python 2.6.6 5.10 2011-09-21T13:44:00 Red Hat Enterprise Linux 6 The kernel runtime parameter "kernel.randomize_va_space" should be set to "2". Red Hat Enterprise Linux 6 Check if selinux=0 OR enforcing=0 within /etc/grub.conf lines, fail if found. Red Hat Enterprise Linux 6 Legitimate character and block devices should not exist within temporary directories like /tmp. The nodev mount option should be specified for /tmp. Red Hat Enterprise Linux 6 The RPM package gdm should be installed. Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 The password hashing algorithm should be set correctly in /etc/libuser.conf. Red Hat Enterprise Linux 6 The default umask for users of the bash shell Red Hat Enterprise Linux 6 The kernel runtime parameter "net.ipv4.conf.all.log_martians" should be set to "1". Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 The /etc/passwd file should be owned by the appropriate group. Red Hat Enterprise Linux 6 The RPM package iptables should be installed. Red Hat Enterprise Linux 6 This test makes sure that /boot/grub/grub.conf is owned by 0, group owned by 0, and has mode 0600. If the target file or directory has an extended ACL then it will fail the mode check. Red Hat Enterprise Linux 6 The RPM package GConf2 should be installed. Red Hat Enterprise Linux 6 The kernel module bluetooth should be disabled. Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Fedora 20 The SSH idle timeout interval should be set to an appropriate value. Red Hat Enterprise Linux 6 Check if SplitHosts line in logwatch.conf is set appropriately. Red Hat Enterprise Linux 6 The nosuid mount option prevents set-user-identifier (suid) and set-group-identifier (sgid) permissions from taking effect. These permissions allow users to execute binaries with the same permissions as the owner and group of the file respectively. Users should not be allowed to introduce suid and guid files into the system via partitions mounted from removeable media. Red Hat Enterprise Linux 6 Directory permissions for /etc/httpd/conf/ should be set to 0750 (or stronger). Red Hat Enterprise Linux 6 The rpcsvcgssd service should be disabled if possible. Fedora 19 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Checks that binary files under /bin, /sbin, /usr/bin, /usr/sbin, /usr/local/bin, and /usr/local/sbin, are not group-writable or world-writable. Red Hat Enterprise Linux 6 The kernel runtime parameter "net.ipv6.conf.default.accept_ra" should be set to "0". Red Hat Enterprise Linux 6 The password ucredit should meet minimum requirements using pam_cracklib Red Hat Enterprise Linux 6 Configure the system to notify users of last logon/access using pam_lastlog. Red Hat Enterprise Linux 6 The system's default desktop environment, GNOME, will mount devices and removable media (such as DVDs, CDs and USB flash drives) whenever they are inserted into the system. Disable automount and autorun within GNOME. Red Hat Enterprise Linux 6 The nodev mount option prevents files from being interpreted as character or block devices. Legitimate character and block devices should exist in the /dev directory on the root partition or within chroot jails built for system services. All other locations should not allow character and block devices. Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 The /etc/shadow file should be owned by the appropriate group. Red Hat Enterprise Linux 6 The abrtd service should be disabled if possible. Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Ensure all yum repositories utilize signature checking. Red Hat Enterprise Linux 6 Disable Zeroconf automatic route assignment in the 169.254.0.0 subnet. Red Hat Enterprise Linux 6 The netfs service should be disabled if possible. Red Hat Enterprise Linux 6 There should not be any .rhosts or hosts.equiv files on the system. Red Hat Enterprise Linux 6 The password lcredit should meet minimum requirements using pam_cracklib Red Hat Enterprise Linux 6 Audit rules that detect the mounting of filesystems should be enabled. Red Hat Enterprise Linux 6 The RPM package rsyslog should be installed. Red Hat Enterprise Linux 6 The sticky bit should be set for all world-writable directories. Red Hat Enterprise Linux 6 All wireless interfaces should be disabled. Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 The /etc/group file should be owned by the appropriate group. Red Hat Enterprise Linux 6 The haldaemon service should be disabled if possible. Fedora 19 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 The RPM package ntp should be installed. Red Hat Enterprise Linux 6 Force a reboot to change audit rules is enabled Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 The password hashing algorithm should be set correctly in /etc/login.defs. Red Hat Enterprise Linux 6 The kernel runtime parameter "net.ipv4.icmp_ignore_bogus_error_responses" should be set to "1". Red Hat Enterprise Linux 6 The ypbind service should be disabled if possible. Red Hat Enterprise Linux 6 The auditd service should be enabled if possible. Red Hat Enterprise Linux 6 The tftp service should be disabled if possible. Red Hat Enterprise Linux 6 A remote NTP Server for time synchronization should be specified (and dependencies are met) Red Hat Enterprise Linux 6 The RPM package irqbalance should be installed. Red Hat Enterprise Linux 6 The kernel module udf should be disabled. Red Hat Enterprise Linux 6 The number of allowed failed logins should be set correctly. Red Hat Enterprise Linux 6 The irqbalance service should be enabled if possible. Red Hat Enterprise Linux 6 The rhsmcertd service should be disabled if possible. Red Hat Enterprise Linux 6 The kernel module freevxfs should be disabled. Red Hat Enterprise Linux 6 The kernel runtime parameter "net.ipv4.icmp_echo_ignore_broadcasts" should be set to "1". Red Hat Enterprise Linux 6 Define default gateways for IPv6 traffic Red Hat Enterprise Linux 6 The RPM package bind should be removed. Red Hat Enterprise Linux 6 The RPM package iptables-ipv6 should be installed. Red Hat Enterprise Linux 6 Record attempts to alter time through /etc/localtime Red Hat Enterprise Linux 6 By default, locally configured printers will not be shared over the network, but if this functionality has somehow been enabled, these recommendations will disable it again. Be sure to disable outgoing printer list broadcasts, or remote users will still be able to see the locally configured printers, even if they cannot actually print to them. To limit print serving to a particular set of users, use the Policy directive. Fedora 19 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Checks that /bin, /sbin, /usr/bin, /usr/sbin, /usr/local/bin, /usr/local/sbin, and objects therein, are owned by root. Red Hat Enterprise Linux 6 The rlogin service should be disabled if possible. Red Hat Enterprise Linux 6 The kdump service should be disabled if possible. Red Hat Enterprise Linux 6 The smb service should be disabled if possible. Red Hat Enterprise Linux 6 The RPM package httpd should be removed. Red Hat Enterprise Linux 6 Audit rules should detect modification to system files that hold information about users and groups. Red Hat Enterprise Linux 6 The CUPS print service can be configured to broadcast a list of available printers to the network. Other machines on the network, also running the CUPS print service, can be configured to listen to these broadcasts and add and configure these printers for immediate use. By disabling this browsing capability, the machine will no longer generate or receive such broadcasts. Red Hat Enterprise Linux 6 The restorecond service should be enabled if possible. Red Hat Enterprise Linux 6 Disable ipv6 based rpc services Red Hat Enterprise Linux 6 The smartd service should be disabled if possible. Red Hat Enterprise Linux 6 Verify the integrity of installed packages by comparing the installed files with information about the files taken from the package metadata stored in the RPM database. Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 DHCP configuration should be static for all interfaces. Red Hat Enterprise Linux 6 Check each directory in root's path and make use it does not grant write permission to group and other Red Hat Enterprise Linux 6 The kernel runtime parameter "net.ipv4.conf.default.accept_redirects" should be set to "0". Red Hat Enterprise Linux 6 All files should be owned by a group Red Hat Enterprise Linux 6 The oddjobd service should be disabled if possible. Red Hat Enterprise Linux 6 Change the default policy to DROP (from ACCEPT) for the INPUT built-in chain. Red Hat Enterprise Linux 6 The RPM package sysstat should be removed. Red Hat Enterprise Linux 6 All syslog log files should be owned by the appropriate user. Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Checks for correct permissions for all log files in /var/log/audit. Red Hat Enterprise Linux 6 Legitimate character and block devices should not exist within temporary directories like /dev/shm. The nodev mount option should be specified for /dev/shm. Red Hat Enterprise Linux 6 The sshd service should be disabled if possible. Red Hat Enterprise Linux 6 The httpd service should be disabled if possible. Red Hat Enterprise Linux 6 All device files in /dev should be assigned an SELinux security context other than 'unlabeled_t'. Red Hat Enterprise Linux 6 The RPM package cups should be removed. Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 File permissions for /etc/group should be set correctly. Red Hat Enterprise Linux 6 The named service should be disabled if possible. Red Hat Enterprise Linux 6 The ntpd service should be enabled if possible. Red Hat Enterprise Linux 6 The RPM package kexec-tools should be removed. Red Hat Enterprise Linux 6 The kernel runtime parameter "net.ipv4.conf.all.rp_filter" should be set to "1". Red Hat Enterprise Linux 6 The kernel module tipc should be disabled. Red Hat Enterprise Linux 6 The RPM package audit should be installed. Red Hat Enterprise Linux 6 The xinetd service should be disabled if possible. Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 PermitUserEnvironment should be disabled Red Hat Enterprise Linux 6 The rpcidmapd service should be disabled if possible. Red Hat Enterprise Linux 6 The kernel runtime parameter "net.ipv4.conf.default.rp_filter" should be set to "1". Red Hat Enterprise Linux 6 It can be dangerous to allow the execution of binaries from world-writable temporary storage directories such as /tmp. The noexec mount option prevents binaries from being executed out of /tmp. Red Hat Enterprise Linux 6 The changing of file permissions and attributes should be audited. Red Hat Enterprise Linux 6 The kernel module hfs should be disabled. Red Hat Enterprise Linux 6 Directory permissions for /var/log/httpd should be set to 0700 (or stronger). Red Hat Enterprise Linux 6 The qpidd service should be disabled if possible. Red Hat Enterprise Linux 6 The nosuid mount option should be set for temporary storage partitions such as /dev/shm. The suid/sgid permissions should not be required in these world-writable directories. Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 The SSH ClientAliveCountMax should be set to an appropriate value (and dependencies are met) Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Fedora 20 The gpgcheck option should be used to ensure that checking of an RPM package's signature always occurs prior to its installation. Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 System logs are stored in the /var/log directory. Ensure that it has its own partition or logical volume. Red Hat Enterprise Linux 6 The default umask for all users specified in /etc/login.defs Red Hat Enterprise Linux 6 Check for pam_ldap.so presence. Red Hat Enterprise Linux 6 Disable the network sniffer Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 The /etc/gshadow file should be owned by the appropriate user. Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 The SELinux state should be enforcing the local policy. Red Hat Enterprise Linux 6 The RPM package telnet-server should be removed. Red Hat Enterprise Linux 6 Test if HostLimit line in logwatch.conf is set appropriately. Red Hat Enterprise Linux 6 The RPM package openldap-servers should be removed. Red Hat Enterprise Linux 6 All syslog log files should be owned by the appropriate group. Red Hat Enterprise Linux 6 The RPM package dhcp should be removed. Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 The /etc/gshadow file should be owned by the appropriate group. Red Hat Enterprise Linux 6 The operating system installed on the system is Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 6 The dovecot service should be disabled if possible. Red Hat Enterprise Linux 6 The audit rules should be configured to log information about kernel module loading and unloading. Red Hat Enterprise Linux 6 The noexec mount option prevents the direct execution of binaries on the mounted filesystem. Users should not be allowed to execute binaries that exist on partitions mounted from removable media (such as a USB key). The noexec option prevents code from being executed directly from the media itself, and may therefore provide a line of defense against certain types of worms or malicious code. Red Hat Enterprise Linux 6 The RPM package oddjob should be removed. Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Fedora 20 The minimum password age policy should be set appropriately. Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 The /etc/passwd file should be owned by the appropriate user. Red Hat Enterprise Linux 6 The changing of file permissions and attributes should be audited. Red Hat Enterprise Linux 6 The RPM package tftp should be removed. Red Hat Enterprise Linux 6 Require packet signing of clients who mount Samba shares using the mount.cifs program (e.g., those who specify shares in /etc/fstab). To do so, ensure that signing options (either sec=krb5i or sec=ntlmv2i) are used. Red Hat Enterprise Linux 6 The RPM package net-snmp should be removed. Red Hat Enterprise Linux 6 The kernel runtime parameter "net.ipv4.conf.default.send_redirects" should be set to "0". Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 SSH warning banner should be enabled (and dependencies are met) Red Hat Enterprise Linux 6 The nfs service should be disabled if possible. Red Hat Enterprise Linux 6 The kernel module rds should be disabled. Red Hat Enterprise Linux 6 Audit actions taken by system administrators on the system. Red Hat Enterprise Linux 6 Checks /etc/inittab to ensure that default runlevel is set to 3. Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Fedora 20 The password expiration warning age should be set appropriately. Red Hat Enterprise Linux 6 The RPM package rhnsd should be removed. Red Hat Enterprise Linux 6 The daemon umask should be set as appropriate Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 The number of allowed failed logins should be set correctly. Red Hat Enterprise Linux 6 The RPM package setroubleshoot should be removed. Red Hat Enterprise Linux 6 File permissions for all syslog log files should be set correctly. Red Hat Enterprise Linux 6 The number of allowed failed logins should be set correctly. Red Hat Enterprise Linux 6 The cpuspeed service should be disabled if possible. Red Hat Enterprise Linux 6 Plaintext authentication of mail clients should be disabled. Red Hat Enterprise Linux 6 The rsyslog service should be enabled if possible. Red Hat Enterprise Linux 6 Require the use of TLS for ldap clients. Red Hat Enterprise Linux 6 The kernel runtime parameter "net.ipv4.ip_forward" should be set to "0". Red Hat Enterprise Linux 6 The world-write permission should be disabled for all files. Red Hat Enterprise Linux 6 The kernel module cramfs should be disabled. Red Hat Enterprise Linux 6 The postfix service should be enabled if possible. Red Hat Enterprise Linux 6 The RPM package dhcpd should be removed. Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 The file /etc/pam.d/system-auth should not contain the nullok option Red Hat Enterprise Linux 6 The RPM package ypbind should be removed. Red Hat Enterprise Linux 6 The RPM package tftp-server should be removed. Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Remote connections from accounts with empty passwords should be disabled (and dependencies are met) Red Hat Enterprise Linux 6 Audit rules should be configured to log successful and unsuccessful logon and logout events. Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 The SELinux policy should be set appropriately. Red Hat Enterprise Linux 6 The kernel runtime parameter "fs.suid_dumpable" should be set to "0". Red Hat Enterprise Linux 6 The changing of file permissions and attributes should be audited. Red Hat Enterprise Linux 6 The nosuid option should be enabled for all NFS mounts in /etc/fstab. Red Hat Enterprise Linux 6 The crond service should be enabled if possible. Red Hat Enterprise Linux 6 The iptables service should be enabled if possible. Red Hat Enterprise Linux 6 The changing of file permissions and attributes should be audited. Fedora 19 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Checks that /lib, /lib64, /usr/lib, /usr/lib64, /lib/modules, and objects therein, are owned by root. Red Hat Enterprise Linux 6 Verify the MD5 hashes of system binaries using the RPM database. Red Hat Enterprise Linux 6 Disable telnet Service Red Hat Enterprise Linux 6 The certmonger service should be disabled if possible. Red Hat Enterprise Linux 6 The RPM package at should be removed. Red Hat Enterprise Linux 6 The cgconfig service should be disabled if possible. Red Hat Enterprise Linux 6 The screen saver should be blank. Fedora 19 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 The RPM package openssh-server should be removed. Red Hat Enterprise Linux 6 Idle activation of the screen saver should be enabled. Red Hat Enterprise Linux 6 The kernel runtime parameter "net.ipv6.conf.default.accept_redirects" should be set to "0". Red Hat Enterprise Linux 6 The RPM package telnet should be removed. Red Hat Enterprise Linux 6 The RPM package mcstrans should be removed. Red Hat Enterprise Linux 6 The default umask for users of the csh shell Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Fedora 20 The maximum password age policy should meet minimum requirements. Red Hat Enterprise Linux 6 The changing of file permissions and attributes should be audited. Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 If user home directories will be stored locally, create a separate partition for /home. If /home will be mounted from another system such as an NFS server, then creating a separate partition is not necessary at this time, and the mountpoint can instead be configured later. Red Hat Enterprise Linux 6 The RPM package squid should be removed. Red Hat Enterprise Linux 6 The network environment should not be modified by anything other than administrator action. Any change to network parameters should be audited. Red Hat Enterprise Linux 6 The kernel module hfsplus should be disabled. Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Fedora 20 Only the root account should be assigned a user id of 0. Red Hat Enterprise Linux 6 The password retry should meet minimum requirements using pam_cracklib Red Hat Enterprise Linux 6 Syslog logs should be sent to a remote loghost Red Hat Enterprise Linux 6 The maximum number of concurrent login sessions per user should meet minimum requirements. Red Hat Enterprise Linux 6 Audit rules about the Unauthorized Access Attempts to Files (unsuccessful) are enabled Red Hat Enterprise Linux 6 The RPM package policycoreutils should be installed. Red Hat Enterprise Linux 6 Manually configure addresses for IPv6 Red Hat Enterprise Linux 6 The RPM package dovecot should be removed. Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 The RPM package vsftpd should be installed. Red Hat Enterprise Linux 6 The kernel module usb-storage should be disabled. Red Hat Enterprise Linux 6 The default umask for all users should be set correctly Red Hat Enterprise Linux 6 The kernel runtime parameter "net.ipv4.conf.all.send_redirects" should be set to "0". Red Hat Enterprise Linux 6 The environment variable PATH should be set correctly for the root user. Red Hat Enterprise Linux 6 The atd service should be disabled if possible. Red Hat Enterprise Linux 6 The kernel module sctp should be disabled. Red Hat Enterprise Linux 6 The RPM package ypserv should be removed. Red Hat Enterprise Linux 6 The system login banner text should be set correctly. Red Hat Enterprise Linux 6 The RPM package iputils should be removed. Red Hat Enterprise Linux 6 File permissions should be set correctly for the home directories for all user accounts. Red Hat Enterprise Linux 6 The RPM package qpid-cpp-server should be removed. Red Hat Enterprise Linux 6 The rsh service should be disabled if possible. Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Root login via SSH should be disabled (and dependencies are met) Red Hat Enterprise Linux 6 All world writable directories should be owned by a system user. Red Hat Enterprise Linux 6 The cgred service should be disabled if possible. Red Hat Enterprise Linux 6 Idle activation of the screen lock should be enabled. Red Hat Enterprise Linux 6 The changing of file permissions and attributes should be audited. Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 The Red Hat release and auxiliary key packages are required to be installed. Red Hat Enterprise Linux 6 The RPM package pam_ldap should be removed. Red Hat Enterprise Linux 6 The RPM package hal should be removed. Red Hat Enterprise Linux 6 The nodev option should be enabled for all NFS mounts in /etc/fstab. Red Hat Enterprise Linux 6 num_logs setting in /etc/audit/auditd.conf is set to at least a certain value Red Hat Enterprise Linux 6 The kernel runtime parameter "net.ipv4.conf.all.accept_redirects" should be set to "0". Red Hat Enterprise Linux 6 The rdisc service should be disabled if possible. Red Hat Enterprise Linux 6 Look for argument "nousb" in the kernel line in /etc/grub.conf Red Hat Enterprise Linux 6 The kernel runtime parameter "net.ipv4.tcp_syncookies" should be set to "1". Red Hat Enterprise Linux 6 The kernel module squashfs should be disabled. Red Hat Enterprise Linux 6 The allowed period of inactivity before the screensaver is activated. Red Hat Enterprise Linux 6 All files with setuid should be owned by a base system package Red Hat Enterprise Linux 6 The ntpdate service should be disabled if possible. Red Hat Enterprise Linux 6 The cups service should be disabled if possible. Red Hat Enterprise Linux 6 All files should be owned by a user Red Hat Enterprise Linux 7 Ensuring that /var is mounted on its own partition enables the setting of more restrictive mount options, which is used as temporary storage by many program, particularly system services such as daemons. It is not uncommon for the /var directory to contain world-writable directories, installed by other software packages. Red Hat Enterprise Linux 6 The nodev mount option prevents files from being interpreted as character or block devices. Legitimate character and block devices should exist in the /dev directory on the root partition or within chroot jails built for system services. All other locations should not allow character and block devices. Red Hat Enterprise Linux 6 The RPM package mdadm should be removed. Red Hat Enterprise Linux 6 The squid service should be disabled if possible. Red Hat Enterprise Linux 6 The bluetooth service should be disabled if possible. Red Hat Enterprise Linux 6 The nosuid mount option should be set for temporary storage partitions such as /tmp. The suid/sgid permissions should not be required in these world-writable directories. Red Hat Enterprise Linux 6 The rexec service should be disabled if possible. Red Hat Enterprise Linux 6 The sysstat service should be disabled if possible. Red Hat Enterprise Linux 6 The messagebus service should be disabled if possible. Red Hat Enterprise Linux 6 The RPM package portreserve should be removed. Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 The root account is the only system account that should have a login shell. Red Hat Enterprise Linux 6 The RPM package libcgroup should be removed. Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Generic test for x86_64 architecture to be used by other tests Red Hat Enterprise Linux 6 The kernel runtime parameter "kernel.exec-shield" should be set to "1". Red Hat Enterprise Linux 6 Enable privacy extensions for IPv6 Red Hat Enterprise Linux 6 The kernel runtime parameter "kernel.dmesg_restrict" should be set to "1". Red Hat Enterprise Linux 6 The snmpd service should be disabled if possible. Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 All password hashes should be shadowed. Red Hat Enterprise Linux 6 The /etc/httpd/conf/* files should have the appropriate permissions (0640 or stronger). Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 The RPM package aide should be installed. Red Hat Enterprise Linux 6 The kernel runtime parameter "net.ipv4.conf.default.secure_redirects" should be set to "0". Red Hat Enterprise Linux 6 Protect against unnecessary release of information. Red Hat Enterprise Linux 6 The kernel runtime parameter "net.ipv4.conf.all.secure_redirects" should be set to "0". Red Hat Enterprise Linux 6 The quota_nld service should be disabled if possible. Red Hat Enterprise Linux 6 Require the use of TLS for ldap clients. Red Hat Enterprise Linux 6 If inbound SSH access is not needed, the firewall should disallow or reject access to the SSH port (22). Red Hat Enterprise Linux 6 The RPM package cpuspeed should be removed. Red Hat Enterprise Linux 6 The logrotate (syslog rotater) service should be enabled. Red Hat Enterprise Linux 6 The dhcpd service should be disabled if possible. Red Hat Enterprise Linux 6 The autofs service should be disabled if possible. Red Hat Enterprise Linux 6 The changing of file permissions and attributes should be audited. Red Hat Enterprise Linux 6 Record attempts to alter time through adjtimex. Red Hat Enterprise Linux 6 The kernel module dccp should be disabled. Red Hat Enterprise Linux 6 The vsftpd service should be disabled if possible. Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Generic test for x86 architecture to be used by other tests Red Hat Enterprise Linux 6 The TFTP daemon should use secure mode. Red Hat Enterprise Linux 6 Checks that all /var/log/audit files and directories are owned by the root user and group. Red Hat Enterprise Linux 6 Audit files deletion events. Red Hat Enterprise Linux 6 The RPM package sendmail should be removed. Red Hat Enterprise Linux 6 The kernel runtime parameter "net.ipv4.conf.all.accept_source_route" should be set to "0". Red Hat Enterprise Linux 6 Record attempts to alter time through stime, note that this is only relevant on 32bit architecture. Red Hat Enterprise Linux 6 The RPM package quota should be removed. Red Hat Enterprise Linux 6 Audit rules that detect changes to the system's mandatory access controls (SELinux) are enabled. Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 The /etc/shadow file should be owned by the appropriate user. Red Hat Enterprise Linux 6 The accounts should be configured to expire automatically following password expiration. Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Fedora 20 The password minimum length should be set appropriately. Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Limit the ciphers to those which are FIPS-approved and only use ciphers in counter (CTR) mode. Red Hat Enterprise Linux 6 The changing of file permissions and attributes should be audited. Red Hat Enterprise Linux 6 Postfix network listening should be disabled Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Audit logs are stored in the /var/log/audit directory. Ensure that it has its own partition or logical volume. Make absolutely certain that it is large enough to store all audit logs that will be created by the auditing daemon. Red Hat Enterprise Linux 6 Preventing direct root login to serial port interfaces helps ensure accountability for actions taken on the system using the root account. Red Hat Enterprise Linux 6 The RPM package abrt should be removed. Red Hat Enterprise Linux 6 Audit rules should capture information about session initiation. Red Hat Enterprise Linux 6 The grub.conf file should be owned by the root group. By default, this file is located at /boot/grub/grub.conf or, for EFI systems, at /boot/efi/EFI/redhat/grub.conf Red Hat Enterprise Linux 6 Fedora 20 The prelinking feature can interfere with the operation of checksum integrity tools (e.g. AIDE), mitigates the protection provided by ASLR, and requires additional CPU cycles by software upgrades. Red Hat Enterprise Linux 6 The RPM package screen should be installed. Red Hat Enterprise Linux 6 The password ocredit should meet minimum requirements using pam_cracklib Red Hat Enterprise Linux 6 The grub boot loader should have password protection enabled. Red Hat Enterprise Linux 6 The RPM package cyrus-sasl should be removed. Red Hat Enterprise Linux 6 The grub.conf file should be owned by the root user. By default, this file is located at /boot/grub/grub.conf or, for EFI systems, at /boot/efi/EFI/redhat/grub.conf Red Hat Enterprise Linux 6 The password minclass should meet minimum requirements using pam_cracklib Red Hat Enterprise Linux 6 Preventing direct root login to virtual console devices helps ensure accountability for actions taken on the system using the root account. Red Hat Enterprise Linux 6 Look for argument audit=1 in the kernel line in /etc/grub.conf. Red Hat Enterprise Linux 6 The RPM package postfix should be installed. Red Hat Enterprise Linux 6 Require samba clients which use smb.conf, such as smbclient, to use packet signing. A Samba client should only communicate with servers who can support SMB packet signing. Red Hat Enterprise Linux 6 The changing of file permissions and attributes should be audited. Red Hat Enterprise Linux 6 The RPM package nfs-utils should be removed. Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 The requirement for a password to boot into single-user mode should be configured correctly. Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 SSH host-based authentication should be disabled. Red Hat Enterprise Linux 6 action_mail_acct setting in /etc/audit/auditd.conf is set to a certain account Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 This test makes sure that /etc/passwd is owned by 0, group owned by 0, and has mode 0644 (or stronger). If the target file or directory has an extended ACL then it will fail the mode check. Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 The password hashing algorithm should be set correctly in /etc/pam.d/system-auth. Red Hat Enterprise Linux 6 The rhnsd service should be disabled if possible. Red Hat Enterprise Linux 6 The password difok should meet minimum requirements using pam_cracklib Red Hat Enterprise Linux 6 SSL capabilities should be enabled for the mail server. Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 The OpenSSH daemon should be running protocol 2. Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 The RPM package rsh should be removed. Red Hat Enterprise Linux 6 The disable option will allow the IPv6 module to be inserted, but prevent address assignment and activation of the network stack. Red Hat Enterprise Linux 6 The kernel runtime parameter "net.ipv4.conf.default.accept_source_route" should be set to "0". Red Hat Enterprise Linux 6 The RPM package smartmontools should be removed. Red Hat Enterprise Linux 6 Core dumps for all users should be disabled Red Hat Enterprise Linux 6 The netconsole service should be disabled if possible. Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Emulation of the rsh command through the ssh server should be disabled (and dependencies are met) Red Hat Enterprise Linux 6 The changing of file permissions and attributes should be audited. Red Hat Enterprise Linux 6 The RPM package rsh-server should be removed. Red Hat Enterprise Linux 6 The portreserve service should be disabled if possible. Red Hat Enterprise Linux 6 The ability for users to perform interactive startups should be disabled. Red Hat Enterprise Linux 6 All files with setgid should be owned by a base system package Red Hat Enterprise Linux 6 The RPM package dbus should be removed. Red Hat Enterprise Linux 6 The .netrc files contain login information used to auto-login into FTP servers and reside in the user's home directory. Any .netrc files should be removed. Red Hat Enterprise Linux 6 The RPM package cronie should be installed. Red Hat Enterprise Linux 6 Audit rules about the Information on the Use of Privileged Commands are enabled Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 This test makes sure that /etc/shadow is owned by 0, group owned by 0, and has mode 0000. If the target file or directory has an extended ACL then it will fail the mode check. Red Hat Enterprise Linux 6 Record attempts to alter time through clock_settime. Red Hat Enterprise Linux 6 The acpid service should be disabled if possible. Red Hat Enterprise Linux 6 The RPM package xorg-x11-server-common should be removed. Red Hat Enterprise Linux 6 max_log_file_action setting in /etc/audit/auditd.conf is set to a certain action Red Hat Enterprise Linux 6 The password dcredit should meet minimum requirements using pam_cracklib Red Hat Enterprise Linux 6 The psacct service should be enabled if possible. Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 The passwords to remember should be set correctly. Red Hat Enterprise Linux 6 The avahi-daemon service should be disabled if possible. Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 The /tmp directory is a world-writable directory used for temporary file storage. Verify that it has its own partition or logical volume. Red Hat Enterprise Linux 6 The mdmonitor service should be disabled if possible. Red Hat Enterprise Linux 6 admin_space_left_action setting in /etc/audit/auditd.conf is set to a certain action Red Hat Enterprise Linux 6 The RPM package samba-common should be removed. Red Hat Enterprise Linux 6 The RPM package vsftpd should be removed. Red Hat Enterprise Linux 6 The changing of file permissions and attributes should be audited. Red Hat Enterprise Linux 6 The saslauthd service should be disabled if possible. Red Hat Enterprise Linux 6 max_log_file setting in /etc/audit/auditd.conf is set to at least a certain value Red Hat Enterprise Linux 6 The kernel module jffs2 should be disabled. Red Hat Enterprise Linux 6 The changing of file permissions and attributes should be audited. Red Hat Enterprise Linux 6 Enable the GUI warning banner. Red Hat Enterprise Linux 6 The ip6tables service should be enabled if possible. Red Hat Enterprise Linux 6 The RPM package talk-server should be removed. Red Hat Enterprise Linux 6 The changing of file permissions and attributes should be audited. Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 This test makes sure that /etc/gshadow is owned by 0, group owned by 0, and has mode 0000. If the target file or directory has an extended ACL then it will fail the mode check. Red Hat Enterprise Linux 6 Record attempts to alter time through settimeofday. Red Hat Enterprise Linux 6 space_left_action setting in /etc/audit/auditd.conf is set to a certain action Red Hat Enterprise Linux 6 rsyslogd should reject remote messages Red Hat Enterprise Linux 6 It can be dangerous to allow the execution of binaries from world-writable temporary storage directories such as /dev/shm. The noexec mount option prevents binaries from being executed out of /dev/shm. Red Hat Enterprise Linux 6 The RPM package xinetd should be removed. Red Hat Enterprise Linux 6 The RPM package openswan should be installed. Red Hat Enterprise Linux 6 The system's default desktop environment, GNOME, uses a number of different thumbnailer programs to generate thumbnails for any new or modified content in an opened folder. Disable the execution of these thumbnail applications within GNOME. Red Hat Enterprise Linux 6 File permissions for /boot/grub/grub.conf should be set to 0600 (or stronger). Red Hat Enterprise Linux 6 The rpcgssd service should be disabled if possible. Red Hat Enterprise Linux 6 The RPM package subscription-manager should be removed. Red Hat Enterprise Linux 6 The nfslock service should be disabled if possible. Red Hat Enterprise Linux 6 The RPM package psacct should be installed. Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 The /etc/group file should be owned by the appropriate user. Red Hat Enterprise Linux 6 The /var/tmp directory should be bind mounted to /tmp in order to consolidate temporary storage into one location protected by the same techniques as /tmp. Fedora 19 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Checks that /lib, /lib64, /usr/lib, /usr/lib64, /lib/modules, and objects therein, are not group-writable or world-writable. This will enumerate all files on local partitions /etc/sysctl.conf ^[\s]*kernel.randomize_va_space[\s]*=[\s]*2*$ 1 kernel.randomize_va_space /etc/grub.conf ^[\s]*kernel[\s]+.*(selinux|enforcing)=0.*$ 1 /tmp gdm /etc/libuser.conf ^[\s]*crypt_style[\s]+=[\s]+(?i)sha512[\s]*$ 1 /etc/bashrc ^[\s]*umask[\s]+([^#\s]*) 1 /etc/sysctl.conf ^[\s]*net.ipv4.conf.all.log_martians[\s]*=[\s]*1*$ 1 net.ipv4.conf.all.log_martians /etc/passwd iptables /boot/grub grub.conf GConf2 /etc/modprobe.d ^.*\.conf$ ^\s*install\s+bluetooth\s+/bin/false$ 1 /etc/modprobe.d ^.*\.conf$ ^\s*install\s+net-pf-31\s+/bin/false$ 1 /etc/ssh/sshd_config ^[\s]*(?i)ClientAliveInterval[\s]+(\d+)[\s]*(?:|(?:#.*))?$ 1 /etc/logwatch/conf logwatch.conf ^[\s]SplitHosts[\s]*=[\s]*yes[\s]*$ 1 /etc/fstab ^\s*([/\w]*)\s+.*,?nosuid,?.*$ 0 /etc/httpd/conf rpcsvcgssd 0 rpcsvcgssd 1 rpcsvcgssd 2 rpcsvcgssd 3 rpcsvcgssd 4 rpcsvcgssd 5 rpcsvcgssd 6 ^\/(|s)bin|^\/usr\/(|local\/)(|s)bin ^.*$ oval:ssg:ste:2190 oval:ssg:ste:2191 /etc/sysctl.conf ^[\s]*net.ipv6.conf.default.accept_ra[\s]*=[\s]*0*$ 1 net.ipv6.conf.default.accept_ra /etc/pam.d/system-auth ^[\s]*password[\s]+(?:(?:required)|(?:requisite))[\s]+[\w_\.\-=\s]+[\s]ucredit=(-?\d+)(?:[\s]|$) 1 /etc/pam.d/system-auth ^\s*session\s+(required|requisite)?\s+pam_lastlog.so[\s\w\d\=]+showfailed 1 /etc/gconf/gconf.xml.mandatory/apps/nautilus/preferences/%gconf.xml /gconf/entry[@name='media_automount']/@value /etc/gconf/gconf.xml.mandatory/apps/nautilus/preferences/%gconf.xml /gconf/entry[@name='media_autorun_never']/@value /etc/fstab ^\s*([/\w]*)\s+.*,?nodev,?.*$ 0 /etc/shadow abrtd 0 abrtd 1 abrtd 2 abrtd 3 abrtd 4 abrtd 5 abrtd 6 /etc/yum.repos.d .* ^\s*gpgcheck\s*=\s*0\s*$ 1 /etc/sysconfig/network ^[\s]*NOZEROCONF[\s]*=[\s]*yes 1 netfs 0 netfs 1 netfs 2 netfs 3 netfs 4 netfs 5 netfs 6 /root ^\.(r|s)hosts$ /home ^\.(r|s)hosts$ /etc ^s?hosts\.equiv$ /etc/pam.d/system-auth ^[\s]*password[\s]+(?:(?:required)|(?:requisite))[\s]+[\w_\.\-=\s]+[\s]lcredit=(-?\d+)(?:[\s]|$) 1 /etc/audit/audit.rules ^\-a\s+always,exit\s+(\-F\s+arch=(b64|b32)\s+)?\-S\s+mount\s+\-F\s+auid>=500\s+\-F\s+auid!=4294967295\s+\-k\s+[-\w]+\s*$ 1 rsyslog / oval:ssg:ste:1320 /proc/net/wireless ^\s*[-\w]+: 1 /etc/group haldaemon 0 haldaemon 1 haldaemon 2 haldaemon 3 haldaemon 4 haldaemon 5 haldaemon 6 ntp /etc/audit/audit.rules ^\-e\s+2\s*$ 1 /etc/login.defs ^[\s]*ENCRYPT_METHOD[\s]+SHA512[\s]*$ 1 /etc/sysctl.conf ^[\s]*net.ipv4.icmp_ignore_bogus_error_responses[\s]*=[\s]*1*$ 1 net.ipv4.icmp_ignore_bogus_error_responses ypbind 0 ypbind 1 ypbind 2 ypbind 3 ypbind 4 ypbind 5 ypbind 6 auditd 0 auditd 1 auditd 2 auditd 3 auditd 4 auditd 5 auditd 6 tftp 0 tftp 1 tftp 2 tftp 3 tftp 4 tftp 5 tftp 6 /etc ntp.conf ^[\s]*server[\s]+.+$ 1 irqbalance /etc/modprobe.d ^.*\.conf$ ^\s*install\s+udf\s+(/bin/false|/bin/true)$ 1 /etc/modprobe.conf ^\s*install\s+udf\s+(/bin/false|/bin/true)$ 1 /etc/pam.d system-auth ^\s*auth\s+(?:(?:required))\s+pam_faillock\.so.*unlock_time=([0-9]*).*$ 1 /etc/pam.d password-auth ^\s*auth\s+(?:(?:sufficient)|(?:\[default=die\]))\s+pam_faillock\.so.*unlock_time=([0-9]*).*$ 1 irqbalance 0 irqbalance 1 irqbalance 2 irqbalance 3 irqbalance 4 irqbalance 5 irqbalance 6 rhsmcertd 0 rhsmcertd 1 rhsmcertd 2 rhsmcertd 3 rhsmcertd 4 rhsmcertd 5 rhsmcertd 6 /etc/modprobe.d ^.*\.conf$ ^\s*install\s+freevxfs\s+(/bin/false|/bin/true)$ 1 /etc/modprobe.conf ^\s*install\s+freevxfs\s+(/bin/false|/bin/true)$ 1 /etc/sysctl.conf ^[\s]*net.ipv4.icmp_echo_ignore_broadcasts[\s]*=[\s]*1*$ 1 net.ipv4.icmp_echo_ignore_broadcasts /etc/sysconfig/network-scripts ifcfg-.* ^IPV6_DEFAULTGW=.+$ 1 bind iptables-ipv6 /etc/audit audit.rules ^[\s]*-w[\s]+\/etc\/localtime[\s]+-p[\s]+\b([rx]*w[rx]*a[rx]*|[rx]*a[rx]*w[rx]*)\b.*-k[\s]+[\S]+[\s]*$ 1 /etc/cups/cupsd.conf ^[\s]*Port[\s]+(\d)+ 1 /etc/cups/cupsd.conf ^[\s]*Listen[\s]+(?:localhost|127\.0\.0\.1|::1):(\d)+ 1 ^\/(|s)bin|^\/usr\/(|local\/)(|s)bin oval:ssg:ste:2193 ^\/(|s)bin|^\/usr\/(|local\/)(|s)bin ^.*$ oval:ssg:ste:2193 /etc/xinetd.d/rlogin ^\s*disable\s+=\s+yes\s*$ 1 kdump 0 kdump 1 kdump 2 kdump 3 kdump 4 kdump 5 kdump 6 smb 0 smb 1 smb 2 smb 3 smb 4 smb 5 smb 6 httpd /etc/audit/audit.rules ^\-w\s+/etc/group\s+\-p\s+wa\s+\-k\s+\w+\s*$ 1 /etc/audit/audit.rules ^\-w\s+/etc/passwd\s+\-p\s+wa\s+\-k\s+\w+\s*$ 1 /etc/audit/audit.rules ^\-w\s+/etc/gshadow\s+\-p\s+wa\s+\-k\s+\w+\s*$ 1 /etc/audit/audit.rules ^\-w\s+/etc/shadow\s+\-p\s+wa\s+\-k\s+\w+\s*$ 1 /etc/audit/audit.rules ^\-w\s+/etc/security/opasswd\s+\-p\s+wa\s+\-k\s+\w+\s*$ 1 /etc/cups/cupsd.conf ^[\s]*Browsing[\s]+(?:Off|No) 1 /etc/cups/cupsd.conf ^[\s]*BrowseAllow[\s]+(?:none) 1 restorecond 0 restorecond 1 restorecond 2 restorecond 3 restorecond 4 restorecond 5 restorecond 6 /etc netconfig ^udp6\s+tpi_clts\s+v\s+inet6\s+udp\s+-\s+-$ 1 /etc netconfig ^tcp6\s+tpi_cots_ord\s+v\s+inet6\s+tcp\s+-\s+-$ 1 smartd 0 smartd 1 smartd 2 smartd 3 smartd 4 smartd 5 smartd 6 .