| OVAL Definition Results |
|
|
| ID |
Result |
Class |
Reference ID |
Title |
| oval:ssg-zipl_vsyscall_argument:def:1 |
false |
compliance |
[CCE-83381-4], [zipl_vsyscall_argument] |
Ensure that BLS-compatible boot loader is configured to run Linux operating system with argument vsyscall=none |
| oval:ssg-zipl_slub_debug_argument:def:1 |
false |
compliance |
[CCE-83371-5], [zipl_slub_debug_argument] |
Ensure that BLS-compatible boot loader is configured to run Linux operating system with argument slub_debug=P |
| oval:ssg-zipl_page_poison_argument:def:1 |
false |
compliance |
[CCE-83351-7], [zipl_page_poison_argument] |
Ensure that BLS-compatible boot loader is configured to run Linux operating system with argument page_poison=1 |
| oval:ssg-zipl_bootmap_is_up_to_date:def:1 |
false |
compliance |
[CCE-83486-1], [zipl_bootmap_is_up_to_date] |
Ensure zIPL bootmap is up to date |
| oval:ssg-zipl_audit_backlog_limit_argument:def:1 |
false |
compliance |
[CCE-83341-8], [zipl_audit_backlog_limit_argument] |
Ensure that BLS-compatible boot loader is configured to run Linux operating system with argument audit_backlog_limit=8192 |
| oval:ssg-zipl_audit_argument:def:1 |
false |
compliance |
[CCE-83321-0], [zipl_audit_argument] |
Ensure that BLS-compatible boot loader is configured to run Linux operating system with argument audit=1 |
| oval:ssg-xwindows_runlevel_setting:def:1 |
false |
compliance |
[xwindows_runlevel_setting] |
Disable X Windows Startup By Setting Default SystemD Target |
| oval:ssg-usbguard_rules_not_empty_not_missing:def:1 |
false |
compliance |
[usbguard_rules_not_empty_not_missing] |
Check that file storing USBGuard rules exists and is not empty |
| oval:ssg-usbguard_allow_hub:def:1 |
false |
compliance |
[CCE-82273-4], [usbguard_allow_hub] |
Check that USB hubs are allowed by USBGuard rules |
| oval:ssg-usbguard_allow_hid_and_hub:def:1 |
false |
compliance |
[CCE-82368-2], [usbguard_allow_hid_and_hub] |
Check that USB human interface devices and hubs are allowed by USBGuard rules |
| oval:ssg-usbguard_allow_hid:def:1 |
false |
compliance |
[CCE-82274-2], [usbguard_allow_hid] |
Check that USB Human Interface Devices are allowed by USBGuard rules |
| oval:ssg-uefi_no_removeable_media:def:1 |
false |
compliance |
[uefi_no_removeable_media] |
UEFI Boot Loader Is Not Installed On Removeable Media |
| oval:ssg-timer_dnf-automatic_enabled:def:1 |
false |
compliance |
[CCE-82360-9], [timer_dnf-automatic_enabled] |
Timer dnf-automatic Enabled |
| oval:ssg-system_info_architecture_x86:def:1 |
false |
compliance |
[system_info_architecture_x86] |
Test for x86 Architecture |
| oval:ssg-system_info_architecture_ppc_64:def:1 |
false |
compliance |
[system_info_architecture_ppc_64] |
Test for PPC and PPCLE Architecture |
| oval:ssg-system_info_architecture_aarch_64:def:1 |
false |
compliance |
[system_info_architecture_aarch_64] |
Test for aarch_64 Architecture |
| oval:ssg-system_boot_mode_is_uefi:def:1 |
false |
compliance |
[system_boot_mode_is_uefi] |
UEFI system boot mode check |
| oval:ssg-sysctl_user_max_user_namespaces:def:1 |
false |
compliance |
[CCE-82211-4], [sysctl_user_max_user_namespaces] |
Kernel "user.max_user_namespaces" Parameter Configuration and Runtime Check |
| oval:ssg-sysctl_static_user_max_user_namespaces:def:1 |
false |
compliance |
[sysctl_static_user_max_user_namespaces] |
Kernel "user.max_user_namespaces" Parameter Configuration Check |
| oval:ssg-sysctl_static_net_ipv6_conf_default_accept_source_route:def:1 |
false |
compliance |
[sysctl_static_net_ipv6_conf_default_accept_source_route] |
Kernel "net.ipv6.conf.default.accept_source_route" Parameter Configuration Check |
| oval:ssg-sysctl_static_net_ipv6_conf_default_accept_ra:def:1 |
false |
compliance |
[sysctl_static_net_ipv6_conf_default_accept_ra] |
Kernel "net.ipv6.conf.default.accept_ra" Parameter Configuration Check |
| oval:ssg-sysctl_static_net_ipv6_conf_all_forwarding:def:1 |
false |
compliance |
[sysctl_static_net_ipv6_conf_all_forwarding] |
Kernel "net.ipv6.conf.all.forwarding" Parameter Configuration Check |
| oval:ssg-sysctl_static_net_ipv6_conf_all_disable_ipv6:def:1 |
false |
compliance |
[sysctl_static_net_ipv6_conf_all_disable_ipv6] |
Kernel "net.ipv6.conf.all.disable_ipv6" Parameter Configuration Check |
| oval:ssg-sysctl_static_net_ipv6_conf_all_accept_source_route:def:1 |
false |
compliance |
[sysctl_static_net_ipv6_conf_all_accept_source_route] |
Kernel "net.ipv6.conf.all.accept_source_route" Parameter Configuration Check |
| oval:ssg-sysctl_static_net_ipv6_conf_all_accept_ra:def:1 |
false |
compliance |
[sysctl_static_net_ipv6_conf_all_accept_ra] |
Kernel "net.ipv6.conf.all.accept_ra" Parameter Configuration Check |
| oval:ssg-sysctl_static_net_ipv4_tcp_syncookies:def:1 |
false |
compliance |
[sysctl_static_net_ipv4_tcp_syncookies] |
Kernel "net.ipv4.tcp_syncookies" Parameter Configuration Check |
| oval:ssg-sysctl_static_net_ipv4_tcp_invalid_ratelimit:def:1 |
false |
compliance |
[sysctl_static_net_ipv4_tcp_invalid_ratelimit] |
Kernel "net.ipv4.tcp_invalid_ratelimit" Parameter Configuration Check |
| oval:ssg-sysctl_static_net_ipv4_ip_forward:def:1 |
false |
compliance |
[sysctl_static_net_ipv4_ip_forward] |
Kernel "net.ipv4.ip_forward" Parameter Configuration Check |
| oval:ssg-sysctl_static_net_ipv4_icmp_ignore_bogus_error_responses:def:1 |
false |
compliance |
[sysctl_static_net_ipv4_icmp_ignore_bogus_error_responses] |
Kernel "net.ipv4.icmp_ignore_bogus_error_responses" Parameter Configuration Check |
| oval:ssg-sysctl_static_net_ipv4_icmp_echo_ignore_broadcasts:def:1 |
false |
compliance |
[sysctl_static_net_ipv4_icmp_echo_ignore_broadcasts] |
Kernel "net.ipv4.icmp_echo_ignore_broadcasts" Parameter Configuration Check |
| oval:ssg-sysctl_static_net_ipv4_conf_default_secure_redirects:def:1 |
false |
compliance |
[sysctl_static_net_ipv4_conf_default_secure_redirects] |
Kernel "net.ipv4.conf.default.secure_redirects" Parameter Configuration Check |
| oval:ssg-sysctl_static_net_ipv4_conf_default_rp_filter:def:1 |
false |
compliance |
[sysctl_static_net_ipv4_conf_default_rp_filter] |
Kernel "net.ipv4.conf.default.rp_filter" Parameter Configuration Check |
| oval:ssg-sysctl_static_net_ipv4_conf_default_log_martians:def:1 |
false |
compliance |
[sysctl_static_net_ipv4_conf_default_log_martians] |
Kernel "net.ipv4.conf.default.log_martians" Parameter Configuration Check |
| oval:ssg-sysctl_static_net_ipv4_conf_default_accept_source_route:def:1 |
false |
compliance |
[sysctl_static_net_ipv4_conf_default_accept_source_route] |
Kernel "net.ipv4.conf.default.accept_source_route" Parameter Configuration Check |
| oval:ssg-sysctl_static_net_ipv4_conf_all_secure_redirects:def:1 |
false |
compliance |
[sysctl_static_net_ipv4_conf_all_secure_redirects] |
Kernel "net.ipv4.conf.all.secure_redirects" Parameter Configuration Check |
| oval:ssg-sysctl_static_net_ipv4_conf_all_log_martians:def:1 |
false |
compliance |
[sysctl_static_net_ipv4_conf_all_log_martians] |
Kernel "net.ipv4.conf.all.log_martians" Parameter Configuration Check |
| oval:ssg-sysctl_static_net_core_bpf_jit_harden:def:1 |
false |
compliance |
[sysctl_static_net_core_bpf_jit_harden] |
Kernel "net.core.bpf_jit_harden" Parameter Configuration Check |
| oval:ssg-sysctl_static_kernel_yama_ptrace_scope:def:1 |
false |
compliance |
[sysctl_static_kernel_yama_ptrace_scope] |
Kernel "kernel.yama.ptrace_scope" Parameter Configuration Check |
| oval:ssg-sysctl_static_kernel_unprivileged_bpf_disabled:def:1 |
false |
compliance |
[sysctl_static_kernel_unprivileged_bpf_disabled] |
Kernel "kernel.unprivileged_bpf_disabled" Parameter Configuration Check |
| oval:ssg-sysctl_static_kernel_randomize_va_space:def:1 |
false |
compliance |
[sysctl_static_kernel_randomize_va_space] |
Kernel "kernel.randomize_va_space" Parameter Configuration Check |
| oval:ssg-sysctl_static_kernel_perf_event_paranoid:def:1 |
false |
compliance |
[sysctl_static_kernel_perf_event_paranoid] |
Kernel "kernel.perf_event_paranoid" Parameter Configuration Check |
| oval:ssg-sysctl_static_kernel_kexec_load_disabled:def:1 |
false |
compliance |
[sysctl_static_kernel_kexec_load_disabled] |
Kernel "kernel.kexec_load_disabled" Parameter Configuration Check |
| oval:ssg-sysctl_static_kernel_dmesg_restrict:def:1 |
false |
compliance |
[sysctl_static_kernel_dmesg_restrict] |
Kernel "kernel.dmesg_restrict" Parameter Configuration Check |
| oval:ssg-sysctl_static_fs_suid_dumpable:def:1 |
false |
compliance |
[sysctl_static_fs_suid_dumpable] |
Kernel "fs.suid_dumpable" Parameter Configuration Check |
| oval:ssg-sysctl_runtime_user_max_user_namespaces:def:1 |
false |
compliance |
[sysctl_runtime_user_max_user_namespaces] |
Kernel "user.max_user_namespaces" Parameter Runtime Check |
| oval:ssg-sysctl_runtime_net_ipv6_conf_all_disable_ipv6:def:1 |
false |
compliance |
[sysctl_runtime_net_ipv6_conf_all_disable_ipv6] |
Kernel "net.ipv6.conf.all.disable_ipv6" Parameter Runtime Check |
| oval:ssg-sysctl_runtime_net_core_bpf_jit_harden:def:1 |
false |
compliance |
[sysctl_runtime_net_core_bpf_jit_harden] |
Kernel "net.core.bpf_jit_harden" Parameter Runtime Check |
| oval:ssg-sysctl_runtime_kernel_yama_ptrace_scope:def:1 |
false |
compliance |
[sysctl_runtime_kernel_yama_ptrace_scope] |
Kernel "kernel.yama.ptrace_scope" Parameter Runtime Check |
| oval:ssg-sysctl_runtime_kernel_kexec_load_disabled:def:1 |
false |
compliance |
[sysctl_runtime_kernel_kexec_load_disabled] |
Kernel "kernel.kexec_load_disabled" Parameter Runtime Check |
| oval:ssg-sysctl_runtime_kernel_dmesg_restrict:def:1 |
false |
compliance |
[sysctl_runtime_kernel_dmesg_restrict] |
Kernel "kernel.dmesg_restrict" Parameter Runtime Check |
| oval:ssg-sysctl_runtime_kernel_core_pattern:def:1 |
false |
compliance |
[sysctl_runtime_kernel_core_pattern] |
Kernel "kernel.core_pattern" Parameter Runtime Check |
| oval:ssg-sysctl_net_ipv6_conf_default_accept_source_route:def:1 |
false |
compliance |
[CCE-81015-0], [sysctl_net_ipv6_conf_default_accept_source_route] |
Kernel "net.ipv6.conf.default.accept_source_route" Parameter Configuration and Runtime Check |
| oval:ssg-sysctl_net_ipv6_conf_default_accept_ra:def:1 |
false |
compliance |
[CCE-81007-7], [sysctl_net_ipv6_conf_default_accept_ra] |
Kernel "net.ipv6.conf.default.accept_ra" Parameter Configuration and Runtime Check |
| oval:ssg-sysctl_net_ipv6_conf_all_forwarding:def:1 |
false |
compliance |
[CCE-82863-2], [sysctl_net_ipv6_conf_all_forwarding] |
Kernel "net.ipv6.conf.all.forwarding" Parameter Configuration and Runtime Check |
| oval:ssg-sysctl_net_ipv6_conf_all_disable_ipv6:def:1 |
false |
compliance |
[sysctl_net_ipv6_conf_all_disable_ipv6] |
Kernel "net.ipv6.conf.all.disable_ipv6" Parameter Configuration and Runtime Check |
| oval:ssg-sysctl_net_ipv6_conf_all_accept_source_route:def:1 |
false |
compliance |
[CCE-81013-5], [sysctl_net_ipv6_conf_all_accept_source_route] |
Kernel "net.ipv6.conf.all.accept_source_route" Parameter Configuration and Runtime Check |
| oval:ssg-sysctl_net_ipv6_conf_all_accept_ra:def:1 |
false |
compliance |
[CCE-81006-9], [sysctl_net_ipv6_conf_all_accept_ra] |
Kernel "net.ipv6.conf.all.accept_ra" Parameter Configuration and Runtime Check |
| oval:ssg-sysctl_net_ipv4_tcp_syncookies:def:1 |
false |
compliance |
[CCE-80923-6], [sysctl_net_ipv4_tcp_syncookies] |
Kernel "net.ipv4.tcp_syncookies" Parameter Configuration and Runtime Check |
| oval:ssg-sysctl_net_ipv4_tcp_invalid_ratelimit:def:1 |
false |
compliance |
[sysctl_net_ipv4_tcp_invalid_ratelimit] |
Kernel "net.ipv4.tcp_invalid_ratelimit" Parameter Configuration and Runtime Check |
| oval:ssg-sysctl_net_ipv4_ip_forward:def:1 |
false |
compliance |
[CCE-81024-2], [sysctl_net_ipv4_ip_forward] |
Kernel "net.ipv4.ip_forward" Parameter Configuration and Runtime Check |
| oval:ssg-sysctl_net_ipv4_icmp_ignore_bogus_error_responses:def:1 |
false |
compliance |
[CCE-81023-4], [sysctl_net_ipv4_icmp_ignore_bogus_error_responses] |
Kernel "net.ipv4.icmp_ignore_bogus_error_responses" Parameter Configuration and Runtime Check |
| oval:ssg-sysctl_net_ipv4_icmp_echo_ignore_broadcasts:def:1 |
false |
compliance |
[CCE-80922-8], [sysctl_net_ipv4_icmp_echo_ignore_broadcasts] |
Kernel "net.ipv4.icmp_echo_ignore_broadcasts" Parameter Configuration and Runtime Check |
| oval:ssg-sysctl_net_ipv4_conf_default_secure_redirects:def:1 |
false |
compliance |
[CCE-81017-6], [sysctl_net_ipv4_conf_default_secure_redirects] |
Kernel "net.ipv4.conf.default.secure_redirects" Parameter Configuration and Runtime Check |
| oval:ssg-sysctl_net_ipv4_conf_default_rp_filter:def:1 |
false |
compliance |
[CCE-81022-6], [sysctl_net_ipv4_conf_default_rp_filter] |
Kernel "net.ipv4.conf.default.rp_filter" Parameter Configuration and Runtime Check |
| oval:ssg-sysctl_net_ipv4_conf_default_log_martians:def:1 |
false |
compliance |
[CCE-81020-0], [sysctl_net_ipv4_conf_default_log_martians] |
Kernel "net.ipv4.conf.default.log_martians" Parameter Configuration and Runtime Check |
| oval:ssg-sysctl_net_ipv4_conf_default_accept_source_route:def:1 |
false |
compliance |
[CCE-80920-2], [sysctl_net_ipv4_conf_default_accept_source_route] |
Kernel "net.ipv4.conf.default.accept_source_route" Parameter Configuration and Runtime Check |
| oval:ssg-sysctl_net_ipv4_conf_all_secure_redirects:def:1 |
false |
compliance |
[CCE-81016-8], [sysctl_net_ipv4_conf_all_secure_redirects] |
Kernel "net.ipv4.conf.all.secure_redirects" Parameter Configuration and Runtime Check |
| oval:ssg-sysctl_net_ipv4_conf_all_log_martians:def:1 |
false |
compliance |
[CCE-81018-4], [sysctl_net_ipv4_conf_all_log_martians] |
Kernel "net.ipv4.conf.all.log_martians" Parameter Configuration and Runtime Check |
| oval:ssg-sysctl_net_core_bpf_jit_harden:def:1 |
false |
compliance |
[CCE-82934-1], [sysctl_net_core_bpf_jit_harden] |
Kernel "net.core.bpf_jit_harden" Parameter Configuration and Runtime Check |
| oval:ssg-sysctl_kernel_yama_ptrace_scope:def:1 |
false |
compliance |
[CCE-80953-3], [sysctl_kernel_yama_ptrace_scope] |
Kernel "kernel.yama.ptrace_scope" Parameter Configuration and Runtime Check |
| oval:ssg-sysctl_kernel_unprivileged_bpf_disabled:def:1 |
false |
compliance |
[CCE-82974-7], [sysctl_kernel_unprivileged_bpf_disabled] |
Kernel "kernel.unprivileged_bpf_disabled" Parameter Configuration and Runtime Check |
| oval:ssg-sysctl_kernel_randomize_va_space:def:1 |
false |
compliance |
[CCE-80916-0], [sysctl_kernel_randomize_va_space] |
Kernel "kernel.randomize_va_space" Parameter Configuration and Runtime Check |
| oval:ssg-sysctl_kernel_perf_event_paranoid:def:1 |
false |
compliance |
[CCE-81054-9], [sysctl_kernel_perf_event_paranoid] |
Kernel "kernel.perf_event_paranoid" Parameter Configuration and Runtime Check |
| oval:ssg-sysctl_kernel_kexec_load_disabled:def:1 |
false |
compliance |
[CCE-80952-5], [sysctl_kernel_kexec_load_disabled] |
Kernel "kernel.kexec_load_disabled" Parameter Configuration and Runtime Check |
| oval:ssg-sysctl_kernel_ipv6_disable:def:1 |
false |
compliance |
[sysctl_kernel_ipv6_disable] |
Kernel Runtime Parameter IPv6 Check |
| oval:ssg-sysctl_kernel_dmesg_restrict:def:1 |
false |
compliance |
[CCE-80913-7], [sysctl_kernel_dmesg_restrict] |
Kernel "kernel.dmesg_restrict" Parameter Configuration and Runtime Check |
| oval:ssg-sysctl_kernel_core_pattern:def:1 |
false |
compliance |
[CCE-82215-5], [sysctl_kernel_core_pattern] |
Kernel "kernel.core_pattern" Parameter Configuration and Runtime Check |
| oval:ssg-sysctl_fs_suid_dumpable:def:1 |
false |
compliance |
[CCE-80912-9], [sysctl_fs_suid_dumpable] |
Kernel "fs.suid_dumpable" Parameter Configuration and Runtime Check |
| oval:ssg-sysctl_crypto_fips_enabled:def:1 |
false |
compliance |
[sysctl_crypto_fips_enabled] |
Kernel "crypto.fips_enabled" Parameter Runtime Check |
| oval:ssg-sudo_vdsm_nopasswd:def:1 |
false |
compliance |
[CCE-82365-8], [sudo_vdsm_nopasswd] |
Ensure NOPASSWD Is Used Only for the VDSM User in Sudo |
| oval:ssg-sudo_require_authentication:def:1 |
false |
compliance |
[CCE-82279-1], [sudo_require_authentication] |
Ensure Users Re-Authenticate for Privilege Escalation - sudo |
| oval:ssg-sudo_remove_nopasswd:def:1 |
false |
compliance |
[CCE-82197-5], [sudo_remove_nopasswd] |
Ensure NOPASSWD Is Not Used in Sudo |
| oval:ssg-sssd_run_as_sssd_user:def:1 |
false |
compliance |
[CCE-82072-0], [sssd_run_as_sssd_user] |
Configure SSSD to run as user sssd |
| oval:ssg-sssd_ldap_start_tls:def:1 |
false |
compliance |
[CCE-82437-5], [sssd_ldap_start_tls] |
Configure SSSD LDAP Backend to Use TLS For All Transactions |
| oval:ssg-sssd_ldap_configure_tls_ca_dir:def:1 |
false |
compliance |
[CCE-82456-5], [sssd_ldap_configure_tls_ca_dir] |
Configure SSSD LDAP Backend Client CA Certificate Location |
| oval:ssg-sssd_enable_pam_services:def:1 |
false |
compliance |
[CCE-82446-6], [sssd_enable_pam_services] |
Configure PAM in SSSD Services |
| oval:ssg-sssd_conf_exists:def:1 |
false |
compliance |
[sssd_conf_exists] |
Verify The SSSD Configuration File Exists |
| oval:ssg-sshd_use_strong_rng:def:1 |
false |
compliance |
[CCE-82462-3], [sshd_use_strong_rng] |
SSH server uses strong entropy to seed |
| oval:ssg-sshd_use_priv_separation:def:1 |
false |
compliance |
[CCE-80908-7], [sshd_use_priv_separation] |
Rule title of sshd_use_priv_separation |
| oval:ssg-sshd_set_max_sessions:def:1 |
false |
compliance |
[CCE-83357-4], [sshd_set_max_sessions] |
Set OpenSSH MaxSessions |
| oval:ssg-sshd_set_max_auth_tries:def:1 |
false |
compliance |
[CCE-83500-9], [sshd_set_max_auth_tries] |
Set OpenSSH authentication attempt limit (MaxAuthTries) |
| oval:ssg-sshd_set_keepalive:def:1 |
false |
compliance |
[CCE-80907-9], [sshd_set_keepalive] |
Set ClientAliveCountMax for User Logins |
| oval:ssg-sshd_set_idle_timeout:def:1 |
false |
compliance |
[CCE-80906-1], [sshd_set_idle_timeout] |
Set OpenSSH Idle Timeout Interval |
| oval:ssg-sshd_rekey_limit:def:1 |
false |
compliance |
[CCE-82177-7], [sshd_rekey_limit] |
Force frequent session key renegotiation |
| oval:ssg-sshd_enable_warning_banner:def:1 |
false |
compliance |
[CCE-80905-3], [sshd_enable_warning_banner] |
Enable SSH Warning Banner |
| oval:ssg-sshd_do_not_permit_user_env:def:1 |
false |
compliance |
[CCE-80903-8], [sshd_do_not_permit_user_env] |
Do Not Allow SSH Environment Options |
| oval:ssg-sshd_disable_x11_forwarding:def:1 |
false |
compliance |
[CCE-83360-8], [sshd_disable_x11_forwarding] |
Disable X11 Forwarding |
| oval:ssg-sshd_disable_user_known_hosts:def:1 |
false |
compliance |
[CCE-80902-0], [sshd_disable_user_known_hosts] |
Disable SSH Support for User Known Hosts |
| oval:ssg-sshd_disable_tcp_forwarding:def:1 |
false |
compliance |
[CCE-83301-2], [sshd_disable_tcp_forwarding] |
Disable SSH TCP Forwarding |
| oval:ssg-sshd_disable_root_password_login:def:1 |
false |
compliance |
[sshd_disable_root_password_login] |
Disable SSH root Login with a Password (Insecure) |
| oval:ssg-sshd_disable_root_login:def:1 |
false |
compliance |
[CCE-80901-2], [sshd_disable_root_login] |
Disable SSH Root Login |
| oval:ssg-sshd_disable_pubkey_auth:def:1 |
false |
compliance |
[CCE-82345-0], [sshd_disable_pubkey_auth] |
Disable PubkeyAuthentication Authentication |
| oval:ssg-sshd_disable_gssapi_auth:def:1 |
false |
compliance |
[CCE-80897-2], [sshd_disable_gssapi_auth] |
Disable GSSAPI Authentication |
| oval:ssg-ssh_client_rekey_limit:def:1 |
false |
compliance |
[CCE-82880-6], [ssh_client_rekey_limit] |
Configure session renegotiation for SSH client |
| oval:ssg-set_firewalld_default_zone:def:1 |
false |
compliance |
[CCE-80890-7], [set_firewalld_default_zone] |
Change the default firewalld zone to drop |
| oval:ssg-service_usbguard_enabled:def:1 |
false |
compliance |
[CCE-82853-3], [service_usbguard_enabled] |
Service usbguard Enabled |
| oval:ssg-service_systemd-coredump_disabled:def:1 |
false |
compliance |
[CCE-82881-4], [service_systemd-coredump_disabled] |
Service systemd-coredump Disabled |
| oval:ssg-service_syslogng_enabled:def:1 |
false |
compliance |
[service_syslogng_enabled] |
Service syslogng Enabled |
| oval:ssg-service_sssd_enabled:def:1 |
false |
compliance |
[CCE-82440-9], [service_sssd_enabled] |
Service sssd Enabled |
| oval:ssg-service_sssd_disabled:def:1 |
false |
compliance |
[service_sssd_disabled] |
