python
2.6.6
5.10
2011-09-21T13:44:00
Kernel Runtime Parameter "kernel.randomize_va_space" Check
Red Hat Enterprise Linux 6
The kernel runtime parameter "kernel.randomize_va_space" should be set to "2".
Enable SELinux in /etc/grub.conf
Red Hat Enterprise Linux 6
Check if selinux=0 OR enforcing=0 within /etc/grub.conf lines, fail if found.
Add nodev Option to /tmp
Red Hat Enterprise Linux 6
Legitimate character and block devices should not exist
within temporary directories like /tmp. The nodev mount option should be
specified for /tmp.
Package gdm Installed
Red Hat Enterprise Linux 6
The RPM package gdm should be installed.
Set SHA512 Password Hashing Algorithm in /etc/libuser.conf
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
The password hashing algorithm should be set correctly in /etc/libuser.conf.
Ensure that Users Have Sensible Umask Values set for bash
Red Hat Enterprise Linux 6
The default umask for users of the bash shell
Kernel Runtime Parameter "net.ipv4.conf.all.log_martians" Check
Red Hat Enterprise Linux 6
The kernel runtime parameter "net.ipv4.conf.all.log_martians" should be set to "1".
Verify group who owns 'passwd' file
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
The /etc/passwd file should be owned by the appropriate
group.
Package iptables Installed
Red Hat Enterprise Linux 6
The RPM package iptables should be installed.
Verify /boot/grub/grub.conf Permissions
Red Hat Enterprise Linux 6
This test makes sure that /boot/grub/grub.conf is owned by 0, group owned by 0, and has mode 0600. If
the target file or directory has an extended ACL then it will fail the mode check.
Package GConf2 Installed
Red Hat Enterprise Linux 6
The RPM package GConf2 should be installed.
Disable bluetooth Kernel Module
Red Hat Enterprise Linux 6
The kernel module bluetooth should be disabled.
Set OpenSSH Idle Timeout Interval
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Fedora 20
The SSH idle timeout interval should be set to an
appropriate value.
Ensure Logwatch SplitHosts Configured
Red Hat Enterprise Linux 6
Check if SplitHosts line in logwatch.conf is set appropriately.
Add nosuid Option to Removable Media Partitions
Red Hat Enterprise Linux 6
The nosuid mount option prevents set-user-identifier (suid)
and set-group-identifier (sgid) permissions from taking effect. These permissions
allow users to execute binaries with the same permissions as the owner and group
of the file respectively. Users should not be allowed to introduce suid and guid
files into the system via partitions mounted from removeable media.
Directory /etc/httpd/conf/ Permissions
Red Hat Enterprise Linux 6
Directory permissions for /etc/httpd/conf/ should be set to 0750 (or stronger).
Service rpcsvcgssd Disabled
Red Hat Enterprise Linux 6
The rpcsvcgssd service should be disabled if possible.
Verify that System Executables Have Restrictive Permissions
Fedora 19
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Checks that binary files under /bin, /sbin, /usr/bin, /usr/sbin,
/usr/local/bin, and /usr/local/sbin, are not group-writable or world-writable.
Kernel Runtime Parameter "net.ipv6.conf.default.accept_ra" Check
Red Hat Enterprise Linux 6
The kernel runtime parameter "net.ipv6.conf.default.accept_ra" should be set to "0".
Set Password ucredit Requirements
Red Hat Enterprise Linux 6
The password ucredit should meet minimum
requirements using pam_cracklib
Set Last Logon/Access Notification
Red Hat Enterprise Linux 6
Configure the system to notify users of last logon/access using pam_lastlog.
Disable GNOME Automounting
Red Hat Enterprise Linux 6
The system's default desktop environment, GNOME, will mount
devices and removable media (such as DVDs, CDs and USB flash drives)
whenever they are inserted into the system. Disable automount and autorun
within GNOME.
Add nodev Option to Removable Media Partitions
Red Hat Enterprise Linux 6
The nodev mount option prevents files from being
interpreted as character or block devices. Legitimate character and block
devices should exist in the /dev directory on the root partition or
within chroot jails built for system services. All other locations should not
allow character and block devices.
Verify group who owns 'shadow' file
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
The /etc/shadow file should be owned by the appropriate
group.
Service abrtd Disabled
Red Hat Enterprise Linux 6
The abrtd service should be disabled if possible.
Ensure gpgcheck Enabled For All Yum Package Repositories
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Ensure all yum repositories utilize signature checking.
Disable Zeroconf Networking
Red Hat Enterprise Linux 6
Disable Zeroconf automatic route assignment in the
169.254.0.0 subnet.
Service netfs Disabled
Red Hat Enterprise Linux 6
The netfs service should be disabled if possible.
No Legacy .rhosts Or hosts.equiv Files
Red Hat Enterprise Linux 6
There should not be any .rhosts or hosts.equiv files on the system.
Set Password lcredit Requirements
Red Hat Enterprise Linux 6
The password lcredit should meet minimum
requirements using pam_cracklib
Audit Information Export To Media
Red Hat Enterprise Linux 6
Audit rules that detect the mounting of filesystems should be enabled.
Package rsyslog Installed
Red Hat Enterprise Linux 6
The RPM package rsyslog should be installed.
Verify that All World-Writable Directories Have Sticky Bits Set
Red Hat Enterprise Linux 6
The sticky bit should be set for all world-writable directories.
Deactivate Wireless Interfaces
Red Hat Enterprise Linux 6
All wireless interfaces should be disabled.
Verify group who owns 'group' file
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
The /etc/group file should be owned by the appropriate
group.
Service haldaemon Disabled
Red Hat Enterprise Linux 6
The haldaemon service should be disabled if possible.
Package ntp Installed
Fedora 19
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
The RPM package ntp should be installed.
Make Audit Configuration Immutable
Red Hat Enterprise Linux 6
Force a reboot to change audit rules is
enabled
Set SHA512 Password Hashing Algorithm in /etc/login.defs
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
The password hashing algorithm should be set correctly in /etc/login.defs.
Kernel Runtime Parameter "net.ipv4.icmp_ignore_bogus_error_responses" Check
Red Hat Enterprise Linux 6
The kernel runtime parameter "net.ipv4.icmp_ignore_bogus_error_responses" should be set to "1".
Service ypbind Disabled
Red Hat Enterprise Linux 6
The ypbind service should be disabled if possible.
Service auditd Enabled
Red Hat Enterprise Linux 6
The auditd service should be enabled if possible.
Service tftp Disabled
Red Hat Enterprise Linux 6
The tftp service should be disabled if possible.
Specify a Remote NTP Server for Time Data
Red Hat Enterprise Linux 6
A remote NTP Server for time synchronization should be
specified (and dependencies are met)
Package irqbalance Installed
Red Hat Enterprise Linux 6
The RPM package irqbalance should be installed.
Disable udf Kernel Module
Red Hat Enterprise Linux 6
The kernel module udf should be disabled.
Lock out account after failed login attempts
Red Hat Enterprise Linux 6
The number of allowed failed logins should be set correctly.
Service irqbalance Enabled
Red Hat Enterprise Linux 6
The irqbalance service should be enabled if possible.
Service rhsmcertd Disabled
Red Hat Enterprise Linux 6
The rhsmcertd service should be disabled if possible.
Disable freevxfs Kernel Module
Red Hat Enterprise Linux 6
The kernel module freevxfs should be disabled.
Kernel Runtime Parameter "net.ipv4.icmp_echo_ignore_broadcasts" Check
Red Hat Enterprise Linux 6
The kernel runtime parameter "net.ipv4.icmp_echo_ignore_broadcasts" should be set to "1".
Manually Assign IPv6 Router Address
Red Hat Enterprise Linux 6
Define default gateways for IPv6 traffic
Package bind Removed
Red Hat Enterprise Linux 6
The RPM package bind should be removed.
Package iptables-ipv6 Installed
Red Hat Enterprise Linux 6
The RPM package iptables-ipv6 should be installed.
Record Attempts to Alter Time Through the Localtime File
Red Hat Enterprise Linux 6
Record attempts to alter time through /etc/localtime
Disable Printer Server if Possible
Red Hat Enterprise Linux 6
By default, locally configured printers will not be shared
over the network, but if this functionality has somehow been enabled,
these recommendations will disable it again. Be sure to disable outgoing
printer list broadcasts, or remote users will still be able to see the
locally configured printers, even if they cannot actually print to them.
To limit print serving to a particular set of users, use the Policy
directive.
Verify that System Executables Have Root Ownership
Fedora 19
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Checks that /bin, /sbin, /usr/bin, /usr/sbin, /usr/local/bin,
/usr/local/sbin, and objects therein, are owned by root.
Service rlogin Disabled
Red Hat Enterprise Linux 6
The rlogin service should be disabled if possible.
Service kdump Disabled
Red Hat Enterprise Linux 6
The kdump service should be disabled if possible.
Service smb Disabled
Red Hat Enterprise Linux 6
The smb service should be disabled if possible.
Package httpd Removed
Red Hat Enterprise Linux 6
The RPM package httpd should be removed.
Audit User/Group Information
Red Hat Enterprise Linux 6
Audit rules should detect modification to system files that hold information about users and groups.
Disable Printer Browsing Entirely if Possible
Red Hat Enterprise Linux 6
The CUPS print service can be configured to broadcast a list
of available printers to the network. Other machines on the network, also
running the CUPS print service, can be configured to listen to these
broadcasts and add and configure these printers for immediate use. By
disabling this browsing capability, the machine will no longer generate
or receive such broadcasts.
Service restorecond Enabled
Red Hat Enterprise Linux 6
The restorecond service should be enabled if possible.
Disable Support for RPC IPv6
Red Hat Enterprise Linux 6
Disable ipv6 based rpc services
Service smartd Disabled
Red Hat Enterprise Linux 6
The smartd service should be disabled if possible.
Verify File Ownership And Permissions Using RPM
Red Hat Enterprise Linux 6
Verify the integrity of installed packages
by comparing the installed files with information about the
files taken from the package metadata stored in the RPM
database.
Disable DHCP Client
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
DHCP configuration should be static for all
interfaces.
Write permissions are disabled for group and other in all
directories in Root's Path
Red Hat Enterprise Linux 6
Check each directory in root's path and make use it does not
grant write permission to group and other
Kernel Runtime Parameter "net.ipv4.conf.default.accept_redirects" Check
Red Hat Enterprise Linux 6
The kernel runtime parameter "net.ipv4.conf.default.accept_redirects" should be set to "0".
Find files unowned by a group
Red Hat Enterprise Linux 6
All files should be owned by a group
Service oddjobd Disabled
Red Hat Enterprise Linux 6
The oddjobd service should be disabled if possible.
Change the default policy to DROP (from ACCEPT) for
the INPUT built-in chain
Red Hat Enterprise Linux 6
Change the default policy to DROP (from ACCEPT)
for the INPUT built-in chain.
Package sysstat Removed
Red Hat Enterprise Linux 6
The RPM package sysstat should be removed.
Confirm Existence and Permissions of System Log
Files
Red Hat Enterprise Linux 6
All syslog log files should be owned by the
appropriate user.
Verify /var/log/audit Permissions
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Checks for correct permissions for all log files in /var/log/audit.
Add nodev Option to /dev/shm
Red Hat Enterprise Linux 6
Legitimate character and block devices should not exist
within temporary directories like /dev/shm. The nodev mount option should
be specified for /dev/shm.
Service sshd Disabled
Red Hat Enterprise Linux 6
The sshd service should be disabled if possible.
Service httpd Disabled
Red Hat Enterprise Linux 6
The httpd service should be disabled if possible.
Device Files Have Proper SELinux Context
Red Hat Enterprise Linux 6
All device files in /dev should be assigned an SELinux security context other than 'unlabeled_t'.
Package cups Removed
Red Hat Enterprise Linux 6
The RPM package cups should be removed.
Verify permissions on 'group' file
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
File permissions for /etc/group should be set
correctly.
Service named Disabled
Red Hat Enterprise Linux 6
The named service should be disabled if possible.
Service ntpd Enabled
Red Hat Enterprise Linux 6
The ntpd service should be enabled if possible.
Package kexec-tools Removed
Red Hat Enterprise Linux 6
The RPM package kexec-tools should be removed.
