysctl_kernel_sysrq] |
Kernel "kernel.sysrq" Parameter Configuration and Runtime Check |
oval:ssg-sysctl_kernel_randomize_va_space:def:1 |
false |
compliance |
[sysctl_kernel_randomize_va_space] |
Kernel "kernel.randomize_va_space" Parameter Configuration and Runtime Check |
oval:ssg-sysctl_kernel_pid_max:def:1 |
false |
compliance |
[sysctl_kernel_pid_max] |
Kernel "kernel.pid_max" Parameter Configuration and Runtime Check |
oval:ssg-sysctl_kernel_perf_event_paranoid:def:1 |
false |
compliance |
[sysctl_kernel_perf_event_paranoid] |
Kernel "kernel.perf_event_paranoid" Parameter Configuration and Runtime Check |
oval:ssg-sysctl_kernel_perf_event_max_sample_rate:def:1 |
false |
compliance |
[sysctl_kernel_perf_event_max_sample_rate] |
Kernel "kernel.perf_event_max_sample_rate" Parameter Configuration and Runtime Check |
oval:ssg-sysctl_kernel_perf_cpu_time_max_percent:def:1 |
false |
compliance |
[sysctl_kernel_perf_cpu_time_max_percent] |
Kernel "kernel.perf_cpu_time_max_percent" Parameter Configuration and Runtime Check |
oval:ssg-sysctl_kernel_kptr_restrict:def:1 |
false |
compliance |
[sysctl_kernel_kptr_restrict] |
Kernel "kernel.kptr_restrict" Parameter Configuration and Runtime Check |
oval:ssg-sysctl_kernel_dmesg_restrict:def:1 |
false |
compliance |
[sysctl_kernel_dmesg_restrict] |
Kernel "kernel.dmesg_restrict" Parameter Configuration and Runtime Check |
oval:ssg-sysctl_fs_suid_dumpable:def:1 |
false |
compliance |
[sysctl_fs_suid_dumpable] |
Kernel "fs.suid_dumpable" Parameter Configuration and Runtime Check |
oval:ssg-sysctl_fs_protected_symlinks:def:1 |
false |
compliance |
[sysctl_fs_protected_symlinks] |
Kernel "fs.protected_symlinks" Parameter Configuration and Runtime Check |
oval:ssg-sysctl_fs_protected_hardlinks:def:1 |
false |
compliance |
[sysctl_fs_protected_hardlinks] |
Kernel "fs.protected_hardlinks" Parameter Configuration and Runtime Check |
oval:ssg-service_ntp_enabled:def:1 |
false |
compliance |
[service_ntp_enabled] |
Service ntp Enabled |
oval:ssg-service_auditd_enabled:def:1 |
false |
compliance |
[service_auditd_enabled] |
Service auditd Enabled |
oval:ssg-rsyslog_remote_loghost:def:1 |
false |
compliance |
[rsyslog_remote_loghost] |
Send Logs to a Remote Loghost |
oval:ssg-restrict_serial_port_logins:def:1 |
false |
compliance |
[restrict_serial_port_logins] |
Restrict Serial Port Root Logins |
oval:ssg-partition_for_var_log_audit:def:1 |
false |
compliance |
[partition_for_var_log_audit] |
Ensure /var/log/audit Located On Separate Partition |
oval:ssg-partition_for_var_log:def:1 |
false |
compliance |
[partition_for_var_log] |
Ensure /var/log Located On Separate Partition |
oval:ssg-partition_for_var:def:1 |
false |
compliance |
[partition_for_var] |
Ensure /var Located On Separate Partition |
oval:ssg-partition_for_tmp:def:1 |
false |
compliance |
[partition_for_tmp] |
Ensure /tmp Located On Separate Partition |
oval:ssg-partition_for_srv:def:1 |
false |
compliance |
[partition_for_srv] |
Ensure /srv Located On Separate Partition |
oval:ssg-partition_for_home:def:1 |
false |
compliance |
[partition_for_home] |
Ensure /home Located On Separate Partition |
oval:ssg-package_openssh-server_removed:def:1 |
false |
compliance |
[package_openssh-server_removed] |
Package openssh-server Removed |
oval:ssg-package_ntp_installed:def:1 |
false |
compliance |
[package_ntp_installed] |
Package ntp Installed |
oval:ssg-package_auditd_installed:def:1 |
false |
compliance |
[package_auditd_installed] |
Package auditd Installed |
oval:ssg-no_shelllogin_for_systemaccounts:def:1 |
false |
compliance |
[no_shelllogin_for_systemaccounts] |
System Accounts Do Not Run a Shell |