Service sssd Disabled |
| oval:ssg-service_sshd_disabled:def:1 |
false |
compliance |
[service_sshd_disabled] |
Service sshd Disabled |
| oval:ssg-service_rhsmcertd_disabled:def:1 |
false |
compliance |
[CCE-82387-2], [service_rhsmcertd_disabled] |
Service rhsmcertd Disabled |
| oval:ssg-service_psacct_enabled:def:1 |
false |
compliance |
[CCE-82401-1], [service_psacct_enabled] |
Service psacct Enabled |
| oval:ssg-service_postfix_enabled:def:1 |
false |
compliance |
[service_postfix_enabled] |
Service postfix Enabled |
| oval:ssg-service_pcscd_enabled:def:1 |
false |
compliance |
[CCE-80881-6], [service_pcscd_enabled] |
Service pcscd Enabled |
| oval:ssg-service_ntpd_enabled:def:1 |
false |
compliance |
[service_ntpd_enabled] |
Service ntpd Enabled |
| oval:ssg-service_ntp_enabled:def:1 |
false |
compliance |
[service_ntp_enabled] |
Service ntp Enabled |
| oval:ssg-service_nails_enabled:def:1 |
false |
compliance |
[service_nails_enabled] |
Service nails Enabled |
| oval:ssg-service_kdump_disabled:def:1 |
false |
compliance |
[CCE-80878-2], [service_kdump_disabled] |
Service kdump Disabled |
| oval:ssg-service_iptables_enabled:def:1 |
false |
compliance |
[service_iptables_enabled] |
Service iptables Enabled |
| oval:ssg-service_ip6tables_enabled:def:1 |
false |
compliance |
[service_ip6tables_enabled] |
Service ip6tables Enabled |
| oval:ssg-service_httpd_disabled:def:1 |
false |
compliance |
[CCE-82761-8], [service_httpd_disabled] |
Service httpd Disabled |
| oval:ssg-service_fapolicyd_enabled:def:1 |
false |
compliance |
[CCE-82249-4], [service_fapolicyd_enabled] |
Service fapolicyd Enabled |
| oval:ssg-service_cron_enabled:def:1 |
false |
compliance |
[service_cron_enabled] |
Service cron Enabled |
| oval:ssg-service_cpupower_disabled:def:1 |
false |
compliance |
[CCE-82382-3], [service_cpupower_disabled] |
Service cpupower Disabled |
| oval:ssg-service_cockpit_disabled:def:1 |
false |
compliance |
[service_cockpit_disabled] |
Service cockpit Disabled |
| oval:ssg-sebool_container_connect_any:def:1 |
false |
compliance |
[sebool_container_connect_any] |
SELinux "container_connect_any" Boolean Check |
| oval:ssg-rsyslog_remote_tls_cacert:def:1 |
false |
compliance |
[CCE-82458-1], [rsyslog_remote_tls_cacert] |
Check that CA certificate is configured for rsyslog remote logging |
| oval:ssg-rsyslog_remote_tls:def:1 |
false |
compliance |
[CCE-82457-3], [rsyslog_remote_tls] |
Check that rsyslog is configured to use TLS for remote logging |
| oval:ssg-rsyslog_remote_loghost:def:1 |
false |
compliance |
[CCE-80863-4], [rsyslog_remote_loghost] |
Send Logs to a Remote Loghost |
| oval:ssg-rpm_verify_permissions:def:1 |
false |
compliance |
[CCE-80858-4], [rpm_verify_permissions] |
Verify File Permissions Using RPM |
| oval:ssg-require_smb_client_signing:def:1 |
false |
compliance |
[require_smb_client_signing] |
Require Client SMB Packet Signing in smb.conf |
| oval:ssg-postfix_server_banner:def:1 |
false |
compliance |
[CCE-82379-9], [postfix_server_banner] |
Configure Postfix Against Unnecessary Release of Information |
| oval:ssg-postfix_prevent_unrestricted_relay:def:1 |
false |
compliance |
[postfix_prevent_unrestricted_relay] |
Prevent Unrestricted Mail Relaying |
| oval:ssg-partition_for_var_tmp:def:1 |
false |
compliance |
[CCE-82730-3], [partition_for_var_tmp] |
Ensure /var/tmp Located On Separate Partition |
| oval:ssg-partition_for_var_log_audit:def:1 |
false |
compliance |
[CCE-80854-3], [partition_for_var_log_audit] |
Ensure /var/log/audit Located On Separate Partition |
| oval:ssg-partition_for_var_log:def:1 |
false |
compliance |
[CCE-80853-5], [partition_for_var_log] |
Ensure /var/log Located On Separate Partition |
| oval:ssg-partition_for_var:def:1 |
false |
compliance |
[CCE-80852-7], [partition_for_var] |
Ensure /var Located On Separate Partition |
| oval:ssg-partition_for_tmp:def:1 |
false |
compliance |
[CCE-80851-9], [partition_for_tmp] |
Ensure /tmp Located On Separate Partition |
| oval:ssg-partition_for_srv:def:1 |
false |
compliance |
[partition_for_srv] |
Ensure /srv Located On Separate Partition |
| oval:ssg-partition_for_home:def:1 |
false |
compliance |
[CCE-81044-0], [partition_for_home] |
Ensure /home Located On Separate Partition |
| oval:ssg-package_vsftpd_installed:def:1 |
false |
compliance |
[CCE-82411-0], [package_vsftpd_installed] |
Package vsftpd Installed |
| oval:ssg-package_vim_installed:def:1 |
false |
compliance |
[CCE-82956-4], [package_vim_installed] |
Package vim Installed |
| oval:ssg-package_usbguard_installed:def:1 |
false |
compliance |
[CCE-82959-8], [package_usbguard_installed] |
Package usbguard Installed |
| oval:ssg-package_tuned_removed:def:1 |
false |
compliance |
[CCE-82904-4], [package_tuned_removed] |
Package tuned Removed |
| oval:ssg-package_syslogng_installed:def:1 |
false |
compliance |
[package_syslogng_installed] |
Package syslogng Installed |
| oval:ssg-package_sssd_installed:def:1 |
false |
compliance |
[CCE-82444-1], [package_sssd_installed] |
Package sssd Installed |
| oval:ssg-package_sssd-ipa_installed:def:1 |
false |
compliance |
[CCE-82994-5], [package_sssd-ipa_installed] |
Package sssd-ipa Installed |
| oval:ssg-package_samba-common_removed:def:1 |
false |
compliance |
[package_samba-common_removed] |
Package samba-common Removed |
| oval:ssg-package_rsyslog-gnutls_installed:def:1 |
false |
compliance |
[CCE-82859-0], [package_rsyslog-gnutls_installed] |
Package rsyslog-gnutls Installed |
| oval:ssg-package_psacct_installed:def:1 |
false |
compliance |
[CCE-82404-5], [package_psacct_installed] |
Package psacct Installed |
| oval:ssg-package_pigz_removed:def:1 |
false |
compliance |
[CCE-82397-1], [package_pigz_removed] |
Package pigz Removed |
| oval:ssg-package_pcsc-lite_installed:def:1 |
false |
compliance |
[CCE-80993-9], [package_pcsc-lite_installed] |
Package pcsc-lite Installed |
| oval:ssg-package_pam_pkcs11_installed:def:1 |
false |
compliance |
[package_pam_pkcs11_installed] |
Package pam_pkcs11 Installed |
| oval:ssg-package_openssh-server_removed:def:1 |
false |
compliance |
[package_openssh-server_removed] |
Package openssh-server Removed |
| oval:ssg-package_opensc_installed:def:1 |
false |
compliance |
[CCE-80846-9], [package_opensc_installed] |
Package opensc Installed |
| oval:ssg-package_openldap-clients_removed:def:1 |
false |
compliance |
[CCE-82885-5], [package_openldap-clients_removed] |
Package openldap-clients Removed |
| oval:ssg-package_ntp_installed:def:1 |
false |
compliance |
[package_ntp_installed] |
Package ntp Installed |
| oval:ssg-package_libcap-ng-utils_installed:def:1 |
false |
compliance |
[CCE-82979-6], [package_libcap-ng-utils_installed] |
Package libcap-ng-utils Installed |
| oval:ssg-package_iprutils_removed:def:1 |
false |
compliance |
[CCE-82946-5], [package_iprutils_removed] |
Package iprutils Removed |
| oval:ssg-package_httpd_removed:def:1 |
false |
compliance |
[package_httpd_removed] |
Package httpd Removed |
| oval:ssg-package_gnutls-utils_installed:def:1 |
false |
compliance |
[CCE-82395-5], [package_gnutls-utils_installed] |
Package gnutls-utils Installed |
| oval:ssg-package_geolite2-country_removed:def:1 |
false |
compliance |
[CCE-82936-6], [package_geolite2-country_removed] |
Package geolite2-country Removed |
| oval:ssg-package_geolite2-city_removed:def:1 |
false |
compliance |
[CCE-82939-0], [package_geolite2-city_removed] |
Package geolite2-city Removed |
| oval:ssg-package_gdm_installed:def:1 |
false |
compliance |
[package_gdm_installed] |
Package gdm Installed |
| oval:ssg-package_fapolicyd_installed:def:1 |
false |
compliance |
[CCE-82191-8], [package_fapolicyd_installed] |
Package fapolicyd Installed |
| oval:ssg-package_esc_installed:def:1 |
false |
compliance |
[package_esc_installed] |
Package esc Installed |
| oval:ssg-package_dnf-automatic_installed:def:1 |
false |
compliance |
[CCE-82985-3], [package_dnf-automatic_installed] |
Package dnf-automatic Installed |
| oval:ssg-package_cron_installed:def:1 |
false |
compliance |
[package_cron_installed] |
Package cron Installed |
| oval:ssg-package_avahi_installed:def:1 |
false |
compliance |
[package_avahi_installed] |
Package avahi Installed |
| oval:ssg-package_audispd-plugins_installed:def:1 |
false |
compliance |
[CCE-82953-1], [package_audispd-plugins_installed] |
Package audispd-plugins Installed |
| oval:ssg-package_aide_installed:def:1 |
false |
compliance |
[CCE-80844-4], [package_aide_installed] |
Package aide Installed |
| oval:ssg-openssl_use_strong_entropy:def:1 |
false |
compliance |
[CCE-82721-2], [openssl_use_strong_entropy] |
Configure OpenSSL to use strong entropy |
| oval:ssg-ntpd_specify_remote_server:def:1 |
false |
compliance |
[ntpd_specify_remote_server] |
Specify a Remote ntpd NTP Server for Time Data |
| oval:ssg-ntpd_specify_multiple_servers:def:1 |
false |
compliance |
[ntpd_specify_multiple_servers] |
Specify Multiple Remote ntpd NTP Server for Time Data |
| oval:ssg-no_tmux_in_shells:def:1 |
false |
compliance |
[CCE-82361-7], [no_tmux_in_shells] |
Check that tmux is not listed in /etc/shells |
| oval:ssg-no_empty_passwords:def:1 |
false |
compliance |
[CCE-80841-0], [no_empty_passwords] |
No nullok Option in /etc/pam.d/system-auth |
| oval:ssg-no_direct_root_logins:def:1 |
false |
compliance |
[CCE-80840-2], [no_direct_root_logins] |
Direct root Logins Not Allowed |
| oval:ssg-network_nmcli_permissions:def:1 |
false |
compliance |
[CCE-82179-3], [network_nmcli_permissions] |
Ensure non-Privileged Users Cannot Change Network Settings |
| oval:ssg-network_ipv6_static_address:def:1 |
false |
compliance |
[network_ipv6_static_address] |
Manually Assign Global IPv6 Address |
| oval:ssg-network_ipv6_privacy_extensions:def:1 |
false |
compliance |
[network_ipv6_privacy_extensions] |
Enable Privacy Extensions for IPv6 |
| oval:ssg-network_ipv6_disable_rpc:def:1 |
false |
compliance |
[network_ipv6_disable_rpc] |
Disable Support for RPC IPv6 |
| oval:ssg-network_ipv6_default_gateway:def:1 |
false |
compliance |
[network_ipv6_default_gateway] |
Manually Assign IPv6 Router Address |
| oval:ssg-network_disable_zeroconf:def:1 |
false |
compliance |
[network_disable_zeroconf] |
Disable Zeroconf Networking |
| oval:ssg-network_configure_name_resolution:def:1 |
false |
compliance |
[network_configure_name_resolution] |
Configure Multiple DNS Servers in /etc/resolv.conf |
| oval:ssg-mount_option_var_tmp_nosuid:def:1 |
false |
compliance |
[CCE-82154-6], [mount_option_var_tmp_nosuid] |
Add nosuid Option to /var/tmp |
| oval:ssg-mount_option_var_tmp_noexec:def:1 |
false |
compliance |
[CCE-82151-2], [mount_option_var_tmp_noexec] |
Add noexec Option to /var/tmp |
| oval:ssg-mount_option_var_tmp_nodev:def:1 |
false |
compliance |
[CCE-82068-8], [mount_option_var_tmp_nodev] |
Add nodev Option to /var/tmp |
| oval:ssg-mount_option_var_tmp_bind:def:1 |
false |
compliance |
[mount_option_var_tmp_bind] |
Bind Mount /var/tmp To /tmp |
| oval:ssg-mount_option_var_nosuid:def:1 |
false |
compliance |
[mount_option_var_nosuid] |
Add nosuid Option to /var |
| oval:ssg-mount_option_var_nodev:def:1 |
false |
compliance |
[CCE-82062-1], [mount_option_var_nodev] |
Add nodev Option to /var |
| oval:ssg-mount_option_var_log_nosuid:def:1 |
false |
compliance |
[CCE-82065-4], [mount_option_var_log_nosuid] |
Add nosuid Option to /var/log |
| oval:ssg-mount_option_var_log_noexec:def:1 |
false |
compliance |
[CCE-82008-4], [mount_option_var_log_noexec] |
Add noexec Option to /var/log |
| oval:ssg-mount_option_var_log_nodev:def:1 |
false |
compliance |
[CCE-82077-9], [mount_option_var_log_nodev] |
Add nodev Option to /var/log |
| oval:ssg-mount_option_var_log_audit_nosuid:def:1 |
false |
compliance |
[CCE-82921-8], [mount_option_var_log_audit_nosuid] |
Add nosuid Option to /var/log/audit |
| oval:ssg-mount_option_var_log_audit_noexec:def:1 |
false |
compliance |
[CCE-82975-4], [mount_option_var_log_audit_noexec] |
Add noexec Option to /var/log/audit |
| oval:ssg-mount_option_var_log_audit_nodev:def:1 |
false |
compliance |
[CCE-82080-3], [mount_option_var_log_audit_nodev] |
Add nodev Option to /var/log/audit |
| oval:ssg-mount_option_tmp_nosuid:def:1 |
false |
compliance |
[CCE-82140-5], [mount_option_tmp_nosuid] |
Add nosuid Option to /tmp |
| oval:ssg-mount_option_tmp_noexec:def:1 |
false |
compliance |
[CCE-82139-7], [mount_option_tmp_noexec] |
Add noexec Option to /tmp |
| oval:ssg-mount_option_tmp_nodev:def:1 |
false |
compliance |
[CCE-82623-0], [mount_option_tmp_nodev] |
Add nodev Option to /tmp |
| oval:ssg-mount_option_nodev_nonroot_local_partitions:def:1 |
false |
compliance |
[CCE-82069-6], [mount_option_nodev_nonroot_local_partitions] |
Add nodev Option to Non-Root Local Partitions |
| oval:ssg-mount_option_home_nosuid:def:1 |
false |
compliance |
[CCE-81050-7], [mount_option_home_nosuid] |
Add nosuid Option to /home |
| oval:ssg-mount_option_home_nodev:def:1 |
false |
compliance |
[CCE-81048-1], [mount_option_home_nodev] |
Add nodev Option to /home |
| oval:ssg-mount_option_dev_shm_noexec:def:1 |
false |
compliance |
[CCE-80838-6], [mount_option_dev_shm_noexec] |
Add noexec Option to /dev/shm |
| oval:ssg-mount_option_boot_nosuid:def:1 |
false |
compliance |
[CCE-81033-3], [mount_option_boot_nosuid] |
Add nosuid Option to /boot |
| oval:ssg-mount_option_boot_nodev:def:1 |
false |
compliance |
[CCE-82941-6], [mount_option_boot_nodev] |
Add nodev Option to /boot |
| oval:ssg-mcafee_antivirus_definitions_updated:def:1 |
false |
compliance |
[mcafee_antivirus_definitions_updated] |
McAfee AntiVirus Definitions Updated |
| oval:ssg-logwatch_configured_splithosts:def:1 |
false |
compliance |
[logwatch_configured_splithosts] |
Ensure Logwatch SplitHosts Configured |
| oval:ssg-logwatch_configured_hostlimit:def:1 |
false |
compliance |
[logwatch_configured_hostlimit] |
Ensure Logwatch HostLimit Configured |
| oval:ssg-ldap_client_tls_cacertpath:def:1 |
false |
compliance |
[CCE-82417-7], [ldap_client_tls_cacertpath] |
Configure LDAP CA Certificate Path |
| oval:ssg-ldap_client_start_tls:def:1 |
false |
compliance |
[CCE-82416-9], [ldap_client_start_tls] |
Configure LDAP to Use TLS for All Transactions |
| oval:ssg-kernel_module_vfat_disabled:def:1 |
false |
compliance |
[CCE-82170-2], [kernel_module_vfat_disabled] |
Disable vfat Kernel Module |
| oval:ssg-kernel_module_usb-storage_disabled:def:1 |
false |
compliance |
[CCE-80835-2], [kernel_module_usb-storage_disabled] |
Disable usb-storage Kernel Module |
| oval:ssg-kernel_module_udf_disabled:def:1 |
false |
compliance |
[CCE-82729-5], [kernel_module_udf_disabled] |
Disable udf Kernel Module |
| oval:ssg-kernel_module_tipc_disabled:def:1 |
false |
compliance |
[CCE-82297-3], [kernel_module_tipc_disabled] |
Disable tipc Kernel Module |
| oval:ssg-kernel_module_squashfs_disabled:def:1 |
false |
compliance |
[CCE-83498-6], [kernel_module_squashfs_disabled] |
Disable squashfs Kernel Module |
| oval:ssg-kernel_module_sctp_disabled:def:1 |
false |
compliance |
[CCE-80834-5], [kernel_module_sctp_disabled] |
Disable sctp Kernel Module |
| oval:ssg-kernel_module_rds_disabled:def:1 |
false |
compliance |
[CCE-82870-7], [kernel_module_rds_disabled] |
Disable rds Kernel Module |
| oval:ssg-kernel_module_jffs2_disabled:def:1 |
false |
compliance |
[kernel_module_jffs2_disabled] |
Disable jffs2 Kernel Module |
| oval:ssg-kernel_module_ipv6_option_disabled:def:1 |
false |
compliance |
[CCE-82872-3], [kernel_module_ipv6_option_disabled] |
Disable IPv6 Kernel Module Functionality via Disable Option |
| oval:ssg-kernel_module_hfsplus_disabled:def:1 |
false |
compliance |
[kernel_module_hfsplus_disabled] |
Disable hfsplus Kernel Module |
| oval:ssg-kernel_module_hfs_disabled:def:1 |
false |
compliance |
[kernel_module_hfs_disabled] |
Disable hfs Kernel Module |
| oval:ssg-kernel_module_freevxfs_disabled:def:1 |
false |
compliance |
[kernel_module_freevxfs_disabled] |
Disable freevxfs Kernel Module |
| oval:ssg-kernel_module_firewire-core_disabled:def:1 |
false |
compliance |
[CCE-82005-0], [kernel_module_firewire-core_disabled] |
Disable firewire-core Kernel Module |
| oval:ssg-kernel_module_dccp_disabled:def:1 |
false |
compliance |
[CCE-80833-7], [kernel_module_dccp_disabled] |
Disable dccp Kernel Module |
| oval:ssg-kernel_module_cramfs_disabled:def:1 |
false |
compliance |
[CCE-81031-7], [kernel_module_cramfs_disabled] |
Disable cramfs Kernel Module |
| oval:ssg-kernel_module_can_disabled:def:1 |
false |
compliance |
[CCE-82059-7], [kernel_module_can_disabled] |
Disable can Kernel Module |
| oval:ssg-kernel_module_bluetooth_disabled:def:1 |
false |
compliance |
[CCE-80832-9], [kernel_module_bluetooth_disabled] |
Disable bluetooth Kernel Module |
| oval:ssg-kernel_module_atm_disabled:def:1 |
false |
compliance |
[CCE-82028-2], [kernel_module_atm_disabled] |
Disable atm Kernel Module |
| oval:ssg-install_mcafee_hbss_pa:def:1 |
false |
compliance |
[install_mcafee_hbss_pa] |
Install the Policy Auditor (PA) Module |
| oval:ssg-install_mcafee_hbss_hips:def:1 |
false |
compliance |
[install_mcafee_hbss_hips] |
Install the Host Intrusion Prevention System (HIPS) Module |
| oval:ssg-install_mcafee_hbss_accm:def:1 |
false |
compliance |
[install_mcafee_hbss_accm] |
Install the Asset Configuration Compliance Module (ACCM) |
| oval:ssg-install_mcafee_hbss:def:1 |
false |
compliance |
[install_mcafee_hbss] |
Install McAfee Host-Based Intrusion Detection Software (HBSS) |
| oval:ssg-install_mcafee_cma_rt:def:1 |
false |
compliance |
[install_mcafee_cma_rt] |
Install the McAfee Runtime Libraries and Linux Agent |
| oval:ssg-install_mcafee_antivirus:def:1 |
false |
compliance |
[install_mcafee_antivirus] |
Package McAfeeVSEForLinux Installed |
| oval:ssg-install_antivirus:def:1 |
false |
compliance |
[install_antivirus] |
Package Antivirus Installed |
| oval:ssg-harden_sshd_crypto_policy:def:1 |
false |
compliance |
[CCE-82176-9], [harden_sshd_crypto_policy] |
Harden SSHD Crypto Policy |
| oval:ssg-harden_ssh_client_crypto_policy:def:1 |
false |
compliance |
[CCE-82225-4], [harden_ssh_client_crypto_policy] |
Harden SSH client Crypto Policy |
| oval:ssg-harden_openssl_crypto_policy:def:1 |
false |
compliance |
[CCE-84286-4], [harden_openssl_crypto_policy] |
Harden OpenSSL Crypto Policy |
| oval:ssg-grub2_vsyscall_argument:def:1 |
false |
compliance |
[CCE-80946-7], [grub2_vsyscall_argument] |
Ensure GRUB 2 is configured to run Linux operating system with argument vsyscall=none |
| oval:ssg-grub2_slub_debug_argument:def:1 |
false |
compliance |
[CCE-80945-9], [grub2_slub_debug_argument] |
Ensure GRUB 2 is configured to run Linux operating system with argument slub_debug=P |
| oval:ssg-grub2_pti_argument:def:1 |
false |
compliance |
[CCE-82194-2], [grub2_pti_argument] |
Ensure GRUB 2 is configured to run Linux operating system with argument pti=on |
| oval:ssg-grub2_password:def:1 |
false |
compliance |
[CCE-80828-7], [grub2_password] |
Set Boot Loader Password |
| oval:ssg-grub2_page_poison_argument:def:1 |
false |
compliance |
[CCE-80944-2], [grub2_page_poison_argument] |
Ensure GRUB 2 is configured to run Linux operating system with argument page_poison=1 |
| oval:ssg-grub2_nousb_argument:def:1 |
false |
compliance |
[grub2_nousb_argument] |
Disable Kernel Support for USB via Bootloader Configuration |
| oval:ssg-grub2_ipv6_disable_argument:def:1 |
false |
compliance |
[CCE-82887-1], [grub2_ipv6_disable_argument] |
Ensure GRUB 2 is configured to run Linux operating system with argument ipv6.disable=1 |
| oval:ssg-grub2_enable_iommu_force:def:1 |
false |
compliance |
[grub2_enable_iommu_force] |
Force IOMMU usage in GRUB2 |
| oval:ssg-grub2_default_exists:def:1 |
false |
compliance |
[grub2_default_exists] |
GRUB_CMDLINE_LINUX_DEFAULT existance check |
| oval:ssg-grub2_audit_backlog_limit_argument:def:1 |
false |
compliance |
[CCE-80943-4], [grub2_audit_backlog_limit_argument] |
Ensure GRUB 2 is configured to run Linux operating system with argument audit_backlog_limit=8192 |
| oval:ssg-grub2_audit_argument:def:1 |
false |
compliance |
[CCE-80825-3], [grub2_audit_argument] |
Ensure GRUB 2 is configured to run Linux operating system with argument audit=1 |
| oval:ssg-grub2_admin_username:def:1 |
false |
compliance |