Kernel Runtime Parameter "net.ipv4.conf.all.rp_filter" Check
Red Hat Enterprise Linux 6
The kernel runtime parameter "net.ipv4.conf.all.rp_filter" should be set to "1".
Disable tipc Kernel Module
Red Hat Enterprise Linux 6
The kernel module tipc should be disabled.
Package audit Installed
Red Hat Enterprise Linux 6
The RPM package audit should be installed.
Service xinetd Disabled
Red Hat Enterprise Linux 6
The xinetd service should be disabled if possible.
Do Not Allow Users to Set Environment Options
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
PermitUserEnvironment should be disabled
Service rpcidmapd Disabled
Red Hat Enterprise Linux 6
The rpcidmapd service should be disabled if possible.
Kernel Runtime Parameter "net.ipv4.conf.default.rp_filter" Check
Red Hat Enterprise Linux 6
The kernel runtime parameter "net.ipv4.conf.default.rp_filter" should be set to "1".
Add noexec Option to /tmp
Red Hat Enterprise Linux 6
It can be dangerous to allow the execution of binaries from
world-writable temporary storage directories such as /tmp. The noexec
mount option prevents binaries from being executed out of
/tmp.
Audit Discretionary Access Control Modification Events - fremovexattr
Red Hat Enterprise Linux 6
The changing of file permissions and attributes should be
audited.
Disable hfs Kernel Module
Red Hat Enterprise Linux 6
The kernel module hfs should be disabled.
Directory /var/log/httpd/ Permissions
Red Hat Enterprise Linux 6
Directory permissions for /var/log/httpd should be set to 0700 (or stronger).
Service qpidd Disabled
Red Hat Enterprise Linux 6
The qpidd service should be disabled if possible.
Add nosuid Option to /dev/shm
Red Hat Enterprise Linux 6
The nosuid mount option should be set for temporary storage
partitions such as /dev/shm. The suid/sgid permissions should not be
required in these world-writable directories.
Set ClientAliveCountMax for User Logins
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
The SSH ClientAliveCountMax should be set to an appropriate
value (and dependencies are met)
Ensure Yum gpgcheck Globally Activated
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Fedora 20
The gpgcheck option should be used to ensure that checking
of an RPM package's signature always occurs prior to its
installation.
Ensure /var/log Located On Separate Partition
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
System logs are stored in the /var/log directory. Ensure
that it has its own partition or logical volume.
Ensure that Users Have Sensible Umask Values in
/etc/login.defs
Red Hat Enterprise Linux 6
The default umask for all users specified in /etc/login.defs
Test for use of pam_ldap
Red Hat Enterprise Linux 6
Check for pam_ldap.so presence.
Disable the network sniffer
Red Hat Enterprise Linux 6
Disable the network sniffer
Verify user who owns 'gshadow' file
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
The /etc/gshadow file should be owned by the appropriate
user.
SELinux Enforcing
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
The SELinux state should be enforcing the local policy.
Package telnet-server Removed
Red Hat Enterprise Linux 6
The RPM package telnet-server should be removed.
Ensure Logwatch HostLimit Configured
Red Hat Enterprise Linux 6
Test if HostLimit line in logwatch.conf is set appropriately.
Package openldap-servers Removed
Red Hat Enterprise Linux 6
The RPM package openldap-servers should be removed.
Confirm Existence and Permissions of System Log
Files
Red Hat Enterprise Linux 6
All syslog log files should be owned by the
appropriate group.
Package dhcp Removed
Red Hat Enterprise Linux 6
The RPM package dhcp should be removed.
Verify group who owns 'gshadow' file
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
The /etc/gshadow file should be owned by the appropriate
group.
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 6
The operating system installed on the system is
Red Hat Enterprise Linux 6
Service dovecot Disabled
Red Hat Enterprise Linux 6
The dovecot service should be disabled if possible.
Audit Kernel Module Loading and Unloading
Red Hat Enterprise Linux 6
The audit rules should be configured to log information about kernel module loading and unloading.
Add noexec Option to Removable Media Partitions
Red Hat Enterprise Linux 6
The noexec mount option prevents the direct
execution of binaries on the mounted filesystem. Users should not
be allowed to execute binaries that exist on partitions mounted
from removable media (such as a USB key). The noexec
option prevents code from being executed directly from the media
itself, and may therefore provide a line of defense against
certain types of worms or malicious code.
Package oddjob Removed
Red Hat Enterprise Linux 6
The RPM package oddjob should be removed.
Set Password Expiration Parameters
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Fedora 20
The minimum password age policy should be set appropriately.
Verify user who owns 'passwd' file
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
The /etc/passwd file should be owned by the appropriate
user.
Audit Discretionary Access Control Modification Events - fchmodat
Red Hat Enterprise Linux 6
The changing of file permissions and attributes should be
audited.
Package tftp Removed
Red Hat Enterprise Linux 6
The RPM package tftp should be removed.
Require Client SMB Packet Signing, if using
mount.cifs
Red Hat Enterprise Linux 6
Require packet signing of clients who mount
Samba shares using the mount.cifs program (e.g., those who
specify shares in /etc/fstab). To do so, ensure that signing
options (either sec=krb5i or sec=ntlmv2i) are
used.
Package net-snmp Removed
Red Hat Enterprise Linux 6
The RPM package net-snmp should be removed.
Kernel Runtime Parameter "net.ipv4.conf.default.send_redirects" Check
Red Hat Enterprise Linux 6
The kernel runtime parameter "net.ipv4.conf.default.send_redirects" should be set to "0".
Enable a Warning Banner
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
SSH warning banner should be enabled (and dependencies are
met)
Service nfs Disabled
Red Hat Enterprise Linux 6
The nfs service should be disabled if possible.
Disable rds Kernel Module
Red Hat Enterprise Linux 6
The kernel module rds should be disabled.
Audit System Administrator Actions
Red Hat Enterprise Linux 6
Audit actions taken by system administrators on the system.
Disable X Windows Startup By Setting Runlevel
Red Hat Enterprise Linux 6
Checks /etc/inittab to ensure that default runlevel is set to 3.
Set Password Expiration Parameters
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Fedora 20
The password expiration warning age should be set appropriately.
Package rhnsd Removed
Red Hat Enterprise Linux 6
The RPM package rhnsd should be removed.
Set Daemon umask
Red Hat Enterprise Linux 6
The daemon umask should be set as
appropriate
Lock out account after failed login attempts
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
The number of allowed failed logins should be set correctly.
Package setroubleshoot Removed
Red Hat Enterprise Linux 6
The RPM package setroubleshoot should be removed.
Confirm Existence and Permissions of System Log
Files
Red Hat Enterprise Linux 6
File permissions for all syslog log files should
be set correctly.
Lock out account after failed login attempts
Red Hat Enterprise Linux 6
The number of allowed failed logins should be set correctly.
Service cpuspeed Disabled
Red Hat Enterprise Linux 6
The cpuspeed service should be disabled if possible.
Disable Plaintext Authentication in Dovecot
Red Hat Enterprise Linux 6
Plaintext authentication of mail clients should be disabled.
Service rsyslog Enabled
Red Hat Enterprise Linux 6
The rsyslog service should be enabled if possible.
Configure LDAP CA Certificate Path
Red Hat Enterprise Linux 6
Require the use of TLS for ldap clients.
Kernel Runtime Parameter "net.ipv4.ip_forward" Check
Red Hat Enterprise Linux 6
The kernel runtime parameter "net.ipv4.ip_forward" should be set to "0".
Find Unauthorized World-Writable Files
Red Hat Enterprise Linux 6
The world-write permission should be disabled for all files.
Disable cramfs Kernel Module
Red Hat Enterprise Linux 6
The kernel module cramfs should be disabled.
Service postfix Enabled
Red Hat Enterprise Linux 6
The postfix service should be enabled if possible.
Package dhcpd Removed
Red Hat Enterprise Linux 6
The RPM package dhcpd should be removed.
No nullok Option in /etc/pam.d/system-auth
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
The file /etc/pam.d/system-auth should not contain the nullok option
Package ypbind Removed
Red Hat Enterprise Linux 6
The RPM package ypbind should be removed.
Package tftp-server Removed
Red Hat Enterprise Linux 6
The RPM package tftp-server should be removed.
Disable Empty Passwords
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Remote connections from accounts with empty passwords should
be disabled (and dependencies are met)
Record Attempts to Alter Logon and Logout Events
Red Hat Enterprise Linux 6
Audit rules should be configured to log successful and unsuccessful logon and logout events.
Enable SELinux
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
The SELinux policy should be set appropriately.
Kernel Runtime Parameter "fs.suid_dumpable" Check
Red Hat Enterprise Linux 6
The kernel runtime parameter "fs.suid_dumpable" should be set to "0".
Audit Discretionary Access Control Modification Events - fchown
Red Hat Enterprise Linux 6
The changing of file permissions and attributes should be
audited.
Mount Remote Filesystems with nosuid
Red Hat Enterprise Linux 6
The nosuid option should be enabled for all NFS mounts in /etc/fstab.
Service crond Enabled
Red Hat Enterprise Linux 6
The crond service should be enabled if possible.
Service iptables Enabled
Red Hat Enterprise Linux 6
The iptables service should be enabled if possible.
Audit Discretionary Access Control Modification Events - fchownat
Red Hat Enterprise Linux 6
The changing of file permissions and attributes should be
audited.
Verify that Shared Library Files Have Root Ownership
Fedora 19
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Checks that /lib, /lib64, /usr/lib, /usr/lib64, /lib/modules, and
objects therein, are owned by root.
Verify File Hashes with RPM
Red Hat Enterprise Linux 6
Verify the MD5 hashes of system binaries using the RPM database.
Disable telnet Service
Red Hat Enterprise Linux 6
Disable telnet Service
Service certmonger Disabled
Red Hat Enterprise Linux 6
The certmonger service should be disabled if possible.
Package at Removed
Red Hat Enterprise Linux 6
The RPM package at should be removed.
Service cgconfig Disabled
Red Hat Enterprise Linux 6
The cgconfig service should be disabled if possible.
Implement blank screen saver
Red Hat Enterprise Linux 6
The screen saver should be blank.
Package openssh-server Removed
Fedora 19
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
The RPM package openssh-server should be removed.
Implement idle activation of screen saver
Red Hat Enterprise Linux 6
Idle activation of the screen saver should be
enabled.
Kernel Runtime Parameter "net.ipv6.conf.default.accept_redirects" Check
Red Hat Enterprise Linux 6
The kernel runtime parameter "net.ipv6.conf.default.accept_redirects" should be set to "0".
Package telnet Removed
Red Hat Enterprise Linux 6
The RPM package telnet should be removed.
Package mcstrans Removed
Red Hat Enterprise Linux 6
The RPM package mcstrans should be removed.
Ensure that Users Have Sensible Umask Values set for csh
Red Hat Enterprise Linux 6
The default umask for users of the csh shell
Set Password Expiration Parameters
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Fedora 20
The maximum password age policy should meet
minimum requirements.
Audit Discretionary Access Control Modification Events - lchown
Red Hat Enterprise Linux 6
The changing of file permissions and attributes should be
audited.
Ensure /home Located On Separate Partition
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
If user home directories will be stored locally, create a
separate partition for /home. If /home will be mounted from another
system such as an NFS server, then creating a separate partition is not
necessary at this time, and the mountpoint can instead be configured
later.
Package squid Removed
Red Hat Enterprise Linux 6
The RPM package squid should be removed.
Record Events that Modify the System's Network Environment
Red Hat Enterprise Linux 6
The network environment should not be modified by anything other than
administrator action. Any change to network parameters should be audited.
Disable hfsplus Kernel Module
Red Hat Enterprise Linux 6
The kernel module hfsplus should be disabled.
UID 0 Belongs Only To Root
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Fedora 20
Only the root account should be assigned a user id of 0.
Set Password retry Requirements
Red Hat Enterprise Linux 6
The password retry should meet minimum
requirements using pam_cracklib
Send Logs to a Remote Loghost
Red Hat Enterprise Linux 6
Syslog logs should be sent to a remote loghost
Set Maximum Number of Concurrent Login Sessions Per User
Red Hat Enterprise Linux 6
The maximum number of concurrent login sessions per user should meet
minimum requirements.