oval:ssg-mount_option_var_nosuid:def:1 |
false |
compliance |
[mount_option_var_nosuid] |
Add nosuid Option to /var |
oval:ssg-mount_option_var_noexec:def:1 |
false |
compliance |
[mount_option_var_noexec] |
Add noexec Option to /var |
oval:ssg-mount_option_var_nodev:def:1 |
false |
compliance |
[mount_option_var_nodev] |
Add nodev Option to /var |
oval:ssg-mount_option_var_log_nosuid:def:1 |
false |
compliance |
[mount_option_var_log_nosuid] |
Add nosuid Option to /var/log |
oval:ssg-mount_option_var_log_noexec:def:1 |
false |
compliance |
[mount_option_var_log_noexec] |
Add noexec Option to /var/log |
oval:ssg-mount_option_var_log_nodev:def:1 |
false |
compliance |
[mount_option_var_log_nodev] |
Add nodev Option to /var/log |
oval:ssg-mount_option_var_lib_nosuid:def:1 |
false |
compliance |
[mount_option_var_lib_nosuid] |
Add nosuid Option to /var/lib |
oval:ssg-mount_option_var_lib_nodev:def:1 |
false |
compliance |
[mount_option_var_lib_nodev] |
Add nodev Option to /var/lib |
oval:ssg-mount_option_usr_nodev:def:1 |
false |
compliance |
[mount_option_usr_nodev] |
Add nodev Option to /usr |
oval:ssg-mount_option_tmp_nosuid:def:1 |
false |
compliance |
[mount_option_tmp_nosuid] |
Add nosuid Option to /tmp |
oval:ssg-mount_option_tmp_nodev:def:1 |
false |
compliance |
[mount_option_tmp_nodev] |
Add nodev Option to /tmp |
oval:ssg-mount_option_home_nosuid:def:1 |
false |
compliance |
[mount_option_home_nosuid] |
Add nosuid Option to /home |
oval:ssg-mount_option_home_nodev:def:1 |
false |
compliance |
[mount_option_home_nodev] |
Add nodev Option to /home |
oval:ssg-install_mcafee_hbss_pa:def:1 |
false |
compliance |
[install_mcafee_hbss_pa] |
Install the Policy Auditor (PA) Module |
oval:ssg-install_mcafee_hbss_accm:def:1 |
false |
compliance |
[install_mcafee_hbss_accm] |
Install the Asset Configuration Compliance Module (ACCM) |
oval:ssg-install_mcafee_hbss:def:1 |
false |
compliance |
[install_mcafee_hbss] |
Install McAfee Host-Based Intrusion Detection Software (HBSS) |
oval:ssg-grub2_enable_iommu_force:def:1 |
false |
compliance |
[grub2_enable_iommu_force] |
Force IOMMU usage in GRUB2 |
oval:ssg-file_permissions_systemmap:def:1 |
false |
compliance |
[file_permissions_systemmap] |
Verify that System.map files are readable only by root |
oval:ssg-file_permissions_home_dirs:def:1 |
false |
compliance |
[file_permissions_home_dirs] |
Proper Permissions User Home Directories |
oval:ssg-ensure_gpgcheck_globally_activated:def:1 |
false |
compliance |
[ensure_gpgcheck_globally_activated] |
Ensure Yum gpgcheck Globally Activated |
oval:ssg-auditd_data_retention_space_left_action:def:1 |
false |
compliance |
[auditd_data_retention_space_left_action] |
Auditd Action to Take When Disk Starting to Run Low on Space |
oval:ssg-auditd_data_retention_num_logs:def:1 |
false |
compliance |
[auditd_data_retention_num_logs] |
Auditd Maximum Number of Logs to Retain |
oval:ssg-auditd_data_retention_max_log_file_action:def:1 |
false |
compliance |
[auditd_data_retention_max_log_file_action] |
Auditd Action to Take When Maximum Log Size Reached |
oval:ssg-auditd_data_retention_max_log_file:def:1 |
false |
compliance |
[auditd_data_retention_max_log_file] |
Auditd Maximum Log File Size |
oval:ssg-auditd_data_retention_admin_space_left_action:def:1 |
false |
compliance |
[auditd_data_retention_admin_space_left_action] |
Auditd Action to Take When Disk is Low on Space |
oval:ssg-auditd_data_retention_action_mail_acct:def:1 |
false |
compliance |
[auditd_data_retention_action_mail_acct] |
Auditd Email Account to Notify Upon Action |
oval:ssg-auditd_audispd_syslog_plugin_activated:def:1 |
false |