* .* oval:ssg:ste:2194 .* .* oval:ssg:ste:2195 .* .* oval:ssg:ste:2196 /etc/sysconfig/network-scripts ifcfg-.* ^[\s]*BOOTPROTO[\s]*=[\s"]*([^#"\s]*) 1 PATH oval:ssg:ste:2199 oval:ssg:ste:2200 /etc/sysctl.conf ^[\s]*net.ipv4.conf.default.accept_redirects[\s]*=[\s]*0*$ 1 net.ipv4.conf.default.accept_redirects / .* oddjobd 0 oddjobd 1 oddjobd 2 oddjobd 3 oddjobd 4 oddjobd 5 oddjobd 6 /etc/sysconfig iptables ^[\s]*:INPUT\sDROP\s\[0:0\] 1 /etc/sysconfig iptables ^[\s]*:INPUT\ACCEPT\s\[0:0\] 1 sysstat /var/log .*log /var/log/audit ^.*$ oval:ssg:ste:1468 /dev/shm sshd 0 sshd 1 sshd 2 sshd 3 sshd 4 sshd 5 sshd 6 httpd 0 httpd 1 httpd 2 httpd 3 httpd 4 httpd 5 httpd 6 /dev ^.*$ oval:ssg:ste:1488 cups /etc/group named 0 named 1 named 2 named 3 named 4 named 5 named 6 ntpd 0 ntpd 1 ntpd 2 ntpd 3 ntpd 4 ntpd 5 ntpd 6 kexec-tools /etc/sysctl.conf ^[\s]*net.ipv4.conf.all.rp_filter[\s]*=[\s]*1*$ 1 net.ipv4.conf.all.rp_filter /etc/modprobe.d ^.*\.conf$ ^\s*install\s+tipc\s+(/bin/false|/bin/true)$ 1 /etc/modprobe.conf ^\s*install\s+tipc\s+(/bin/false|/bin/true)$ 1 audit xinetd 0 xinetd 1 xinetd 2 xinetd 3 xinetd 4 xinetd 5 xinetd 6 /etc/ssh/sshd_config ^[\s]*(?i)PermitUserEnvironment(?-i)[\s]+no[\s]*(?:|(?:#.*))?$ 1 rpcidmapd 0 rpcidmapd 1 rpcidmapd 2 rpcidmapd 3 rpcidmapd 4 rpcidmapd 5 rpcidmapd 6 /etc/sysctl.conf ^[\s]*net.ipv4.conf.default.rp_filter[\s]*=[\s]*1*$ 1 net.ipv4.conf.default.rp_filter /tmp /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*-S[\s]+fremovexattr[\s]+)(?:.*-F\s+auid>=500[\s]+)(?:.*-F\s+auid!=4294967295[\s]+).*-k[\s]+[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*-S[\s]+fremovexattr[\s]+)(?:.*-F\s+auid>=500[\s]+)(?:.*-F\s+auid!=4294967295[\s]+).*-k[\s]+[\S]+[\s]*$ 1 /etc/modprobe.d ^.*\.conf$ ^\s*install\s+hfs\s+(/bin/false|/bin/true)$ 1 /etc/modprobe.conf ^\s*install\s+hfs\s+(/bin/false|/bin/true)$ 1 /var/log/httpd qpidd 0 qpidd 1 qpidd 2 qpidd 3 qpidd 4 qpidd 5 qpidd 6 /dev/shm /etc/ssh/sshd_config ^[\s]*(?i)ClientAliveCountMax[\s]+([\d]+)[\s]*(?:|(?:#.*))?$ 1 /etc/yum.conf ^\s*gpgcheck\s*=\s*1\s*$ 1 /var/log /etc/login.defs ^[\s]*UMASK[\s]+([^#\s]*) 1 /etc/pam.d .* ^[^#].*pam_ldap.so[\s]*.*$ 1 ^.*$ oval:ssg:ste:1561 /etc/gshadow /etc/selinux/config ^[\s]*SELINUX[\s]*=[\s]*(.*)[\s]*$ 1 telnet-server /etc/logwatch/conf logwatch.conf ^[\s]HostLimit[\s]*=[\s]*no[\s]*$ 1 openldap-servers dhcp /etc/gshadow redhat-release-workstation redhat-release-server dovecot 0 dovecot 1 dovecot 2 dovecot 3 dovecot 4 dovecot 5 dovecot 6 /etc/audit/audit.rules ^\-w\s+/sbin/insmod\s+\-p\s+x\s+\-k\s+[-\w]+\s*$ 1 /etc/audit/audit.rules ^\-w\s+/sbin/rmmod\s+\-p\s+x\s+\-k\s+[-\w]+\s*$ 1 /etc/audit/audit.rules ^\-w\s+/sbin/modprobe\s+\-p\s+x\s+\-k\s+[-\w]+\s*$ 1 /etc/audit/audit.rules ^\-a\s+always,exit\s+(\-F\s+arch=(b64|b32)\s+)?\-S\s+init_module\s+\-S\s+delete_module\s+\-k\s+[-\w]+\s*$ 1 /etc/fstab ^\s*([/\w]*)\s+.*,?noexec,?.*$ 0 oddjob /etc/login.defs ^[\s]*PASS_MIN_DAYS[\s]+(\d+)[\s]*(?:|(?:#.*))?$ 1 /etc/passwd /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*-S[\s]+fchmodat[\s]+)(?:.*-F\s+auid>=500[\s]+)(?:.*-F\s+auid!=4294967295[\s]+).*-k[\s]+[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*-S[\s]+fchmodat[\s]+)(?:.*-F\s+auid>=500[\s]+)(?:.*-F\s+auid!=4294967295[\s]+).*-k[\s]+[\S]+[\s]*$ 1 tftp /etc fstab ^[\s]*[\S]+[\s]+[\S]+[\s]+cifs[\s]+([\S]+) 1 /etc mtab ^[\s]*[\S]+[\s]+[\S]+[\s]+cifs[\s]+([\S]+) 1 net-snmp /etc/sysctl.conf ^[\s]*net.ipv4.conf.default.send_redirects[\s]*=[\s]*0*$ 1 net.ipv4.conf.default.send_redirects /etc/ssh/sshd_config ^[\s]*(?i)Banner(?-i)[\s]+/etc/issue[\s]*(?:|(?:#.*))?$ 1 nfs 0 nfs 1 nfs 2 nfs 3 nfs 4 nfs 5 nfs 6 /etc/modprobe.d ^.*\.conf$ ^\s*install\s+rds\s+(/bin/false|/bin/true)$ 1 /etc/modprobe.conf ^\s*install\s+rds\s+(/bin/false|/bin/true)$ 1 /etc/audit/audit.rules ^\-w\s+/etc/sudoers\s+\-p\s+wa\s+\-k\s+[-\w]+\s*$ 1 /etc/inittab ^[\s]*id:3:initdefault:[\s]*$ 1 /etc/login.defs ^[\s]*PASS_WARN_AGE[\s]+(\d+)[\s]*(?:|(?:#.*))?$ 1 rhnsd /etc/init.d/functions ^[\s]*umask[\s]+([^#\s]*) 1 /etc/pam.d/system-auth ^\s*auth\s+(?:(?:required))\s+pam_faillock\.so.*deny=([0-9]*).*$ 1 /etc/pam.d/password-auth ^\s*auth\s+(?:(?:sufficient)|(?:\[default=die\]))\s+pam_faillock\.so.*deny=([0-9]*).*$ 1 setroubleshoot /etc/pam.d system-auth ^\s*auth\s+(?:(?:required))\s+pam_faillock\.so.*fail_interval=([0-9]*).*$ 1 /etc/pam.d password-auth ^\s*auth\s+(?:(?:sufficient)|(?:\[default=die\]))\s+pam_faillock\.so.*fail_interval=([0-9]*).*$ 1 cpuspeed 0 cpuspeed 1 cpuspeed 2 cpuspeed 3 cpuspeed 4 cpuspeed 5 cpuspeed 6 /etc/dovecot/conf.d 10-auth.conf ^[\s]*disable_plaintext_auth[\s]*=[\s]*yes[\s]*$ 1 rsyslog 0 rsyslog 1 rsyslog 2 rsyslog 3 rsyslog 4 rsyslog 5 rsyslog 6 /etc/pam_ldap.conf ^[\s]*tls_cacertdir[\s]+(.*)$ 1 /etc/pam_ldap.conf ^[\s]*tls_cacertfile[\s]+(.*)$ 1 /etc/sysctl.conf ^[\s]*net.ipv4.ip_forward[\s]*=[\s]*0*$ 1 net.ipv4.ip_forward / ^.*$ oval:ssg:ste:2202 oval:ssg:ste:2203 oval:ssg:ste:2204 oval:ssg:ste:2205 /etc/modprobe.d ^.*\.conf$ ^\s*install\s+cramfs\s+(/bin/false|/bin/true)$ 1 /etc/modprobe.conf ^\s*install\s+cramfs\s+(/bin/false|/bin/true)$ 1 postfix 0 postfix 1 postfix 2 postfix 3 postfix 4 postfix 5 postfix 6 dhcpd /etc/pam.d/system-auth \s*nullok\s* 1 ypbind tftp-server /etc/ssh/sshd_config ^[\s]*(?i)PermitEmptyPasswords(?-i)[\s]+no[\s]*(?:|(?:#.*))?$ 1 /etc/audit/audit.rules ^\-w\s+/var/log/faillog\s+\-p\s+wa\s+\-k\s+[-\w]+\s*$ 1 /etc/audit/audit.rules ^\-w\s+/var/log/lastlog\s+\-p\s+wa\s+\-k\s+[-\w]+\s*$ 1 /etc/selinux/config ^[\s]*SELINUXTYPE[\s]*=[\s]*([^\s]*) 1 /etc/sysctl.conf ^[\s]*fs.suid_dumpable[\s]*=[\s]*0*$ 1 fs.suid_dumpable /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*-S[\s]+fchown[\s]+)(?:.*-F\s+auid>=500[\s]+)(?:.*-F\s+auid!=4294967295[\s]+).*-k[\s]+[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*-S[\s]+fchown[\s]+)(?:.*-F\s+auid>=500[\s]+)(?:.*-F\s+auid!=4294967295[\s]+).*-k[\s]+[\S]+[\s]*$ 1 /etc/fstab ^\s*[\.\w]+:[/\w]+\s+[/\w]+\s+nfs[4]?\s+(.*)$ 0 /etc/fstab ^\s*[\.\w]+:[/\w]+\s+[/\w]+\s+nfs[4]?\s+.*$ 0 crond 0 crond 1 crond 2 crond 3 crond 4 crond 5 crond 6 iptables 0 iptables 1 iptables 2 iptables 3 iptables 4 iptables 5 iptables 6 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*-S[\s]+fchownat[\s]+)(?:.*-F\s+auid>=500[\s]+)(?:.*-F\s+auid!=4294967295[\s]+).*-k[\s]+[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*-S[\s]+fchownat[\s]+)(?:.*-F\s+auid>=500[\s]+)(?:.*-F\s+auid!=4294967295[\s]+).*-k[\s]+[\S]+[\s]*$ 1 ^\/lib(|64)\/|^\/usr\/lib(|64)\/ oval:ssg:ste:2206 ^\/lib(|64)\/|^\/usr\/lib(|64)\/ ^.*$ oval:ssg:ste:2206 .* ^.*bin/.*$ oval:ssg:ste:2207 /etc/xinetd.d telnet ^\s*disable\s+=\s+yes\s*$ 1 certmonger 0 certmonger 1 certmonger 2 certmonger 3 certmonger 4 certmonger 5 certmonger 6 at cgconfig 0 cgconfig 1 cgconfig 2 cgconfig 3 cgconfig 4 cgconfig 5 cgconfig 6 /etc/gconf/gconf.xml.mandatory/apps/gnome-screensaver/%gconf.xml /gconf/entry[@name='mode']/stringvalue[1]/text() openssh-server /etc/gconf/gconf.xml.mandatory/apps/gnome-screensaver/%gconf.xml /gconf/entry[@name='idle_activation_enabled']/@value /etc/sysctl.conf ^[\s]*net.ipv6.conf.default.accept_redirects[\s]*=[\s]*0*$ 1 net.ipv6.conf.default.accept_redirects telnet mcstrans /etc/csh.cshrc ^[\s]*umask[\s]+([^#\s]*) 1 /etc/login.defs ^[\s]*PASS_MAX_DAYS[\s]+(\d+)[\s]*(?:|(?:#.*))?$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*-S[\s]+lchown[\s]+)(?:.*-F\s+auid>=500[\s]+)(?:.*-F\s+auid!=4294967295[\s]+).*-k[\s]+[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*-S[\s]+lchown[\s]+)(?:.*-F\s+auid>=500[\s]+)(?:.*-F\s+auid!=4294967295[\s]+).*-k[\s]+[\S]+[\s]*$ 1 /home squid /etc/audit/audit.rules ^\-a\s+always,exit\s+(\-F\s+arch=(b64|b32)\s+)?\-S\s+sethostname\s+\-S\s+setdomainname\s+\-k\s+[-\w]+\s*$ 1 /etc/audit/audit.rules ^\-w\s+/etc/issue\s+\-p\s+wa\s+\-k\s+[-\w]+\s*$ 1 /etc/audit/audit.rules ^\-w\s+/etc/issue\.net\s+\-p\s+wa\s+\-k\s+[-\w]+\s*$ 1 /etc/audit/audit.rules ^\-w\s+/etc/hosts\s+\-p\s+wa\s+\-k\s+[-\w]+\s*$ 1 /etc/audit/audit.rules ^\-w\s+/etc/sysconfig/network\s+\-p\s+wa\s+\-k\s+[-\w]+\s*$ 1 /etc/modprobe.d ^.*\.conf$ ^\s*install\s+hfsplus\s+(/bin/false|/bin/true)$ 1 /etc/modprobe.conf ^\s*install\s+hfsplus\s+(/bin/false|/bin/true)$ 1 /etc/passwd ^(?!root:)[^:]*:[^:]*:0 1 /etc/pam.d/system-auth ^\s*password\s+(?:(?:required)|(?:requisite))\s+pam_cracklib\.so.