Ensure auditd Collects Unauthorized Access Attempts to
Files (unsuccessful)
Red Hat Enterprise Linux 6
Audit rules about the Unauthorized Access
Attempts to Files (unsuccessful) are enabled
Package policycoreutils Installed
Red Hat Enterprise Linux 6
The RPM package policycoreutils should be installed.
Manually Assign Global IPv6 Address
Red Hat Enterprise Linux 6
Manually configure addresses for IPv6
Package dovecot Removed
Red Hat Enterprise Linux 6
The RPM package dovecot should be removed.
Package vsftpd Installed
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
The RPM package vsftpd should be installed.
Disable usb-storage Kernel Module
Red Hat Enterprise Linux 6
The kernel module usb-storage should be disabled.
Ensure that Users Have Sensible Umask Values in
/etc/profile
Red Hat Enterprise Linux 6
The default umask for all users should be set
correctly
Kernel Runtime Parameter "net.ipv4.conf.all.send_redirects" Check
Red Hat Enterprise Linux 6
The kernel runtime parameter "net.ipv4.conf.all.send_redirects" should be set to "0".
Ensure that No Dangerous Directories Exist in Root's Path
Red Hat Enterprise Linux 6
The environment variable PATH should be set correctly for
the root user.
Service atd Disabled
Red Hat Enterprise Linux 6
The atd service should be disabled if possible.
Disable sctp Kernel Module
Red Hat Enterprise Linux 6
The kernel module sctp should be disabled.
Package ypserv Removed
Red Hat Enterprise Linux 6
The RPM package ypserv should be removed.
System Login Banner Compliance
Red Hat Enterprise Linux 6
The system login banner text should be set correctly.
Package iputils Removed
Red Hat Enterprise Linux 6
The RPM package iputils should be removed.
Proper Permissions User Home Directories
Red Hat Enterprise Linux 6
File permissions should be set correctly for the home directories for all user accounts.
Package qpid-cpp-server Removed
Red Hat Enterprise Linux 6
The RPM package qpid-cpp-server should be removed.
Service rsh Disabled
Red Hat Enterprise Linux 6
The rsh service should be disabled if possible.
Disable root Login via SSH
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Root login via SSH should be disabled (and dependencies are
met)
Find world writable directories not owned by a system account
Red Hat Enterprise Linux 6
All world writable directories should be owned by a system user.
Service cgred Disabled
Red Hat Enterprise Linux 6
The cgred service should be disabled if possible.
Implement idle activation of screen lock
Red Hat Enterprise Linux 6
Idle activation of the screen lock should be
enabled.
Audit Discretionary Access Control Modification Events - setxattr
Red Hat Enterprise Linux 6
The changing of file permissions and attributes should be
audited.
Red Hat Release and Auxiliary gpg-pubkey Packages Installed
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
The Red Hat release and auxiliary key packages are required to be installed.
Package pam_ldap Removed
Red Hat Enterprise Linux 6
The RPM package pam_ldap should be removed.
Package hal Removed
Red Hat Enterprise Linux 6
The RPM package hal should be removed.
Mount Remote Filesystems with nodev
Red Hat Enterprise Linux 6
The nodev option should be enabled for all NFS mounts in /etc/fstab.
Auditd Maximum Number of Logs to Retain
Red Hat Enterprise Linux 6
num_logs setting in /etc/audit/auditd.conf is set to at least a certain value
Kernel Runtime Parameter "net.ipv4.conf.all.accept_redirects" Check
Red Hat Enterprise Linux 6
The kernel runtime parameter "net.ipv4.conf.all.accept_redirects" should be set to "0".
Service rdisc Disabled
Red Hat Enterprise Linux 6
The rdisc service should be disabled if possible.
Disable Kernel Support for USB via Bootloader Configuration
Red Hat Enterprise Linux 6
Look for argument "nousb" in the kernel line in /etc/grub.conf
Kernel Runtime Parameter "net.ipv4.tcp_syncookies" Check
Red Hat Enterprise Linux 6
The kernel runtime parameter "net.ipv4.tcp_syncookies" should be set to "1".
Disable squashfs Kernel Module
Red Hat Enterprise Linux 6
The kernel module squashfs should be disabled.
Configure GUI Screen Locking
Red Hat Enterprise Linux 6
The allowed period of inactivity before the screensaver is
activated.
Find setuid files from system packages
Red Hat Enterprise Linux 6
All files with setuid should be owned by a base system package
Service ntpdate Disabled
Red Hat Enterprise Linux 6
The ntpdate service should be disabled if possible.
Service cups Disabled
Red Hat Enterprise Linux 6
The cups service should be disabled if possible.
Find files unowned by a user
Red Hat Enterprise Linux 6
All files should be owned by a user
Ensure /var Located On Separate Partition
Red Hat Enterprise Linux 7
Ensuring that /var is mounted on its own partition enables
the setting of more restrictive mount options, which is used as temporary
storage by many program, particularly system services such as daemons. It
is not uncommon for the /var directory to contain world-writable
directories, installed by other software packages.
Add nodev Option to Non-Root Local Partitions
Red Hat Enterprise Linux 6
The nodev mount option prevents files from being interpreted
as character or block devices. Legitimate character and block devices
should exist in the /dev directory on the root partition or within chroot
jails built for system services. All other locations should not allow
character and block devices.
Package mdadm Removed
Red Hat Enterprise Linux 6
The RPM package mdadm should be removed.
Service squid Disabled
Red Hat Enterprise Linux 6
The squid service should be disabled if possible.
Service bluetooth Disabled
Red Hat Enterprise Linux 6
The bluetooth service should be disabled if possible.
Add nosuid Option to /tmp
Red Hat Enterprise Linux 6
The nosuid mount option should be set for temporary storage
partitions such as /tmp. The suid/sgid permissions should not be required
in these world-writable directories.
Service rexec Disabled
Red Hat Enterprise Linux 6
The rexec service should be disabled if possible.
Service sysstat Disabled
Red Hat Enterprise Linux 6
The sysstat service should be disabled if possible.
Service messagebus Disabled
Red Hat Enterprise Linux 6
The messagebus service should be disabled if possible.
Package portreserve Removed
Red Hat Enterprise Linux 6
The RPM package portreserve should be removed.
System Accounts Do Not Run a Shell
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
The root account is the only system account that should have a login shell.
Package libcgroup Removed
Red Hat Enterprise Linux 6
The RPM package libcgroup should be removed.
Test for x86_64 Architecture
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Generic test for x86_64 architecture to be used by other tests
Kernel Runtime Parameter "kernel.exec-shield" Check
Red Hat Enterprise Linux 6
The kernel runtime parameter "kernel.exec-shield" should be set to "1".
Enable Privacy Extensions for IPv6
Red Hat Enterprise Linux 6
Enable privacy extensions for IPv6
Kernel Runtime Parameter "kernel.dmesg_restrict" Check
Red Hat Enterprise Linux 6
The kernel runtime parameter "kernel.dmesg_restrict" should be set to "1".
Service snmpd Disabled
Red Hat Enterprise Linux 6
The snmpd service should be disabled if possible.
All Password Hashes Shadowed
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
All password hashes should be shadowed.
Verify Permissions On Apache Web Server Configuration Files
Red Hat Enterprise Linux 6
The /etc/httpd/conf/* files should have the appropriate permissions (0640 or stronger).
Package aide Installed
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
The RPM package aide should be installed.
Kernel Runtime Parameter "net.ipv4.conf.default.secure_redirects" Check
Red Hat Enterprise Linux 6
The kernel runtime parameter "net.ipv4.conf.default.secure_redirects" should be set to "0".
Configure Postfix Against Unnecessary Release of Information
Red Hat Enterprise Linux 6
Protect against unnecessary release of information.
Kernel Runtime Parameter "net.ipv4.conf.all.secure_redirects" Check
Red Hat Enterprise Linux 6
The kernel runtime parameter "net.ipv4.conf.all.secure_redirects" should be set to "0".
Service quota_nld Disabled
Red Hat Enterprise Linux 6
The quota_nld service should be disabled if possible.
Configure LDAP to Use TLS for All Transactions
Red Hat Enterprise Linux 6
Require the use of TLS for ldap clients.
Disallow inbound firewall access to the SSH Server port.
Red Hat Enterprise Linux 6
If inbound SSH access is not needed, the firewall should disallow or reject access to
the SSH port (22).
Package cpuspeed Removed
Red Hat Enterprise Linux 6
The RPM package cpuspeed should be removed.
Ensure All Logs are Rotated by logrotate
Red Hat Enterprise Linux 6
The logrotate (syslog rotater) service should be
enabled.
Service dhcpd Disabled
Red Hat Enterprise Linux 6
The dhcpd service should be disabled if possible.
Service autofs Disabled
Red Hat Enterprise Linux 6
The autofs service should be disabled if possible.
Audit Discretionary Access Control Modification Events - fsetxattr
Red Hat Enterprise Linux 6
The changing of file permissions and attributes should be
audited.
Record Attempts to Alter Time Through Adjtimex
Red Hat Enterprise Linux 6
Record attempts to alter time through adjtimex.
Disable dccp Kernel Module
Red Hat Enterprise Linux 6
The kernel module dccp should be disabled.
Service vsftpd Disabled
Red Hat Enterprise Linux 6
The vsftpd service should be disabled if possible.
Test for x86 Architecture
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Generic test for x86 architecture to be used by other tests
TFTP Daemon Uses Secure Mode
Red Hat Enterprise Linux 6
The TFTP daemon should use secure mode.
Verify /var/log/audit Ownership
Red Hat Enterprise Linux 6
Checks that all /var/log/audit files and directories are owned by the root user and group.
Audit File Deletion Events
Red Hat Enterprise Linux 6
Audit files deletion events.
Package sendmail Removed
Red Hat Enterprise Linux 6
The RPM package sendmail should be removed.
Kernel Runtime Parameter "net.ipv4.conf.all.accept_source_route" Check
Red Hat Enterprise Linux 6
The kernel runtime parameter "net.ipv4.conf.all.accept_source_route" should be set to "0".
Record Attempts to Alter Time Through Stime
Red Hat Enterprise Linux 6
Record attempts to alter time through stime, note that this
is only relevant on 32bit architecture.
Package quota Removed
Red Hat Enterprise Linux 6
The RPM package quota should be removed.
Record Events that Modify the System's Mandatory Access Controls
Red Hat Enterprise Linux 6
Audit rules that detect changes to the system's mandatory access controls (SELinux) are enabled.
Verify user who owns 'shadow' file
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
The /etc/shadow file should be owned by the
appropriate user.
Set Accounts to Expire Following Password Expiration
Red Hat Enterprise Linux 6
The accounts should be configured to expire automatically following password expiration.
Set Password Expiration Parameters
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Fedora 20
The password minimum length should be set appropriately.
Use Only Approved Ciphers
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Limit the ciphers to those which are FIPS-approved and only
use ciphers in counter (CTR) mode.
Audit Discretionary Access Control Modification Events - chmod
Red Hat Enterprise Linux 6
The changing of file permissions and attributes should be
audited.
Postfix network listening should be disabled
Red Hat Enterprise Linux 6
Postfix network listening should be disabled
Ensure /var/log/audit Located On Separate Partition
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Audit logs are stored in the /var/log/audit directory.
Ensure that it has its own partition or logical volume. Make absolutely
certain that it is large enough to store all audit logs that will be
created by the auditing daemon.
Restrict Serial Port Root Logins
Red Hat Enterprise Linux 6
Preventing direct root login to serial port interfaces helps
ensure accountability for actions taken on the system using the root
account.
Package abrt Removed
Red Hat Enterprise Linux 6
The RPM package abrt should be removed.
Record Attempts to Alter Process and Session Initiation Information
Red Hat Enterprise Linux 6
Audit rules should capture information about session initiation.
File grub.conf Owned By root Group
Red Hat Enterprise Linux 6
The grub.conf file should be owned by the root group. By default, this file is located at /boot/grub/grub.conf or, for EFI systems, at /boot/efi/EFI/redhat/grub.conf
Disable Prelinking
Red Hat Enterprise Linux 6
Fedora 20
The prelinking feature can interfere with the operation of
checksum integrity tools (e.g. AIDE), mitigates the protection provided
by ASLR, and requires additional CPU cycles by software upgrades.
Package screen Installed
Red Hat Enterprise Linux 6
The RPM package screen should be installed.