[CCE-83561-1], [grub2_admin_username] |
Set Boot Loader Superuser Username to Unique Value |
| oval:ssg-force_opensc_card_drivers:def:1 |
false |
compliance |
[CCE-80821-2], [force_opensc_card_drivers] |
Force opensc To Use Defined Smart Card Driver |
| oval:ssg-firewalld_sshd_disabled:def:1 |
false |
compliance |
[firewalld_sshd_disabled] |
Disallow inbound firewall access to the SSH Server port |
| oval:ssg-file_permissions_unauthorized_suid:def:1 |
false |
compliance |
[CCE-80817-0], [file_permissions_unauthorized_suid] |
Find SUID files that are not owned by RPM packages |
| oval:ssg-file_permissions_unauthorized_sgid:def:1 |
false |
compliance |
[CCE-80816-2], [file_permissions_unauthorized_sgid] |
Find SGID files that are not owned by RPM packages |
| oval:ssg-file_permissions_httpd_server_modules_files:def:1 |
false |
compliance |
[file_permissions_httpd_server_modules_files] |
Verify Permissions On Apache Web Server Configuration Files |
| oval:ssg-file_permissions_httpd_server_conf_files:def:1 |
false |
compliance |
[file_permissions_httpd_server_conf_files] |
Verify Permissions On Apache Web Server Configuration Files |
| oval:ssg-file_permissions_httpd_server_conf_d_files:def:1 |
false |
compliance |
[file_permissions_httpd_server_conf_d_files] |
Verify Permissions On Apache Web Server Configuration Files |
| oval:ssg-file_permissions_grub2_cfg:def:1 |
false |
compliance |
[CCE-80814-7], [file_permissions_grub2_cfg] |
Verify /boot/grub2/grub.cfg Mode Permissions |
| oval:ssg-file_permissions_crontab:def:1 |
false |
compliance |
[CCE-82206-4], [file_permissions_crontab] |
Verify /etc/crontab Mode Permissions |
| oval:ssg-file_permissions_cron_weekly:def:1 |
false |
compliance |
[CCE-82253-6], [file_permissions_cron_weekly] |
Verify /etc/cron.weekly/ Mode Permissions |
| oval:ssg-file_permissions_cron_monthly:def:1 |
false |
compliance |
[CCE-82263-5], [file_permissions_cron_monthly] |
Verify /etc/cron.monthly/ Mode Permissions |
| oval:ssg-file_permissions_cron_hourly:def:1 |
false |
compliance |
[CCE-82230-4], [file_permissions_cron_hourly] |
Verify /etc/cron.hourly/ Mode Permissions |
| oval:ssg-file_permissions_cron_daily:def:1 |
false |
compliance |
[CCE-82240-3], [file_permissions_cron_daily] |
Verify /etc/cron.daily/ Mode Permissions |
| oval:ssg-file_permissions_cron_d:def:1 |
false |
compliance |
[CCE-82277-5], [file_permissions_cron_d] |
Verify /etc/cron.d/ Mode Permissions |
| oval:ssg-etc_system_fips_exists:def:1 |
false |
compliance |
[etc_system_fips_exists] |
Check /etc/system-fips exists |
| oval:ssg-ensure_logrotate_activated:def:1 |
false |
compliance |
[CCE-80794-1], [ensure_logrotate_activated] |
Ensure the logrotate utility performs the automatic rotation of log files on daily basis |
| oval:ssg-ensure_gpgcheck_repo_metadata:def:1 |
false |
compliance |
[CCE-80793-3], [ensure_gpgcheck_repo_metadata] |
Ensure gpgcheck Enabled for Repository Metadata |
| oval:ssg-ensure_gpgcheck_never_disabled:def:1 |
false |
compliance |
[CCE-80792-5], [ensure_gpgcheck_never_disabled] |
Ensure gpgcheck Enabled For All Yum or Dnf Package Repositories |
| oval:ssg-ensure_gpgcheck_local_packages:def:1 |
false |
compliance |
[CCE-80791-7], [ensure_gpgcheck_local_packages] |
Ensure gpgcheck Enabled for Local Packages |
| oval:ssg-enable_ldap_client:def:1 |
false |
compliance |
[CCE-82418-5], [enable_ldap_client] |
Enable the LDAP Client For Use in Authconfig |
| oval:ssg-enable_fips_mode:def:1 |
false |
compliance |
[CCE-80942-6], [enable_fips_mode] |
Enable FIPS Mode |
| oval:ssg-enable_dracut_fips_module:def:1 |
false |
compliance |
[CCE-82155-3], [enable_dracut_fips_module] |
Enable Dracut FIPS Module |
| oval:ssg-dnf-automatic_security_updates_only:def:1 |
false |
compliance |
[CCE-82267-6], [dnf-automatic_security_updates_only] |
Configure dnf-automatic to Install Only Security Updates |
| oval:ssg-dnf-automatic_apply_updates:def:1 |
false |
compliance |
[CCE-82494-6], [dnf-automatic_apply_updates] |
Configure dnf-automatic to Install Available Updates Automatically |
| oval:ssg-disable_users_coredumps:def:1 |
false |
compliance |
[CCE-81038-2], [disable_users_coredumps] |
Disable Core Dumps |
| oval:ssg-disable_ctrlaltdel_reboot:def:1 |
false |
compliance |
[CCE-80785-9], [disable_ctrlaltdel_reboot] |
Disable Ctrl-Alt-Del Reboot Activation |
| oval:ssg-disable_ctrlaltdel_burstaction:def:1 |
false |
compliance |
[CCE-80784-2], [disable_ctrlaltdel_burstaction] |
Disable Ctrl-Alt-Del Burst Action |
| oval:ssg-directory_access_var_log_audit:def:1 |
false |
compliance |
[CCE-80941-8], [directory_access_var_log_audit] |
Ensure auditd Collects Information Read Access to /var/log/audit |
| oval:ssg-dir_perms_etc_httpd_conf:def:1 |
false |
compliance |
[dir_perms_etc_httpd_conf] |
Directory /etc/httpd/conf/ Permissions |
| oval:ssg-dconf_gnome_session_idle_user_locks:def:1 |
false |
compliance |
[CCE-80781-8], [dconf_gnome_session_idle_user_locks] |
Ensure Users Cannot Change GNOME3 Session Idle Settings |
| oval:ssg-dconf_gnome_screensaver_user_locks:def:1 |
false |
compliance |
[CCE-80780-0], [dconf_gnome_screensaver_user_locks] |
Ensure Users Cannot Change GNOME3 Screensaver Lock Delay Settings |
| oval:ssg-dconf_gnome_screensaver_user_info:def:1 |
false |
compliance |
[CCE-80779-2], [dconf_gnome_screensaver_user_info] |
Disable Full User Name on Splash Shield |
| oval:ssg-dconf_gnome_screensaver_mode_blank:def:1 |
false |
compliance |
[CCE-80778-4], [dconf_gnome_screensaver_mode_blank] |
Implement Blank Screensaver |
| oval:ssg-dconf_gnome_screensaver_lock_locked:def:1 |
false |
compliance |
[dconf_gnome_screensaver_lock_locked] |
Ensure Users Cannot Change GNOME3 Screensaver Lock After Idle Period |
| oval:ssg-dconf_gnome_screensaver_lock_enabled:def:1 |
false |
compliance |
[CCE-80777-6], [dconf_gnome_screensaver_lock_enabled] |
Enable GNOME3 Screensaver Lock After Idle Period |
| oval:ssg-dconf_gnome_screensaver_lock_delay:def:1 |
false |
compliance |
[CCE-80776-8], [dconf_gnome_screensaver_lock_delay] |
Enable GNOME3 Screensaver Lock Delay After Idle Period |
| oval:ssg-dconf_gnome_screensaver_idle_delay:def:1 |
false |
compliance |
[CCE-80775-0], [dconf_gnome_screensaver_idle_delay] |
Configure the GNOME3 GUI Screen locking |
| oval:ssg-dconf_gnome_screensaver_idle_activation_locked:def:1 |
false |
compliance |
[dconf_gnome_screensaver_idle_activation_locked] |
Ensure Users Cannot Change GNOME3 Screensaver Idle Activation |
| oval:ssg-dconf_gnome_screensaver_idle_activation_enabled:def:1 |
false |
compliance |
[CCE-80774-3], [dconf_gnome_screensaver_idle_activation_enabled] |
Enable GNOME3 Screensaver Idle Activation |
| oval:ssg-dconf_gnome_remote_access_encryption:def:1 |
false |
compliance |
[CCE-80773-5], [dconf_gnome_remote_access_encryption] |
Require Encryption for Remote Access in GNOME3 |
| oval:ssg-dconf_gnome_remote_access_credential_prompt:def:1 |
false |
compliance |
[CCE-80772-7], [dconf_gnome_remote_access_credential_prompt] |
Require Credential Prompting for Remote Access in GNOME3 |
| oval:ssg-dconf_gnome_login_retries:def:1 |
false |
compliance |
[CCE-80771-9], [dconf_gnome_login_retries] |
Set the GNOME3 Login Number of Failures |
| oval:ssg-dconf_gnome_login_banner_text:def:1 |
false |
compliance |
[CCE-80770-1], [dconf_gnome_login_banner_text] |
Enable GUI Warning Banner |
| oval:ssg-dconf_gnome_enable_smartcard_auth:def:1 |
false |
compliance |
[dconf_gnome_enable_smartcard_auth] |
Enable the GNOME3 Login Smartcard Authentication |
| oval:ssg-dconf_gnome_disable_wifi_notification:def:1 |
false |
compliance |
[dconf_gnome_disable_wifi_notification] |
Disable WIFI Network Notification in GNOME3 |
| oval:ssg-dconf_gnome_disable_wifi_create:def:1 |
false |
compliance |
[dconf_gnome_disable_wifi_create] |
Disable WIFI Network Connection Creation in GNOME3 |
| oval:ssg-dconf_gnome_disable_user_list:def:1 |
false |
compliance |
[dconf_gnome_disable_user_list] |
Disable the GNOME3 Login User List |
| oval:ssg-dconf_gnome_disable_user_admin:def:1 |
false |
compliance |
[CCE-80769-3], [dconf_gnome_disable_user_admin] |
Disable User Administration in GNOME3 |
| oval:ssg-dconf_gnome_disable_thumbnailers:def:1 |
false |
compliance |
[dconf_gnome_disable_thumbnailers] |
Disable All GNOME3 Thumbnailers |
| oval:ssg-dconf_gnome_disable_restart_shutdown:def:1 |
false |
compliance |
[dconf_gnome_disable_restart_shutdown] |
Disable the GNOME3 Login Restart and Shutdown Buttons |
| oval:ssg-dconf_gnome_disable_power_settings:def:1 |
false |
compliance |
[dconf_gnome_disable_power_settings] |
Disable Power Settings in GNOME3 |
| oval:ssg-dconf_gnome_disable_geolocation:def:1 |
false |
compliance |
[dconf_gnome_disable_geolocation] |
Disable Geolocation in GNOME3 |
| oval:ssg-dconf_gnome_disable_ctrlaltdel_reboot:def:1 |
false |
compliance |
[dconf_gnome_disable_ctrlaltdel_reboot] |
Disable Ctrl-Alt-Del Reboot Key Sequence in GNOME3 |
| oval:ssg-dconf_gnome_disable_automount:def:1 |
false |
compliance |
[dconf_gnome_disable_automount] |
Disable GNOME3 Automounting |
| oval:ssg-dconf_gnome_banner_enabled:def:1 |
false |
compliance |
[CCE-80768-5], [dconf_gnome_banner_enabled] |
Enable GNOME3 Login Warning Banner |
| oval:ssg-cups_disable_printserver:def:1 |
false |
compliance |
[cups_disable_printserver] |
Disable Printer Server if Possible |
| oval:ssg-cups_disable_browsing:def:1 |
false |
compliance |
[cups_disable_browsing] |
Disable Printer Browsing Entirely if Possible |
| oval:ssg-coredump_disable_storage:def:1 |
false |
compliance |
[CCE-82252-8], [coredump_disable_storage] |
Disable storing core dump |
| oval:ssg-coredump_disable_backtraces:def:1 |
false |
compliance |
[CCE-82251-0], [coredump_disable_backtraces] |
Disable core dump backtraces |
| oval:ssg-configure_usbguard_auditbackend:def:1 |
false |
compliance |
[CCE-82168-6], [configure_usbguard_auditbackend] |
Log USBGuard daemon audit events using Linux Audit |
| oval:ssg-configure_tmux_lock_command:def:1 |
false |
compliance |
[CCE-80940-0], [configure_tmux_lock_command] |
Configure the tmux Lock Command |
| oval:ssg-configure_tmux_lock_after_time:def:1 |
false |
compliance |
[CCE-82199-1], [configure_tmux_lock_after_time] |
Configure tmux to lock session after inactivity |
| oval:ssg-configure_opensc_card_drivers:def:1 |
false |
compliance |
[CCE-80766-9], [configure_opensc_card_drivers] |
Configure opensc Smart Card Drivers |
| oval:ssg-configure_firewalld_rate_limiting:def:1 |
false |
compliance |
[configure_firewalld_rate_limiting] |
Configure firewalld To Rate Limit Connections |
| oval:ssg-configure_bashrc_exec_tmux:def:1 |
false |
compliance |
[CCE-82266-8], [configure_bashrc_exec_tmux] |
Check exec tmux configured at the end of bashrc |
| oval:ssg-chronyd_specify_multiple_servers:def:1 |
false |
compliance |
[chronyd_specify_multiple_servers] |
Specify Multiple Remote chronyd NTP Servers for Time Data |
| oval:ssg-chronyd_run_as_chrony_user:def:1 |
false |
compliance |
[CCE-82879-8], [chronyd_run_as_chrony_user] |
Ensure that chronyd is running under chrony user account |
| oval:ssg-chronyd_or_ntpd_specify_multiple_servers:def:1 |
false |
compliance |
[CCE-80764-4], [chronyd_or_ntpd_specify_multiple_servers] |
Specify Multiple Remote chronyd Or ntpd NTP Servers for Time Data |
| oval:ssg-chronyd_or_ntpd_set_maxpoll:def:1 |
false |
compliance |
[chronyd_or_ntpd_set_maxpoll] |
Configure Time Service Maxpoll Interval |
| oval:ssg-chronyd_no_chronyc_network:def:1 |
false |
compliance |
[CCE-82840-0], [chronyd_no_chronyc_network] |
Disable network management of chrony daemon |
| oval:ssg-chronyd_client_only:def:1 |
false |
compliance |
[CCE-82988-7], [chronyd_client_only] |
Disable chrony daemon from acting as server |
| oval:ssg-auditd_name_format:def:1 |
false |
compliance |
[CCE-82897-0], [auditd_name_format] |
Set hostname as computer node name in audit logs |
| oval:ssg-auditd_conf_log_group_not_root:def:1 |
false |
compliance |
[auditd_conf_log_group_not_root] |
'log_group' Not Set To 'root' In /etc/audit/auditd.conf |
| oval:ssg-auditd_audispd_syslog_plugin_activated:def:1 |
false |
compliance |
[CCE-80677-8], [auditd_audispd_syslog_plugin_activated] |
The syslog Plugin Of the Audit Event Multiplexor (audispd) Is Activated |
| oval:ssg-auditd_audispd_encrypt_sent_records:def:1 |
false |
compliance |
[CCE-80926-9], [auditd_audispd_encrypt_sent_records] |
Kerberos 5 Authentication and Encryption in Audit Event Multiplexor (audispd) Is Activated |
| oval:ssg-auditd_audispd_configure_remote_server:def:1 |
false |
compliance |
[CCE-80925-1], [auditd_audispd_configure_remote_server] |
Configure audispd Plugin Remote Server IP address or Hostname |
| oval:ssg-audit_rules_usergroup_modification_shadow:def:1 |
false |
compliance |
[CCE-80762-8], [audit_rules_usergroup_modification_shadow] |
Audit User/Group Modification - shadow |
| oval:ssg-audit_rules_usergroup_modification_passwd:def:1 |
false |
compliance |
[CCE-80761-0], [audit_rules_usergroup_modification_passwd] |
Audit User/Group Modification - passwd |
| oval:ssg-audit_rules_usergroup_modification_opasswd:def:1 |
false |
compliance |
[CCE-80760-2], [audit_rules_usergroup_modification_opasswd] |
Audit User/Group Modification - opasswd |
| oval:ssg-audit_rules_usergroup_modification_gshadow:def:1 |
false |
compliance |
[CCE-80759-4], [audit_rules_usergroup_modification_gshadow] |
Audit User/Group Modification - gshadow |
| oval:ssg-audit_rules_usergroup_modification_group:def:1 |
false |
compliance |
[CCE-80758-6], [audit_rules_usergroup_modification_group] |
Audit User/Group Modification - group |
| oval:ssg-audit_rules_usergroup_modification:def:1 |
false |
compliance |
[CCE-80757-8], [audit_rules_usergroup_modification] |
Audit User/Group Modification |
| oval:ssg-audit_rules_unsuccessful_file_modification_unlinkat:def:1 |
false |
compliance |
[CCE-80972-3], [audit_rules_unsuccessful_file_modification_unlinkat] |
Ensure auditd Collects Unauthorized Access Attempts to Files (unsuccessful) - unlinkat |
| oval:ssg-audit_rules_unsuccessful_file_modification_unlink:def:1 |
false |
compliance |
[CCE-80971-5], [audit_rules_unsuccessful_file_modification_unlink] |
Ensure auditd Collects Unauthorized Access Attempts to Files (unsuccessful) - unlink |
| oval:ssg-audit_rules_unsuccessful_file_modification_truncate:def:1 |
false |
compliance |
[CCE-80756-0], [audit_rules_unsuccessful_file_modification_truncate] |
Ensure auditd Collects Unauthorized Access Attempts to Files (unsuccessful) - truncate |
| oval:ssg-audit_rules_unsuccessful_file_modification_setxattr:def:1 |
false |
compliance |
[CCE-80983-0], [audit_rules_unsuccessful_file_modification_setxattr] |
Ensure auditd Collects Unauthorized Access Attempts to Files (unsuccessful) - setxattr |
| oval:ssg-audit_rules_unsuccessful_file_modification_renameat:def:1 |
false |
compliance |
[CCE-80974-9], [audit_rules_unsuccessful_file_modification_renameat] |
Ensure auditd Collects Unauthorized Access Attempts to Files (unsuccessful) - renameat |
| oval:ssg-audit_rules_unsuccessful_file_modification_rename:def:1 |
false |
compliance |
[CCE-80973-1], [audit_rules_unsuccessful_file_modification_rename] |
Ensure auditd Collects Unauthorized Access Attempts to Files (unsuccessful) - rename |
| oval:ssg-audit_rules_unsuccessful_file_modification_removexattr:def:1 |
false |
compliance |
[CCE-80982-2], [audit_rules_unsuccessful_file_modification_removexattr] |
Ensure auditd Collects Unauthorized Access Attempts to Files (unsuccessful) - removexattr |
| oval:ssg-audit_rules_unsuccessful_file_modification_openat_rule_order:def:1 |
false |
compliance |
[CCE-80964-0], [audit_rules_unsuccessful_file_modification_openat_rule_order] |
Ensure auditd Rules For Unauthorized Attempts To openat Are Ordered Correctly |
| oval:ssg-audit_rules_unsuccessful_file_modification_openat_o_trunc_write:def:1 |
false |
compliance |
[CCE-80963-2], [audit_rules_unsuccessful_file_modification_openat_o_trunc_write] |
Ensure auditd Collects Information on Unsuccesful Creation Attempts to Files - openat o_trunc |
| oval:ssg-audit_rules_unsuccessful_file_modification_openat_o_creat:def:1 |
false |
compliance |
[CCE-80962-4], [audit_rules_unsuccessful_file_modification_openat_o_creat] |
Ensure auditd Collects Information on Unsuccesful Creation Attempts to Files - openat o_creat |
| oval:ssg-audit_rules_unsuccessful_file_modification_openat:def:1 |
false |
compliance |
[CCE-80754-5], [audit_rules_unsuccessful_file_modification_openat] |
Ensure auditd Collects Unauthorized Access Attempts to Files (unsuccessful) - openat |
| oval:ssg-audit_rules_unsuccessful_file_modification_open_rule_order:def:1 |
false |
compliance |
[CCE-80970-7], [audit_rules_unsuccessful_file_modification_open_rule_order] |
Ensure auditd Rules For Unauthorized Attempts To open Are Ordered Correctly |
| oval:ssg-audit_rules_unsuccessful_file_modification_open_o_trunc_write:def:1 |
false |
compliance |
[CCE-80969-9], [audit_rules_unsuccessful_file_modification_open_o_trunc_write] |
Ensure auditd Collects Information on Unsuccesful Creation Attempts to Files - open o_trunc |
| oval:ssg-audit_rules_unsuccessful_file_modification_open_o_creat:def:1 |
false |
compliance |
[CCE-80968-1], [audit_rules_unsuccessful_file_modification_open_o_creat] |
Ensure auditd Collects Information on Unsuccesful Creation Attempts to Files - open o_creat |
| oval:ssg-audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order:def:1 |
false |
compliance |
[CCE-80967-3], [audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order] |
Ensure auditd Rules For Unauthorized Attempts To open_by_handle_at Are Ordered Correctly |
| oval:ssg-audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write:def:1 |
false |
compliance |
[CCE-80966-5], [audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write] |
Ensure auditd Collects Information on Unsuccesful Creation Attempts to Files - open_by_handle_at o_trunc |
| oval:ssg-audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat:def:1 |
false |
compliance |
[CCE-80965-7], [audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat] |
Ensure auditd Collects Information on Unsuccesful Creation Attempts to Files - open_by_handle_at o_creat |
| oval:ssg-audit_rules_unsuccessful_file_modification_open_by_handle_at:def:1 |
false |
compliance |
[CCE-80755-2], [audit_rules_unsuccessful_file_modification_open_by_handle_at] |
Ensure auditd Collects Unauthorized Access Attempts to Files (unsuccessful) - open_by_handle_at |
| oval:ssg-audit_rules_unsuccessful_file_modification_open:def:1 |
false |
compliance |
[CCE-80753-7], [audit_rules_unsuccessful_file_modification_open] |
Ensure auditd Collects Unauthorized Access Attempts to Files (unsuccessful) - open |
| oval:ssg-audit_rules_unsuccessful_file_modification_lsetxattr:def:1 |
false |
compliance |
[CCE-80981-4], [audit_rules_unsuccessful_file_modification_lsetxattr] |
Ensure auditd Collects Unauthorized Access Attempts to Files (unsuccessful) - lsetxattr |
| oval:ssg-audit_rules_unsuccessful_file_modification_lremovexattr:def:1 |
false |
compliance |
[CCE-80980-6], [audit_rules_unsuccessful_file_modification_lremovexattr] |
Ensure auditd Collects Unauthorized Access Attempts to Files (unsuccessful) - lremovexattr |
| oval:ssg-audit_rules_unsuccessful_file_modification_lchown:def:1 |
false |
compliance |
[CCE-80987-1], [audit_rules_unsuccessful_file_modification_lchown] |
Ensure auditd Collects Unauthorized Access Attempts to Files (unsuccessful) - lchown |
| oval:ssg-audit_rules_unsuccessful_file_modification_ftruncate:def:1 |
false |
compliance |
[CCE-80752-9], [audit_rules_unsuccessful_file_modification_ftruncate] |
Ensure auditd Collects Unauthorized Access Attempts to Files (unsuccessful) - ftruncate |
| oval:ssg-audit_rules_unsuccessful_file_modification_fsetxattr:def:1 |
false |
compliance |
[CCE-80979-8], [audit_rules_unsuccessful_file_modification_fsetxattr] |
Ensure auditd Collects Unauthorized Access Attempts to Files (unsuccessful) - fsetxattr |
| oval:ssg-audit_rules_unsuccessful_file_modification_fremovexattr:def:1 |
false |
compliance |
[CCE-80978-0], [audit_rules_unsuccessful_file_modification_fremovexattr] |
Ensure auditd Collects Unauthorized Access Attempts to Files (unsuccessful) - fremovexattr |