compliance |
[auditd_audispd_syslog_plugin_activated] |
The syslog Plugin Of the Audit Event Multiplexor (audispd) Is Activated |
oval:ssg-apt_sources_list_official:def:1 |
false |
compliance |
[apt_sources_list_official] |
Only official, up-to-date distribution repositories should be used |
oval:ssg-accounts_root_path_dirs_no_write:def:1 |
false |
compliance |
[accounts_root_path_dirs_no_write] |
Write permissions are disabled for group and other in all
directories in Root's Path |
oval:ssg-accounts_passwords_pam_faillock_deny:def:1 |
false |
compliance |
[accounts_passwords_pam_faillock_deny] |
Lock out account after failed login attempts |
oval:ssg-accounts_password_minlen_login_defs:def:1 |
false |
compliance |
[accounts_password_minlen_login_defs] |
Set Password Expiration Parameters |
oval:ssg-sshd_use_strong_macs:def:1 |
unknown |
compliance |
[sshd_use_strong_macs] |
Use Only Strong MACs |
oval:ssg-sshd_use_strong_ciphers:def:1 |
unknown |
compliance |
[sshd_use_strong_ciphers] |
Use Only Strong Ciphers |
oval:ssg-sshd_set_max_auth_tries:def:1 |
unknown |
compliance |
[sshd_set_max_auth_tries] |
Set OpenSSH authentication attempt limit (MaxAuthTries) |
oval:ssg-sshd_set_loglevel_info:def:1 |
unknown |
compliance |
[sshd_set_loglevel_info] |
Set OpenSSH LogLevel to INFO |
oval:ssg-sshd_set_keepalive:def:1 |
unknown |
compliance |
[sshd_set_keepalive] |
Set ClientAliveCountMax for User Logins |
oval:ssg-sshd_set_idle_timeout:def:1 |
unknown |
compliance |
[sshd_set_idle_timeout] |
Set OpenSSH Idle Timeout Interval |
oval:ssg-sshd_disable_user_known_hosts:def:1 |
unknown |
compliance |
[sshd_disable_user_known_hosts] |
Disable SSH Support for User Known Hosts |
oval:ssg-sshd_disable_root_login:def:1 |
unknown |
compliance |
[sshd_disable_root_login] |
Disable root Login via SSH |
oval:ssg-sshd_disable_rhosts_rsa:def:1 |
unknown |
compliance |
[sshd_disable_rhosts_rsa] |
Disable SSH Support for Rhosts RSA Authentication |
oval:ssg-sshd_disable_empty_passwords:def:1 |
unknown |
compliance |
[sshd_disable_empty_passwords] |
Disable Empty Passwords |
oval:ssg-sshd_allow_only_protocol2:def:1 |
unknown |
compliance |
[sshd_allow_only_protocol2] |
Ensure Only Protocol 2 Connections Allowed |
oval:ssg-service_sshd_disabled:def:1 |
unknown |
compliance |
[service_sshd_disabled] |
Service sshd Disabled |
oval:ssg-service_rsyslog_enabled:def:1 |
unknown |
compliance |
[service_rsyslog_enabled] |
Service rsyslog Enabled |
oval:ssg-service_cron_enabled:def:1 |
unknown |
compliance |
[service_cron_enabled] |
Service cron Enabled |
oval:ssg-package_prelink_removed:def:1 |
unknown |
compliance |
[package_prelink_removed] |
Package prelink Removed |
oval:ssg-package_net-snmp_removed:def:1 |
unknown |
compliance |
[package_net-snmp_removed] |
Package net-snmp Removed |
oval:ssg-installed_OS_is_sl7:def:1 |
unknown |
inventory |
[cpe:/o:scientificlinux:scientificlinux:6], [installed_OS_is_sl7] |
Scientific Linux 7 |
oval:ssg-installed_OS_is_sl6:def:1 |
unknown |
inventory |
[cpe:/o:scientificlinux:scientificlinux:6], [installed_OS_is_sl6] |
Scientific Linux 6 |
oval:ssg-installed_OS_is_rhel7:def:1 |
unknown |
inventory |
[cpe:/o:redhat:enterprise_linux:7], [installed_OS_is_rhel7] |
Red Hat Enterprise Linux 7 |
oval:ssg-installed_OS_is_rhel6:def:1 |
unknown |
inventory |
[cpe:/o:redhat:enterprise_linux:6], [installed_OS_is_rhel6] |
Red Hat Enterprise Linux 6 |
oval:ssg-installed_OS_is_centos7:def:1 |
unknown |
inventory |
[cpe:/o:centos:centos:7], [installed_OS_is_centos7] |
CentOS 7 |
oval:ssg-installed_OS_is_centos6:def:1 |
unknown |
inventory |
[cpe:/o:centos:centos:6], [installed_OS_is_centos6] |