Set Password ocredit Requirements
Red Hat Enterprise Linux 6
The password ocredit should meet minimum
requirements using pam_cracklib
Set Boot Loader Password
Red Hat Enterprise Linux 6
The grub boot loader should have password protection enabled.
Package cyrus-sasl Removed
Red Hat Enterprise Linux 6
The RPM package cyrus-sasl should be removed.
File grub.conf Owned By root User
Red Hat Enterprise Linux 6
The grub.conf file should be owned by the root user. By default, this file is located at /boot/grub/grub.conf or, for EFI systems, at /boot/efi/EFI/redhat/grub.conf
Set Password minclass Requirements
Red Hat Enterprise Linux 6
The password minclass should meet minimum
requirements using pam_cracklib
Restrict Virtual Console Root Logins
Red Hat Enterprise Linux 6
Preventing direct root login to virtual console devices
helps ensure accountability for actions taken on the system using the
root account.
Enable Auditing for Processes Which Start Prior to the Audit Daemon
Red Hat Enterprise Linux 6
Look for argument audit=1 in the kernel line in /etc/grub.conf.
Package postfix Installed
Red Hat Enterprise Linux 6
The RPM package postfix should be installed.
Require Client SMB Packet Signing in smb.conf
Red Hat Enterprise Linux 6
Require samba clients which use smb.conf, such as smbclient,
to use packet signing. A Samba client should only communicate with
servers who can support SMB packet signing.
Audit Discretionary Access Control Modification Events - removexattr
Red Hat Enterprise Linux 6
The changing of file permissions and attributes should be
audited.
Package nfs-utils Removed
Red Hat Enterprise Linux 6
The RPM package nfs-utils should be removed.
Require Authentication for Single-User Mode
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
The requirement for a password to boot into single-user mode
should be configured correctly.
Disable Host-Based Authentication
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
SSH host-based authentication should be disabled.
Auditd Email Account to Notify Upon Action
Red Hat Enterprise Linux 6
action_mail_acct setting in /etc/audit/auditd.conf is set to a certain account
Verify /etc/passwd Permissions
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
This test makes sure that /etc/passwd is owned by 0, group owned by 0, and has mode 0644 (or stronger). If
the target file or directory has an extended ACL then it will fail the mode check.
Set Password Hashing Algorithm in /etc/pam.d/system-auth
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
The password hashing algorithm should be set correctly in /etc/pam.d/system-auth.
Service rhnsd Disabled
Red Hat Enterprise Linux 6
The rhnsd service should be disabled if possible.
Set Password difok Requirements
Red Hat Enterprise Linux 6
The password difok should meet minimum
requirements using pam_cracklib
Enable SSL in Dovecot
Red Hat Enterprise Linux 6
SSL capabilities should be enabled for the mail server.
Ensure Only Protocol 2 Connections Allowed
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
The OpenSSH daemon should be running protocol 2.
Package rsh Removed
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
The RPM package rsh should be removed.
Disable IPv6 Kernel Module Functionality via Disable Option
Red Hat Enterprise Linux 6
The disable option will allow the IPv6 module to be inserted, but prevent address assignment and activation of the network stack.
Kernel Runtime Parameter "net.ipv4.conf.default.accept_source_route" Check
Red Hat Enterprise Linux 6
The kernel runtime parameter "net.ipv4.conf.default.accept_source_route" should be set to "0".
Package smartmontools Removed
Red Hat Enterprise Linux 6
The RPM package smartmontools should be removed.
Disable Core Dumps
Red Hat Enterprise Linux 6
Core dumps for all users should be disabled
Service netconsole Disabled
Red Hat Enterprise Linux 6
The netconsole service should be disabled if possible.
Disable .rhosts Files
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Emulation of the rsh command through the ssh server should
be disabled (and dependencies are met)
Audit Discretionary Access Control Modification Events - lremovexattr
Red Hat Enterprise Linux 6
The changing of file permissions and attributes should be
audited.
Package rsh-server Removed
Red Hat Enterprise Linux 6
The RPM package rsh-server should be removed.
Service portreserve Disabled
Red Hat Enterprise Linux 6
The portreserve service should be disabled if possible.
Disable Interactive Boot
Red Hat Enterprise Linux 6
The ability for users to perform interactive startups should
be disabled.
Find setgid files system packages
Red Hat Enterprise Linux 6
All files with setgid should be owned by a base system package
Package dbus Removed
Red Hat Enterprise Linux 6
The RPM package dbus should be removed.
Verify No netrc Files Exist
Red Hat Enterprise Linux 6
The .netrc files contain login information used to auto-login into FTP servers and reside in the user's home directory. Any .netrc files should be removed.
Package cronie Installed
Red Hat Enterprise Linux 6
The RPM package cronie should be installed.
Ensure auditd Collects Information on the Use of
Privileged Commands
Red Hat Enterprise Linux 6
Audit rules about the Information on the Use of
Privileged Commands are enabled
Verify /etc/shadow Permissions
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
This test makes sure that /etc/shadow is owned by 0, group owned by 0, and has mode 0000. If
the target file or directory has an extended ACL then it will fail the mode check.
Record Attempts to Alter Time Through Clock_settime
Red Hat Enterprise Linux 6
Record attempts to alter time through clock_settime.
Service acpid Disabled
Red Hat Enterprise Linux 6
The acpid service should be disabled if possible.
Package xorg-x11-server-common Removed
Red Hat Enterprise Linux 6
The RPM package xorg-x11-server-common should be removed.
Auditd Action to Take When Maximum Log Size Reached
Red Hat Enterprise Linux 6
max_log_file_action setting in /etc/audit/auditd.conf is set to a certain action
Set Password dcredit Requirements
Red Hat Enterprise Linux 6
The password dcredit should meet minimum
requirements using pam_cracklib
Service psacct Enabled
Red Hat Enterprise Linux 6
The psacct service should be enabled if possible.
Limit Password Reuse
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
The passwords to remember should be set correctly.
Service avahi-daemon Disabled
Red Hat Enterprise Linux 6
The avahi-daemon service should be disabled if possible.
Ensure /tmp Located On Separate Partition
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
The /tmp directory is a world-writable directory used for
temporary file storage. Verify that it has its own partition or logical
volume.
Service mdmonitor Disabled
Red Hat Enterprise Linux 6
The mdmonitor service should be disabled if possible.
Auditd Action to Take When Disk is Low on Space
Red Hat Enterprise Linux 6
admin_space_left_action setting in /etc/audit/auditd.conf is set to a certain action
Package samba-common Removed
Red Hat Enterprise Linux 6
The RPM package samba-common should be removed.
Package vsftpd Removed
Red Hat Enterprise Linux 6
The RPM package vsftpd should be removed.
Audit Discretionary Access Control Modification Events - chown
Red Hat Enterprise Linux 6
The changing of file permissions and attributes should be
audited.
Service saslauthd Disabled
Red Hat Enterprise Linux 6
The saslauthd service should be disabled if possible.
Auditd Maximum Log File Size
Red Hat Enterprise Linux 6
max_log_file setting in /etc/audit/auditd.conf is set to at least a certain value
Disable jffs2 Kernel Module
Red Hat Enterprise Linux 6
The kernel module jffs2 should be disabled.
Audit Discretionary Access Control Modification Events - fchmod
Red Hat Enterprise Linux 6
The changing of file permissions and attributes should be
audited.
Enable GUI Warning Banner
Red Hat Enterprise Linux 6
Enable the GUI warning banner.
Service ip6tables Enabled
Red Hat Enterprise Linux 6
The ip6tables service should be enabled if possible.
Package talk-server Removed
Red Hat Enterprise Linux 6
The RPM package talk-server should be removed.
Audit Discretionary Access Control Modification Events - lsetxattr
Red Hat Enterprise Linux 6
The changing of file permissions and attributes should be
audited.
Verify /etc/gshadow Permissions
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
This test makes sure that /etc/gshadow is owned by 0, group owned by 0, and has mode 0000. If
the target file or directory has an extended ACL then it will fail the mode check.
Record Attempts to Alter Time Through Settimeofday
Red Hat Enterprise Linux 6
Record attempts to alter time through settimeofday.
Auditd Action to Take When Disk Starting to Run Low on Space
Red Hat Enterprise Linux 6
space_left_action setting in /etc/audit/auditd.conf is set to a certain action
Disable Rsyslogd from Accepting Remote Messages on Loghosts
Only
Red Hat Enterprise Linux 6
rsyslogd should reject remote messages
Add noexec Option to /dev/shm
Red Hat Enterprise Linux 6
It can be dangerous to allow the execution of binaries from
world-writable temporary storage directories such as /dev/shm. The noexec
mount option prevents binaries from being executed out of
/dev/shm.
Package xinetd Removed
Red Hat Enterprise Linux 6
The RPM package xinetd should be removed.
Package openswan Installed
Red Hat Enterprise Linux 6
The RPM package openswan should be installed.
Disable All GNOME Thumbnailers
Red Hat Enterprise Linux 6
The system's default desktop environment, GNOME, uses a
number of different thumbnailer programs to generate thumbnails for any
new or modified content in an opened folder. Disable the execution of
these thumbnail applications within GNOME.
File /boot/grub/grub.conf Permissions
Red Hat Enterprise Linux 6
File permissions for /boot/grub/grub.conf should be set to 0600 (or stronger).
Service rpcgssd Disabled
Red Hat Enterprise Linux 6
The rpcgssd service should be disabled if possible.
Package subscription-manager Removed
Red Hat Enterprise Linux 6
The RPM package subscription-manager should be removed.
Service nfslock Disabled
Red Hat Enterprise Linux 6
The nfslock service should be disabled if possible.
Package psacct Installed
Red Hat Enterprise Linux 6
The RPM package psacct should be installed.
Verify user who owns 'group' file
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
The /etc/group file should be owned by the appropriate
user.
Bind Mount /var/tmp To /tmp
Red Hat Enterprise Linux 6
The /var/tmp directory should be bind mounted to /tmp in
order to consolidate temporary storage into one location protected by the
same techniques as /tmp.
Verify that Shared Library Files Have Restrictive Permissions
Fedora 19
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Checks that /lib, /lib64, /usr/lib, /usr/lib64, /lib/modules, and
objects therein, are not group-writable or world-writable.