| oval:ssg-audit_rules_unsuccessful_file_modification_fchownat:def:1 |
false |
compliance |
[CCE-80985-5], [audit_rules_unsuccessful_file_modification_fchownat] |
Ensure auditd Collects Unauthorized Access Attempts to Files (unsuccessful) - fchownat |
| oval:ssg-audit_rules_unsuccessful_file_modification_fchown:def:1 |
false |
compliance |
[CCE-80986-3], [audit_rules_unsuccessful_file_modification_fchown] |
Ensure auditd Collects Unauthorized Access Attempts to Files (unsuccessful) - fchown |
| oval:ssg-audit_rules_unsuccessful_file_modification_fchmodat:def:1 |
false |
compliance |
[CCE-80976-4], [audit_rules_unsuccessful_file_modification_fchmodat] |
Ensure auditd Collects Unauthorized Access Attempts to Files (unsuccessful) - fchmodat |
| oval:ssg-audit_rules_unsuccessful_file_modification_fchmod:def:1 |
false |
compliance |
[CCE-80977-2], [audit_rules_unsuccessful_file_modification_fchmod] |
Ensure auditd Collects Unauthorized Access Attempts to Files (unsuccessful) - fchmod |
| oval:ssg-audit_rules_unsuccessful_file_modification_creat:def:1 |
false |
compliance |
[CCE-80751-1], [audit_rules_unsuccessful_file_modification_creat] |
Ensure auditd Collects Unauthorized Access Attempts to Files (unsuccessful) - creat |
| oval:ssg-audit_rules_unsuccessful_file_modification_chown:def:1 |
false |
compliance |
[CCE-80984-8], [audit_rules_unsuccessful_file_modification_chown] |
Ensure auditd Collects Unauthorized Access Attempts to Files (unsuccessful) - chown |
| oval:ssg-audit_rules_unsuccessful_file_modification_chmod:def:1 |
false |
compliance |
[CCE-80975-6], [audit_rules_unsuccessful_file_modification_chmod] |
Ensure auditd Collects Unauthorized Access Attempts to Files (unsuccessful) - chmod |
| oval:ssg-audit_rules_unsuccessful_file_modification:def:1 |
false |
compliance |
[CCE-80750-3], [audit_rules_unsuccessful_file_modification] |
Ensure auditd Collects Unauthorized Access Attempts to Files (unsuccessful) |
| oval:ssg-audit_rules_time_watch_localtime:def:1 |
false |
compliance |
[CCE-80749-5], [audit_rules_time_watch_localtime] |
Record Attempts to Alter Time Through the Localtime File |
| oval:ssg-audit_rules_time_stime:def:1 |
false |
compliance |
[CCE-80748-7], [audit_rules_time_stime] |
Record Attempts to Alter Time Through Stime |
| oval:ssg-audit_rules_time_settimeofday:def:1 |
false |
compliance |
[CCE-80747-9], [audit_rules_time_settimeofday] |
Record Attempts to Alter Time Through Settimeofday |
| oval:ssg-audit_rules_time_clock_settime:def:1 |
false |
compliance |
[CCE-80746-1], [audit_rules_time_clock_settime] |
Record Attempts to Alter Time Through Clock_settime |
| oval:ssg-audit_rules_time_adjtimex:def:1 |
false |
compliance |
[CCE-80745-3], [audit_rules_time_adjtimex] |
Record Attempts to Alter Time Through Adjtimex |
| oval:ssg-audit_rules_system_shutdown:def:1 |
false |
compliance |
[CCE-80744-6], [audit_rules_system_shutdown] |
Shutdown System When Auditing Failures Occur |
| oval:ssg-audit_rules_sysadmin_actions:def:1 |
false |
compliance |
[CCE-80743-8], [audit_rules_sysadmin_actions] |
Audit System Administrator Actions |
| oval:ssg-audit_rules_session_events:def:1 |
false |
compliance |
[CCE-80742-0], [audit_rules_session_events] |
Record Attempts to Alter Process and Session Initiation Information |
| oval:ssg-audit_rules_privileged_commands_usernetctl:def:1 |
false |
compliance |
[CCE-80990-5], [audit_rules_privileged_commands_usernetctl] |
Record Any Attempts to Run usernetctl |
| oval:ssg-audit_rules_privileged_commands_userhelper:def:1 |
false |
compliance |
[CCE-80741-2], [audit_rules_privileged_commands_userhelper] |
Record Any Attempts to Run userhelper |
| oval:ssg-audit_rules_privileged_commands_unix_chkpwd:def:1 |
false |
compliance |
[CCE-80740-4], [audit_rules_privileged_commands_unix_chkpwd] |
Record Any Attempts to Run unix_chkpwd |
| oval:ssg-audit_rules_privileged_commands_umount:def:1 |
false |
compliance |
[CCE-80739-6], [audit_rules_privileged_commands_umount] |
Record Any Attempts to Run umount |
| oval:ssg-audit_rules_privileged_commands_sudoedit:def:1 |
false |
compliance |
[CCE-80738-8], [audit_rules_privileged_commands_sudoedit] |
Record Any Attempts to Run sudoedit |
| oval:ssg-audit_rules_privileged_commands_sudo:def:1 |
false |
compliance |
[CCE-80737-0], [audit_rules_privileged_commands_sudo] |
Record Any Attempts to Run sudo |
| oval:ssg-audit_rules_privileged_commands_su:def:1 |
false |
compliance |
[CCE-80736-2], [audit_rules_privileged_commands_su] |
Record Any Attempts to Run su |
| oval:ssg-audit_rules_privileged_commands_ssh_keysign:def:1 |
false |
compliance |
[CCE-80735-4], [audit_rules_privileged_commands_ssh_keysign] |
Record Any Attempts to Run ssh_keysign |
| oval:ssg-audit_rules_privileged_commands_pt_chown:def:1 |
false |
compliance |
[CCE-80734-7], [audit_rules_privileged_commands_pt_chown] |
Record Any Attempts to Run pt_chown |
| oval:ssg-audit_rules_privileged_commands_postqueue:def:1 |
false |
compliance |
[CCE-80733-9], [audit_rules_privileged_commands_postqueue] |
Record Any Attempts to Run postqueue |
| oval:ssg-audit_rules_privileged_commands_postdrop:def:1 |
false |
compliance |
[CCE-80732-1], [audit_rules_privileged_commands_postdrop] |
Record Any Attempts to Run postdrop |
| oval:ssg-audit_rules_privileged_commands_passwd:def:1 |
false |
compliance |
[CCE-80731-3], [audit_rules_privileged_commands_passwd] |
Record Any Attempts to Run passwd |
| oval:ssg-audit_rules_privileged_commands_pam_timestamp_check:def:1 |
false |
compliance |
[CCE-80730-5], [audit_rules_privileged_commands_pam_timestamp_check] |
Record Any Attempts to Run pam_timestamp_check |
| oval:ssg-audit_rules_privileged_commands_newuidmap:def:1 |
false |
compliance |
[CCE-80992-1], [audit_rules_privileged_commands_newuidmap] |
Record Any Attempts to Run newuidmap |
| oval:ssg-audit_rules_privileged_commands_newgrp:def:1 |
false |
compliance |
[CCE-80729-7], [audit_rules_privileged_commands_newgrp] |
Record Any Attempts to Run newgrp |
| oval:ssg-audit_rules_privileged_commands_newgidmap:def:1 |
false |
compliance |
[CCE-80991-3], [audit_rules_privileged_commands_newgidmap] |
Record Any Attempts to Run newgidmap |
| oval:ssg-audit_rules_privileged_commands_mount:def:1 |
false |
compliance |
[CCE-80989-7], [audit_rules_privileged_commands_mount] |
Record Any Attempts to Run mount |
| oval:ssg-audit_rules_privileged_commands_gpasswd:def:1 |
false |
compliance |
[CCE-80728-9], [audit_rules_privileged_commands_gpasswd] |
Record Any Attempts to Run gpasswd |
| oval:ssg-audit_rules_privileged_commands_crontab:def:1 |
false |
compliance |
[CCE-80727-1], [audit_rules_privileged_commands_crontab] |
Record Any Attempts to Run crontab |
| oval:ssg-audit_rules_privileged_commands_chsh:def:1 |
false |
compliance |
[CCE-80726-3], [audit_rules_privileged_commands_chsh] |
Record Any Attempts to Run chsh |
| oval:ssg-audit_rules_privileged_commands_chage:def:1 |
false |
compliance |
[CCE-80725-5], [audit_rules_privileged_commands_chage] |
Record Any Attempts to Run chage |
| oval:ssg-audit_rules_privileged_commands_at:def:1 |
false |
compliance |
[CCE-80988-9], [audit_rules_privileged_commands_at] |
Record Any Attempts to Run at |
| oval:ssg-audit_rules_privileged_commands:def:1 |
false |
compliance |
[CCE-80724-8], [audit_rules_privileged_commands] |
Ensure auditd Collects Information on the Use of Privileged Commands |
| oval:ssg-audit_rules_networkconfig_modification_hostname:def:1 |
false |
compliance |
[audit_rules_networkconfig_modification_hostname] |
Record Events that Modify the System's Network Environment |
| oval:ssg-audit_rules_networkconfig_modification_domainname:def:1 |
false |
compliance |
[audit_rules_networkconfig_modification_domainname] |
Record Events that Modify the System's Network Environment |
| oval:ssg-audit_rules_networkconfig_modification:def:1 |
false |
compliance |
[CCE-80723-0], [audit_rules_networkconfig_modification] |
Record Events that Modify the System's Network Environment |
| oval:ssg-audit_rules_media_export:def:1 |
false |
compliance |
[CCE-80722-2], [audit_rules_media_export] |
Audit Information Export To Media |
| oval:ssg-audit_rules_mac_modification:def:1 |
false |
compliance |
[CCE-80721-4], [audit_rules_mac_modification] |
Record Events that Modify the System's Mandatory Access Controls |
| oval:ssg-audit_rules_login_events_tallylog:def:1 |
false |
compliance |
[CCE-80720-6], [audit_rules_login_events_tallylog] |
Record Attempts to Alter Login and Logout Events - tallylog |
| oval:ssg-audit_rules_login_events_lastlog:def:1 |
false |
compliance |
[CCE-80719-8], [audit_rules_login_events_lastlog] |
Record Attempts to Alter Login and Logout Events - lastlog |
| oval:ssg-audit_rules_login_events_faillock:def:1 |
false |
compliance |
[CCE-80718-0], [audit_rules_login_events_faillock] |
Record Attempts to Alter Login and Logout Events - faillock |
| oval:ssg-audit_rules_login_events:def:1 |
false |
compliance |
[CCE-80717-2], [audit_rules_login_events] |
Record Attempts to Alter Login and Logout Events |
| oval:ssg-audit_rules_kernel_module_loading_init:def:1 |
false |
compliance |
[CCE-80713-1], [audit_rules_kernel_module_loading_init] |
Audit Kernel Module Loading and Unloading - init_module |
| oval:ssg-audit_rules_kernel_module_loading_finit:def:1 |
false |
compliance |
[CCE-80712-3], [audit_rules_kernel_module_loading_finit] |
Audit Kernel Module Loading and Unloading - finit_module |
| oval:ssg-audit_rules_kernel_module_loading_delete:def:1 |
false |
compliance |
[CCE-80711-5], [audit_rules_kernel_module_loading_delete] |
Audit Kernel Module Loading and Unloading - delete_module |
| oval:ssg-audit_rules_kernel_module_loading:def:1 |
false |
compliance |
[CCE-80709-9], [audit_rules_kernel_module_loading] |
Audit Kernel Module Loading and Unloading |
| oval:ssg-audit_rules_immutable:def:1 |
false |
compliance |
[CCE-80708-1], [audit_rules_immutable] |
Make Audit Configuration Immutable |
| oval:ssg-audit_rules_for_ospp:def:1 |
false |
compliance |
[CCE-82309-6], [audit_rules_for_ospp] |
Check audit rules for OSPP |
| oval:ssg-audit_rules_file_deletion_events_unlinkat:def:1 |
false |
compliance |
[CCE-80707-3], [audit_rules_file_deletion_events_unlinkat] |
Audit File Deletion Events - unlinkat |
| oval:ssg-audit_rules_file_deletion_events_unlink:def:1 |
false |
compliance |
[CCE-80706-5], [audit_rules_file_deletion_events_unlink] |
Audit File Deletion Events - unlink |
| oval:ssg-audit_rules_file_deletion_events_rmdir:def:1 |
false |
compliance |
[CCE-80705-7], [audit_rules_file_deletion_events_rmdir] |
Audit File Deletion Events - rmdir |
| oval:ssg-audit_rules_file_deletion_events_renameat:def:1 |
false |
compliance |
[CCE-80704-0], [audit_rules_file_deletion_events_renameat] |
Audit File Deletion Events - renameat |
| oval:ssg-audit_rules_file_deletion_events_rename:def:1 |
false |
compliance |
[CCE-80703-2], [audit_rules_file_deletion_events_rename] |
Audit File Deletion Events - rename |
| oval:ssg-audit_rules_file_deletion_events:def:1 |
false |
compliance |
[CCE-80702-4], [audit_rules_file_deletion_events] |
Audit File Deletion Events |
| oval:ssg-audit_rules_execution_seunshare:def:1 |
false |
compliance |
[CCE-80933-5], [audit_rules_execution_seunshare] |
Record Any Attempts to Run seunshare |
| oval:ssg-audit_rules_execution_setsebool:def:1 |
false |
compliance |
[CCE-80701-6], [audit_rules_execution_setsebool] |
Record Any Attempts to Run setsebool |
| oval:ssg-audit_rules_execution_setfiles:def:1 |
false |
compliance |
[CCE-82280-9], [audit_rules_execution_setfiles] |
Record Any Attempts to Run setfiles |
| oval:ssg-audit_rules_execution_semanage:def:1 |
false |
compliance |
[CCE-80700-8], [audit_rules_execution_semanage] |
Record Any Attempts to Run semanage |
| oval:ssg-audit_rules_execution_restorecon:def:1 |
false |
compliance |
[CCE-80699-2], [audit_rules_execution_restorecon] |
Record Any Attempts to Run restorecon |
| oval:ssg-audit_rules_execution_chcon:def:1 |
false |
compliance |
[CCE-80698-4], [audit_rules_execution_chcon] |
Record Any Attempts to Run chcon |
| oval:ssg-audit_rules_etc_shadow_openat:def:1 |
false |
compliance |
[CCE-80958-2], [audit_rules_etc_shadow_openat] |
Ensure auditd Collects Write Events to /etc/shadow |
| oval:ssg-audit_rules_etc_shadow_open_by_handle_at:def:1 |
false |
compliance |
[CCE-80957-4], [audit_rules_etc_shadow_open_by_handle_at] |
Ensure auditd Collects Write Events to /etc/shadow |
| oval:ssg-audit_rules_etc_shadow_open:def:1 |
false |
compliance |
[CCE-80956-6], [audit_rules_etc_shadow_open] |
Ensure auditd Collects Write Events to /etc/shadow |
| oval:ssg-audit_rules_etc_passwd_openat:def:1 |
false |
compliance |
[CCE-80931-9], [audit_rules_etc_passwd_openat] |
Ensure auditd Collects Write Events to /etc/passwd |
| oval:ssg-audit_rules_etc_passwd_open_by_handle_at:def:1 |
false |
compliance |
[CCE-80932-7], [audit_rules_etc_passwd_open_by_handle_at] |
Ensure auditd Collects Write Events to /etc/passwd |
| oval:ssg-audit_rules_etc_passwd_open:def:1 |
false |
compliance |
[CCE-80930-1], [audit_rules_etc_passwd_open] |
Ensure auditd Collects Write Events to /etc/passwd |
| oval:ssg-audit_rules_etc_gshadow_openat:def:1 |
false |
compliance |
[CCE-80961-6], [audit_rules_etc_gshadow_openat] |
Ensure auditd Collects Write Events to /etc/gshadow |
| oval:ssg-audit_rules_etc_gshadow_open_by_handle_at:def:1 |
false |
compliance |
[CCE-80960-8], [audit_rules_etc_gshadow_open_by_handle_at] |
Ensure auditd Collects Write Events to /etc/gshadow |
| oval:ssg-audit_rules_etc_gshadow_open:def:1 |
false |
compliance |
[CCE-80959-0], [audit_rules_etc_gshadow_open] |
Ensure auditd Collects Write Events to /etc/gshadow |
| oval:ssg-audit_rules_etc_group_openat:def:1 |
false |
compliance |
[CCE-80928-5], [audit_rules_etc_group_openat] |
Ensure auditd Collects Write Events to /etc/group |
| oval:ssg-audit_rules_etc_group_open_by_handle_at:def:1 |
false |
compliance |
[CCE-80929-3], [audit_rules_etc_group_open_by_handle_at] |
Ensure auditd Collects Write Events to /etc/group |
| oval:ssg-audit_rules_etc_group_open:def:1 |
false |
compliance |
[CCE-80927-7], [audit_rules_etc_group_open] |
Ensure auditd Collects Write Events to /etc/group |
| oval:ssg-audit_rules_dac_modification_setxattr:def:1 |
false |
compliance |
[CCE-80697-6], [audit_rules_dac_modification_setxattr] |
Audit Discretionary Access Control Modification Events - setxattr |
| oval:ssg-audit_rules_dac_modification_removexattr:def:1 |
false |
compliance |
[CCE-80696-8], [audit_rules_dac_modification_removexattr] |
Audit Discretionary Access Control Modification Events - removexattr |
| oval:ssg-audit_rules_dac_modification_lsetxattr:def:1 |
false |
compliance |
[CCE-80695-0], [audit_rules_dac_modification_lsetxattr] |
Audit Discretionary Access Control Modification Events - lsetxattr |
| oval:ssg-audit_rules_dac_modification_lremovexattr:def:1 |
false |
compliance |
[CCE-80694-3], [audit_rules_dac_modification_lremovexattr] |
Audit Discretionary Access Control Modification Events - lremovexattr |
| oval:ssg-audit_rules_dac_modification_lchown:def:1 |
false |
compliance |
[CCE-80693-5], [audit_rules_dac_modification_lchown] |
Audit Discretionary Access Control Modification Events - lchown |
| oval:ssg-audit_rules_dac_modification_fsetxattr:def:1 |
false |
compliance |
[CCE-80692-7], [audit_rules_dac_modification_fsetxattr] |
Audit Discretionary Access Control Modification Events - fsetxattr |
| oval:ssg-audit_rules_dac_modification_fremovexattr:def:1 |
false |
compliance |
[CCE-80691-9], [audit_rules_dac_modification_fremovexattr] |
Audit Discretionary Access Control Modification Events - fremovexattr |
| oval:ssg-audit_rules_dac_modification_fchownat:def:1 |
false |
compliance |
[CCE-80690-1], [audit_rules_dac_modification_fchownat] |
Audit Discretionary Access Control Modification Events - fchownat |
| oval:ssg-audit_rules_dac_modification_fchown:def:1 |
false |
compliance |
[CCE-80689-3], [audit_rules_dac_modification_fchown] |
Audit Discretionary Access Control Modification Events - fchown |
| oval:ssg-audit_rules_dac_modification_fchmodat:def:1 |
false |
compliance |
[CCE-80688-5], [audit_rules_dac_modification_fchmodat] |
Audit Discretionary Access Control Modification Events - fchmodat |
| oval:ssg-audit_rules_dac_modification_fchmod:def:1 |
false |
compliance |
[CCE-80687-7], [audit_rules_dac_modification_fchmod] |
Audit Discretionary Access Control Modification Events - fchmod |
| oval:ssg-audit_rules_dac_modification_chown:def:1 |
false |
compliance |
[CCE-80686-9], [audit_rules_dac_modification_chown] |
Audit Discretionary Access Control Modification Events - chown |
| oval:ssg-audit_rules_dac_modification_chmod:def:1 |
false |
compliance |
[CCE-80685-1], [audit_rules_dac_modification_chmod] |
Audit Discretionary Access Control Modification Events - chmod |
| oval:ssg-audit_rules_auditctl:def:1 |
false |
compliance |
[audit_rules_auditctl] |
Record Any Attempts to Run semanage |
| oval:ssg-audit_perm_change_success:def:1 |
false |
compliance |
[CCE-82383-1], [audit_perm_change_success] |
Check that contents of /etc/audit/rules.d/30-ospp-v42-5-perm-change-success.rules are as expected |
| oval:ssg-audit_perm_change_failed:def:1 |
false |
compliance |
[CCE-82837-6], [audit_perm_change_failed] |
Check that contents of /etc/audit/rules.d/30-ospp-v42-5-perm-change-failed.rules are as expected |
| oval:ssg-audit_owner_change_success:def:1 |
false |
compliance |
[CCE-82385-6], [audit_owner_change_success] |
Check that contents of /etc/audit/rules.d/30-ospp-v42-6-owner-change-success.rules are as expected |
| oval:ssg-audit_owner_change_failed:def:1 |
false |
compliance |
[CCE-82384-9], [audit_owner_change_failed] |
Check that contents of /etc/audit/rules.d/30-ospp-v42-6-owner-change-failed.rules are as expected |
| oval:ssg-audit_ospp_general:def:1 |
false |
compliance |
[CCE-82373-2], [audit_ospp_general] |
Check that contents of /etc/audit/rules.d/30-ospp-v42.rules are as expected |
| oval:ssg-audit_module_load:def:1 |
false |
compliance |
[CCE-82838-4], [audit_module_load] |
Check that contents of /etc/audit/rules.d/43-module-load.rules are as expected |
| oval:ssg-audit_modify_success:def:1 |
false |
compliance |
[CCE-82832-7], [audit_modify_success] |
Check that contents of /etc/audit/rules.d/30-ospp-v42-2-modify-success.rules are as expected |
| oval:ssg-audit_modify_failed:def:1 |
false |
compliance |
[CCE-82830-1], [audit_modify_failed] |
Check that contents of /etc/audit/rules.d/30-ospp-v42-2-modify-failed.rules are as expected |
| oval:ssg-audit_immutable_login_uids:def:1 |
false |
compliance |
[CCE-82828-5], [audit_immutable_login_uids] |
Check that contents of /etc/audit/rules.d/11-loginuid.rules are as expected |
| oval:ssg-audit_delete_success:def:1 |
false |
compliance |
[CCE-82836-8], [audit_delete_success] |
Check that contents of /etc/audit/rules.d/30-ospp-v42-4-delete-success.rules are as expected |
| oval:ssg-audit_delete_failed:def:1 |
false |
compliance |
[CCE-82835-0], [audit_delete_failed] |
Check that contents of /etc/audit/rules.d/30-ospp-v42-4-delete-failed.rules are as expected |
| oval:ssg-audit_create_success:def:1 |
false |
compliance |
[CCE-82829-3], [audit_create_success] |
Check that contents of /etc/audit/rules.d/30-ospp-v42-1-create-success.rules are as expected |
| oval:ssg-audit_create_failed:def:1 |
false |
compliance |
[CCE-82374-0], [audit_create_failed] |
Check that contents of /etc/audit/rules.d/30-ospp-v42-1-create-failed.rules are as expected |
| oval:ssg-audit_basic_configuration:def:1 |
false |
compliance |
[CCE-82827-7], [audit_basic_configuration] |
Check that contents of /etc/audit/rules.d/10-base-config.rules are as expected |
| oval:ssg-audit_access_success:def:1 |
false |
compliance |
[CCE-82834-3], [audit_access_success] |
Check that contents of /etc/audit/rules.d/30-ospp-v42-3-access-success.rules are as expected |
| oval:ssg-audit_access_failed:def:1 |
false |
compliance |
[CCE-82833-5], [audit_access_failed] |
Check that contents of /etc/audit/rules.d/30-ospp-v42-3-access-failed.rules are as expected |
| oval:ssg-aide_verify_ext_attributes:def:1 |
false |
compliance |