*retry=([0-9]*).*$ 1 /etc/rsyslog.conf ^\*\.\*[\s]+(?:@|\:omrelp\:) 1 /etc/rsyslog.d .* ^\*\.\*[\s]+(?:@|\:omrelp\:) 1 /etc/security/limits.conf ^[\s]*\*[\s]+(?:(?:hard)|(?:-))[\s]+maxlogins[\s]+(\d+)\s*$ 1 /etc/audit/audit.rules ^\-a\s+always,exit\s+(\-F\s+arch=(b64|b32)\s+)?\-S\s+creat\s+\-S\s+open\s+\-S\s+openat\s+\-S\s+truncate\s+\-S\s+ftruncate\s+\-F\s+exit=\-EACCES\s+\-F\s+auid>=500\s+\-F\s+auid!=4294967295\s+\-k\s+[-\w]+\s*$ 1 /etc/audit/audit.rules ^\-a\s+always,exit\s+(\-F\s+arch=(b64|b32)\s+)?\-S\s+creat\s+\-S\s+open\s+\-S\s+openat\s+\-S\s+truncate\s+\-S\s+ftruncate\s+\-F\s+exit=\-EPERM\s+\-F\s+auid>=500\s+\-F\s+auid!=4294967295\s+\-k\s+[-\w]+\s*$ 1 policycoreutils /etc/sysconfig/network-scripts ifcfg-.* ^IPV6ADDR=.+$ 1 dovecot vsftpd /etc/modprobe.d ^.*\.conf$ ^\s*install\s+usb-storage\s+(/bin/false|/bin/true)$ 1 /etc/modprobe.conf ^\s*install\s+usb-storage\s+(/bin/false|/bin/true)$ 1 /etc/profile ^[\s]*umask[\s]+([^#\s]*) 1 /etc/sysctl.conf ^[\s]*net.ipv4.conf.all.send_redirects[\s]*=[\s]*0*$ 1 net.ipv4.conf.all.send_redirects PATH atd 0 atd 1 atd 2 atd 3 atd 4 atd 5 atd 6 /etc/modprobe.d ^.*\.conf$ ^\s*install\s+sctp\s+(/bin/false|/bin/true)$ 1 /etc/modprobe.conf ^\s*install\s+sctp\s+(/bin/false|/bin/true)$ 1 ypserv /etc/issue 1 iputils /home oval:ssg:ste:1785 qpid-cpp-server /etc/xinetd.d/rsh ^\s*disable\s+=\s+yes\s*$ 1 /etc/ssh/sshd_config ^[\s]*(?i)PermitRootLogin(?-i)[\s]+yes[\s]*(?:|(?:#.*))?$ 1 / oval:ssg:ste:1790 cgred 0 cgred 1 cgred 2 cgred 3 cgred 4 cgred 5 cgred 6 /etc/gconf/gconf.xml.mandatory/apps/gnome-screensaver/%gconf.xml /gconf/entry[@name='lock_enabled']/@value /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*-S[\s]+setxattr[\s]+)(?:.*-F\s+auid>=500[\s]+)(?:.*-F\s+auid!=4294967295[\s]+).*-k[\s]+[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*-S[\s]+setxattr[\s]+)(?:.*-F\s+auid>=500[\s]+)(?:.*-F\s+auid!=4294967295[\s]+).*-k[\s]+[\S]+[\s]*$ 1 gpg-pubkey pam_ldap hal /etc/fstab ^\s*[\.\w]+:[/\w]+\s+[/\w]+\s+nfs[4]?\s+(.*)$ 0 /etc/fstab ^\s*[\.\w]+:[/\w]+\s+[/\w]+\s+nfs[4]?\s+.*$ 0 /etc/audit/auditd.conf ^[ ]*num_logs[ ]+=[ ]+(\d+)[ ]*$ 1 /etc/sysctl.conf ^[\s]*net.ipv4.conf.all.accept_redirects[\s]*=[\s]*0*$ 1 net.ipv4.conf.all.accept_redirects rdisc 0 rdisc 1 rdisc 2 rdisc 3 rdisc 4 rdisc 5 rdisc 6 /etc grub.conf ^\s*kernel\s/vmlinuz.*nousb.*$ 1 /etc/sysctl.conf ^[\s]*net.ipv4.tcp_syncookies[\s]*=[\s]*1*$ 1 net.ipv4.tcp_syncookies /etc/modprobe.d ^.*\.conf$ ^\s*install\s+squashfs\s+(/bin/false|/bin/true)$ 1 /etc/modprobe.conf ^\s*install\s+squashfs\s+(/bin/false|/bin/true)$ 1 /etc/gconf/gconf.xml.mandatory/desktop/gnome/session/%gconf.xml /gconf/entry[@name='idle_delay']/@value / ^.*$ oval:ssg:ste:2209 oval:ssg:ste:2210 ntpdate 0 ntpdate 1 ntpdate 2 ntpdate 3 ntpdate 4 ntpdate 5 ntpdate 6 cups 0 cups 1 cups 2 cups 3 cups 4 cups 5 cups 6 /etc/passwd ^[^:]+:[^:]+:([\d]+):[\d]+:[^:]*:[^:]+:[^:]*$ 1 / .* oval:ssg:ste:2212 /var ^/\w.*$ oval:ssg:ste:1852 mdadm squid 0 squid 1 squid 2 squid 3 squid 4 squid 5 squid 6 bluetooth 0 bluetooth 1 bluetooth 2 bluetooth 3 bluetooth 4 bluetooth 5 bluetooth 6 /tmp /etc/xinetd.d/rexec ^\s*disable\s+=\s+yes\s*$ 1 sysstat 0 sysstat 1 sysstat 2 sysstat 3 sysstat 4 sysstat 5 sysstat 6 messagebus 0 messagebus 1 messagebus 2 messagebus 3 messagebus 4 messagebus 5 messagebus 6 portreserve /etc/passwd ^(?!root).*:x:[\d]*:0*([0-9]{1,2}|[1-4][0-9]{2}):[^:]*:[^:]*:(?!\/sbin\/nologin|\/bin\/sync|\/sbin\/shutdown|\/sbin\/halt).*$ 1 libcgroup /etc/sysctl.conf ^[\s]*kernel.exec-shield[\s]*=[\s]*1*$ 1 kernel.exec-shield /etc/sysconfig/network-scripts ifcfg-.* ^IPV6_PRIVACY=rfc3041$ 1 /etc/sysctl.conf ^[\s]*kernel.dmesg_restrict[\s]*=[\s]*1*$ 1 kernel.dmesg_restrict snmpd 0 snmpd 1 snmpd 2 snmpd 3 snmpd 4 snmpd 5 snmpd 6 .* /etc/httpd/conf ^.*$ aide /etc/sysctl.conf ^[\s]*net.ipv4.conf.default.secure_redirects[\s]*=[\s]*0*$ 1 net.ipv4.conf.default.secure_redirects /etc/postfix main.cf ^[\s]*smtpd_banner[\s]*=[\s]*\$myhostname[\s]+ESMTP[\s]*$ 1 /etc/sysctl.conf ^[\s]*net.ipv4.conf.all.secure_redirects[\s]*=[\s]*0*$ 1 net.ipv4.conf.all.secure_redirects quota_nld 0 quota_nld 1 quota_nld 2 quota_nld 3 quota_nld 4 quota_nld 5 quota_nld 6 /etc/pam_ldap.conf ^[\s]*ssl[\s]+start_tls[\s]*$ 1 /etc/sysconfig iptables ^-A INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT$ 1 /etc/sysconfig ip6tables ^-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT$ 1 cpuspeed dhcpd 0 dhcpd 1 dhcpd 2 dhcpd 3 dhcpd 4 dhcpd 5 dhcpd 6 autofs 0 autofs 1 autofs 2 autofs 3 autofs 4 autofs 5 autofs 6 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*-S[\s]+fsetxattr[\s]+)(?:.*-F\s+auid>=500[\s]+)(?:.*-F\s+auid!=4294967295[\s]+).*-k[\s]+[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*-S[\s]+fsetxattr[\s]+)(?:.*-F\s+auid>=500[\s]+)(?:.*-F\s+auid!=4294967295[\s]+).*-k[\s]+[\S]+[\s]*$ 1 /etc/audit audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+arch=b32.*-S[\s]+adjtimex[\s]+.*-k[\s]+[\S]+[\s]*$ 1 /etc/audit audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+arch=b64.*-S[\s]+adjtimex[\s]+.*-k[\s]+[\S]+[\s]*$ 1 /etc/modprobe.d ^.*\.conf$ ^\s*install\s+dccp\s+(/bin/false|/bin/true)$ 1 /etc/modprobe.conf ^\s*install\s+dccp\s+(/bin/false|/bin/true)$ 1 vsftpd 0 vsftpd 1 vsftpd 2 vsftpd 3 vsftpd 4 vsftpd 5 vsftpd 6 /etc/xinetd.d/tftp ^[\s]*server_args[\s]+=[\s]+\-s[\s]+.+$ 1 /var/log/audit oval:ssg:ste:2213 /var/log/audit ^.*$ oval:ssg:ste:2213 /etc/audit/audit.rules ^\-a\s+always,exit\s+(\-F\s+arch=(b64|b32)\s+)?\-S\s+rmdir\s+\-S\s+unlink\s+\-S\s+unlinkat\s+\-S\s+rename\s+\-S\s+renameat\s+\-F\s+auid>=500\s+\-F\s+auid!=4294967295\s+\-k\s+[-\w]+\s*$ 1 sendmail /etc/sysctl.conf ^[\s]*net.ipv4.conf.all.accept_source_route[\s]*=[\s]*0*$ 1 net.ipv4.conf.all.accept_source_route /etc/audit audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+arch=b32.*-S[\s]+stime[\s]+.*-k[\s]+[\S]+[\s]*$ 1 quota /etc/audit/audit.rules ^\-w\s+/etc/selinux/\s+\-p\s+wa\s+\-k\s+[-\w]+\s*$ 1 /etc/shadow /etc/default/useradd ^\s*INACTIVE\s*=\s*(\d+)\s*$ 1 /etc/login.defs ^[\s]*PASS_MIN_LEN[\s]+(\d+)[\s]*(?:|(?:#.*))?$ 1 /etc/ssh/sshd_config ^[\s]*(?i)Ciphers(?-i)[\s]+aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc[\s]*(?:|(?:#.*))?$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*-S[\s]+chmod[\s]+)(?:.*-F\s+auid>=500[\s]+)(?:.*-F\s+auid!=4294967295[\s]+).*-k[\s]+[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*-S[\s]+chmod[\s]+)(?:.*-F\s+auid>=500[\s]+)(?:.*-F\s+auid!=4294967295[\s]+).*-k[\s]+[\S]+[\s]*$ 1 /etc/postfix main.cf ^[\s]*inet_interfaces[\s]*=[\s]*localhost[\s]*$ 1 /var/log/audit /etc securetty ^ttyS[0-9]+$ 1 abrt /etc/audit/audit.rules ^\-w\s+/var/run/utmp\s+\-p\s+wa\s+\-k\s+[-\w]+\s*$ 1 /etc/audit/audit.rules ^\-w\s+/var/log/btmp\s+\-p\s+wa\s+\-k\s+[-\w]+\s*$ 1 /etc/audit/audit.rules ^\-w\s+/var/log/wtmp\s+\-p\s+wa\s+\-k\s+[-\w]+\s*$ 1 /boot/grub/grub.conf /boot/efi/EFI/redhat/grub.conf /etc/sysconfig/prelink ^[\s]*PRELINKING=no[\s]* 1 screen /etc/pam.d/system-auth ^[\s]*password[\s]+(?:(?:required)|(?:requisite))[\s]+[\w_\.\-=\s]+[\s]ocredit=(-?\d+)(?:[\s]|$) 1 /etc grub.conf ^[\s]*password[\s]+--encrypted[\s]+.* 1 cyrus-sasl /boot/grub/grub.conf /boot/efi/EFI/redhat/grub.conf /etc/pam.d system-auth ^[\s]*password[\s]+(?:(?:required)|(?:requisite))[\s]+[\w_\.\-=\s]+[\s]minclass=(-?\d+)(?:[\s]|$) 1 /etc/securetty ^vc/[0-9]+$ 1 /etc grub.conf ^\s*kernel\s/vmlinuz.*audit=1.*$ 1 postfix /etc/samba smb.conf ^[\s]*client[\s]+signing[\s]*=[\s]*mandatory 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*-S[\s]+removexattr[\s]+)(?:.*-F\s+auid>=500[\s]+)(?:.*-F\s+auid!=4294967295[\s]+).*-k[\s]+[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*-S[\s]+removexattr[\s]+)(?:.*-F\s+auid>=500[\s]+)(?:.*-F\s+auid!=4294967295[\s]+).*-k[\s]+[\S]+[\s]*$ 1 nfs-utils /etc/sysconfig/init ^SINGLE=/sbin/sulogin[\s]* 1 /etc/ssh/sshd_config ^[\s]*(?i)HostbasedAuthentication(?-i)[\s]+yes[\s]*(?:|(?:#.*))?$ 1 /etc/audit/auditd.conf ^[ ]*action_mail_acct[ ]+=[ ]+(\S+)[ ]*$ 1 /etc/passwd /etc/pam.d/system-auth ^[\s]*password[\s]+sufficient[\s]+pam_unix\.so[\s]+.*sha512.*$ 1 rhnsd 0 rhnsd 1 rhnsd 2 rhnsd 3 rhnsd 4 rhnsd 5 rhnsd 6 /etc/pam.d system-auth ^[\s]*password[\s]+(?:(?:required)|(?:requisite))[\s]+[\w_\.\-=\s]+[\s]difok=(-?\d+)(?:[\s]|$) 1 /etc/dovecot/conf.d 10-ssl.conf ^[\s]*ssl[\s]*=[\s]*yes[\s]*$ 1 /etc/ssh/sshd_config ^[\s]*(?i)Protocol[\s]+2[\s]*(?:|(?:#.*))?