This will enumerate all files on local partitions
/etc/sysctl.conf
^[\s]*kernel.randomize_va_space[\s]*=[\s]*2*$
1
kernel.randomize_va_space
/etc/grub.conf
^[\s]*kernel[\s]+.*(selinux|enforcing)=0.*$
1
/tmp
gdm
/etc/libuser.conf
^[\s]*crypt_style[\s]+=[\s]+(?i)sha512[\s]*$
1
/etc/bashrc
^[\s]*umask[\s]+([^#\s]*)
1
/etc/sysctl.conf
^[\s]*net.ipv4.conf.all.log_martians[\s]*=[\s]*1*$
1
net.ipv4.conf.all.log_martians
/etc/passwd
iptables
/boot/grub
grub.conf
GConf2
/etc/modprobe.d
^.*\.conf$
^\s*install\s+bluetooth\s+/bin/false$
1
/etc/modprobe.d
^.*\.conf$
^\s*install\s+net-pf-31\s+/bin/false$
1
/etc/ssh/sshd_config
^[\s]*(?i)ClientAliveInterval[\s]+(\d+)[\s]*(?:|(?:#.*))?$
1
/etc/logwatch/conf
logwatch.conf
^[\s]SplitHosts[\s]*=[\s]*yes[\s]*$
1
/etc/fstab
^\s*([/\w]*)\s+.*,?nosuid,?.*$
0
/etc/httpd/conf
rpcsvcgssd
0
rpcsvcgssd
1
rpcsvcgssd
2
rpcsvcgssd
3
rpcsvcgssd
4
rpcsvcgssd
5
rpcsvcgssd
6
^\/(|s)bin|^\/usr\/(|local\/)(|s)bin
^.*$
oval:ssg:ste:2190
oval:ssg:ste:2191
/etc/sysctl.conf
^[\s]*net.ipv6.conf.default.accept_ra[\s]*=[\s]*0*$
1
net.ipv6.conf.default.accept_ra
/etc/pam.d/system-auth
^[\s]*password[\s]+(?:(?:required)|(?:requisite))[\s]+[\w_\.\-=\s]+[\s]ucredit=(-?\d+)(?:[\s]|$)
1
/etc/pam.d/system-auth
^\s*session\s+(required|requisite)?\s+pam_lastlog.so[\s\w\d\=]+showfailed
1
/etc/gconf/gconf.xml.mandatory/apps/nautilus/preferences/%gconf.xml
/gconf/entry[@name='media_automount']/@value
/etc/gconf/gconf.xml.mandatory/apps/nautilus/preferences/%gconf.xml
/gconf/entry[@name='media_autorun_never']/@value
/etc/fstab
^\s*([/\w]*)\s+.*,?nodev,?.*$
0
/etc/shadow
abrtd
0
abrtd
1
abrtd
2
abrtd
3
abrtd
4
abrtd
5
abrtd
6
/etc/yum.repos.d
.*
^\s*gpgcheck\s*=\s*0\s*$
1
/etc/sysconfig/network
^[\s]*NOZEROCONF[\s]*=[\s]*yes
1
netfs
0
netfs
1
netfs
2
netfs
3
netfs
4
netfs
5
netfs
6
/root
^\.(r|s)hosts$
/home
^\.(r|s)hosts$
/etc
^s?hosts\.equiv$
/etc/pam.d/system-auth
^[\s]*password[\s]+(?:(?:required)|(?:requisite))[\s]+[\w_\.\-=\s]+[\s]lcredit=(-?\d+)(?:[\s]|$)
1
/etc/audit/audit.rules
^\-a\s+always,exit\s+(\-F\s+arch=(b64|b32)\s+)?\-S\s+mount\s+\-F\s+auid>=500\s+\-F\s+auid!=4294967295\s+\-k\s+[-\w]+\s*$
1
rsyslog
/
oval:ssg:ste:1320
/proc/net/wireless
^\s*[-\w]+:
1
/etc/group
haldaemon
0
haldaemon
1
haldaemon
2
haldaemon
3
haldaemon
4
haldaemon
5
haldaemon
6
ntp
/etc/audit/audit.rules
^\-e\s+2\s*$
1
/etc/login.defs
^[\s]*ENCRYPT_METHOD[\s]+SHA512[\s]*$
1
/etc/sysctl.conf
^[\s]*net.ipv4.icmp_ignore_bogus_error_responses[\s]*=[\s]*1*$
1
net.ipv4.icmp_ignore_bogus_error_responses
ypbind
0
ypbind
1
ypbind
2
ypbind
3
ypbind
4
ypbind
5
ypbind
6
auditd
0
auditd
1
auditd
2
auditd
3
auditd
4
auditd
5
auditd
6
tftp
0
tftp
1
tftp
2
tftp
3
tftp
4
tftp
5
tftp
6
/etc
ntp.conf
^[\s]*server[\s]+.+$
1
irqbalance
/etc/modprobe.d
^.*\.conf$
^\s*install\s+udf\s+(/bin/false|/bin/true)$
1
/etc/modprobe.conf
^\s*install\s+udf\s+(/bin/false|/bin/true)$
1
/etc/pam.d
system-auth
^\s*auth\s+(?:(?:required))\s+pam_faillock\.so.*unlock_time=([0-9]*).*$
1
/etc/pam.d
password-auth
^\s*auth\s+(?:(?:sufficient)|(?:\[default=die\]))\s+pam_faillock\.so.*unlock_time=([0-9]*).*$
1
irqbalance
0
irqbalance
1
irqbalance
2
irqbalance
3
irqbalance
4
irqbalance
5
irqbalance
6
rhsmcertd
0
rhsmcertd
1
rhsmcertd
2
rhsmcertd
3
rhsmcertd
4
rhsmcertd
5
rhsmcertd
6
/etc/modprobe.d
^.*\.conf$
^\s*install\s+freevxfs\s+(/bin/false|/bin/true)$
1
/etc/modprobe.conf
^\s*install\s+freevxfs\s+(/bin/false|/bin/true)$
1
/etc/sysctl.conf
^[\s]*net.ipv4.icmp_echo_ignore_broadcasts[\s]*=[\s]*1*$
1
net.ipv4.icmp_echo_ignore_broadcasts
/etc/sysconfig/network-scripts
ifcfg-.*
^IPV6_DEFAULTGW=.+$
1
bind
iptables-ipv6
/etc/audit
audit.rules
^[\s]*-w[\s]+\/etc\/localtime[\s]+-p[\s]+\b([rx]*w[rx]*a[rx]*|[rx]*a[rx]*w[rx]*)\b.*-k[\s]+[\S]+[\s]*$
1
/etc/cups/cupsd.conf
^[\s]*Port[\s]+(\d)+
1
/etc/cups/cupsd.conf
^[\s]*Listen[\s]+(?:localhost|127\.0\.0\.1|::1):(\d)+
1
^\/(|s)bin|^\/usr\/(|local\/)(|s)bin
oval:ssg:ste:2193
^\/(|s)bin|^\/usr\/(|local\/)(|s)bin
^.*$
oval:ssg:ste:2193
/etc/xinetd.d/rlogin
^\s*disable\s+=\s+yes\s*$
1
kdump
0
kdump
1
kdump
2
kdump
3
kdump
4
kdump
5
kdump
6
smb
0
smb
1
smb
2
smb
3
smb
4
smb
5
smb
6
httpd
/etc/audit/audit.rules
^\-w\s+/etc/group\s+\-p\s+wa\s+\-k\s+\w+\s*$
1
/etc/audit/audit.rules
^\-w\s+/etc/passwd\s+\-p\s+wa\s+\-k\s+\w+\s*$
1
/etc/audit/audit.rules
^\-w\s+/etc/gshadow\s+\-p\s+wa\s+\-k\s+\w+\s*$
1
/etc/audit/audit.rules
^\-w\s+/etc/shadow\s+\-p\s+wa\s+\-k\s+\w+\s*$
1
/etc/audit/audit.rules
^\-w\s+/etc/security/opasswd\s+\-p\s+wa\s+\-k\s+\w+\s*$
1
/etc/cups/cupsd.conf
^[\s]*Browsing[\s]+(?:Off|No)
1
/etc/cups/cupsd.conf
^[\s]*BrowseAllow[\s]+(?:none)
1
restorecond
0
restorecond
1
restorecond
2
restorecond
3
restorecond
4
restorecond
5
restorecond
6
/etc
netconfig
^udp6\s+tpi_clts\s+v\s+inet6\s+udp\s+-\s+-$
1
/etc
netconfig
^tcp6\s+tpi_cots_ord\s+v\s+inet6\s+tcp\s+-\s+-$
1
smartd
0
smartd
1
smartd
2
smartd
3
smartd
4
smartd
5
smartd
6
.*
.*
oval:ssg:ste:2194
.*
.*
oval:ssg:ste:2195
.*
.*
oval:ssg:ste:2196
/etc/sysconfig/network-scripts
ifcfg-.*
^[\s]*BOOTPROTO[\s]*=[\s"]*([^#"\s]*)
1
PATH
oval:ssg:ste:2199
oval:ssg:ste:2200
/etc/sysctl.conf
^[\s]*net.ipv4.conf.default.accept_redirects[\s]*=[\s]*0*$
1
net.ipv4.conf.default.accept_redirects
/
.*
oddjobd
0
oddjobd
1
oddjobd
2
oddjobd
3
oddjobd
4
oddjobd
5
oddjobd
6
/etc/sysconfig
iptables
^[\s]*:INPUT\sDROP\s\[0:0\]
1
/etc/sysconfig
iptables
^[\s]*:INPUT\ACCEPT\s\[0:0\]
1
sysstat
/var/log
.*log
/var/log/audit
^.*$
oval:ssg:ste:1468
/dev/shm
sshd
0
sshd
1
sshd
2
sshd
3
sshd
4
sshd
5
sshd
6
httpd
0
httpd
1
httpd
2
httpd
3
httpd
4
httpd
5
httpd
6
/dev
^.*$
oval:ssg:ste:1488
cups
/etc/group
named
0
named
1
named
2
named
3
named
4
named
5
named
6
ntpd
0
ntpd
1
ntpd
2
ntpd
3
ntpd
4
ntpd
5
ntpd
6
kexec-tools
/etc/sysctl.conf
^[\s]*net.ipv4.conf.all.rp_filter[\s]*=[\s]*1*$
1
net.ipv4.conf.all.rp_filter
/etc/modprobe.d
^.*\.conf$
^\s*install\s+tipc\s+(/bin/false|/bin/true)$
1
/etc/modprobe.conf
^\s*install\s+tipc\s+(/bin/false|/bin/true)$
1
audit
xinetd
0
xinetd
1
xinetd
2
xinetd
3
xinetd
4
xinetd
5
xinetd
6
/etc/ssh/sshd_config
^[\s]*(?i)PermitUserEnvironment(?-i)[\s]+no[\s]*(?:|(?:#.*))?$
1
rpcidmapd
0
rpcidmapd
1
rpcidmapd
2
rpcidmapd
3
rpcidmapd
4
rpcidmapd
5
rpcidmapd
6
/etc/sysctl.conf
^[\s]*net.ipv4.conf.default.rp_filter[\s]*=[\s]*1*$
1
net.ipv4.conf.default.rp_filter
/tmp
/etc/audit/audit.rules
^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*-S[\s]+fremovexattr[\s]+)(?:.*-F\s+auid>=500[\s]+)(?:.*-F\s+auid!=4294967295[\s]+).*-k[\s]+[\S]+[\s]*$
1
/etc/audit/audit.rules
^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*-S[\s]+fremovexattr[\s]+)(?:.*-F\s+auid>=500[\s]+)(?:.*-F\s+auid!=4294967295[\s]+).*-k[\s]+[\S]+[\s]*$
1
/etc/modprobe.d
^.*\.conf$
^\s*install\s+hfs\s+(/bin/false|/bin/true)$
1
/etc/modprobe.conf
^\s*install\s+hfs\s+(/bin/false|/bin/true)$
1
/var/log/httpd
qpidd
0
qpidd
1
qpidd
2
qpidd
3
qpidd
4
qpidd
5
qpidd
6
/dev/shm
/etc/ssh/sshd_config
^[\s]*(?i)ClientAliveCountMax[\s]+([\d]+)[\s]*(?:|(?:#.*))?$
1
/etc/yum.conf
^\s*gpgcheck\s*=\s*1\s*$
1
/var/log
/etc/login.defs
^[\s]*UMASK[\s]+([^#\s]*)
1
/etc/pam.d
.*
^[^#].*pam_ldap.so[\s]*.*$
1
^.*$
oval:ssg:ste:1561
/etc/gshadow
/etc/selinux/config
^[\s]*SELINUX[\s]*=[\s]*(.*)[\s]*$
1
telnet-server
/etc/logwatch/conf
logwatch.conf
^[\s]HostLimit[\s]*=[\s]*no[\s]*$
1
openldap-servers
dhcp
/etc/gshadow
redhat-release-workstation
redhat-release-server
dovecot
0
dovecot
1
dovecot
2
dovecot
3
dovecot
4
dovecot
5
dovecot
6
/etc/audit/audit.rules
^\-w\s+/sbin/insmod\s+\-p\s+x\s+\-k\s+[-\w]+\s*$
1
/etc/audit/audit.rules
^\-w\s+/sbin/rmmod\s+\-p\s+x\s+\-k\s+[-\w]+\s*$
1
/etc/audit/audit.rules
^\-w\s+/sbin/modprobe\s+\-p\s+x\s+\-k\s+[-\w]+\s*$
1
/etc/audit/audit.rules