[aide_verify_ext_attributes] |
Configure AIDE to Verify Extended Attributes |
| oval:ssg-aide_verify_acls:def:1 |
false |
compliance |
[aide_verify_acls] |
Configure AIDE to Verify Access Control Lists (ACLs) |
| oval:ssg-aide_use_fips_hashes:def:1 |
false |
compliance |
[aide_use_fips_hashes] |
Configure AIDE to Use FIPS 140-2 for Validating Hashes |
| oval:ssg-aide_scan_notification:def:1 |
false |
compliance |
[aide_scan_notification] |
Configure Notification of Post-AIDE Scan Details |
| oval:ssg-aide_periodic_cron_checking:def:1 |
false |
compliance |
[CCE-80676-0], [aide_periodic_cron_checking] |
Configure Periodic Execution of AIDE |
| oval:ssg-aide_build_database:def:1 |
false |
compliance |
[CCE-80675-2], [aide_build_database] |
Aide Database Must Exist |
| oval:ssg-accounts_tmout:def:1 |
false |
compliance |
[CCE-80673-7], [accounts_tmout] |
Set Interactive Session Timeout |
| oval:ssg-accounts_passwords_pam_faillock_unlock_time:def:1 |
false |
compliance |
[CCE-80670-3], [accounts_passwords_pam_faillock_unlock_time] |
Lock out account after failed login attempts |
| oval:ssg-accounts_passwords_pam_faillock_interval:def:1 |
false |
compliance |
[CCE-80669-5], [accounts_passwords_pam_faillock_interval] |
Lock out account after failed login attempts |
| oval:ssg-accounts_passwords_pam_faillock_deny_root:def:1 |
false |
compliance |
[CCE-80668-7], [accounts_passwords_pam_faillock_deny_root] |
Lock out the root account after failed login attempts |
| oval:ssg-accounts_passwords_pam_faillock_deny:def:1 |
false |
compliance |
[CCE-80667-9], [accounts_passwords_pam_faillock_deny] |
Lock out account after failed login attempts |
| oval:ssg-accounts_password_pam_unix_remember:def:1 |
false |
compliance |
[CCE-80666-1], [accounts_password_pam_unix_remember] |
Limit Password Reuse |
| oval:ssg-accounts_password_pam_ucredit:def:1 |
false |
compliance |
[CCE-80665-3], [accounts_password_pam_ucredit] |
Set Password ucredit Requirements |
| oval:ssg-accounts_password_pam_ocredit:def:1 |
false |
compliance |
[CCE-80663-8], [accounts_password_pam_ocredit] |
Set Password ocredit Requirements |
| oval:ssg-accounts_password_pam_minlen:def:1 |
false |
compliance |
[CCE-80656-2], [accounts_password_pam_minlen] |
Set Password minlen Requirements |
| oval:ssg-accounts_password_pam_minclass:def:1 |
false |
compliance |
[CCE-82046-4], [accounts_password_pam_minclass] |
Set Password minclass Requirements |
| oval:ssg-accounts_password_pam_maxrepeat:def:1 |
false |
compliance |
[CCE-82066-2], [accounts_password_pam_maxrepeat] |
Set Password maxrepeat Requirements |
| oval:ssg-accounts_password_pam_maxclassrepeat:def:1 |
false |
compliance |
[CCE-81034-1], [accounts_password_pam_maxclassrepeat] |
Set Password maxclassrepeat Requirements |
| oval:ssg-accounts_password_pam_lcredit:def:1 |
false |
compliance |
[CCE-80655-4], [accounts_password_pam_lcredit] |
Set Password lcredit Requirements |
| oval:ssg-accounts_password_pam_difok:def:1 |
false |
compliance |
[CCE-80654-7], [accounts_password_pam_difok] |
Set Password difok Requirements |
| oval:ssg-accounts_password_pam_dcredit:def:1 |
false |
compliance |
[CCE-80653-9], [accounts_password_pam_dcredit] |
Set Password dcredit Requirements |
| oval:ssg-accounts_max_concurrent_login_sessions:def:1 |
false |
compliance |
[CCE-80955-8], [accounts_max_concurrent_login_sessions] |
Set Maximum Number of Concurrent Login Sessions Per User |
| oval:ssg-accounts_logon_fail_delay:def:1 |
false |
compliance |
[accounts_logon_fail_delay] |
Ensure that FAIL_DELAY is Configured in /etc/login.defs |
| oval:ssg-account_disable_post_pw_expiration:def:1 |
false |
compliance |
[CCE-80954-1], [account_disable_post_pw_expiration] |
Set Accounts to Expire Following Password Expiration |
| oval:ssg-var_removable_partition_is_cd_dvd_drive:def:1 |
unknown |
compliance |
[var_removable_partition_is_cd_dvd_drive] |
Value of 'var_removable_partition' variable is set to '/dev/cdrom' |
| oval:ssg-sshd_set_loglevel_verbose:def:1 |
unknown |
compliance |
[CCE-82420-1], [sshd_set_loglevel_verbose] |
Set SSH Daemon LogLevel to VERBOSE |
| oval:ssg-sshd_set_loglevel_info:def:1 |
unknown |
compliance |
[CCE-82282-5], [sshd_set_loglevel_info] |
Set LogLevel to INFO |
| oval:ssg-sshd_requirement_unset:def:1 |
unknown |
compliance |
[sshd_requirement_unset] |
It doesn't matter if sshd is installed or not |
| oval:ssg-sshd_required_or_unset:def:1 |
unknown |
compliance |
[sshd_required_or_unset] |
SSHD is required to be installed or requirement not set |
| oval:ssg-sshd_print_last_log:def:1 |
unknown |
compliance |
[CCE-82281-7], [sshd_print_last_log] |
Enable SSH Print Last Log |
| oval:ssg-sshd_not_required_or_unset:def:1 |
unknown |
compliance |
[sshd_not_required_or_unset] |
SSHD is not required to be installed or requirement not set |
| oval:ssg-sshd_enable_x11_forwarding:def:1 |
unknown |
compliance |
[CCE-82421-9], [sshd_enable_x11_forwarding] |
Enable Encrypted X11 Forwarding |
| oval:ssg-sshd_enable_strictmodes:def:1 |
unknown |
compliance |
[CCE-80904-6], [sshd_enable_strictmodes] |
Enable Use of Strict Mode Checking |
| oval:ssg-sshd_enable_gssapi_auth:def:1 |
unknown |
compliance |
[sshd_enable_gssapi_auth] |
Enable GSSAPI Authentication |
| oval:ssg-sshd_disable_rhosts_rsa:def:1 |
unknown |
compliance |
[CCE-80900-4], [sshd_disable_rhosts_rsa] |
Disable SSH Support for Rhosts RSA Authentication |
| oval:ssg-sshd_disable_rhosts:def:1 |
unknown |
compliance |
[CCE-80899-8], [sshd_disable_rhosts] |
Disable SSH Support for .rhosts Files |
| oval:ssg-sshd_disable_kerb_auth:def:1 |
unknown |
compliance |
[CCE-80898-0], [sshd_disable_kerb_auth] |
Disable Kerberos Authentication |
| oval:ssg-sshd_disable_empty_passwords:def:1 |
unknown |
compliance |
[CCE-80896-4], [sshd_disable_empty_passwords] |
Disable SSH Access via Empty Passwords |
| oval:ssg-sshd_disable_compression:def:1 |
unknown |
compliance |
[CCE-80895-6], [sshd_disable_compression] |
Disable Compression Or Set Compression to delayed |
| oval:ssg-sshd_allow_only_protocol2:def:1 |
unknown |
compliance |
[CCE-80894-9], [sshd_allow_only_protocol2] |
Ensure Only Protocol 2 Connections Allowed |
| oval:ssg-disable_host_auth:def:1 |
unknown |
compliance |
[CCE-80786-7], [disable_host_auth] |
Disable Host-Based Authentication |
| oval:ssg-umask_for_daemons:def:1 |
error |
compliance |
[umask_for_daemons] |
Set Daemon umask |
| oval:ssg-sysctl_static_net_ipv6_conf_default_accept_redirects:def:1 |
error |
compliance |
[sysctl_static_net_ipv6_conf_default_accept_redirects] |
Kernel "net.ipv6.conf.default.accept_redirects" Parameter Configuration Check |
| oval:ssg-sysctl_static_net_ipv6_conf_all_accept_redirects:def:1 |
error |
compliance |
[sysctl_static_net_ipv6_conf_all_accept_redirects] |
Kernel "net.ipv6.conf.all.accept_redirects" Parameter Configuration Check |
| oval:ssg-sysctl_static_net_ipv4_conf_default_accept_redirects:def:1 |
error |
compliance |
[sysctl_static_net_ipv4_conf_default_accept_redirects] |
Kernel "net.ipv4.conf.default.accept_redirects" Parameter Configuration Check |
| oval:ssg-sysctl_static_net_ipv4_conf_all_rp_filter:def:1 |
error |
compliance |
[sysctl_static_net_ipv4_conf_all_rp_filter] |
Kernel "net.ipv4.conf.all.rp_filter" Parameter Configuration Check |
| oval:ssg-sysctl_static_net_ipv4_conf_all_accept_source_route:def:1 |
error |
compliance |
[sysctl_static_net_ipv4_conf_all_accept_source_route] |
Kernel "net.ipv4.conf.all.accept_source_route" Parameter Configuration Check |
| oval:ssg-sysctl_static_net_ipv4_conf_all_accept_redirects:def:1 |
error |
compliance |
[sysctl_static_net_ipv4_conf_all_accept_redirects] |
Kernel "net.ipv4.conf.all.accept_redirects" Parameter Configuration Check |
| oval:ssg-sysctl_runtime_net_ipv6_conf_default_accept_source_route:def:1 |
error |
compliance |
[sysctl_runtime_net_ipv6_conf_default_accept_source_route] |
Kernel "net.ipv6.conf.default.accept_source_route" Parameter Runtime Check |
| oval:ssg-sysctl_runtime_net_ipv6_conf_default_accept_redirects:def:1 |
error |
compliance |
[sysctl_runtime_net_ipv6_conf_default_accept_redirects] |
Kernel "net.ipv6.conf.default.accept_redirects" Parameter Runtime Check |
| oval:ssg-sysctl_runtime_net_ipv6_conf_default_accept_ra:def:1 |
error |
compliance |
[sysctl_runtime_net_ipv6_conf_default_accept_ra] |
Kernel "net.ipv6.conf.default.accept_ra" Parameter Runtime Check |
| oval:ssg-sysctl_runtime_net_ipv6_conf_all_forwarding:def:1 |
error |
compliance |
[sysctl_runtime_net_ipv6_conf_all_forwarding] |
Kernel "net.ipv6.conf.all.forwarding" Parameter Runtime Check |
| oval:ssg-sysctl_runtime_net_ipv6_conf_all_accept_source_route:def:1 |
error |
compliance |
[sysctl_runtime_net_ipv6_conf_all_accept_source_route] |
Kernel "net.ipv6.conf.all.accept_source_route" Parameter Runtime Check |
| oval:ssg-sysctl_runtime_net_ipv6_conf_all_accept_redirects:def:1 |
error |
compliance |
[sysctl_runtime_net_ipv6_conf_all_accept_redirects] |
Kernel "net.ipv6.conf.all.accept_redirects" Parameter Runtime Check |
| oval:ssg-sysctl_runtime_net_ipv6_conf_all_accept_ra:def:1 |
error |
compliance |
[sysctl_runtime_net_ipv6_conf_all_accept_ra] |
Kernel "net.ipv6.conf.all.accept_ra" Parameter Runtime Check |
| oval:ssg-sysctl_runtime_net_ipv4_tcp_syncookies:def:1 |
error |
compliance |
[sysctl_runtime_net_ipv4_tcp_syncookies] |
Kernel "net.ipv4.tcp_syncookies" Parameter Runtime Check |
| oval:ssg-sysctl_runtime_net_ipv4_tcp_invalid_ratelimit:def:1 |
error |
compliance |
[sysctl_runtime_net_ipv4_tcp_invalid_ratelimit] |
Kernel "net.ipv4.tcp_invalid_ratelimit" Parameter Runtime Check |
| oval:ssg-sysctl_runtime_net_ipv4_icmp_ignore_bogus_error_responses:def:1 |
error |
compliance |
[sysctl_runtime_net_ipv4_icmp_ignore_bogus_error_responses] |
Kernel "net.ipv4.icmp_ignore_bogus_error_responses" Parameter Runtime Check |
| oval:ssg-sysctl_runtime_net_ipv4_icmp_echo_ignore_broadcasts:def:1 |
error |
compliance |
[sysctl_runtime_net_ipv4_icmp_echo_ignore_broadcasts] |
Kernel "net.ipv4.icmp_echo_ignore_broadcasts" Parameter Runtime Check |
| oval:ssg-sysctl_runtime_net_ipv4_conf_default_secure_redirects:def:1 |
error |
compliance |
[sysctl_runtime_net_ipv4_conf_default_secure_redirects] |
Kernel "net.ipv4.conf.default.secure_redirects" Parameter Runtime Check |
| oval:ssg-sysctl_runtime_net_ipv4_conf_default_rp_filter:def:1 |
error |
compliance |
[sysctl_runtime_net_ipv4_conf_default_rp_filter] |
Kernel "net.ipv4.conf.default.rp_filter" Parameter Runtime Check |
| oval:ssg-sysctl_runtime_net_ipv4_conf_default_log_martians:def:1 |
error |
compliance |
[sysctl_runtime_net_ipv4_conf_default_log_martians] |
Kernel "net.ipv4.conf.default.log_martians" Parameter Runtime Check |
| oval:ssg-sysctl_runtime_net_ipv4_conf_default_accept_source_route:def:1 |
error |
compliance |
[sysctl_runtime_net_ipv4_conf_default_accept_source_route] |
Kernel "net.ipv4.conf.default.accept_source_route" Parameter Runtime Check |
| oval:ssg-sysctl_runtime_net_ipv4_conf_default_accept_redirects:def:1 |
error |
compliance |
[sysctl_runtime_net_ipv4_conf_default_accept_redirects] |
Kernel "net.ipv4.conf.default.accept_redirects" Parameter Runtime Check |
| oval:ssg-sysctl_runtime_net_ipv4_conf_all_secure_redirects:def:1 |
error |
compliance |
[sysctl_runtime_net_ipv4_conf_all_secure_redirects] |
Kernel "net.ipv4.conf.all.secure_redirects" Parameter Runtime Check |
| oval:ssg-sysctl_runtime_net_ipv4_conf_all_rp_filter:def:1 |
error |
compliance |
[sysctl_runtime_net_ipv4_conf_all_rp_filter] |
Kernel "net.ipv4.conf.all.rp_filter" Parameter Runtime Check |
| oval:ssg-sysctl_runtime_net_ipv4_conf_all_log_martians:def:1 |
error |
compliance |
[sysctl_runtime_net_ipv4_conf_all_log_martians] |
Kernel "net.ipv4.conf.all.log_martians" Parameter Runtime Check |
| oval:ssg-sysctl_runtime_net_ipv4_conf_all_accept_source_route:def:1 |
error |
compliance |
[sysctl_runtime_net_ipv4_conf_all_accept_source_route] |
Kernel "net.ipv4.conf.all.accept_source_route" Parameter Runtime Check |
| oval:ssg-sysctl_runtime_net_ipv4_conf_all_accept_redirects:def:1 |
error |
compliance |
[sysctl_runtime_net_ipv4_conf_all_accept_redirects] |
Kernel "net.ipv4.conf.all.accept_redirects" Parameter Runtime Check |
| oval:ssg-sysctl_net_ipv6_conf_default_accept_redirects:def:1 |
error |
compliance |
[CCE-81010-1], [sysctl_net_ipv6_conf_default_accept_redirects] |
Kernel "net.ipv6.conf.default.accept_redirects" Parameter Configuration and Runtime Check |
| oval:ssg-sysctl_net_ipv6_conf_all_accept_redirects:def:1 |
error |
compliance |
[CCE-81009-3], [sysctl_net_ipv6_conf_all_accept_redirects] |
Kernel "net.ipv6.conf.all.accept_redirects" Parameter Configuration and Runtime Check |
| oval:ssg-sysctl_net_ipv4_conf_default_accept_redirects:def:1 |
error |
compliance |
[CCE-80919-4], [sysctl_net_ipv4_conf_default_accept_redirects] |
Kernel "net.ipv4.conf.default.accept_redirects" Parameter Configuration and Runtime Check |
| oval:ssg-sysctl_net_ipv4_conf_all_rp_filter:def:1 |
error |
compliance |
[CCE-81021-8], [sysctl_net_ipv4_conf_all_rp_filter] |
Kernel "net.ipv4.conf.all.rp_filter" Parameter Configuration and Runtime Check |
| oval:ssg-sysctl_net_ipv4_conf_all_accept_source_route:def:1 |
error |
compliance |
[CCE-81011-9], [sysctl_net_ipv4_conf_all_accept_source_route] |
Kernel "net.ipv4.conf.all.accept_source_route" Parameter Configuration and Runtime Check |
| oval:ssg-sysctl_net_ipv4_conf_all_accept_redirects:def:1 |
error |
compliance |
[CCE-80917-8], [sysctl_net_ipv4_conf_all_accept_redirects] |
Kernel "net.ipv4.conf.all.accept_redirects" Parameter Configuration and Runtime Check |
| oval:ssg-selinux_state:def:1 |
error |
compliance |
[CCE-80869-1], [selinux_state] |
SELinux Enforcing |
| oval:ssg-selinux_policytype:def:1 |
error |
compliance |
[CCE-80868-3], [selinux_policytype] |
Enable SELinux |
| oval:ssg-sebool_zoneminder_run_sudo:def:1 |
error |
compliance |
[sebool_zoneminder_run_sudo] |
SELinux "zoneminder_run_sudo" Boolean Check |
| oval:ssg-sebool_zoneminder_anon_write:def:1 |
error |
compliance |
[sebool_zoneminder_anon_write] |
SELinux "zoneminder_anon_write" Boolean Check |
| oval:ssg-sebool_zebra_write_config:def:1 |
error |
compliance |
[sebool_zebra_write_config] |
SELinux "zebra_write_config" Boolean Check |
| oval:ssg-sebool_zarafa_setrlimit:def:1 |
error |
compliance |
[sebool_zarafa_setrlimit] |
SELinux "zarafa_setrlimit" Boolean Check |
| oval:ssg-sebool_zabbix_can_network:def:1 |
error |
compliance |
[sebool_zabbix_can_network] |
SELinux "zabbix_can_network" Boolean Check |
| oval:ssg-sebool_xserver_object_manager:def:1 |
error |
compliance |
[sebool_xserver_object_manager] |
SELinux "xserver_object_manager" Boolean Check |
| oval:ssg-sebool_xserver_execmem:def:1 |
error |
compliance |
[sebool_xserver_execmem] |
SELinux "xserver_execmem" Boolean Check |
| oval:ssg-sebool_xserver_clients_write_xshm:def:1 |
error |
compliance |
[sebool_xserver_clients_write_xshm] |
SELinux "xserver_clients_write_xshm" Boolean Check |
| oval:ssg-sebool_xguest_use_bluetooth:def:1 |
error |
compliance |
[sebool_xguest_use_bluetooth] |
SELinux "xguest_use_bluetooth" Boolean Check |
| oval:ssg-sebool_xguest_mount_media:def:1 |
error |
compliance |
[sebool_xguest_mount_media] |
SELinux "xguest_mount_media" Boolean Check |
| oval:ssg-sebool_xguest_exec_content:def:1 |
error |
compliance |
[sebool_xguest_exec_content] |
SELinux "xguest_exec_content" Boolean Check |
| oval:ssg-sebool_xguest_connect_network:def:1 |
error |
compliance |
[sebool_xguest_connect_network] |
SELinux "xguest_connect_network" Boolean Check |
| oval:ssg-sebool_xend_run_qemu:def:1 |
error |
compliance |
[sebool_xend_run_qemu] |
SELinux "xend_run_qemu" Boolean Check |
| oval:ssg-sebool_xend_run_blktap:def:1 |
error |
compliance |
[sebool_xend_run_blktap] |
SELinux "xend_run_blktap" Boolean Check |
| oval:ssg-sebool_xen_use_nfs:def:1 |
error |
compliance |
[sebool_xen_use_nfs] |
SELinux "xen_use_nfs" Boolean Check |
| oval:ssg-sebool_xdm_write_home:def:1 |
error |
compliance |
[sebool_xdm_write_home] |
SELinux "xdm_write_home" Boolean Check |
| oval:ssg-sebool_xdm_sysadm_login:def:1 |
error |
compliance |
[sebool_xdm_sysadm_login] |
SELinux "xdm_sysadm_login" Boolean Check |
| oval:ssg-sebool_xdm_exec_bootloader:def:1 |
error |
compliance |
[sebool_xdm_exec_bootloader] |
SELinux "xdm_exec_bootloader" Boolean Check |
| oval:ssg-sebool_xdm_bind_vnc_tcp_port:def:1 |
error |
compliance |
[sebool_xdm_bind_vnc_tcp_port] |
SELinux "xdm_bind_vnc_tcp_port" Boolean Check |
| oval:ssg-sebool_wine_mmap_zero_ignore:def:1 |
error |
compliance |
[sebool_wine_mmap_zero_ignore] |
SELinux "wine_mmap_zero_ignore" Boolean Check |
| oval:ssg-sebool_webadm_read_user_files:def:1 |
error |
compliance |
[sebool_webadm_read_user_files] |
SELinux "webadm_read_user_files" Boolean Check |
| oval:ssg-sebool_webadm_manage_user_files:def:1 |
error |
compliance |
[sebool_webadm_manage_user_files] |
SELinux "webadm_manage_user_files" Boolean Check |
| oval:ssg-sebool_virt_use_xserver:def:1 |
error |
compliance |
[sebool_virt_use_xserver] |
SELinux "virt_use_xserver" Boolean Check |
| oval:ssg-sebool_virt_use_usb:def:1 |
error |
compliance |
[sebool_virt_use_usb] |
SELinux "virt_use_usb" Boolean Check |
| oval:ssg-sebool_virt_use_sanlock:def:1 |
error |
compliance |
[sebool_virt_use_sanlock] |
SELinux "virt_use_sanlock" Boolean Check |
| oval:ssg-sebool_virt_use_samba:def:1 |
error |
compliance |
[sebool_virt_use_samba] |
SELinux "virt_use_samba" Boolean Check |
| oval:ssg-sebool_virt_use_rawip:def:1 |
error |
compliance |
[sebool_virt_use_rawip] |
SELinux "virt_use_rawip" Boolean Check |
| oval:ssg-sebool_virt_use_nfs:def:1 |
error |
compliance |
[sebool_virt_use_nfs] |
SELinux "virt_use_nfs" Boolean Check |
| oval:ssg-sebool_virt_use_fusefs:def:1 |
error |
compliance |
[sebool_virt_use_fusefs] |
SELinux "virt_use_fusefs" Boolean Check |
| oval:ssg-sebool_virt_use_execmem:def:1 |
error |
compliance |
[sebool_virt_use_execmem] |
SELinux "virt_use_execmem" Boolean Check |
| oval:ssg-sebool_virt_use_comm:def:1 |
error |
compliance |
[sebool_virt_use_comm] |
SELinux "virt_use_comm" Boolean Check |
| oval:ssg-sebool_virt_transition_userdomain:def:1 |
error |
compliance |
[sebool_virt_transition_userdomain] |
SELinux "virt_transition_userdomain" Boolean Check |
| oval:ssg-sebool_virt_sandbox_use_sys_admin:def:1 |
error |
compliance |
[sebool_virt_sandbox_use_sys_admin] |
SELinux "virt_sandbox_use_sys_admin" Boolean Check |
| oval:ssg-sebool_virt_sandbox_use_netlink:def:1 |
error |
compliance |
[sebool_virt_sandbox_use_netlink] |
SELinux "virt_sandbox_use_netlink" Boolean Check |
| oval:ssg-sebool_virt_sandbox_use_mknod:def:1 |
error |
compliance |
[sebool_virt_sandbox_use_mknod] |
SELinux "virt_sandbox_use_mknod" Boolean Check |
| oval:ssg-sebool_virt_sandbox_use_audit:def:1 |
error |
compliance |
[sebool_virt_sandbox_use_audit] |
SELinux "virt_sandbox_use_audit" Boolean Check |
| oval:ssg-sebool_virt_sandbox_use_all_caps:def:1 |
error |
compliance |
[sebool_virt_sandbox_use_all_caps] |
SELinux "virt_sandbox_use_all_caps" Boolean Check |
| oval:ssg-sebool_virt_rw_qemu_ga_data:def:1 |
error |
compliance |
[sebool_virt_rw_qemu_ga_data] |
SELinux "virt_rw_qemu_ga_data" Boolean Check |
| oval:ssg-sebool_virt_read_qemu_ga_data:def:1 |
error |
compliance |
[sebool_virt_read_qemu_ga_data] |
SELinux "virt_read_qemu_ga_data" Boolean Check |
| oval:ssg-sebool_varnishd_connect_any:def:1 |
error |
compliance |
[sebool_varnishd_connect_any] |
SELinux "varnishd_connect_any" Boolean Check |
| oval:ssg-sebool_user_exec_content:def:1 |
error |
compliance |
[sebool_user_exec_content] |
SELinux "user_exec_content" Boolean Check |
| oval:ssg-sebool_use_samba_home_dirs:def:1 |
error |
compliance |
[sebool_use_samba_home_dirs] |
SELinux "use_samba_home_dirs" Boolean Check |
| oval:ssg-sebool_use_nfs_home_dirs:def:1 |
error |
compliance |
[sebool_use_nfs_home_dirs] |
SELinux "use_nfs_home_dirs" Boolean Check |
| oval:ssg-sebool_use_lpd_server:def:1 |
error |
compliance |
[sebool_use_lpd_server] |
SELinux "use_lpd_server" Boolean Check |
| oval:ssg-sebool_use_fusefs_home_dirs:def:1 |
error |
compliance |
[sebool_use_fusefs_home_dirs] |
SELinux "use_fusefs_home_dirs" Boolean Check |