$ 1 rsh /etc/modprobe.d ^.*\.conf$ ^\s*options\s+ipv6\s+.*disable=1.*$ 1 /etc/sysctl.conf ^[\s]*net.ipv4.conf.default.accept_source_route[\s]*=[\s]*0*$ 1 net.ipv4.conf.default.accept_source_route smartmontools /etc/security/limits.conf ^[\s]*\*[\s]+hard[\s]+core[\s]+([\d]+) 1 netconsole 0 netconsole 1 netconsole 2 netconsole 3 netconsole 4 netconsole 5 netconsole 6 /etc/ssh/sshd_config ^[\s]*(?i)IgnoreRhosts(?-i)[\s]+no[\s]*(?:|(?:#.*))?$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*-S[\s]+lremovexattr[\s]+)(?:.*-F\s+auid>=500[\s]+)(?:.*-F\s+auid!=4294967295[\s]+).*-k[\s]+[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*-S[\s]+lremovexattr[\s]+)(?:.*-F\s+auid>=500[\s]+)(?:.*-F\s+auid!=4294967295[\s]+).*-k[\s]+[\S]+[\s]*$ 1 rsh-server portreserve 0 portreserve 1 portreserve 2 portreserve 3 portreserve 4 portreserve 5 portreserve 6 /etc/sysconfig/init ^[\s]*PROMPT=no[\s]+ 1 / ^.*$ oval:ssg:ste:2214 oval:ssg:ste:2215 dbus /home ^\.netrc$ cronie /etc/audit audit.rules ^\-a\salways,exit\s-F\spath=/bin/ping\s-F perm=x\s\-F\sauid>=500\s\-F\sauid!=4294967295\s\-k\sprivileged 1 /etc/shadow /etc/audit audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+arch=b32.*-S[\s]+clock_settime[\s]+.*-k[\s]+[\S]+[\s]*$ 1 /etc/audit audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+arch=b64.*-S[\s]+clock_settime[\s]+.*-k[\s]+[\S]+[\s]*$ 1 acpid 0 acpid 1 acpid 2 acpid 3 acpid 4 acpid 5 acpid 6 xorg-x11-server-common /etc/audit/auditd.conf ^[ ]*max_log_file_action[ ]+=[ ]+(\S+)[ ]*$ 1 /etc/pam.d/system-auth ^[\s]*password[\s]+(?:(?:required)|(?:requisite))[\s]+[\w_\.\-=\s]+[\s]dcredit=(-?\d+)(?:[\s]|$) 1 psacct 0 psacct 1 psacct 2 psacct 3 psacct 4 psacct 5 psacct 6 /etc/pam.d/system-auth ^\s*password\s+(?:(?:sufficient)|(?:required))\s+pam_unix\.so.*remember=([0-9]*).*$ 1 avahi-daemon 0 avahi-daemon 1 avahi-daemon 2 avahi-daemon 3 avahi-daemon 4 avahi-daemon 5 avahi-daemon 6 /tmp mdmonitor 0 mdmonitor 1 mdmonitor 2 mdmonitor 3 mdmonitor 4 mdmonitor 5 mdmonitor 6 /etc/audit/auditd.conf ^[ ]*admin_space_left_action[ ]+=[ ]+(\S+)[ ]*$ 1 samba-common vsftpd /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*-S[\s]+chown[\s]+)(?:.*-F\s+auid>=500[\s]+)(?:.*-F\s+auid!=4294967295[\s]+).*-k[\s]+[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*-S[\s]+chown[\s]+)(?:.*-F\s+auid>=500[\s]+)(?:.*-F\s+auid!=4294967295[\s]+).*-k[\s]+[\S]+[\s]*$ 1 saslauthd 0 saslauthd 1 saslauthd 2 saslauthd 3 saslauthd 4 saslauthd 5 saslauthd 6 /etc/audit/auditd.conf ^[ ]*max_log_file[ ]+=[ ]+(\d+)[ ]*$ 1 /etc/modprobe.d ^.*\.conf$ ^\s*install\s+jffs2\s+(/bin/false|/bin/true)$ 1 /etc/modprobe.conf ^\s*install\s+jffs2\s+(/bin/false|/bin/true)$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*-S[\s]+fchmod[\s]+)(?:.*-F\s+auid>=500[\s]+)(?:.*-F\s+auid!=4294967295[\s]+).*-k[\s]+[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*-S[\s]+fchmod[\s]+)(?:.*-F\s+auid>=500[\s]+)(?:.*-F\s+auid!=4294967295[\s]+).*-k[\s]+[\S]+[\s]*$ 1 /var/lib/gdm/.gconf/apps/gdm/simple-greeter/%gconf.xml /gconf/entry[@name='banner_message_enable']/@value ip6tables 0 ip6tables 1 ip6tables 2 ip6tables 3 ip6tables 4 ip6tables 5 ip6tables 6 talk-server /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*-S[\s]+lsetxattr[\s]+)(?:.*-F\s+auid>=500[\s]+)(?:.*-F\s+auid!=4294967295[\s]+).*-k[\s]+[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*-S[\s]+lsetxattr[\s]+)(?:.*-F\s+auid>=500[\s]+)(?:.*-F\s+auid!=4294967295[\s]+).*-k[\s]+[\S]+[\s]*$ 1 /etc/gshadow /etc/audit audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+arch=b32.*-S[\s]+settimeofday[\s]+.*-k[\s]+[\S]+[\s]*$ 1 /etc/audit audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+arch=b64.*-S[\s]+settimeofday[\s]+.*-k[\s]+[\S]+[\s]*$ 1 /etc/audit/auditd.conf ^[ ]*space_left_action[ ]+=[ ]+(\S+)[ ]*$ 1 /etc rsyslog.conf ^[\s]*\$(?:Input(?:TCP|RELP)|UDP)ServerRun 1 /dev/shm xinetd openswan /etc/gconf/gconf.xml.mandatory/desktop/gnome/thumbnailers/%gconf.xml /gconf/entry[@name='disable_all']/@value /boot/grub grub.conf rpcgssd 0 rpcgssd 1 rpcgssd 2 rpcgssd 3 rpcgssd 4 rpcgssd 5 rpcgssd 6 subscription-manager nfslock 0 nfslock 1 nfslock 2 nfslock 3 nfslock 4 nfslock 5 nfslock 6 psacct /etc/group /var/tmp /etc/mtab ^[\s]*/tmp[\s]+/var/tmp[\s]+.*bind.*$ 1 ^\/lib(|64)|^\/usr\/lib(|64) oval:ssg:ste:2216 oval:ssg:ste:2217 ^\/lib(|64)|^\/usr\/lib(|64) ^.*$ oval:ssg:ste:2216 oval:ssg:ste:2217 2 nodev 1 0 0 0 false false false true true false false false false false false false 0 nosuid false false false true false true false false false false true true true symbolic link 0 1 false true nodev 0 false true false true 1 false true 0 false true 1 false true true false false true true false false true 1 0 false true false true true false false true fail fail fail ^(static|none)$ true true 0 0 false true 0 true true true true true true true true true nodev false true false true unlabeled_t false false false false false false false false false true true false 1 false true false true 1 noexec false false false false false false false false false false true nosuid 0 PROMISC 0 0 unix ^6\.\d+$ ^6\.\d+$ false true noexec 0 2 sec=(krb5i|ntlmv2i) 0 false true false true true false 0 regular true ^/selinux/(?:(?:member)|(?:user)|(?:relabel)|(?:create)|(?:access)|(?:context))$ ^/proc/.*$ ^/sys/.*$ true false 0 ^.*nosuid.*$ true false true false 0 fail false true false true blank-only true 0 0 ^[:\.] :: \.\. [:\.]$ ^[^/] [^\\]:[^/] false true true true true true true true true 500 true false true true 4ae0493b fd431d51 45700c69 2fa658e0 ^.*nodev.*$ 0 false true 1 true false true false true ^/dev/.*$ nodev false true false true nosuid false true false true x86_64 1 1 false true x false false false false true false false false false false 0 0 false true false true false true false true i686 0 0 0 0 -1 0 1 0 1 0 0 false false false false false false false false false true 1 0 0 false true false true true 0 0 false false false false false false false false false false false false false true 1 true false false true false true false true true true false 0 0 false false false false false false false false false false false false noexec true false false false false false false false false true false true 0 true true symbolic link /bin/fusermount /bin/mount /bin/ping6 /bin/ping /bin/su /bin/umount /lib64/dbus-1/dbus-daemon-launch-helper /lib/dbus-1/dbus-daemon-launch-helper /sbin/mount.ecryptfs_private /sbin/mount.nfs /sbin/pam_timestamp_check /sbin/unix_chkpwd /usr/bin/abrt-action-install-debuginfo-to-abrt-cache /usr/bin/at /usr/bin/chage /usr/bin/chfn /usr/bin/chsh /usr/bin/crontab /usr/bin/gpasswd /usr/bin/kgrantpty /usr/bin/kpac_dhcp_helper /usr/bin/ksu /usr/bin/newgrp /usr/bin/newrole /usr/bin/passwd /usr/bin/pkexec /usr/bin/rcp /usr/bin/rlogin /usr/bin/rsh /usr/bin/sperl5.10.1 /usr/bin/staprun /usr/bin/sudoedit /usr/bin/sudo /usr/bin/Xorg /usr/lib64/amanda/calcsize /usr/lib64/amanda/dumper /usr/lib64/amanda/killpgrp /usr/lib64/amanda/planner /usr/lib64/amanda/rundump /usr/lib64/amanda/runtar /usr/lib64/nspluginwrapper/plugin-config /usr/lib/amanda/calcsize /usr/lib/amanda/dumper /usr/lib/amanda/killpgrp /usr/lib/amanda/planner /usr/lib/amanda/rundump /usr/lib/amanda/runtar /usr/libexec/abrt-action-install-debuginfo-to-abrt-cache /usr/libexec/spice-gtk-x86_64/spice-client-glib-usb-acl-helper /usr/libexec/mc/cons.saver /usr/libexec/openssh/ssh-keysign /usr/libexec/polkit-1/polkit-agent-helper-1 /usr/libexec/pt_chown /usr/libexec/pulse/proximity-helper /usr/lib/nspluginwrapper/plugin-config /usr/sbin/amcheck /usr/sbin/seunshare /usr/sbin/suexec /usr/sbin/userhelper /usr/sbin/usernetctl /bin/cgexec /sbin/netreport /usr/bin/crontab /usr/bin/gnomine /usr/bin/iagno /usr/bin/locate /usr/bin/lockfile /usr/bin/same-gnome /usr/bin/screen /usr/bin/ssh-agent /usr/bin/wall /usr/bin/write /usr/lib64/vte/gnome-pty-helper /usr/libexec/kde4/kdesud /usr/libexec/utempter/utempter /usr/lib/mailman/cgi-bin/admindb /usr/lib/mailman/cgi-bin/admin /usr/lib/mailman/cgi-bin/confirm /usr/lib/mailman/cgi-bin/create /usr/lib/mailman/cgi-bin/edithtml /usr/lib/mailman/cgi-bin/listinfo /usr/lib/mailman/cgi-bin/options /usr/lib/mailman/cgi-bin/private /usr/lib/mailman/cgi-bin/rmlist /usr/lib/mailman/cgi-bin/roster /usr/lib/mailman/cgi-bin/subscribe /usr/lib/mailman/mail/mailman /usr/lib/vte/gnome-pty-helper /usr/sbin/lockdev /usr/sbin/postdrop /usr/sbin/postqueue /usr/sbin/sendmail.sendmail