^\-a\s+always,exit\s+(\-F\s+arch=(b64|b32)\s+)?\-S\s+init_module\s+\-S\s+delete_module\s+\-k\s+[-\w]+\s*$
1
/etc/fstab
^\s*([/\w]*)\s+.*,?noexec,?.*$
0
oddjob
/etc/login.defs
^[\s]*PASS_MIN_DAYS[\s]+(\d+)[\s]*(?:|(?:#.*))?$
1
/etc/passwd
/etc/audit/audit.rules
^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*-S[\s]+fchmodat[\s]+)(?:.*-F\s+auid>=500[\s]+)(?:.*-F\s+auid!=4294967295[\s]+).*-k[\s]+[\S]+[\s]*$
1
/etc/audit/audit.rules
^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*-S[\s]+fchmodat[\s]+)(?:.*-F\s+auid>=500[\s]+)(?:.*-F\s+auid!=4294967295[\s]+).*-k[\s]+[\S]+[\s]*$
1
tftp
/etc
fstab
^[\s]*[\S]+[\s]+[\S]+[\s]+cifs[\s]+([\S]+)
1
/etc
mtab
^[\s]*[\S]+[\s]+[\S]+[\s]+cifs[\s]+([\S]+)
1
net-snmp
/etc/sysctl.conf
^[\s]*net.ipv4.conf.default.send_redirects[\s]*=[\s]*0*$
1
net.ipv4.conf.default.send_redirects
/etc/ssh/sshd_config
^[\s]*(?i)Banner(?-i)[\s]+/etc/issue[\s]*(?:|(?:#.*))?$
1
nfs
0
nfs
1
nfs
2
nfs
3
nfs
4
nfs
5
nfs
6
/etc/modprobe.d
^.*\.conf$
^\s*install\s+rds\s+(/bin/false|/bin/true)$
1
/etc/modprobe.conf
^\s*install\s+rds\s+(/bin/false|/bin/true)$
1
/etc/audit/audit.rules
^\-w\s+/etc/sudoers\s+\-p\s+wa\s+\-k\s+[-\w]+\s*$
1
/etc/inittab
^[\s]*id:3:initdefault:[\s]*$
1
/etc/login.defs
^[\s]*PASS_WARN_AGE[\s]+(\d+)[\s]*(?:|(?:#.*))?$
1
rhnsd
/etc/init.d/functions
^[\s]*umask[\s]+([^#\s]*)
1
/etc/pam.d/system-auth
^\s*auth\s+(?:(?:required))\s+pam_faillock\.so.*deny=([0-9]*).*$
1
/etc/pam.d/password-auth
^\s*auth\s+(?:(?:sufficient)|(?:\[default=die\]))\s+pam_faillock\.so.*deny=([0-9]*).*$
1
setroubleshoot
/etc/pam.d
system-auth
^\s*auth\s+(?:(?:required))\s+pam_faillock\.so.*fail_interval=([0-9]*).*$
1
/etc/pam.d
password-auth
^\s*auth\s+(?:(?:sufficient)|(?:\[default=die\]))\s+pam_faillock\.so.*fail_interval=([0-9]*).*$
1
cpuspeed
0
cpuspeed
1
cpuspeed
2
cpuspeed
3
cpuspeed
4
cpuspeed
5
cpuspeed
6
/etc/dovecot/conf.d
10-auth.conf
^[\s]*disable_plaintext_auth[\s]*=[\s]*yes[\s]*$
1
rsyslog
0
rsyslog
1
rsyslog
2
rsyslog
3
rsyslog
4
rsyslog
5
rsyslog
6
/etc/pam_ldap.conf
^[\s]*tls_cacertdir[\s]+(.*)$
1
/etc/pam_ldap.conf
^[\s]*tls_cacertfile[\s]+(.*)$
1
/etc/sysctl.conf
^[\s]*net.ipv4.ip_forward[\s]*=[\s]*0*$
1
net.ipv4.ip_forward
/
^.*$
oval:ssg:ste:2202
oval:ssg:ste:2203
oval:ssg:ste:2204
oval:ssg:ste:2205
/etc/modprobe.d
^.*\.conf$
^\s*install\s+cramfs\s+(/bin/false|/bin/true)$
1
/etc/modprobe.conf
^\s*install\s+cramfs\s+(/bin/false|/bin/true)$
1
postfix
0
postfix
1
postfix
2
postfix
3
postfix
4
postfix
5
postfix
6
dhcpd
/etc/pam.d/system-auth
\s*nullok\s*
1
ypbind
tftp-server
/etc/ssh/sshd_config
^[\s]*(?i)PermitEmptyPasswords(?-i)[\s]+no[\s]*(?:|(?:#.*))?$
1
/etc/audit/audit.rules
^\-w\s+/var/log/faillog\s+\-p\s+wa\s+\-k\s+[-\w]+\s*$
1
/etc/audit/audit.rules
^\-w\s+/var/log/lastlog\s+\-p\s+wa\s+\-k\s+[-\w]+\s*$
1
/etc/selinux/config
^[\s]*SELINUXTYPE[\s]*=[\s]*([^\s]*)
1
/etc/sysctl.conf
^[\s]*fs.suid_dumpable[\s]*=[\s]*0*$
1
fs.suid_dumpable
/etc/audit/audit.rules
^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*-S[\s]+fchown[\s]+)(?:.*-F\s+auid>=500[\s]+)(?:.*-F\s+auid!=4294967295[\s]+).*-k[\s]+[\S]+[\s]*$
1
/etc/audit/audit.rules
^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*-S[\s]+fchown[\s]+)(?:.*-F\s+auid>=500[\s]+)(?:.*-F\s+auid!=4294967295[\s]+).*-k[\s]+[\S]+[\s]*$
1
/etc/fstab
^\s*[\.\w]+:[/\w]+\s+[/\w]+\s+nfs[4]?\s+(.*)$
0
/etc/fstab
^\s*[\.\w]+:[/\w]+\s+[/\w]+\s+nfs[4]?\s+.*$
0
crond
0
crond
1
crond
2
crond
3
crond
4
crond
5
crond
6
iptables
0
iptables
1
iptables
2
iptables
3
iptables
4
iptables
5
iptables
6
/etc/audit/audit.rules
^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*-S[\s]+fchownat[\s]+)(?:.*-F\s+auid>=500[\s]+)(?:.*-F\s+auid!=4294967295[\s]+).*-k[\s]+[\S]+[\s]*$
1
/etc/audit/audit.rules
^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*-S[\s]+fchownat[\s]+)(?:.*-F\s+auid>=500[\s]+)(?:.*-F\s+auid!=4294967295[\s]+).*-k[\s]+[\S]+[\s]*$
1
^\/lib(|64)\/|^\/usr\/lib(|64)\/
oval:ssg:ste:2206
^\/lib(|64)\/|^\/usr\/lib(|64)\/
^.*$
oval:ssg:ste:2206
.*
^.*bin/.*$
oval:ssg:ste:2207
/etc/xinetd.d
telnet
^\s*disable\s+=\s+yes\s*$
1
certmonger
0
certmonger
1
certmonger
2
certmonger
3
certmonger
4
certmonger
5
certmonger
6
at
cgconfig
0
cgconfig
1
cgconfig
2
cgconfig
3
cgconfig
4
cgconfig
5
cgconfig
6
/etc/gconf/gconf.xml.mandatory/apps/gnome-screensaver/%gconf.xml
/gconf/entry[@name='mode']/stringvalue[1]/text()
openssh-server
/etc/gconf/gconf.xml.mandatory/apps/gnome-screensaver/%gconf.xml
/gconf/entry[@name='idle_activation_enabled']/@value
/etc/sysctl.conf
^[\s]*net.ipv6.conf.default.accept_redirects[\s]*=[\s]*0*$
1
net.ipv6.conf.default.accept_redirects
telnet
mcstrans
/etc/csh.cshrc
^[\s]*umask[\s]+([^#\s]*)
1
/etc/login.defs
^[\s]*PASS_MAX_DAYS[\s]+(\d+)[\s]*(?:|(?:#.*))?$
1
/etc/audit/audit.rules
^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*-S[\s]+lchown[\s]+)(?:.*-F\s+auid>=500[\s]+)(?:.*-F\s+auid!=4294967295[\s]+).*-k[\s]+[\S]+[\s]*$
1
/etc/audit/audit.rules
^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*-S[\s]+lchown[\s]+)(?:.*-F\s+auid>=500[\s]+)(?:.*-F\s+auid!=4294967295[\s]+).*-k[\s]+[\S]+[\s]*$
1
/home
squid
/etc/audit/audit.rules
^\-a\s+always,exit\s+(\-F\s+arch=(b64|b32)\s+)?\-S\s+sethostname\s+\-S\s+setdomainname\s+\-k\s+[-\w]+\s*$
1
/etc/audit/audit.rules
^\-w\s+/etc/issue\s+\-p\s+wa\s+\-k\s+[-\w]+\s*$
1
/etc/audit/audit.rules
^\-w\s+/etc/issue\.net\s+\-p\s+wa\s+\-k\s+[-\w]+\s*$
1
/etc/audit/audit.rules
^\-w\s+/etc/hosts\s+\-p\s+wa\s+\-k\s+[-\w]+\s*$
1
/etc/audit/audit.rules
^\-w\s+/etc/sysconfig/network\s+\-p\s+wa\s+\-k\s+[-\w]+\s*$
1
/etc/modprobe.d
^.*\.conf$
^\s*install\s+hfsplus\s+(/bin/false|/bin/true)$
1
/etc/modprobe.conf
^\s*install\s+hfsplus\s+(/bin/false|/bin/true)$
1
/etc/passwd
^(?!root:)[^:]*:[^:]*:0
1
/etc/pam.d/system-auth
^\s*password\s+(?:(?:required)|(?:requisite))\s+pam_cracklib\.so.*retry=([0-9]*).*$
1
/etc/rsyslog.conf
^\*\.\*[\s]+(?:@|\:omrelp\:)
1
/etc/rsyslog.d
.*
^\*\.\*[\s]+(?:@|\:omrelp\:)
1
/etc/security/limits.conf
^[\s]*\*[\s]+(?:(?:hard)|(?:-))[\s]+maxlogins[\s]+(\d+)\s*$
1
/etc/audit/audit.rules
^\-a\s+always,exit\s+(\-F\s+arch=(b64|b32)\s+)?\-S\s+creat\s+\-S\s+open\s+\-S\s+openat\s+\-S\s+truncate\s+\-S\s+ftruncate\s+\-F\s+exit=\-EACCES\s+\-F\s+auid>=500\s+\-F\s+auid!=4294967295\s+\-k\s+[-\w]+\s*$
1
/etc/audit/audit.rules
^\-a\s+always,exit\s+(\-F\s+arch=(b64|b32)\s+)?\-S\s+creat\s+\-S\s+open\s+\-S\s+openat\s+\-S\s+truncate\s+\-S\s+ftruncate\s+\-F\s+exit=\-EPERM\s+\-F\s+auid>=500\s+\-F\s+auid!=4294967295\s+\-k\s+[-\w]+\s*$
1
policycoreutils
/etc/sysconfig/network-scripts
ifcfg-.*
^IPV6ADDR=.+$
1
dovecot
vsftpd
/etc/modprobe.d
^.*\.conf$
^\s*install\s+usb-storage\s+(/bin/false|/bin/true)$
1
/etc/modprobe.conf
^\s*install\s+usb-storage\s+(/bin/false|/bin/true)$
1
/etc/profile
^[\s]*umask[\s]+([^#\s]*)
1
/etc/sysctl.conf
^[\s]*net.ipv4.conf.all.send_redirects[\s]*=[\s]*0*$
1
net.ipv4.conf.all.send_redirects
PATH
atd
0
atd
1
atd
2
atd
3
atd
4
atd
5
atd
6
/etc/modprobe.d
^.*\.conf$
^\s*install\s+sctp\s+(/bin/false|/bin/true)$
1
/etc/modprobe.conf
^\s*install\s+sctp\s+(/bin/false|/bin/true)$
1
ypserv
/etc/issue
1
iputils
/home
oval:ssg:ste:1785
qpid-cpp-server
/etc/xinetd.d/rsh
^\s*disable\s+=\s+yes\s*$
1
/etc/ssh/sshd_config
^[\s]*(?i)PermitRootLogin(?-i)[\s]+yes[\s]*(?:|(?:#.*))?$
1
/
oval:ssg:ste:1790
cgred
0
cgred
1
cgred
2
cgred
3
cgred
4
cgred
5
cgred
6
/etc/gconf/gconf.xml.mandatory/apps/gnome-screensaver/%gconf.xml
/gconf/entry[@name='lock_enabled']/@value
/etc/audit/audit.rules
^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*-S[\s]+setxattr[\s]+)(?:.*-F\s+auid>=500[\s]+)(?:.*-F\s+auid!=4294967295[\s]+).*-k[\s]+[\S]+[\s]*$
1
/etc/audit/audit.rules