| oval:ssg-sebool_use_ecryptfs_home_dirs:def:1 |
error |
compliance |
[sebool_use_ecryptfs_home_dirs] |
SELinux "use_ecryptfs_home_dirs" Boolean Check |
| oval:ssg-sebool_unprivuser_use_svirt:def:1 |
error |
compliance |
[sebool_unprivuser_use_svirt] |
SELinux "unprivuser_use_svirt" Boolean Check |
| oval:ssg-sebool_unconfined_mozilla_plugin_transition:def:1 |
error |
compliance |
[sebool_unconfined_mozilla_plugin_transition] |
SELinux "unconfined_mozilla_plugin_transition" Boolean Check |
| oval:ssg-sebool_unconfined_login:def:1 |
error |
compliance |
[sebool_unconfined_login] |
SELinux "unconfined_login" Boolean Check |
| oval:ssg-sebool_unconfined_chrome_sandbox_transition:def:1 |
error |
compliance |
[sebool_unconfined_chrome_sandbox_transition] |
SELinux "unconfined_chrome_sandbox_transition" Boolean Check |
| oval:ssg-sebool_tor_can_network_relay:def:1 |
error |
compliance |
[sebool_tor_can_network_relay] |
SELinux "tor_can_network_relay" Boolean Check |
| oval:ssg-sebool_tor_bind_all_unreserved_ports:def:1 |
error |
compliance |
[sebool_tor_bind_all_unreserved_ports] |
SELinux "tor_bind_all_unreserved_ports" Boolean Check |
| oval:ssg-sebool_tmpreaper_use_samba:def:1 |
error |
compliance |
[sebool_tmpreaper_use_samba] |
SELinux "tmpreaper_use_samba" Boolean Check |
| oval:ssg-sebool_tmpreaper_use_nfs:def:1 |
error |
compliance |
[sebool_tmpreaper_use_nfs] |
SELinux "tmpreaper_use_nfs" Boolean Check |
| oval:ssg-sebool_tftp_home_dir:def:1 |
error |
compliance |
[sebool_tftp_home_dir] |
SELinux "tftp_home_dir" Boolean Check |
| oval:ssg-sebool_tftp_anon_write:def:1 |
error |
compliance |
[sebool_tftp_anon_write] |
SELinux "tftp_anon_write" Boolean Check |
| oval:ssg-sebool_telepathy_tcp_connect_generic_network_ports:def:1 |
error |
compliance |
[sebool_telepathy_tcp_connect_generic_network_ports] |
SELinux "telepathy_tcp_connect_generic_network_ports" Boolean Check |
| oval:ssg-sebool_telepathy_connect_all_ports:def:1 |
error |
compliance |
[sebool_telepathy_connect_all_ports] |
SELinux "telepathy_connect_all_ports" Boolean Check |
| oval:ssg-sebool_sysadm_exec_content:def:1 |
error |
compliance |
[sebool_sysadm_exec_content] |
SELinux "sysadm_exec_content" Boolean Check |
| oval:ssg-sebool_swift_can_network:def:1 |
error |
compliance |
[sebool_swift_can_network] |
SELinux "swift_can_network" Boolean Check |
| oval:ssg-sebool_staff_use_svirt:def:1 |
error |
compliance |
[sebool_staff_use_svirt] |
SELinux "staff_use_svirt" Boolean Check |
| oval:ssg-sebool_staff_exec_content:def:1 |
error |
compliance |
[sebool_staff_exec_content] |
SELinux "staff_exec_content" Boolean Check |
| oval:ssg-sebool_ssh_sysadm_login:def:1 |
error |
compliance |
[sebool_ssh_sysadm_login] |
SELinux "ssh_sysadm_login" Boolean Check |
| oval:ssg-sebool_ssh_keysign:def:1 |
error |
compliance |
[sebool_ssh_keysign] |
SELinux "ssh_keysign" Boolean Check |
| oval:ssg-sebool_ssh_chroot_rw_homedirs:def:1 |
error |
compliance |
[sebool_ssh_chroot_rw_homedirs] |
SELinux "ssh_chroot_rw_homedirs" Boolean Check |
| oval:ssg-sebool_squid_use_tproxy:def:1 |
error |
compliance |
[sebool_squid_use_tproxy] |
SELinux "squid_use_tproxy" Boolean Check |
| oval:ssg-sebool_squid_connect_any:def:1 |
error |
compliance |
[sebool_squid_connect_any] |
SELinux "squid_connect_any" Boolean Check |
| oval:ssg-sebool_spamd_enable_home_dirs:def:1 |
error |
compliance |
[sebool_spamd_enable_home_dirs] |
SELinux "spamd_enable_home_dirs" Boolean Check |
| oval:ssg-sebool_spamassassin_can_network:def:1 |
error |
compliance |
[sebool_spamassassin_can_network] |
SELinux "spamassassin_can_network" Boolean Check |
| oval:ssg-sebool_smbd_anon_write:def:1 |
error |
compliance |
[sebool_smbd_anon_write] |
SELinux "smbd_anon_write" Boolean Check |
| oval:ssg-sebool_smartmon_3ware:def:1 |
error |
compliance |
[sebool_smartmon_3ware] |
SELinux "smartmon_3ware" Boolean Check |
| oval:ssg-sebool_sge_use_nfs:def:1 |
error |
compliance |
[sebool_sge_use_nfs] |
SELinux "sge_use_nfs" Boolean Check |
| oval:ssg-sebool_sge_domain_can_network_connect:def:1 |
error |
compliance |
[sebool_sge_domain_can_network_connect] |
SELinux "sge_domain_can_network_connect" Boolean Check |
| oval:ssg-sebool_selinuxuser_use_ssh_chroot:def:1 |
error |
compliance |
[sebool_selinuxuser_use_ssh_chroot] |
SELinux "selinuxuser_use_ssh_chroot" Boolean Check |
| oval:ssg-sebool_selinuxuser_udp_server:def:1 |
error |
compliance |
[sebool_selinuxuser_udp_server] |
SELinux "selinuxuser_udp_server" Boolean Check |
| oval:ssg-sebool_selinuxuser_tcp_server:def:1 |
error |
compliance |
[sebool_selinuxuser_tcp_server] |
SELinux "selinuxuser_tcp_server" Boolean Check |
| oval:ssg-sebool_selinuxuser_share_music:def:1 |
error |
compliance |
[sebool_selinuxuser_share_music] |
SELinux "selinuxuser_share_music" Boolean Check |
| oval:ssg-sebool_selinuxuser_rw_noexattrfile:def:1 |
error |
compliance |
[sebool_selinuxuser_rw_noexattrfile] |
SELinux "selinuxuser_rw_noexattrfile" Boolean Check |
| oval:ssg-sebool_selinuxuser_postgresql_connect_enabled:def:1 |
error |
compliance |
[sebool_selinuxuser_postgresql_connect_enabled] |
SELinux "selinuxuser_postgresql_connect_enabled" Boolean Check |
| oval:ssg-sebool_selinuxuser_ping:def:1 |
error |
compliance |
[sebool_selinuxuser_ping] |
SELinux "selinuxuser_ping" Boolean Check |
| oval:ssg-sebool_selinuxuser_mysql_connect_enabled:def:1 |
error |
compliance |
[sebool_selinuxuser_mysql_connect_enabled] |
SELinux "selinuxuser_mysql_connect_enabled" Boolean Check |
| oval:ssg-sebool_selinuxuser_execstack:def:1 |
error |
compliance |
[CCE-80951-7], [sebool_selinuxuser_execstack] |
SELinux "selinuxuser_execstack" Boolean Check |
| oval:ssg-sebool_selinuxuser_execmod:def:1 |
error |
compliance |
[CCE-80950-9], [sebool_selinuxuser_execmod] |
SELinux "selinuxuser_execmod" Boolean Check |
| oval:ssg-sebool_selinuxuser_execheap:def:1 |
error |
compliance |
[CCE-80949-1], [sebool_selinuxuser_execheap] |
SELinux "selinuxuser_execheap" Boolean Check |
| oval:ssg-sebool_selinuxuser_direct_dri_enabled:def:1 |
error |
compliance |
[sebool_selinuxuser_direct_dri_enabled] |
SELinux "selinuxuser_direct_dri_enabled" Boolean Check |
| oval:ssg-sebool_secure_mode_policyload:def:1 |
error |
compliance |
[sebool_secure_mode_policyload] |
SELinux "secure_mode_policyload" Boolean Check |
| oval:ssg-sebool_secure_mode_insmod:def:1 |
error |
compliance |
[sebool_secure_mode_insmod] |
SELinux "secure_mode_insmod" Boolean Check |
| oval:ssg-sebool_secure_mode:def:1 |
error |
compliance |
[sebool_secure_mode] |
SELinux "secure_mode" Boolean Check |
| oval:ssg-sebool_secadm_exec_content:def:1 |
error |
compliance |
[sebool_secadm_exec_content] |
SELinux "secadm_exec_content" Boolean Check |
| oval:ssg-sebool_saslauthd_read_shadow:def:1 |
error |
compliance |
[sebool_saslauthd_read_shadow] |
SELinux "saslauthd_read_shadow" Boolean Check |
| oval:ssg-sebool_sanlock_use_samba:def:1 |
error |
compliance |
[sebool_sanlock_use_samba] |
SELinux "sanlock_use_samba" Boolean Check |
| oval:ssg-sebool_sanlock_use_nfs:def:1 |
error |
compliance |
[sebool_sanlock_use_nfs] |
SELinux "sanlock_use_nfs" Boolean Check |
| oval:ssg-sebool_sanlock_use_fusefs:def:1 |
error |
compliance |
[sebool_sanlock_use_fusefs] |
SELinux "sanlock_use_fusefs" Boolean Check |
| oval:ssg-sebool_samba_share_nfs:def:1 |
error |
compliance |
[sebool_samba_share_nfs] |
SELinux "samba_share_nfs" Boolean Check |
| oval:ssg-sebool_samba_share_fusefs:def:1 |
error |
compliance |
[sebool_samba_share_fusefs] |
SELinux "samba_share_fusefs" Boolean Check |
| oval:ssg-sebool_samba_run_unconfined:def:1 |
error |
compliance |
[sebool_samba_run_unconfined] |
SELinux "samba_run_unconfined" Boolean Check |
| oval:ssg-sebool_samba_portmapper:def:1 |
error |
compliance |
[sebool_samba_portmapper] |
SELinux "samba_portmapper" Boolean Check |
| oval:ssg-sebool_samba_load_libgfapi:def:1 |
error |
compliance |
[sebool_samba_load_libgfapi] |
SELinux "samba_load_libgfapi" Boolean Check |
| oval:ssg-sebool_samba_export_all_rw:def:1 |
error |
compliance |
[sebool_samba_export_all_rw] |
SELinux "samba_export_all_rw" Boolean Check |
| oval:ssg-sebool_samba_export_all_ro:def:1 |
error |
compliance |
[sebool_samba_export_all_ro] |
SELinux "samba_export_all_ro" Boolean Check |
| oval:ssg-sebool_samba_enable_home_dirs:def:1 |
error |
compliance |
[sebool_samba_enable_home_dirs] |
SELinux "samba_enable_home_dirs" Boolean Check |
| oval:ssg-sebool_samba_domain_controller:def:1 |
error |
compliance |
[sebool_samba_domain_controller] |
SELinux "samba_domain_controller" Boolean Check |
| oval:ssg-sebool_samba_create_home_dirs:def:1 |
error |
compliance |
[sebool_samba_create_home_dirs] |
SELinux "samba_create_home_dirs" Boolean Check |
| oval:ssg-sebool_rsync_full_access:def:1 |
error |
compliance |
[sebool_rsync_full_access] |
SELinux "rsync_full_access" Boolean Check |
| oval:ssg-sebool_rsync_export_all_ro:def:1 |
error |
compliance |
[sebool_rsync_export_all_ro] |
SELinux "rsync_export_all_ro" Boolean Check |
| oval:ssg-sebool_rsync_client:def:1 |
error |
compliance |
[sebool_rsync_client] |
SELinux "rsync_client" Boolean Check |
| oval:ssg-sebool_rsync_anon_write:def:1 |
error |
compliance |
[sebool_rsync_anon_write] |
SELinux "rsync_anon_write" Boolean Check |
| oval:ssg-sebool_racoon_read_shadow:def:1 |
error |
compliance |
[sebool_racoon_read_shadow] |
SELinux "racoon_read_shadow" Boolean Check |
| oval:ssg-sebool_puppetmaster_use_db:def:1 |
error |
compliance |
[sebool_puppetmaster_use_db] |
SELinux "puppetmaster_use_db" Boolean Check |
| oval:ssg-sebool_puppetagent_manage_all_files:def:1 |
error |
compliance |
[sebool_puppetagent_manage_all_files] |
SELinux "puppetagent_manage_all_files" Boolean Check |
| oval:ssg-sebool_prosody_bind_http_port:def:1 |
error |
compliance |
[sebool_prosody_bind_http_port] |
SELinux "prosody_bind_http_port" Boolean Check |
| oval:ssg-sebool_privoxy_connect_any:def:1 |
error |
compliance |
[sebool_privoxy_connect_any] |
SELinux "privoxy_connect_any" Boolean Check |
| oval:ssg-sebool_pppd_for_user:def:1 |
error |
compliance |
[sebool_pppd_for_user] |
SELinux "pppd_for_user" Boolean Check |
| oval:ssg-sebool_pppd_can_insmod:def:1 |
error |
compliance |
[sebool_pppd_can_insmod] |
SELinux "pppd_can_insmod" Boolean Check |
| oval:ssg-sebool_postgresql_selinux_users_ddl:def:1 |
error |
compliance |
[sebool_postgresql_selinux_users_ddl] |
SELinux "postgresql_selinux_users_ddl" Boolean Check |
| oval:ssg-sebool_postgresql_selinux_unconfined_dbadm:def:1 |
error |
compliance |
[sebool_postgresql_selinux_unconfined_dbadm] |
SELinux "postgresql_selinux_unconfined_dbadm" Boolean Check |
| oval:ssg-sebool_postgresql_selinux_transmit_client_label:def:1 |
error |
compliance |
[sebool_postgresql_selinux_transmit_client_label] |
SELinux "postgresql_selinux_transmit_client_label" Boolean Check |
| oval:ssg-sebool_postgresql_can_rsync:def:1 |
error |
compliance |
[sebool_postgresql_can_rsync] |
SELinux "postgresql_can_rsync" Boolean Check |
| oval:ssg-sebool_postfix_local_write_mail_spool:def:1 |
error |
compliance |
[sebool_postfix_local_write_mail_spool] |
SELinux "postfix_local_write_mail_spool" Boolean Check |
| oval:ssg-sebool_polyinstantiation_enabled:def:1 |
error |
compliance |
[sebool_polyinstantiation_enabled] |
SELinux "polyinstantiation_enabled" Boolean Check |
| oval:ssg-sebool_polipo_use_nfs:def:1 |
error |
compliance |
[sebool_polipo_use_nfs] |
SELinux "polipo_use_nfs" Boolean Check |
| oval:ssg-sebool_polipo_use_cifs:def:1 |
error |
compliance |
[sebool_polipo_use_cifs] |
SELinux "polipo_use_cifs" Boolean Check |
| oval:ssg-sebool_polipo_session_users:def:1 |
error |
compliance |
[sebool_polipo_session_users] |
SELinux "polipo_session_users" Boolean Check |
| oval:ssg-sebool_polipo_session_bind_all_unreserved_ports:def:1 |
error |
compliance |
[sebool_polipo_session_bind_all_unreserved_ports] |
SELinux "polipo_session_bind_all_unreserved_ports" Boolean Check |
| oval:ssg-sebool_polipo_connect_all_unreserved:def:1 |
error |
compliance |
[sebool_polipo_connect_all_unreserved] |
SELinux "polipo_connect_all_unreserved" Boolean Check |
| oval:ssg-sebool_piranha_lvs_can_network_connect:def:1 |
error |
compliance |
[sebool_piranha_lvs_can_network_connect] |
SELinux "piranha_lvs_can_network_connect" Boolean Check |
| oval:ssg-sebool_pcp_read_generic_logs:def:1 |
error |
compliance |
[sebool_pcp_read_generic_logs] |
SELinux "pcp_read_generic_logs" Boolean Check |
| oval:ssg-sebool_pcp_bind_all_unreserved_ports:def:1 |
error |
compliance |
[sebool_pcp_bind_all_unreserved_ports] |
SELinux "pcp_bind_all_unreserved_ports" Boolean Check |
| oval:ssg-sebool_openvpn_run_unconfined:def:1 |
error |
compliance |
[sebool_openvpn_run_unconfined] |
SELinux "openvpn_run_unconfined" Boolean Check |
| oval:ssg-sebool_openvpn_enable_homedirs:def:1 |
error |
compliance |
[sebool_openvpn_enable_homedirs] |
SELinux "openvpn_enable_homedirs" Boolean Check |
| oval:ssg-sebool_openvpn_can_network_connect:def:1 |
error |
compliance |
[sebool_openvpn_can_network_connect] |
SELinux "openvpn_can_network_connect" Boolean Check |
| oval:ssg-sebool_openshift_use_nfs:def:1 |
error |
compliance |
[sebool_openshift_use_nfs] |
SELinux "openshift_use_nfs" Boolean Check |
| oval:ssg-sebool_nscd_use_shm:def:1 |
error |
compliance |
[sebool_nscd_use_shm] |
SELinux "nscd_use_shm" Boolean Check |
| oval:ssg-sebool_nis_enabled:def:1 |
error |
compliance |
[sebool_nis_enabled] |
SELinux "nis_enabled" Boolean Check |
| oval:ssg-sebool_nfsd_anon_write:def:1 |
error |
compliance |
[sebool_nfsd_anon_write] |
SELinux "nfsd_anon_write" Boolean Check |
| oval:ssg-sebool_nfs_export_all_rw:def:1 |
error |
compliance |
[sebool_nfs_export_all_rw] |
SELinux "nfs_export_all_rw" Boolean Check |
| oval:ssg-sebool_nfs_export_all_ro:def:1 |
error |
compliance |
[sebool_nfs_export_all_ro] |
SELinux "nfs_export_all_ro" Boolean Check |
| oval:ssg-sebool_neutron_can_network:def:1 |
error |
compliance |
[sebool_neutron_can_network] |
SELinux "neutron_can_network" Boolean Check |
| oval:ssg-sebool_named_write_master_zones:def:1 |
error |
compliance |
[sebool_named_write_master_zones] |
SELinux "named_write_master_zones" Boolean Check |
| oval:ssg-sebool_named_tcp_bind_http_port:def:1 |
error |
compliance |
[sebool_named_tcp_bind_http_port] |
SELinux "named_tcp_bind_http_port" Boolean Check |
| oval:ssg-sebool_nagios_run_sudo:def:1 |
error |
compliance |
[sebool_nagios_run_sudo] |
SELinux "nagios_run_sudo" Boolean Check |
| oval:ssg-sebool_nagios_run_pnp4nagios:def:1 |
error |
compliance |
[sebool_nagios_run_pnp4nagios] |
SELinux "nagios_run_pnp4nagios" Boolean Check |
| oval:ssg-sebool_mysql_connect_any:def:1 |
error |
compliance |
[sebool_mysql_connect_any] |
SELinux "mysql_connect_any" Boolean Check |
| oval:ssg-sebool_mplayer_execstack:def:1 |
error |
compliance |
[sebool_mplayer_execstack] |
SELinux "mplayer_execstack" Boolean Check |
| oval:ssg-sebool_mpd_use_nfs:def:1 |
error |
compliance |
[sebool_mpd_use_nfs] |
SELinux "mpd_use_nfs" Boolean Check |
| oval:ssg-sebool_mpd_use_cifs:def:1 |
error |
compliance |
[sebool_mpd_use_cifs] |
SELinux "mpd_use_cifs" Boolean Check |
| oval:ssg-sebool_mpd_enable_homedirs:def:1 |
error |
compliance |
[sebool_mpd_enable_homedirs] |
SELinux "mpd_enable_homedirs" Boolean Check |
| oval:ssg-sebool_mozilla_read_content:def:1 |
error |
compliance |
[sebool_mozilla_read_content] |
SELinux "mozilla_read_content" Boolean Check |
| oval:ssg-sebool_mozilla_plugin_use_spice:def:1 |
error |
compliance |
[sebool_mozilla_plugin_use_spice] |
SELinux "mozilla_plugin_use_spice" Boolean Check |
| oval:ssg-sebool_mozilla_plugin_use_gps:def:1 |
error |
compliance |
[sebool_mozilla_plugin_use_gps] |
SELinux "mozilla_plugin_use_gps" Boolean Check |
| oval:ssg-sebool_mozilla_plugin_use_bluejeans:def:1 |
error |
compliance |
[sebool_mozilla_plugin_use_bluejeans] |
SELinux "mozilla_plugin_use_bluejeans" Boolean Check |
| oval:ssg-sebool_mozilla_plugin_can_network_connect:def:1 |
error |
compliance |
[sebool_mozilla_plugin_can_network_connect] |
SELinux "mozilla_plugin_can_network_connect" Boolean Check |
| oval:ssg-sebool_mozilla_plugin_bind_unreserved_ports:def:1 |
error |
compliance |
[sebool_mozilla_plugin_bind_unreserved_ports] |
SELinux "mozilla_plugin_bind_unreserved_ports" Boolean Check |
| oval:ssg-sebool_mount_anyfile:def:1 |
error |
compliance |
[sebool_mount_anyfile] |
SELinux "mount_anyfile" Boolean Check |
| oval:ssg-sebool_mock_enable_homedirs:def:1 |
error |
compliance |
[sebool_mock_enable_homedirs] |
SELinux "mock_enable_homedirs" Boolean Check |
| oval:ssg-sebool_mmap_low_allowed:def:1 |
error |
compliance |
[sebool_mmap_low_allowed] |
SELinux "mmap_low_allowed" Boolean Check |
| oval:ssg-sebool_minidlna_read_generic_user_content:def:1 |
error |
compliance |
[sebool_minidlna_read_generic_user_content] |
SELinux "minidlna_read_generic_user_content" Boolean Check |
| oval:ssg-sebool_mcelog_server:def:1 |
error |
compliance |
[sebool_mcelog_server] |
SELinux "mcelog_server" Boolean Check |
| oval:ssg-sebool_mcelog_foreground:def:1 |
error |
compliance |
[sebool_mcelog_foreground] |
SELinux "mcelog_foreground" Boolean Check |
| oval:ssg-sebool_mcelog_exec_scripts:def:1 |
error |
compliance |
[sebool_mcelog_exec_scripts] |
SELinux "mcelog_exec_scripts" Boolean Check |
| oval:ssg-sebool_mcelog_client:def:1 |
error |
compliance |
[sebool_mcelog_client] |
SELinux "mcelog_client" Boolean Check |
| oval:ssg-sebool_mailman_use_fusefs:def:1 |
error |
compliance |
[sebool_mailman_use_fusefs] |
SELinux "mailman_use_fusefs" Boolean Check |
| oval:ssg-sebool_lsmd_plugin_connect_any:def:1 |
error |
compliance |
[sebool_lsmd_plugin_connect_any] |
SELinux "lsmd_plugin_connect_any" Boolean Check |
| oval:ssg-sebool_logwatch_can_network_connect_mail:def:1 |
error |
compliance |
[sebool_logwatch_can_network_connect_mail] |
SELinux "logwatch_can_network_connect_mail" Boolean Check |
| oval:ssg-sebool_logrotate_use_nfs:def:1 |
error |
compliance |
[sebool_logrotate_use_nfs] |
SELinux "logrotate_use_nfs" Boolean Check |
| oval:ssg-sebool_login_console_enabled:def:1 |
error |
compliance |
[sebool_login_console_enabled] |
SELinux "login_console_enabled" Boolean Check |
| oval:ssg-sebool_logging_syslogd_use_tty:def:1 |
error |
compliance |
[sebool_logging_syslogd_use_tty] |
SELinux "logging_syslogd_use_tty" Boolean Check |
| oval:ssg-sebool_logging_syslogd_run_nagios_plugins:def:1 |
error |
compliance |
[sebool_logging_syslogd_run_nagios_plugins] |
SELinux "logging_syslogd_run_nagios_plugins" Boolean Check |
| oval:ssg-sebool_logging_syslogd_can_sendmail:def:1 |
error |
compliance |
[sebool_logging_syslogd_can_sendmail] |
SELinux "logging_syslogd_can_sendmail" Boolean Check |
| oval:ssg-sebool_logadm_exec_content:def:1 |
error |
compliance |
[sebool_logadm_exec_content] |
SELinux "logadm_exec_content" Boolean Check |
| oval:ssg-sebool_ksmtuned_use_nfs:def:1 |
error |
compliance |
[sebool_ksmtuned_use_nfs] |
SELinux "ksmtuned_use_nfs" Boolean Check |
| oval:ssg-sebool_ksmtuned_use_cifs:def:1 |
error |
compliance |
[sebool_ksmtuned_use_cifs] |
SELinux "ksmtuned_use_cifs" Boolean Check |
| oval:ssg-sebool_kerberos_enabled:def:1 |
error |
compliance |
[sebool_kerberos_enabled] |
SELinux "kerberos_enabled" Boolean Check |
| oval:ssg-sebool_kdumpgui_run_bootloader:def:1 |
error |
compliance |
[sebool_kdumpgui_run_bootloader] |
SELinux "kdumpgui_run_bootloader" Boolean Check |
| oval:ssg-sebool_irssi_use_full_network:def:1 |
error |
compliance |
[sebool_irssi_use_full_network] |
SELinux "irssi_use_full_network" Boolean Check |
| oval:ssg-sebool_irc_use_any_tcp_ports:def:1 |
error |
compliance |
[sebool_irc_use_any_tcp_ports] |
SELinux "irc_use_any_tcp_ports" Boolean Check |
| oval:ssg-sebool_icecast_use_any_tcp_ports:def:1 |
error |
compliance |
[sebool_icecast_use_any_tcp_ports] |
SELinux "icecast_use_any_tcp_ports" Boolean Check |
| oval:ssg-sebool_httpd_verify_dns:def:1 |
error |
compliance |
[sebool_httpd_verify_dns] |
SELinux "httpd_verify_dns" Boolean Check |
| oval:ssg-sebool_httpd_use_sasl:def:1 |
error |
compliance |
[sebool_httpd_use_sasl] |
SELinux "httpd_use_sasl" Boolean Check |
| oval:ssg-sebool_httpd_use_openstack:def:1 |
error |
compliance |