CentOS 6 |
oval:ssg-install_mcafee_hbss_hips:def:1 |
unknown |
compliance |
[install_mcafee_hbss_hips] |
Install the Host Intrusion Prevention System (HIPS) Module |
oval:ssg-install_mcafee_cma_rt:def:1 |
unknown |
compliance |
[install_mcafee_cma_rt] |
Install the McAfee Runtime Libraries and Linux Agent |
oval:ssg-install_mcafee_antivirus:def:1 |
unknown |
compliance |
[install_mcafee_antivirus] |
Package McAfeeVSEForLinux Installed |
oval:ssg-install_antivirus:def:1 |
unknown |
compliance |
[install_antivirus] |
Package Antivirus Installed |
oval:ssg-sysctl_runtime_net_ipv4_ip_forward:def:1 |
error |
compliance |
[sysctl_runtime_net_ipv4_ip_forward] |
Kernel "net.ipv4.ip_forward" Parameter Runtime Check |
oval:ssg-accounts_password_warn_age_login_defs:def:1 |
error |
compliance |
[accounts_password_warn_age_login_defs] |
Set Password Expiration Parameters |
oval:ssg-accounts_minimum_age_login_defs:def:1 |
error |
compliance |
[accounts_minimum_age_login_defs] |
Set Password Expiration Parameters |
oval:ssg-accounts_maximum_age_login_defs:def:1 |
error |
compliance |
[accounts_maximum_age_login_defs] |
Set Password Expiration Parameters |
oval:ssg-installed_env_is_a_machine:def:1 |
true |
inventory |
[cpe:/a:machine], [installed_env_is_a_machine] |
Check if the scan target is a machine |
oval:ssg-installed_env_is_a_container:def:1 |
false |
inventory |
[cpe:/a:container], [installed_env_is_a_container] |
Check if the scan target is a container |
oval:ssg-installed_OS_is_wrlinux:def:1 |
false |
inventory |
[cpe:/o:windriver:wrlinux], [installed_OS_is_wrlinux] |
WRLinux |
oval:ssg-installed_OS_is_part_of_Unix_family:def:1 |
true |
inventory |
[installed_OS_is_part_of_Unix_family] |
Installed operating system is part of the Unix family |
oval:ssg-installed_OS_is_fedora:def:1 |
false |
inventory |
[cpe:/o:fedoraproject:fedora:22], [cpe:/o:fedoraproject:fedora:23], [cpe:/o:fedoraproject:fedora:24], [cpe:/o:fedoraproject:fedora:25], [installed_OS_is_fedora] |
Installed operating system is Fedora |
oval:ssg-installed_OS_is_debian8:def:1 |
false |
inventory |
[cpe:/o:debian:debian_linux:8], [installed_OS_is_debian8] |
Debian 8 |
oval:ssg-system_info_architecture_x86_64:def:1 |
true |
compliance |
[system_info_architecture_x86_64] |
Test for x86_64 Architecture |
oval:ssg-system_info_architecture_64bit:def:1 |
true |
compliance |
[system_info_architecture_64bit] |
Test for 64-bit Architecture |
oval:ssg-sysctl_runtime_vm_mmap_min_addr:def:1 |
true |
compliance |
[sysctl_runtime_vm_mmap_min_addr] |
Kernel "vm.mmap_min_addr" Parameter Runtime Check |
oval:ssg-sysctl_runtime_kernel_randomize_va_space:def:1 |
true |
compliance |
[sysctl_runtime_kernel_randomize_va_space] |
Kernel "kernel.randomize_va_space" Parameter Runtime Check |
oval:ssg-sysctl_runtime_kernel_dmesg_restrict:def:1 |
true |
compliance |
[sysctl_runtime_kernel_dmesg_restrict] |
Kernel "kernel.dmesg_restrict" Parameter Runtime Check |
oval:ssg-sysctl_runtime_fs_suid_dumpable:def:1 |
true |
compliance |
[sysctl_runtime_fs_suid_dumpable] |
Kernel "fs.suid_dumpable" Parameter Runtime Check |
oval:ssg-sysctl_runtime_fs_protected_symlinks:def:1 |
true |
compliance |
[sysctl_runtime_fs_protected_symlinks] |
Kernel "fs.protected_symlinks" Parameter Runtime Check |
oval:ssg-sysctl_runtime_fs_protected_hardlinks:def:1 |
true |
compliance |
[sysctl_runtime_fs_protected_hardlinks] |
Kernel "fs.protected_hardlinks" Parameter Runtime Check |
oval:ssg-sshd_enable_x11_forwarding:def:1 |
true |
compliance |
[sshd_enable_x11_forwarding] |
Enable X11 Forwarding |
oval:ssg-snmpd_use_newer_protocol:def:1 |
true |
compliance |