^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*-S[\s]+setxattr[\s]+)(?:.*-F\s+auid>=500[\s]+)(?:.*-F\s+auid!=4294967295[\s]+).*-k[\s]+[\S]+[\s]*$
1
gpg-pubkey
pam_ldap
hal
/etc/fstab
^\s*[\.\w]+:[/\w]+\s+[/\w]+\s+nfs[4]?\s+(.*)$
0
/etc/fstab
^\s*[\.\w]+:[/\w]+\s+[/\w]+\s+nfs[4]?\s+.*$
0
/etc/audit/auditd.conf
^[ ]*num_logs[ ]+=[ ]+(\d+)[ ]*$
1
/etc/sysctl.conf
^[\s]*net.ipv4.conf.all.accept_redirects[\s]*=[\s]*0*$
1
net.ipv4.conf.all.accept_redirects
rdisc
0
rdisc
1
rdisc
2
rdisc
3
rdisc
4
rdisc
5
rdisc
6
/etc
grub.conf
^\s*kernel\s/vmlinuz.*nousb.*$
1
/etc/sysctl.conf
^[\s]*net.ipv4.tcp_syncookies[\s]*=[\s]*1*$
1
net.ipv4.tcp_syncookies
/etc/modprobe.d
^.*\.conf$
^\s*install\s+squashfs\s+(/bin/false|/bin/true)$
1
/etc/modprobe.conf
^\s*install\s+squashfs\s+(/bin/false|/bin/true)$
1
/etc/gconf/gconf.xml.mandatory/desktop/gnome/session/%gconf.xml
/gconf/entry[@name='idle_delay']/@value
/
^.*$
oval:ssg:ste:2209
oval:ssg:ste:2210
ntpdate
0
ntpdate
1
ntpdate
2
ntpdate
3
ntpdate
4
ntpdate
5
ntpdate
6
cups
0
cups
1
cups
2
cups
3
cups
4
cups
5
cups
6
/etc/passwd
^[^:]+:[^:]+:([\d]+):[\d]+:[^:]*:[^:]+:[^:]*$
1
/
.*
oval:ssg:ste:2212
/var
^/\w.*$
oval:ssg:ste:1852
mdadm
squid
0
squid
1
squid
2
squid
3
squid
4
squid
5
squid
6
bluetooth
0
bluetooth
1
bluetooth
2
bluetooth
3
bluetooth
4
bluetooth
5
bluetooth
6
/tmp
/etc/xinetd.d/rexec
^\s*disable\s+=\s+yes\s*$
1
sysstat
0
sysstat
1
sysstat
2
sysstat
3
sysstat
4
sysstat
5
sysstat
6
messagebus
0
messagebus
1
messagebus
2
messagebus
3
messagebus
4
messagebus
5
messagebus
6
portreserve
/etc/passwd
^(?!root).*:x:[\d]*:0*([0-9]{1,2}|[1-4][0-9]{2}):[^:]*:[^:]*:(?!\/sbin\/nologin|\/bin\/sync|\/sbin\/shutdown|\/sbin\/halt).*$
1
libcgroup
/etc/sysctl.conf
^[\s]*kernel.exec-shield[\s]*=[\s]*1*$
1
kernel.exec-shield
/etc/sysconfig/network-scripts
ifcfg-.*
^IPV6_PRIVACY=rfc3041$
1
/etc/sysctl.conf
^[\s]*kernel.dmesg_restrict[\s]*=[\s]*1*$
1
kernel.dmesg_restrict
snmpd
0
snmpd
1
snmpd
2
snmpd
3
snmpd
4
snmpd
5
snmpd
6
.*
/etc/httpd/conf
^.*$
aide
/etc/sysctl.conf
^[\s]*net.ipv4.conf.default.secure_redirects[\s]*=[\s]*0*$
1
net.ipv4.conf.default.secure_redirects
/etc/postfix
main.cf
^[\s]*smtpd_banner[\s]*=[\s]*\$myhostname[\s]+ESMTP[\s]*$
1
/etc/sysctl.conf
^[\s]*net.ipv4.conf.all.secure_redirects[\s]*=[\s]*0*$
1
net.ipv4.conf.all.secure_redirects
quota_nld
0
quota_nld
1
quota_nld
2
quota_nld
3
quota_nld
4
quota_nld
5
quota_nld
6
/etc/pam_ldap.conf
^[\s]*ssl[\s]+start_tls[\s]*$
1
/etc/sysconfig
iptables
^-A INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT$
1
/etc/sysconfig
ip6tables
^-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT$
1
cpuspeed
dhcpd
0
dhcpd
1
dhcpd
2
dhcpd
3
dhcpd
4
dhcpd
5
dhcpd
6
autofs
0
autofs
1
autofs
2
autofs
3
autofs
4
autofs
5
autofs
6
/etc/audit/audit.rules
^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*-S[\s]+fsetxattr[\s]+)(?:.*-F\s+auid>=500[\s]+)(?:.*-F\s+auid!=4294967295[\s]+).*-k[\s]+[\S]+[\s]*$
1
/etc/audit/audit.rules
^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*-S[\s]+fsetxattr[\s]+)(?:.*-F\s+auid>=500[\s]+)(?:.*-F\s+auid!=4294967295[\s]+).*-k[\s]+[\S]+[\s]*$
1
/etc/audit
audit.rules
^[\s]*-a[\s]+always,exit[\s]+-F[\s]+arch=b32.*-S[\s]+adjtimex[\s]+.*-k[\s]+[\S]+[\s]*$
1
/etc/audit
audit.rules
^[\s]*-a[\s]+always,exit[\s]+-F[\s]+arch=b64.*-S[\s]+adjtimex[\s]+.*-k[\s]+[\S]+[\s]*$
1
/etc/modprobe.d
^.*\.conf$
^\s*install\s+dccp\s+(/bin/false|/bin/true)$
1
/etc/modprobe.conf
^\s*install\s+dccp\s+(/bin/false|/bin/true)$
1
vsftpd
0
vsftpd
1
vsftpd
2
vsftpd
3
vsftpd
4
vsftpd
5
vsftpd
6
/etc/xinetd.d/tftp
^[\s]*server_args[\s]+=[\s]+\-s[\s]+.+$
1
/var/log/audit
oval:ssg:ste:2213
/var/log/audit
^.*$
oval:ssg:ste:2213
/etc/audit/audit.rules
^\-a\s+always,exit\s+(\-F\s+arch=(b64|b32)\s+)?\-S\s+rmdir\s+\-S\s+unlink\s+\-S\s+unlinkat\s+\-S\s+rename\s+\-S\s+renameat\s+\-F\s+auid>=500\s+\-F\s+auid!=4294967295\s+\-k\s+[-\w]+\s*$
1
sendmail
/etc/sysctl.conf
^[\s]*net.ipv4.conf.all.accept_source_route[\s]*=[\s]*0*$
1
net.ipv4.conf.all.accept_source_route
/etc/audit
audit.rules
^[\s]*-a[\s]+always,exit[\s]+-F[\s]+arch=b32.*-S[\s]+stime[\s]+.*-k[\s]+[\S]+[\s]*$
1
quota
/etc/audit/audit.rules
^\-w\s+/etc/selinux/\s+\-p\s+wa\s+\-k\s+[-\w]+\s*$
1
/etc/shadow
/etc/default/useradd
^\s*INACTIVE\s*=\s*(\d+)\s*$
1
/etc/login.defs
^[\s]*PASS_MIN_LEN[\s]+(\d+)[\s]*(?:|(?:#.*))?$
1
/etc/ssh/sshd_config
^[\s]*(?i)Ciphers(?-i)[\s]+aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc[\s]*(?:|(?:#.*))?$
1
/etc/audit/audit.rules
^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*-S[\s]+chmod[\s]+)(?:.*-F\s+auid>=500[\s]+)(?:.*-F\s+auid!=4294967295[\s]+).*-k[\s]+[\S]+[\s]*$
1
/etc/audit/audit.rules
^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*-S[\s]+chmod[\s]+)(?:.*-F\s+auid>=500[\s]+)(?:.*-F\s+auid!=4294967295[\s]+).*-k[\s]+[\S]+[\s]*$
1
/etc/postfix
main.cf
^[\s]*inet_interfaces[\s]*=[\s]*localhost[\s]*$
1
/var/log/audit
/etc
securetty
^ttyS[0-9]+$
1
abrt
/etc/audit/audit.rules
^\-w\s+/var/run/utmp\s+\-p\s+wa\s+\-k\s+[-\w]+\s*$
1
/etc/audit/audit.rules
^\-w\s+/var/log/btmp\s+\-p\s+wa\s+\-k\s+[-\w]+\s*$
1
/etc/audit/audit.rules
^\-w\s+/var/log/wtmp\s+\-p\s+wa\s+\-k\s+[-\w]+\s*$
1
/boot/grub/grub.conf
/boot/efi/EFI/redhat/grub.conf
/etc/sysconfig/prelink
^[\s]*PRELINKING=no[\s]*
1
screen
/etc/pam.d/system-auth
^[\s]*password[\s]+(?:(?:required)|(?:requisite))[\s]+[\w_\.\-=\s]+[\s]ocredit=(-?\d+)(?:[\s]|$)
1
/etc
grub.conf
^[\s]*password[\s]+--encrypted[\s]+.*
1
cyrus-sasl
/boot/grub/grub.conf
/boot/efi/EFI/redhat/grub.conf
/etc/pam.d
system-auth
^[\s]*password[\s]+(?:(?:required)|(?:requisite))[\s]+[\w_\.\-=\s]+[\s]minclass=(-?\d+)(?:[\s]|$)
1
/etc/securetty
^vc/[0-9]+$
1
/etc
grub.conf
^\s*kernel\s/vmlinuz.*audit=1.*$
1
postfix
/etc/samba
smb.conf
^[\s]*client[\s]+signing[\s]*=[\s]*mandatory
1
/etc/audit/audit.rules
^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*-S[\s]+removexattr[\s]+)(?:.*-F\s+auid>=500[\s]+)(?:.*-F\s+auid!=4294967295[\s]+).*-k[\s]+[\S]+[\s]*$
1
/etc/audit/audit.rules
^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*-S[\s]+removexattr[\s]+)(?:.*-F\s+auid>=500[\s]+)(?:.*-F\s+auid!=4294967295[\s]+).*-k[\s]+[\S]+[\s]*$
1
nfs-utils
/etc/sysconfig/init
^SINGLE=/sbin/sulogin[\s]*
1
/etc/ssh/sshd_config
^[\s]*(?i)HostbasedAuthentication(?-i)[\s]+yes[\s]*(?:|(?:#.*))?$
1
/etc/audit/auditd.conf
^[ ]*action_mail_acct[ ]+=[ ]+(\S+)[ ]*$
1
/etc/passwd
/etc/pam.d/system-auth
^[\s]*password[\s]+sufficient[\s]+pam_unix\.so[\s]+.*sha512.*$
1
rhnsd
0
rhnsd
1
rhnsd
2
rhnsd
3
rhnsd
4
rhnsd
5
rhnsd
6
/etc/pam.d
system-auth
^[\s]*password[\s]+(?:(?:required)|(?:requisite))[\s]+[\w_\.\-=\s]+[\s]difok=(-?\d+)(?:[\s]|$)
1
/etc/dovecot/conf.d
10-ssl.conf
^[\s]*ssl[\s]*=[\s]*yes[\s]*$
1
/etc/ssh/sshd_config
^[\s]*(?i)Protocol[\s]+2[\s]*(?:|(?:#.*))?$
1
rsh
/etc/modprobe.d
^.*\.conf$
^\s*options\s+ipv6\s+.*disable=1.*$
1
/etc/sysctl.conf
^[\s]*net.ipv4.conf.default.accept_source_route[\s]*=[\s]*0*$
1
net.ipv4.conf.default.accept_source_route
smartmontools
/etc/security/limits.conf
^[\s]*\*[\s]+hard[\s]+core[\s]+([\d]+)
1
netconsole
0
netconsole
1
netconsole
2
netconsole
3
netconsole
4
netconsole
5
netconsole
6
/etc/ssh/sshd_config
^[\s]*(?i)IgnoreRhosts(?-i)[\s]+no[\s]*(?:|(?:#.*))?$
1
/etc/audit/audit.rules
^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*-S[\s]+lremovexattr[\s]+)(?:.*-F\s+auid>=500[\s]+)(?:.*-F\s+auid!=4294967295[\s]+).*-k[\s]+[\S]+[\s]*$
1
/etc/audit/audit.rules
^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*-S[\s]+lremovexattr[\s]+)(?:.*-F\s+auid>=500[\s]+)(?:.*-F\s+auid!=4294967295[\s]+).*-k[\s]+[\S]+[\s]*$
1
rsh-server
portreserve
0
portreserve
1
portreserve
2
portreserve
3
portreserve
4
portreserve
5
portreserve
6
/etc/sysconfig/init