[sebool_httpd_use_openstack] |
SELinux "httpd_use_openstack" Boolean Check |
| oval:ssg-sebool_httpd_use_nfs:def:1 |
error |
compliance |
[sebool_httpd_use_nfs] |
SELinux "httpd_use_nfs" Boolean Check |
| oval:ssg-sebool_httpd_use_gpg:def:1 |
error |
compliance |
[sebool_httpd_use_gpg] |
SELinux "httpd_use_gpg" Boolean Check |
| oval:ssg-sebool_httpd_use_fusefs:def:1 |
error |
compliance |
[sebool_httpd_use_fusefs] |
SELinux "httpd_use_fusefs" Boolean Check |
| oval:ssg-sebool_httpd_use_cifs:def:1 |
error |
compliance |
[sebool_httpd_use_cifs] |
SELinux "httpd_use_cifs" Boolean Check |
| oval:ssg-sebool_httpd_unified:def:1 |
error |
compliance |
[sebool_httpd_unified] |
SELinux "httpd_unified" Boolean Check |
| oval:ssg-sebool_httpd_tty_comm:def:1 |
error |
compliance |
[sebool_httpd_tty_comm] |
SELinux "httpd_tty_comm" Boolean Check |
| oval:ssg-sebool_httpd_tmp_exec:def:1 |
error |
compliance |
[sebool_httpd_tmp_exec] |
SELinux "httpd_tmp_exec" Boolean Check |
| oval:ssg-sebool_httpd_sys_script_anon_write:def:1 |
error |
compliance |
[sebool_httpd_sys_script_anon_write] |
SELinux "httpd_sys_script_anon_write" Boolean Check |
| oval:ssg-sebool_httpd_ssi_exec:def:1 |
error |
compliance |
[sebool_httpd_ssi_exec] |
SELinux "httpd_ssi_exec" Boolean Check |
| oval:ssg-sebool_httpd_setrlimit:def:1 |
error |
compliance |
[sebool_httpd_setrlimit] |
SELinux "httpd_setrlimit" Boolean Check |
| oval:ssg-sebool_httpd_serve_cobbler_files:def:1 |
error |
compliance |
[sebool_httpd_serve_cobbler_files] |
SELinux "httpd_serve_cobbler_files" Boolean Check |
| oval:ssg-sebool_httpd_run_stickshift:def:1 |
error |
compliance |
[sebool_httpd_run_stickshift] |
SELinux "httpd_run_stickshift" Boolean Check |
| oval:ssg-sebool_httpd_run_preupgrade:def:1 |
error |
compliance |
[sebool_httpd_run_preupgrade] |
SELinux "httpd_run_preupgrade" Boolean Check |
| oval:ssg-sebool_httpd_run_ipa:def:1 |
error |
compliance |
[sebool_httpd_run_ipa] |
SELinux "httpd_run_ipa" Boolean Check |
| oval:ssg-sebool_httpd_read_user_content:def:1 |
error |
compliance |
[sebool_httpd_read_user_content] |
SELinux "httpd_read_user_content" Boolean Check |
| oval:ssg-sebool_httpd_mod_auth_pam:def:1 |
error |
compliance |
[sebool_httpd_mod_auth_pam] |
SELinux "httpd_mod_auth_pam" Boolean Check |
| oval:ssg-sebool_httpd_mod_auth_ntlm_winbind:def:1 |
error |
compliance |
[sebool_httpd_mod_auth_ntlm_winbind] |
SELinux "httpd_mod_auth_ntlm_winbind" Boolean Check |
| oval:ssg-sebool_httpd_manage_ipa:def:1 |
error |
compliance |
[sebool_httpd_manage_ipa] |
SELinux "httpd_manage_ipa" Boolean Check |
| oval:ssg-sebool_httpd_graceful_shutdown:def:1 |
error |
compliance |
[sebool_httpd_graceful_shutdown] |
SELinux "httpd_graceful_shutdown" Boolean Check |
| oval:ssg-sebool_httpd_execmem:def:1 |
error |
compliance |
[sebool_httpd_execmem] |
SELinux "httpd_execmem" Boolean Check |
| oval:ssg-sebool_httpd_enable_homedirs:def:1 |
error |
compliance |
[sebool_httpd_enable_homedirs] |
SELinux "httpd_enable_homedirs" Boolean Check |
| oval:ssg-sebool_httpd_enable_ftp_server:def:1 |
error |
compliance |
[sebool_httpd_enable_ftp_server] |
SELinux "httpd_enable_ftp_server" Boolean Check |
| oval:ssg-sebool_httpd_enable_cgi:def:1 |
error |
compliance |
[sebool_httpd_enable_cgi] |
SELinux "httpd_enable_cgi" Boolean Check |
| oval:ssg-sebool_httpd_dontaudit_search_dirs:def:1 |
error |
compliance |
[sebool_httpd_dontaudit_search_dirs] |
SELinux "httpd_dontaudit_search_dirs" Boolean Check |
| oval:ssg-sebool_httpd_dbus_sssd:def:1 |
error |
compliance |
[sebool_httpd_dbus_sssd] |
SELinux "httpd_dbus_sssd" Boolean Check |
| oval:ssg-sebool_httpd_dbus_avahi:def:1 |
error |
compliance |
[sebool_httpd_dbus_avahi] |
SELinux "httpd_dbus_avahi" Boolean Check |
| oval:ssg-sebool_httpd_can_sendmail:def:1 |
error |
compliance |
[sebool_httpd_can_sendmail] |
SELinux "httpd_can_sendmail" Boolean Check |
| oval:ssg-sebool_httpd_can_network_relay:def:1 |
error |
compliance |
[sebool_httpd_can_network_relay] |
SELinux "httpd_can_network_relay" Boolean Check |
| oval:ssg-sebool_httpd_can_network_memcache:def:1 |
error |
compliance |
[sebool_httpd_can_network_memcache] |
SELinux "httpd_can_network_memcache" Boolean Check |
| oval:ssg-sebool_httpd_can_network_connect_db:def:1 |
error |
compliance |
[sebool_httpd_can_network_connect_db] |
SELinux "httpd_can_network_connect_db" Boolean Check |
| oval:ssg-sebool_httpd_can_network_connect_cobbler:def:1 |
error |
compliance |
[sebool_httpd_can_network_connect_cobbler] |
SELinux "httpd_can_network_connect_cobbler" Boolean Check |
| oval:ssg-sebool_httpd_can_network_connect:def:1 |
error |
compliance |
[sebool_httpd_can_network_connect] |
SELinux "httpd_can_network_connect" Boolean Check |
| oval:ssg-sebool_httpd_can_connect_zabbix:def:1 |
error |
compliance |
[sebool_httpd_can_connect_zabbix] |
SELinux "httpd_can_connect_zabbix" Boolean Check |
| oval:ssg-sebool_httpd_can_connect_mythtv:def:1 |
error |
compliance |
[sebool_httpd_can_connect_mythtv] |
SELinux "httpd_can_connect_mythtv" Boolean Check |
| oval:ssg-sebool_httpd_can_connect_ldap:def:1 |
error |
compliance |
[sebool_httpd_can_connect_ldap] |
SELinux "httpd_can_connect_ldap" Boolean Check |
| oval:ssg-sebool_httpd_can_connect_ftp:def:1 |
error |
compliance |
[sebool_httpd_can_connect_ftp] |
SELinux "httpd_can_connect_ftp" Boolean Check |
| oval:ssg-sebool_httpd_can_check_spam:def:1 |
error |
compliance |
[sebool_httpd_can_check_spam] |
SELinux "httpd_can_check_spam" Boolean Check |
| oval:ssg-sebool_httpd_builtin_scripting:def:1 |
error |
compliance |
[sebool_httpd_builtin_scripting] |
SELinux "httpd_builtin_scripting" Boolean Check |
| oval:ssg-sebool_httpd_anon_write:def:1 |
error |
compliance |
[sebool_httpd_anon_write] |
SELinux "httpd_anon_write" Boolean Check |
| oval:ssg-sebool_haproxy_connect_any:def:1 |
error |
compliance |
[sebool_haproxy_connect_any] |
SELinux "haproxy_connect_any" Boolean Check |
| oval:ssg-sebool_guest_exec_content:def:1 |
error |
compliance |
[sebool_guest_exec_content] |
SELinux "guest_exec_content" Boolean Check |
| oval:ssg-sebool_gssd_read_tmp:def:1 |
error |
compliance |
[sebool_gssd_read_tmp] |
SELinux "gssd_read_tmp" Boolean Check |
| oval:ssg-sebool_gpg_web_anon_write:def:1 |
error |
compliance |
[sebool_gpg_web_anon_write] |
SELinux "gpg_web_anon_write" Boolean Check |
| oval:ssg-sebool_gluster_export_all_rw:def:1 |
error |
compliance |
[sebool_gluster_export_all_rw] |
SELinux "gluster_export_all_rw" Boolean Check |
| oval:ssg-sebool_gluster_export_all_ro:def:1 |
error |
compliance |
[sebool_gluster_export_all_ro] |
SELinux "gluster_export_all_ro" Boolean Check |
| oval:ssg-sebool_gluster_anon_write:def:1 |
error |
compliance |
[sebool_gluster_anon_write] |
SELinux "gluster_anon_write" Boolean Check |
| oval:ssg-sebool_global_ssp:def:1 |
error |
compliance |
[sebool_global_ssp] |
SELinux "global_ssp" Boolean Check |
| oval:ssg-sebool_glance_use_fusefs:def:1 |
error |
compliance |
[sebool_glance_use_fusefs] |
SELinux "glance_use_fusefs" Boolean Check |
| oval:ssg-sebool_glance_use_execmem:def:1 |
error |
compliance |
[sebool_glance_use_execmem] |
SELinux "glance_use_execmem" Boolean Check |
| oval:ssg-sebool_glance_api_can_network:def:1 |
error |
compliance |
[sebool_glance_api_can_network] |
SELinux "glance_api_can_network" Boolean Check |
| oval:ssg-sebool_gitosis_can_sendmail:def:1 |
error |
compliance |
[sebool_gitosis_can_sendmail] |
SELinux "gitosis_can_sendmail" Boolean Check |
| oval:ssg-sebool_git_system_use_nfs:def:1 |
error |
compliance |
[sebool_git_system_use_nfs] |
SELinux "git_system_use_nfs" Boolean Check |
| oval:ssg-sebool_git_system_use_cifs:def:1 |
error |
compliance |
[sebool_git_system_use_cifs] |
SELinux "git_system_use_cifs" Boolean Check |
| oval:ssg-sebool_git_system_enable_homedirs:def:1 |
error |
compliance |
[sebool_git_system_enable_homedirs] |
SELinux "git_system_enable_homedirs" Boolean Check |
| oval:ssg-sebool_git_session_users:def:1 |
error |
compliance |
[sebool_git_session_users] |
SELinux "git_session_users" Boolean Check |
| oval:ssg-sebool_git_session_bind_all_unreserved_ports:def:1 |
error |
compliance |
[sebool_git_session_bind_all_unreserved_ports] |
SELinux "git_session_bind_all_unreserved_ports" Boolean Check |
| oval:ssg-sebool_git_cgi_use_nfs:def:1 |
error |
compliance |
[sebool_git_cgi_use_nfs] |
SELinux "git_cgi_use_nfs" Boolean Check |
| oval:ssg-sebool_git_cgi_use_cifs:def:1 |
error |
compliance |
[sebool_git_cgi_use_cifs] |
SELinux "git_cgi_use_cifs" Boolean Check |
| oval:ssg-sebool_git_cgi_enable_homedirs:def:1 |
error |
compliance |
[sebool_git_cgi_enable_homedirs] |
SELinux "git_cgi_enable_homedirs" Boolean Check |
| oval:ssg-sebool_ftpd_use_passive_mode:def:1 |
error |
compliance |
[sebool_ftpd_use_passive_mode] |
SELinux "ftpd_use_passive_mode" Boolean Check |
| oval:ssg-sebool_ftpd_use_nfs:def:1 |
error |
compliance |
[sebool_ftpd_use_nfs] |
SELinux "ftpd_use_nfs" Boolean Check |
| oval:ssg-sebool_ftpd_use_fusefs:def:1 |
error |
compliance |
[sebool_ftpd_use_fusefs] |
SELinux "ftpd_use_fusefs" Boolean Check |
| oval:ssg-sebool_ftpd_use_cifs:def:1 |
error |
compliance |
[sebool_ftpd_use_cifs] |
SELinux "ftpd_use_cifs" Boolean Check |
| oval:ssg-sebool_ftpd_full_access:def:1 |
error |
compliance |
[sebool_ftpd_full_access] |
SELinux "ftpd_full_access" Boolean Check |
| oval:ssg-sebool_ftpd_connect_db:def:1 |
error |
compliance |
[sebool_ftpd_connect_db] |
SELinux "ftpd_connect_db" Boolean Check |
| oval:ssg-sebool_ftpd_connect_all_unreserved:def:1 |
error |
compliance |
[sebool_ftpd_connect_all_unreserved] |
SELinux "ftpd_connect_all_unreserved" Boolean Check |
| oval:ssg-sebool_ftpd_anon_write:def:1 |
error |
compliance |
[sebool_ftpd_anon_write] |
SELinux "ftpd_anon_write" Boolean Check |
| oval:ssg-sebool_fips_mode:def:1 |
error |
compliance |
[sebool_fips_mode] |
SELinux "fips_mode" Boolean Check |
| oval:ssg-sebool_fenced_can_ssh:def:1 |
error |
compliance |
[sebool_fenced_can_ssh] |
SELinux "fenced_can_ssh" Boolean Check |
| oval:ssg-sebool_fenced_can_network_connect:def:1 |
error |
compliance |
[sebool_fenced_can_network_connect] |
SELinux "fenced_can_network_connect" Boolean Check |
| oval:ssg-sebool_fcron_crond:def:1 |
error |
compliance |
[sebool_fcron_crond] |
SELinux "fcron_crond" Boolean Check |
| oval:ssg-sebool_exim_read_user_files:def:1 |
error |
compliance |
[sebool_exim_read_user_files] |
SELinux "exim_read_user_files" Boolean Check |
| oval:ssg-sebool_exim_manage_user_files:def:1 |
error |
compliance |
[sebool_exim_manage_user_files] |
SELinux "exim_manage_user_files" Boolean Check |
| oval:ssg-sebool_exim_can_connect_db:def:1 |
error |
compliance |
[sebool_exim_can_connect_db] |
SELinux "exim_can_connect_db" Boolean Check |
| oval:ssg-sebool_entropyd_use_audio:def:1 |
error |
compliance |
[sebool_entropyd_use_audio] |
SELinux "entropyd_use_audio" Boolean Check |
| oval:ssg-sebool_domain_kernel_load_modules:def:1 |
error |
compliance |
[sebool_domain_kernel_load_modules] |
SELinux "domain_kernel_load_modules" Boolean Check |
| oval:ssg-sebool_domain_fd_use:def:1 |
error |
compliance |
[sebool_domain_fd_use] |
SELinux "domain_fd_use" Boolean Check |
| oval:ssg-sebool_dhcpd_use_ldap:def:1 |
error |
compliance |
[sebool_dhcpd_use_ldap] |
SELinux "dhcpd_use_ldap" Boolean Check |
| oval:ssg-sebool_dhcpc_exec_iptables:def:1 |
error |
compliance |
[sebool_dhcpc_exec_iptables] |
SELinux "dhcpc_exec_iptables" Boolean Check |
| oval:ssg-sebool_deny_ptrace:def:1 |
error |
compliance |
[sebool_deny_ptrace] |
SELinux "deny_ptrace" Boolean Check |
| oval:ssg-sebool_deny_execmem:def:1 |
error |
compliance |
[sebool_deny_execmem] |
SELinux "deny_execmem" Boolean Check |
| oval:ssg-sebool_dbadm_read_user_files:def:1 |
error |
compliance |
[sebool_dbadm_read_user_files] |
SELinux "dbadm_read_user_files" Boolean Check |
| oval:ssg-sebool_dbadm_manage_user_files:def:1 |
error |
compliance |
[sebool_dbadm_manage_user_files] |
SELinux "dbadm_manage_user_files" Boolean Check |
| oval:ssg-sebool_dbadm_exec_content:def:1 |
error |
compliance |
[sebool_dbadm_exec_content] |
SELinux "dbadm_exec_content" Boolean Check |
| oval:ssg-sebool_daemons_use_tty:def:1 |
error |
compliance |
[sebool_daemons_use_tty] |
SELinux "daemons_use_tty" Boolean Check |
| oval:ssg-sebool_daemons_use_tcp_wrapper:def:1 |
error |
compliance |
[sebool_daemons_use_tcp_wrapper] |
SELinux "daemons_use_tcp_wrapper" Boolean Check |
| oval:ssg-sebool_daemons_enable_cluster_mode:def:1 |
error |
compliance |
[sebool_daemons_enable_cluster_mode] |
SELinux "daemons_enable_cluster_mode" Boolean Check |
| oval:ssg-sebool_daemons_dump_core:def:1 |
error |
compliance |
[sebool_daemons_dump_core] |
SELinux "daemons_dump_core" Boolean Check |
| oval:ssg-sebool_cvs_read_shadow:def:1 |
error |
compliance |
[sebool_cvs_read_shadow] |
SELinux "cvs_read_shadow" Boolean Check |
| oval:ssg-sebool_cups_execmem:def:1 |
error |
compliance |
[sebool_cups_execmem] |
SELinux "cups_execmem" Boolean Check |
| oval:ssg-sebool_cron_userdomain_transition:def:1 |
error |
compliance |
[sebool_cron_userdomain_transition] |
SELinux "cron_userdomain_transition" Boolean Check |
| oval:ssg-sebool_cron_system_cronjob_use_shares:def:1 |
error |
compliance |
[sebool_cron_system_cronjob_use_shares] |
SELinux "cron_system_cronjob_use_shares" Boolean Check |
| oval:ssg-sebool_cron_can_relabel:def:1 |
error |
compliance |
[sebool_cron_can_relabel] |
SELinux "cron_can_relabel" Boolean Check |
| oval:ssg-sebool_conman_can_network:def:1 |
error |
compliance |
[sebool_conman_can_network] |
SELinux "conman_can_network" Boolean Check |
| oval:ssg-sebool_condor_tcp_network_connect:def:1 |
error |
compliance |
[sebool_condor_tcp_network_connect] |
SELinux "condor_tcp_network_connect" Boolean Check |
| oval:ssg-sebool_collectd_tcp_network_connect:def:1 |
error |
compliance |
[sebool_collectd_tcp_network_connect] |
SELinux "collectd_tcp_network_connect" Boolean Check |
| oval:ssg-sebool_cobbler_use_nfs:def:1 |
error |
compliance |
[sebool_cobbler_use_nfs] |
SELinux "cobbler_use_nfs" Boolean Check |
| oval:ssg-sebool_cobbler_use_cifs:def:1 |
error |
compliance |
[sebool_cobbler_use_cifs] |
SELinux "cobbler_use_cifs" Boolean Check |
| oval:ssg-sebool_cobbler_can_network_connect:def:1 |
error |
compliance |
[sebool_cobbler_can_network_connect] |
SELinux "cobbler_can_network_connect" Boolean Check |
| oval:ssg-sebool_cobbler_anon_write:def:1 |
error |
compliance |
[sebool_cobbler_anon_write] |
SELinux "cobbler_anon_write" Boolean Check |
| oval:ssg-sebool_cluster_use_execmem:def:1 |
error |
compliance |
[sebool_cluster_use_execmem] |
SELinux "cluster_use_execmem" Boolean Check |
| oval:ssg-sebool_cluster_manage_all_files:def:1 |
error |
compliance |
[sebool_cluster_manage_all_files] |
SELinux "cluster_manage_all_files" Boolean Check |
| oval:ssg-sebool_cluster_can_network_connect:def:1 |
error |
compliance |
[sebool_cluster_can_network_connect] |
SELinux "cluster_can_network_connect" Boolean Check |
| oval:ssg-sebool_cdrecord_read_content:def:1 |
error |
compliance |
[sebool_cdrecord_read_content] |
SELinux "cdrecord_read_content" Boolean Check |
| oval:ssg-sebool_boinc_execmem:def:1 |
error |
compliance |
[sebool_boinc_execmem] |
SELinux "boinc_execmem" Boolean Check |
| oval:ssg-sebool_awstats_purge_apache_log_files:def:1 |
error |
compliance |
[sebool_awstats_purge_apache_log_files] |
SELinux "awstats_purge_apache_log_files" Boolean Check |
| oval:ssg-sebool_authlogin_yubikey:def:1 |
error |
compliance |
[sebool_authlogin_yubikey] |
SELinux "authlogin_yubikey" Boolean Check |
| oval:ssg-sebool_authlogin_radius:def:1 |
error |
compliance |
[sebool_authlogin_radius] |
SELinux "authlogin_radius" Boolean Check |
| oval:ssg-sebool_authlogin_nsswitch_use_ldap:def:1 |
error |
compliance |
[sebool_authlogin_nsswitch_use_ldap] |
SELinux "authlogin_nsswitch_use_ldap" Boolean Check |
| oval:ssg-sebool_auditadm_exec_content:def:1 |
error |
compliance |
[sebool_auditadm_exec_content] |
SELinux "auditadm_exec_content" Boolean Check |
| oval:ssg-sebool_antivirus_use_jit:def:1 |
error |
compliance |
[sebool_antivirus_use_jit] |
SELinux "antivirus_use_jit" Boolean Check |
| oval:ssg-sebool_antivirus_can_scan_system:def:1 |
error |
compliance |
[sebool_antivirus_can_scan_system] |
SELinux "antivirus_can_scan_system" Boolean Check |
| oval:ssg-sebool_abrt_upload_watch_anon_write:def:1 |
error |
compliance |
[sebool_abrt_upload_watch_anon_write] |
SELinux "abrt_upload_watch_anon_write" Boolean Check |
| oval:ssg-sebool_abrt_handle_event:def:1 |
error |
compliance |
[sebool_abrt_handle_event] |
SELinux "abrt_handle_event" Boolean Check |
| oval:ssg-sebool_abrt_anon_write:def:1 |
error |
compliance |
[sebool_abrt_anon_write] |
SELinux "abrt_anon_write" Boolean Check |
| oval:ssg-firewalld_sshd_port_enabled:def:1 |
error |
compliance |
[CCE-80820-4], [firewalld_sshd_port_enabled] |
Allow inbound firewall access to the SSH Server port |
| oval:ssg-configure_firewalld_ports:def:1 |
error |
compliance |
[configure_firewalld_ports] |
Configure the Firewalld Ports |
| oval:ssg-configure_crypto_policy:def:1 |
error |
compliance |
[CCE-80935-0], [configure_crypto_policy] |
Configure System Cryptographic Policies |
| oval:ssg-banner_etc_motd:def:1 |
error |
compliance |
[CCE-83496-0], [banner_etc_motd] |
System Login Banner Compliance |
| oval:ssg-banner_etc_issue:def:1 |
error |
compliance |
[CCE-80763-6], [banner_etc_issue] |
System Login Banner Compliance |
| oval:ssg-auditd_data_retention_space_left_action:def:1 |
error |
compliance |
[CCE-80684-4], [auditd_data_retention_space_left_action] |
Auditd Action to Take When Disk Starting to Run Low on Space |
| oval:ssg-auditd_data_retention_space_left:def:1 |
error |
compliance |
[auditd_data_retention_space_left] |
Configure auditd space_left on Low Disk Space |
| oval:ssg-auditd_data_retention_num_logs:def:1 |
error |
compliance |
[CCE-80683-6], [auditd_data_retention_num_logs] |
Auditd Maximum Number of Logs to Retain |
| oval:ssg-auditd_data_retention_max_log_file_action:def:1 |
error |
compliance |
[CCE-80682-8], [auditd_data_retention_max_log_file_action] |
Auditd Action to Take When Maximum Log Size Reached |
| oval:ssg-auditd_data_retention_max_log_file:def:1 |
error |
compliance |
[CCE-80681-0], [auditd_data_retention_max_log_file] |
Auditd Maximum Log File Size |
| oval:ssg-auditd_data_retention_flush:def:1 |
error |
compliance |
[CCE-80680-2], [auditd_data_retention_flush] |
Auditd priority for flushing data to disk |
| oval:ssg-auditd_data_retention_admin_space_left_action:def:1 |
error |
compliance |
[CCE-80679-4], [auditd_data_retention_admin_space_left_action] |
Auditd Action to Take When Disk is Low on Space |
| oval:ssg-auditd_data_retention_action_mail_acct:def:1 |
error |
compliance |
[CCE-80678-6], [auditd_data_retention_action_mail_acct] |
Auditd Email Account to Notify Upon Action |
| oval:ssg-auditd_data_disk_full_action:def:1 |
error |
compliance |
[auditd_data_disk_full_action] |
Auditd Action to Take When Disk Is Full |
| oval:ssg-auditd_data_disk_error_action:def:1 |
error |
compliance |
[auditd_data_disk_error_action] |
Auditd Action to Take When Disk Errors |
| oval:ssg-accounts_umask_etc_profile:def:1 |
error |
compliance |
[CCE-81035-8], [accounts_umask_etc_profile] |
Ensure that Users Have Sensible Umask Values in /etc/profile |
| oval:ssg-accounts_umask_etc_login_defs:def:1 |
error |
compliance |
[accounts_umask_etc_login_defs] |
Ensure that Users Have Sensible Umask Values in /etc/login.defs |
| oval:ssg-accounts_umask_etc_csh_cshrc:def:1 |
error |
compliance |
[CCE-81037-4], [accounts_umask_etc_csh_cshrc] |
Ensure that Users Have Sensible Umask Values set for csh |
| oval:ssg-accounts_umask_etc_bashrc:def:1 |
error |
compliance |
[CCE-81036-6], [accounts_umask_etc_bashrc] |
Ensure that Users Have Sensible Umask Values set for bash |
| oval:ssg-accounts_password_warn_age_login_defs:def:1 |
error |
compliance |
[CCE-80671-1], [accounts_password_warn_age_login_defs] |
Set Password Expiration Parameters |
| oval:ssg-accounts_password_pam_retry:def:1 |
error |
compliance |
[CCE-80664-6], [accounts_password_pam_retry] |
Set Password retry Requirements |
| oval:ssg-accounts_password_minlen_login_defs:def:1 |