[snmpd_use_newer_protocol] |
SNMP use newer protocols |
oval:ssg-snmpd_not_default_password:def:1 |
true |
compliance |
[snmpd_not_default_password] |
SNMP default communities disabled |
oval:ssg-securetty_root_login_console_only:def:1 |
true |
compliance |
[securetty_root_login_console_only] |
Restrict Virtual Console Root Logins |
oval:ssg-rsyslog_files_permissions:def:1 |
true |
compliance |
[rsyslog_files_permissions] |
Confirm Existence and Permissions of System Log Files |
oval:ssg-rsyslog_files_ownership:def:1 |
true |
compliance |
[rsyslog_files_ownership] |
Confirm Existence and Permissions of System Log Files |
oval:ssg-rsyslog_files_groupownership:def:1 |
true |
compliance |
[rsyslog_files_groupownership] |
Confirm Existence and Permissions of System Log Files |
oval:ssg-package_telnetd_removed:def:1 |
true |
compliance |
[package_telnetd_removed] |
Package telnetd Removed |
oval:ssg-package_telnetd-ssl_removed:def:1 |
true |
compliance |
[package_telnetd-ssl_removed] |
Package telnetd-ssl Removed |
oval:ssg-package_rsyslog_installed:def:1 |
true |
compliance |
[package_rsyslog_installed] |
Package rsyslog Installed |
oval:ssg-package_ntpdate_removed:def:1 |
true |
compliance |
[package_ntpdate_removed] |
Package ntpdate Removed |
oval:ssg-package_nis_removed:def:1 |
true |
compliance |
[package_nis_removed] |
Package nis Removed |
oval:ssg-package_inetutils-telnetd_removed:def:1 |
true |
compliance |
[package_inetutils-telnetd_removed] |
Package inetutils-telnetd Removed |
oval:ssg-package_cron_installed:def:1 |
true |
compliance |
[package_cron_installed] |
Package cron Installed |
oval:ssg-no_netrc_files:def:1 |
true |
compliance |
[no_netrc_files] |
Verify No netrc Files Exist |
oval:ssg-no_insecure_locks_exports:def:1 |
true |
compliance |
[no_insecure_locks_exports] |
Ensure insecure_locks is disabled |
oval:ssg-no_empty_passwords:def:1 |
true |
compliance |
[no_empty_passwords] |
No nullok Option in /etc/pam.d/system-auth |
oval:ssg-no_direct_root_logins:def:1 |
true |
compliance |
[no_direct_root_logins] |
Direct root Logins Not Allowed |
oval:ssg-file_permissions_etc_shadow:def:1 |
true |
compliance |
[file_permissions_etc_shadow] |
Verify /etc/shadow Permissions |
oval:ssg-file_permissions_etc_passwd:def:1 |
true |
compliance |
[file_permissions_etc_passwd] |
Verify /etc/passwd Permissions |
oval:ssg-file_permissions_etc_gshadow:def:1 |
true |
compliance |
[file_permissions_etc_gshadow] |
Verify /etc/gshadow Permissions |
oval:ssg-file_permissions_etc_group:def:1 |
true |
compliance |
[file_permissions_etc_group] |
Verify /etc/group Permissions |
oval:ssg-file_ownership_var_log_audit:def:1 |
true |
compliance |
[file_ownership_var_log_audit] |
Verify /var/log/audit Ownership |
oval:ssg-ensure_logrotate_activated:def:1 |
true |
compliance |
[ensure_logrotate_activated] |
Ensure the logrotate utility performs the automatic rotation of log files on daily basis |
oval:ssg-auditd_conf_log_group_not_root:def:1 |
true |
compliance |
[auditd_conf_log_group_not_root] |
'log_group' Not Set To 'root' In /etc/audit/auditd.conf |
oval:ssg-apt_conf_disallow_unauthenticated:def:1 |
true |
compliance |
[apt_conf_disallow_unauthenticated] |
Check that no unauthenticated repository is authorized by configuration |
oval:ssg-accounts_password_all_shadowed:def:1 |
true |
compliance |
[accounts_password_all_shadowed] |
All Password Hashes Shadowed |
oval:ssg-accounts_no_uid_except_zero:def:1 |
true |
compliance |
[accounts_no_uid_except_zero] |
UID 0 Belongs Only To Root |
oval:ssg-account_unique_name:def:1 |
true |
compliance |
[account_unique_name] |
Set All Accounts To Have Unique Names |