^[\s]*PROMPT=no[\s]+
1
/
^.*$
oval:ssg:ste:2214
oval:ssg:ste:2215
dbus
/home
^\.netrc$
cronie
/etc/audit
audit.rules
^\-a\salways,exit\s-F\spath=/bin/ping\s-F perm=x\s\-F\sauid>=500\s\-F\sauid!=4294967295\s\-k\sprivileged
1
/etc/shadow
/etc/audit
audit.rules
^[\s]*-a[\s]+always,exit[\s]+-F[\s]+arch=b32.*-S[\s]+clock_settime[\s]+.*-k[\s]+[\S]+[\s]*$
1
/etc/audit
audit.rules
^[\s]*-a[\s]+always,exit[\s]+-F[\s]+arch=b64.*-S[\s]+clock_settime[\s]+.*-k[\s]+[\S]+[\s]*$
1
acpid
0
acpid
1
acpid
2
acpid
3
acpid
4
acpid
5
acpid
6
xorg-x11-server-common
/etc/audit/auditd.conf
^[ ]*max_log_file_action[ ]+=[ ]+(\S+)[ ]*$
1
/etc/pam.d/system-auth
^[\s]*password[\s]+(?:(?:required)|(?:requisite))[\s]+[\w_\.\-=\s]+[\s]dcredit=(-?\d+)(?:[\s]|$)
1
psacct
0
psacct
1
psacct
2
psacct
3
psacct
4
psacct
5
psacct
6
/etc/pam.d/system-auth
^\s*password\s+(?:(?:sufficient)|(?:required))\s+pam_unix\.so.*remember=([0-9]*).*$
1
avahi-daemon
0
avahi-daemon
1
avahi-daemon
2
avahi-daemon
3
avahi-daemon
4
avahi-daemon
5
avahi-daemon
6
/tmp
mdmonitor
0
mdmonitor
1
mdmonitor
2
mdmonitor
3
mdmonitor
4
mdmonitor
5
mdmonitor
6
/etc/audit/auditd.conf
^[ ]*admin_space_left_action[ ]+=[ ]+(\S+)[ ]*$
1
samba-common
vsftpd
/etc/audit/audit.rules
^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*-S[\s]+chown[\s]+)(?:.*-F\s+auid>=500[\s]+)(?:.*-F\s+auid!=4294967295[\s]+).*-k[\s]+[\S]+[\s]*$
1
/etc/audit/audit.rules
^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*-S[\s]+chown[\s]+)(?:.*-F\s+auid>=500[\s]+)(?:.*-F\s+auid!=4294967295[\s]+).*-k[\s]+[\S]+[\s]*$
1
saslauthd
0
saslauthd
1
saslauthd
2
saslauthd
3
saslauthd
4
saslauthd
5
saslauthd
6
/etc/audit/auditd.conf
^[ ]*max_log_file[ ]+=[ ]+(\d+)[ ]*$
1
/etc/modprobe.d
^.*\.conf$
^\s*install\s+jffs2\s+(/bin/false|/bin/true)$
1
/etc/modprobe.conf
^\s*install\s+jffs2\s+(/bin/false|/bin/true)$
1
/etc/audit/audit.rules
^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*-S[\s]+fchmod[\s]+)(?:.*-F\s+auid>=500[\s]+)(?:.*-F\s+auid!=4294967295[\s]+).*-k[\s]+[\S]+[\s]*$
1
/etc/audit/audit.rules
^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*-S[\s]+fchmod[\s]+)(?:.*-F\s+auid>=500[\s]+)(?:.*-F\s+auid!=4294967295[\s]+).*-k[\s]+[\S]+[\s]*$
1
/var/lib/gdm/.gconf/apps/gdm/simple-greeter/%gconf.xml
/gconf/entry[@name='banner_message_enable']/@value
ip6tables
0
ip6tables
1
ip6tables
2
ip6tables
3
ip6tables
4
ip6tables
5
ip6tables
6
talk-server
/etc/audit/audit.rules
^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*-S[\s]+lsetxattr[\s]+)(?:.*-F\s+auid>=500[\s]+)(?:.*-F\s+auid!=4294967295[\s]+).*-k[\s]+[\S]+[\s]*$
1
/etc/audit/audit.rules
^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*-S[\s]+lsetxattr[\s]+)(?:.*-F\s+auid>=500[\s]+)(?:.*-F\s+auid!=4294967295[\s]+).*-k[\s]+[\S]+[\s]*$
1
/etc/gshadow
/etc/audit
audit.rules
^[\s]*-a[\s]+always,exit[\s]+-F[\s]+arch=b32.*-S[\s]+settimeofday[\s]+.*-k[\s]+[\S]+[\s]*$
1
/etc/audit
audit.rules
^[\s]*-a[\s]+always,exit[\s]+-F[\s]+arch=b64.*-S[\s]+settimeofday[\s]+.*-k[\s]+[\S]+[\s]*$
1
/etc/audit/auditd.conf
^[ ]*space_left_action[ ]+=[ ]+(\S+)[ ]*$
1
/etc
rsyslog.conf
^[\s]*\$(?:Input(?:TCP|RELP)|UDP)ServerRun
1
/dev/shm
xinetd
openswan
/etc/gconf/gconf.xml.mandatory/desktop/gnome/thumbnailers/%gconf.xml
/gconf/entry[@name='disable_all']/@value
/boot/grub
grub.conf
rpcgssd
0
rpcgssd
1
rpcgssd
2
rpcgssd
3
rpcgssd
4
rpcgssd
5
rpcgssd
6
subscription-manager
nfslock
0
nfslock
1
nfslock
2
nfslock
3
nfslock
4
nfslock
5
nfslock
6
psacct
/etc/group
/var/tmp
/etc/mtab
^[\s]*/tmp[\s]+/var/tmp[\s]+.*bind.*$
1
^\/lib(|64)|^\/usr\/lib(|64)
oval:ssg:ste:2216
oval:ssg:ste:2217
^\/lib(|64)|^\/usr\/lib(|64)
^.*$
oval:ssg:ste:2216
oval:ssg:ste:2217
2
nodev
1
0
0
0
false
false
false
true
true
false
false
false
false
false
false
false
0
nosuid
false
false
false
true
false
true
false
false
false
false
true
true
true
symbolic link
0
1
false
true
nodev
0
false
true
false
true
1
false
true
0
false
true
1
false
true
true
false
false
true
true
false
false
true
1
0
false
true
false
true
true
false
false
true
fail
fail
fail
^(static|none)$
true
true
0
0
false
true
0
true
true
true
true
true
true
true
true
true
nodev
false
true
false
true
unlabeled_t
false
false
false
false
false
false
false
false
false
true
true
false
1
false
true
false
true
1
noexec
false
false
false
false
false
false
false
false
false
false
true
nosuid
0
PROMISC
0
0
unix
^6\.\d+$
^6\.\d+$
false
true
noexec
0
2
sec=(krb5i|ntlmv2i)
0
false
true
false
true
true
false
0
regular
true
^/selinux/(?:(?:member)|(?:user)|(?:relabel)|(?:create)|(?:access)|(?:context))$
^/proc/.*$
^/sys/.*$
true
false
0
^.*nosuid.*$
true
false
true
false
0
fail
false
true
false
true
blank-only
true
0
0
^[:\.]
::
\.\.
[:\.]$
^[^/]
[^\\]:[^/]
false
true
true
true
true
true
true
true
true
500
true
false
true
true
4ae0493b
fd431d51
45700c69
2fa658e0
^.*nodev.*$
0
false
true
1
true
false
true
false
true
^/dev/.*$
nodev
false
true
false
true
nosuid
false
true
false
true
x86_64
1
1
false
true
x
false
false
false
false
true
false
false
false
false
false
0
0
false
true
false
true
false
true
false
true
i686
0
0
0
0
-1
0
1
0
1
0
0
false
false
false
false
false
false
false
false
false
true
1
0
0
false
true
false
true
true
0
0
false
false
false
false
false
false
false
false
false
false
false
false
false
true
1
true
false
false
true
false
true
false
true
true
true
false
0
0
false
false
false
false
false
false
false
false
false
false
false
false
noexec
true
false
false
false
false
false
false
false
false
true
false
true
0
true
true
symbolic link
/bin/fusermount
/bin/mount
/bin/ping6
/bin/ping
/bin/su
/bin/umount
/lib64/dbus-1/dbus-daemon-launch-helper
/lib/dbus-1/dbus-daemon-launch-helper
/sbin/mount.ecryptfs_private
/sbin/mount.nfs
/sbin/pam_timestamp_check
/sbin/unix_chkpwd
/usr/bin/abrt-action-install-debuginfo-to-abrt-cache
/usr/bin/at
/usr/bin/chage
/usr/bin/chfn
/usr/bin/chsh
/usr/bin/crontab
/usr/bin/gpasswd
/usr/bin/kgrantpty
/usr/bin/kpac_dhcp_helper
/usr/bin/ksu
/usr/bin/newgrp
/usr/bin/newrole
/usr/bin/passwd
/usr/bin/pkexec
/usr/bin/rcp
/usr/bin/rlogin
/usr/bin/rsh
/usr/bin/sperl5.10.1
/usr/bin/staprun
/usr/bin/sudoedit
/usr/bin/sudo
/usr/bin/Xorg
/usr/lib64/amanda/calcsize
/usr/lib64/amanda/dumper
/usr/lib64/amanda/killpgrp
/usr/lib64/amanda/planner
/usr/lib64/amanda/rundump
/usr/lib64/amanda/runtar
/usr/lib64/nspluginwrapper/plugin-config
/usr/lib/amanda/calcsize
/usr/lib/amanda/dumper
/usr/lib/amanda/killpgrp
/usr/lib/amanda/planner
/usr/lib/amanda/rundump
/usr/lib/amanda/runtar
/usr/libexec/abrt-action-install-debuginfo-to-abrt-cache
/usr/libexec/spice-gtk-x86_64/spice-client-glib-usb-acl-helper
/usr/libexec/mc/cons.saver
/usr/libexec/openssh/ssh-keysign
/usr/libexec/polkit-1/polkit-agent-helper-1
/usr/libexec/pt_chown
/usr/libexec/pulse/proximity-helper
/usr/lib/nspluginwrapper/plugin-config
/usr/sbin/amcheck
/usr/sbin/seunshare
/usr/sbin/suexec
/usr/sbin/userhelper
/usr/sbin/usernetctl
/bin/cgexec
/sbin/netreport
/usr/bin/crontab
/usr/bin/gnomine
/usr/bin/iagno
/usr/bin/locate
/usr/bin/lockfile
/usr/bin/same-gnome
/usr/bin/screen
/usr/bin/ssh-agent
/usr/bin/wall
/usr/bin/write
/usr/lib64/vte/gnome-pty-helper
/usr/libexec/kde4/kdesud
/usr/libexec/utempter/utempter
/usr/lib/mailman/cgi-bin/admindb
/usr/lib/mailman/cgi-bin/admin
/usr/lib/mailman/cgi-bin/confirm
/usr/lib/mailman/cgi-bin/create
/usr/lib/mailman/cgi-bin/edithtml
/usr/lib/mailman/cgi-bin/listinfo
/usr/lib/mailman/cgi-bin/options
/usr/lib/mailman/cgi-bin/private
/usr/lib/mailman/cgi-bin/rmlist
/usr/lib/mailman/cgi-bin/roster
/usr/lib/mailman/cgi-bin/subscribe
/usr/lib/mailman/mail/mailman
/usr/lib/vte/gnome-pty-helper
/usr/sbin/lockdev
/usr/sbin/postdrop
/usr/sbin/postqueue
/usr/sbin/sendmail.sendmail