error |
compliance |
[CCE-80652-1], [accounts_password_minlen_login_defs] |
Set Password Expiration Parameters |
| oval:ssg-accounts_minimum_age_login_defs:def:1 |
error |
compliance |
[CCE-80648-9], [accounts_minimum_age_login_defs] |
Set Password Expiration Parameters |
| oval:ssg-accounts_maximum_age_login_defs:def:1 |
error |
compliance |
[CCE-80647-1], [accounts_maximum_age_login_defs] |
Set Password Expiration Parameters |
| oval:ssg-installed_env_is_a_machine:def:1 |
true |
inventory |
[cpe:/a:machine], [installed_env_is_a_machine] |
Check if the scan target is a machine |
| oval:ssg-installed_env_is_a_container:def:1 |
false |
inventory |
[cpe:/a:container], [installed_env_is_a_container] |
Check if the scan target is a container |
| oval:ssg-installed_env_has_zipl_package:def:1 |
false |
inventory |
[cpe:/a:zipl], [installed_env_has_zipl_package] |
System uses zIPL |
| oval:ssg-installed_env_has_yum_package:def:1 |
true |
inventory |
[cpe:/a:yum], [installed_env_has_yum_package] |
Package yum is installed |
| oval:ssg-installed_env_has_systemd_package:def:1 |
true |
inventory |
[cpe:/a:systemd], [installed_env_has_systemd_package] |
Package systemd is installed |
| oval:ssg-installed_env_has_sssd-common_package:def:1 |
true |
inventory |
[cpe:/a:sssd], [installed_env_has_sssd-common_package] |
Package sssd-common is installed |
| oval:ssg-installed_env_has_pam_package:def:1 |
true |
inventory |
[cpe:/a:pam], [installed_env_has_pam_package] |
Package pam is installed |
| oval:ssg-installed_env_has_ntp_package:def:1 |
false |
inventory |
[cpe:/a:ntp], [installed_env_has_ntp_package] |
Package ntp is installed |
| oval:ssg-installed_env_has_nss-pam-ldapd_package:def:1 |
false |
inventory |
[cpe:/a:nss-pam-ldapd], [installed_env_has_nss-pam-ldapd_package] |
Package nss-pam-ldapd is installed |
| oval:ssg-installed_env_has_login_defs:def:1 |
true |
inventory |
[cpe:/a:login_defs], [installed_env_has_login_defs] |
Package providing /etc/login.defs is installed |
| oval:ssg-installed_env_has_libuser_package:def:1 |
true |
inventory |
[cpe:/a:libuser], [installed_env_has_libuser_package] |
Package libuser is installed |
| oval:ssg-installed_env_has_grub2_package:def:1 |
true |
inventory |
[cpe:/a:grub2], [installed_env_has_grub2_package] |
Package grub2 is installed |
| oval:ssg-installed_env_has_gdm_package:def:1 |
false |
inventory |
[cpe:/a:gdm], [installed_env_has_gdm_package] |
Package gdm is installed |
| oval:ssg-installed_env_has_chrony_package:def:1 |
true |
inventory |
[cpe:/a:chrony], [installed_env_has_chrony_package] |
Package chrony is installed |
| oval:ssg-installed_app_is_rhv4:def:1 |
false |
inventory |
[cpe:/a:redhat:virtualization:4], [installed_app_is_rhv4] |
Red Hat Virtualization 4 |
| oval:ssg-installed_app_is_rhosp13:def:1 |
false |
inventory |
[cpe:/a:redhat:openstack:13.0], [installed_app_is_rhosp13] |
Red Hat OpenStack Platform |
| oval:ssg-installed_app_is_rhosp10:def:1 |
false |
inventory |
[cpe:/a:redhat:openstack:10], [installed_app_is_rhosp10] |
Red Hat OpenStack Platform |
| oval:ssg-installed_app_is_ocp4:def:1 |
true |
inventory |
[cpe:/a:redhat:openshift_container_platform:4.1], [installed_app_is_ocp4] |
Red Hat OpenShift Container Platform |
| oval:ssg-installed_app_is_ocp3:def:1 |
false |
inventory |
[cpe:/a:redhat:openshift_container_platform:3.10], [cpe:/a:redhat:openshift_container_platform:3.11], [installed_app_is_ocp3] |
Red Hat OpenShift Container Platform |
| oval:ssg-installed_OS_is_wrlinux8:def:1 |
false |
inventory |
[cpe:/o:windriver:wrlinux], [installed_OS_is_wrlinux8] |
WRLinux 8 |
| oval:ssg-installed_OS_is_wrlinux1019:def:1 |
false |
inventory |
[cpe:/o:windriver:wrlinux], [installed_OS_is_wrlinux1019] |
WRLinux 1019 |
| oval:ssg-installed_OS_is_ubuntu:def:1 |
false |
inventory |
[installed_OS_is_ubuntu] |
Ubuntu |
| oval:ssg-installed_OS_is_ubuntu1804:def:1 |
false |
inventory |
[cpe:/o:canonical:ubuntu_linux:18.04], [installed_OS_is_ubuntu1804] |
Ubuntu 1804 |
| oval:ssg-installed_OS_is_ubuntu1604:def:1 |
false |
inventory |
[cpe:/o:canonical:ubuntu_linux:16.04], [installed_OS_is_ubuntu1604] |
Ubuntu 1604 |
| oval:ssg-installed_OS_is_ubuntu1404:def:1 |
false |
inventory |
[cpe:/o:canonical:ubuntu_linux:14.04], [installed_OS_is_ubuntu1404] |
Ubuntu 1404 |
| oval:ssg-installed_OS_is_sle15:def:1 |
false |
inventory |
[cpe:/o:suse:linux_enterprise_server:15], [cpe:/o:suse:linux_enterprise_desktop:15], [installed_OS_is_sle15] |
SUSE Linux Enterprise 15 |
| oval:ssg-installed_OS_is_sle12:def:1 |
false |
inventory |
[cpe:/o:suse:linux_enterprise_server:12], [cpe:/o:suse:linux_enterprise_desktop:12], [installed_OS_is_sle12] |
SUSE Linux Enterprise 12 |
| oval:ssg-installed_OS_is_sle11:def:1 |
false |
inventory |
[cpe:/o:suse:linux_enterprise_server:11], [cpe:/o:suse:linux_enterprise_desktop:11], [installed_OS_is_sle11] |
SUSE Linux Enterprise 11 |
| oval:ssg-installed_OS_is_sl7:def:1 |
false |
inventory |
[cpe:/o:scientificlinux:scientificlinux:7], [installed_OS_is_sl7] |
Scientific Linux 7 |
| oval:ssg-installed_OS_is_sl6:def:1 |
false |
inventory |
[cpe:/o:scientificlinux:scientificlinux:6], [installed_OS_is_sl6] |
Scientific Linux 6 |
| oval:ssg-installed_OS_is_rhv4:def:1 |
true |
inventory |
[cpe:/o:redhat:virtualization:4], [installed_OS_is_rhv4] |
Red Hat Virtualization 4 |
| oval:ssg-installed_OS_is_rhel8:def:1 |
true |
inventory |
[cpe:/o:redhat:enterprise_linux:8], [installed_OS_is_rhel8] |
Red Hat Enterprise Linux 8 |
| oval:ssg-installed_OS_is_rhel7:def:1 |
false |
inventory |
[cpe:/o:redhat:enterprise_linux:7], [installed_OS_is_rhel7] |
Red Hat Enterprise Linux 7 |
| oval:ssg-installed_OS_is_rhel6:def:1 |
false |
inventory |
[cpe:/o:redhat:enterprise_linux:6], [installed_OS_is_rhel6] |
Red Hat Enterprise Linux 6 |
| oval:ssg-installed_OS_is_part_of_Unix_family:def:1 |
true |
inventory |
[installed_OS_is_part_of_Unix_family] |
Installed operating system is part of the Unix family |
| oval:ssg-installed_OS_is_opensuse_leap42:def:1 |
false |
inventory |
[cpe:/o:opensuse:leap:42.1], [cpe:/o:opensuse:leap:42.2], [cpe:/o:opensuse:leap:42.3], [installed_OS_is_opensuse_leap42] |
openSUSE Leap 42 |
| oval:ssg-installed_OS_is_opensuse_leap15:def:1 |
false |
inventory |
[cpe:/o:opensuse:leap:15.0], [installed_OS_is_opensuse_leap15] |
openSUSE Leap 15 |
| oval:ssg-installed_OS_is_opensuse:def:1 |
false |
inventory |
[installed_OS_is_opensuse] |
openSUSE |
| oval:ssg-installed_OS_is_ol8_family:def:1 |
false |
inventory |
[cpe:/o:oracle:linux:8], [installed_OS_is_ol8_family] |
Oracle Linux 8 |
| oval:ssg-installed_OS_is_ol7_family:def:1 |
false |
inventory |
[cpe:/o:oracle:linux:7], [installed_OS_is_ol7_family] |
Oracle Linux 7 |
| oval:ssg-installed_OS_is_ol6_family:def:1 |
false |
inventory |
[cpe:/o:oracle:linux:6], [installed_OS_is_ol6_family] |
Oracle Linux 6 |
| oval:ssg-installed_OS_is_fedora:def:1 |
false |
inventory |
[cpe:/o:fedoraproject:fedora:28], [installed_OS_is_fedora] |
Installed operating system is Fedora |
| oval:ssg-installed_OS_is_debian:def:1 |
false |
inventory |
[installed_OS_is_debian] |
Debian |
| oval:ssg-installed_OS_is_debian9:def:1 |
false |
inventory |
[cpe:/o:debian:debian_linux:9], [installed_OS_is_debian9] |
Debian 9 |
| oval:ssg-installed_OS_is_debian8:def:1 |
false |
inventory |
[cpe:/o:debian:debian_linux:8], [installed_OS_is_debian8] |
Debian 8 |
| oval:ssg-installed_OS_is_debian10:def:1 |
false |
inventory |
[cpe:/o:debian:debian_linux:10], [installed_OS_is_debian10] |
Debian Linux 10 |
| oval:ssg-installed_OS_is_centos8:def:1 |
false |
inventory |
[cpe:/o:centos:centos:8], [installed_OS_is_centos8] |
CentOS 8 |
| oval:ssg-installed_OS_is_centos7:def:1 |
false |
inventory |
[cpe:/o:centos:centos:7], [installed_OS_is_centos7] |
CentOS 7 |
| oval:ssg-installed_OS_is_centos6:def:1 |
false |
inventory |
[cpe:/o:centos:centos:6], [installed_OS_is_centos6] |
CentOS 6 |
| oval:ssg-zipl_bls_entries_only:def:1 |
true |
compliance |
[CCE-83485-3], [zipl_bls_entries_only] |
Ensure zIPL entries are BLS compliant |
| oval:ssg-xwindows_runlevel_target:def:1 |
true |
compliance |
[CCE-83380-6], [xwindows_runlevel_target] |
Disable X Windows Startup By Setting Default SystemD Target |
| oval:ssg-wireless_disable_interfaces:def:1 |
true |
compliance |
[CCE-83501-7], [wireless_disable_interfaces] |
Deactivate Wireless Interfaces |
| oval:ssg-var_umask_for_daemons_as_number:def:1 |
true |
compliance |
[var_umask_for_daemons_as_number] |
Value of 'var_umask_for_daemons' variable represented as octal number |
| oval:ssg-var_accounts_user_umask_as_number:def:1 |
true |
compliance |
[var_accounts_user_umask_as_number] |
Value of 'var_accounts_user_umask' variable represented as octal number |
| oval:ssg-use_kerberos_security_all_exports:def:1 |
true |
compliance |
[CCE-80924-4], [use_kerberos_security_all_exports] |
Use Kerberos Security on All Exports |
| oval:ssg-tftpd_uses_secure_mode:def:1 |
true |
compliance |
[CCE-82434-2], [tftpd_uses_secure_mode] |
TFTP Daemon Uses Secure Mode |
| oval:ssg-system_info_architecture_x86_64:def:1 |
true |
compliance |
[system_info_architecture_x86_64] |
Test for x86_64 Architecture |
| oval:ssg-system_info_architecture_64bit:def:1 |
true |
compliance |
[system_info_architecture_64bit] |
Test for 64-bit Architecture |
| oval:ssg-sysctl_static_net_ipv4_conf_default_send_redirects:def:1 |
true |
compliance |
[sysctl_static_net_ipv4_conf_default_send_redirects] |
Kernel "net.ipv4.conf.default.send_redirects" Parameter Configuration Check |
| oval:ssg-sysctl_static_net_ipv4_conf_all_send_redirects:def:1 |
true |
compliance |
[sysctl_static_net_ipv4_conf_all_send_redirects] |
Kernel "net.ipv4.conf.all.send_redirects" Parameter Configuration Check |
| oval:ssg-sysctl_static_kernel_kptr_restrict:def:1 |
true |
compliance |
[sysctl_static_kernel_kptr_restrict] |
Kernel "kernel.kptr_restrict" Parameter Configuration Check |
| oval:ssg-sysctl_static_kernel_core_pattern:def:1 |
true |
compliance |
[sysctl_static_kernel_core_pattern] |
Kernel "kernel.core_pattern" Parameter Configuration Check |
| oval:ssg-sysctl_static_fs_protected_symlinks:def:1 |
true |
compliance |
[sysctl_static_fs_protected_symlinks] |
Kernel "fs.protected_symlinks" Parameter Configuration Check |
| oval:ssg-sysctl_static_fs_protected_hardlinks:def:1 |
true |
compliance |
[sysctl_static_fs_protected_hardlinks] |
Kernel "fs.protected_hardlinks" Parameter Configuration Check |
| oval:ssg-sysctl_runtime_net_ipv4_ip_forward:def:1 |
true |
compliance |
[sysctl_runtime_net_ipv4_ip_forward] |
Kernel "net.ipv4.ip_forward" Parameter Runtime Check |
| oval:ssg-sysctl_runtime_net_ipv4_conf_default_send_redirects:def:1 |
true |
compliance |
[sysctl_runtime_net_ipv4_conf_default_send_redirects] |
Kernel "net.ipv4.conf.default.send_redirects" Parameter Runtime Check |
| oval:ssg-sysctl_runtime_net_ipv4_conf_all_send_redirects:def:1 |
true |
compliance |
[sysctl_runtime_net_ipv4_conf_all_send_redirects] |
Kernel "net.ipv4.conf.all.send_redirects" Parameter Runtime Check |
| oval:ssg-sysctl_runtime_kernel_unprivileged_bpf_disabled:def:1 |
true |
compliance |
[sysctl_runtime_kernel_unprivileged_bpf_disabled] |
Kernel "kernel.unprivileged_bpf_disabled" Parameter Runtime Check |
| oval:ssg-sysctl_runtime_kernel_randomize_va_space:def:1 |
true |
compliance |
[sysctl_runtime_kernel_randomize_va_space] |
Kernel "kernel.randomize_va_space" Parameter Runtime Check |
| oval:ssg-sysctl_runtime_kernel_perf_event_paranoid:def:1 |
true |
compliance |
[sysctl_runtime_kernel_perf_event_paranoid] |
Kernel "kernel.perf_event_paranoid" Parameter Runtime Check |
| oval:ssg-sysctl_runtime_kernel_kptr_restrict:def:1 |
true |
compliance |
[sysctl_runtime_kernel_kptr_restrict] |
Kernel "kernel.kptr_restrict" Parameter Runtime Check |
| oval:ssg-sysctl_runtime_fs_suid_dumpable:def:1 |
true |
compliance |
[sysctl_runtime_fs_suid_dumpable] |
Kernel "fs.suid_dumpable" Parameter Runtime Check |
| oval:ssg-sysctl_runtime_fs_protected_symlinks:def:1 |
true |
compliance |
[sysctl_runtime_fs_protected_symlinks] |
Kernel "fs.protected_symlinks" Parameter Runtime Check |
| oval:ssg-sysctl_runtime_fs_protected_hardlinks:def:1 |
true |
compliance |
[sysctl_runtime_fs_protected_hardlinks] |
Kernel "fs.protected_hardlinks" Parameter Runtime Check |
| oval:ssg-sysctl_net_ipv4_conf_default_send_redirects:def:1 |
true |
compliance |
[CCE-80921-0], [sysctl_net_ipv4_conf_default_send_redirects] |
Kernel "net.ipv4.conf.default.send_redirects" Parameter Configuration and Runtime Check |
| oval:ssg-sysctl_net_ipv4_conf_all_send_redirects:def:1 |
true |
compliance |
[CCE-80918-6], [sysctl_net_ipv4_conf_all_send_redirects] |
Kernel "net.ipv4.conf.all.send_redirects" Parameter Configuration and Runtime Check |
| oval:ssg-sysctl_kernel_kptr_restrict:def:1 |
true |
compliance |
[CCE-80915-2], [sysctl_kernel_kptr_restrict] |
Kernel "kernel.kptr_restrict" Parameter Configuration and Runtime Check |
| oval:ssg-sysctl_kernel_exec_shield:def:1 |
true |
compliance |
[CCE-80914-5], [sysctl_kernel_exec_shield] |
Kernel Runtime Parameter "kernel.exec-shield" Check |
| oval:ssg-sysctl_fs_protected_symlinks:def:1 |
true |
compliance |
[CCE-81030-9], [sysctl_fs_protected_symlinks] |
Kernel "fs.protected_symlinks" Parameter Configuration and Runtime Check |
| oval:ssg-sysctl_fs_protected_hardlinks:def:1 |
true |
compliance |
[CCE-81027-5], [sysctl_fs_protected_hardlinks] |
Kernel "fs.protected_hardlinks" Parameter Configuration and Runtime Check |
| oval:ssg-sysconfig_networking_bootproto_ifcfg:def:1 |
true |
compliance |
[sysconfig_networking_bootproto_ifcfg] |
Disable DHCP Client |
| oval:ssg-sudo_remove_no_authenticate:def:1 |
true |
compliance |
[CCE-82202-3], [sudo_remove_no_authenticate] |
Ensure !authenticate Is Not Used in Sudo |
| oval:ssg-sssd_ssh_known_hosts_timeout:def:1 |
true |
compliance |
[CCE-82442-5], [sssd_ssh_known_hosts_timeout] |
Configure SSSD to Expire SSH Known Hosts |
| oval:ssg-sssd_offline_cred_expiration:def:1 |
true |
compliance |
[CCE-82460-7], [sssd_offline_cred_expiration] |
Configure SSSD to Expire Offline Credentials |
| oval:ssg-sssd_memcache_timeout:def:1 |
true |
compliance |
[CCE-80910-3], [sssd_memcache_timeout] |
Configure SSSD's Memory Cache to Expire |
| oval:ssg-sssd_enable_smartcards:def:1 |
true |
compliance |
[CCE-80909-5], [sssd_enable_smartcards] |
Enable Smartcards in SSSD |
| oval:ssg-sshd_version_equal_or_higher_than_74:def:1 |
true |
compliance |
[sshd_version_equal_or_higher_than_74] |
OpenSSH Server is 7.4 or newer |
| oval:ssg-snmpd_use_newer_protocol:def:1 |
true |
compliance |
[snmpd_use_newer_protocol] |
SNMP use newer protocols |
| oval:ssg-snmpd_not_default_password:def:1 |
true |
compliance |
[snmpd_not_default_password] |
SNMP default communities disabled |
| oval:ssg-set_password_hashing_algorithm_systemauth:def:1 |
true |
compliance |
[CCE-80893-1], [set_password_hashing_algorithm_systemauth] |
Set Password Hashing Algorithm in /etc/pam.d/system-auth |
| oval:ssg-set_password_hashing_algorithm_logindefs:def:1 |
true |
compliance |
[CCE-80892-3], [set_password_hashing_algorithm_logindefs] |
Set SHA512 Password Hashing Algorithm in /etc/login.defs |
| oval:ssg-set_password_hashing_algorithm_libuserconf:def:1 |
true |
compliance |
[CCE-80891-5], [set_password_hashing_algorithm_libuserconf] |
Set SHA512 Password Hashing Algorithm in /etc/libuser.conf |
| oval:ssg-service_zebra_disabled:def:1 |
true |
compliance |
[CCE-80889-9], [service_zebra_disabled] |
Service zebra Disabled |
| oval:ssg-service_ypbind_disabled:def:1 |
true |
compliance |
[CCE-82433-4], [service_ypbind_disabled] |
Service ypbind Disabled |
| oval:ssg-service_xinetd_disabled:def:1 |
true |
compliance |
[CCE-80888-1], [service_xinetd_disabled] |
Service xinetd Disabled |
| oval:ssg-service_vsftpd_disabled:def:1 |
true |
compliance |
[CCE-82413-6], [service_vsftpd_disabled] |
Service vsftpd Disabled |
| oval:ssg-service_tftp_disabled:def:1 |
true |
compliance |
[CCE-82435-9], [service_tftp_disabled] |
Service tftp Disabled |
| oval:ssg-service_telnet_disabled:def:1 |
true |
compliance |
[CCE-80887-3], [service_telnet_disabled] |
Service telnet Disabled |
| oval:ssg-service_sysstat_disabled:def:1 |
true |
compliance |
[CCE-82388-0], [service_sysstat_disabled] |
Service sysstat Disabled |
| oval:ssg-service_sshd_enabled:def:1 |
true |
compliance |
[CCE-82426-8], [service_sshd_enabled] |
Service sshd Enabled |
| oval:ssg-service_squid_disabled:def:1 |
true |
compliance |
[CCE-82190-0], [service_squid_disabled] |
Service squid Disabled |
| oval:ssg-service_snmpd_disabled:def:1 |
true |
compliance |
[CCE-82758-4], [service_snmpd_disabled] |
Service snmpd Disabled |
| oval:ssg-service_smb_disabled:def:1 |
true |
compliance |
[CCE-82759-2], [service_smb_disabled] |
Service smb Disabled |
| oval:ssg-service_saslauthd_disabled:def:1 |
true |
compliance |
[CCE-82389-8], [service_saslauthd_disabled] |
Service saslauthd Disabled |
| oval:ssg-service_rsyslog_enabled:def:1 |
true |
compliance |
[CCE-80886-5], [service_rsyslog_enabled] |
Service rsyslog Enabled |
| oval:ssg-service_rsyncd_disabled:def:1 |
true |
compliance |
[CCE-83335-0], [service_rsyncd_disabled] |
Service rsyncd Disabled |
| oval:ssg-service_rsh_disabled:def:1 |
true |
compliance |
[CCE-82431-8], [service_rsh_disabled] |
Service rsh Disabled |
| oval:ssg-service_rpcsvcgssd_disabled:def:1 |
true |
compliance |
[service_rpcsvcgssd_disabled] |
Service rpcsvcgssd Disabled |
| oval:ssg-service_rpcidmapd_disabled:def:1 |
true |
compliance |
[service_rpcidmapd_disabled] |
Service rpcidmapd Disabled |
| oval:ssg-service_rpcgssd_disabled:def:1 |
true |
compliance |
[service_rpcgssd_disabled] |
Service rpcgssd Disabled |
| oval:ssg-service_rpcbind_disabled:def:1 |
true |
compliance |
[CCE-82858-2], [service_rpcbind_disabled] |
Service rpcbind Disabled |
| oval:ssg-service_rngd_enabled:def:1 |
true |
compliance |
[CCE-82831-9], [service_rngd_enabled] |
Service rngd Enabled |
| oval:ssg-service_rlogin_disabled:def:1 |
true |
compliance |
[CCE-80885-7], [service_rlogin_disabled] |
Service rlogin Disabled |
| oval:ssg-service_rhnsd_disabled:def:1 |
true |
compliance |
[CCE-82405-2], [service_rhnsd_disabled] |
Service rhnsd Disabled |
| oval:ssg-service_rexec_disabled:def:1 |
true |
compliance |
[CCE-80884-0], [service_rexec_disabled] |
Service rexec Disabled |
| oval:ssg-service_rdisc_disabled:def:1 |
true |
compliance |
[CCE-80883-2], [service_rdisc_disabled] |
Service rdisc Disabled |
| oval:ssg-service_quota_nld_disabled:def:1 |
true |
compliance |
[CCE-82406-0], [service_quota_nld_disabled] |
Service quota_nld Disabled |
| oval:ssg-service_qpidd_disabled:def:1 |
true |
compliance |
[CCE-80882-4], [service_qpidd_disabled] |
Service qpidd Disabled |
| oval:ssg-service_portreserve_disabled:def:1 |
true |
compliance |
[CCE-82390-6], [service_portreserve_disabled] |
Service portreserve Disabled |
| oval:ssg-service_oddjobd_disabled:def:1 |
true |
compliance |
[CCE-80880-8], [service_oddjobd_disabled] |
Service oddjobd Disabled |
| oval:ssg-service_ntpdate_disabled:def:1 |
true |
compliance |
[CCE-80879-0], [service_ntpdate_disabled] |
Service ntpdate Disabled |
| oval:ssg-service_nfslock_disabled:def:1 |
true |
compliance |
[service_nfslock_disabled] |
Service nfslock Disabled |
| oval:ssg-service_nfs_disabled:def:1 |
true |
compliance |
[CCE-82762-6], [service_nfs_disabled] |
Service nfs Disabled |
| oval:ssg-service_netfs_disabled:def:1 |
true |
compliance |
[service_netfs_disabled] |
Service netfs Disabled |
| oval:ssg-service_netconsole_disabled:def:1 |
true |
compliance |
[CCE-82455-7], [service_netconsole_disabled] |
Service netconsole Disabled |
| oval:ssg-service_named_disabled:def:1 |
true |
compliance |
[CCE-82409-4], [service_named_disabled] |
Service named Disabled |
| oval:ssg-service_mdmonitor_disabled:def:1 |
true |
compliance |
[CCE-82386-4], [service_mdmonitor_disabled] |
Service mdmonitor Disabled |
| oval:ssg-service_firewalld_enabled:def:1 |
true |
compliance |
[CCE-80877-4], [service_firewalld_enabled] |
Service firewalld Enabled |
| oval:ssg-service_dovecot_disabled:def:1 |
true |
compliance |
[CCE-82760-0], [service_dovecot_disabled] |
Service dovecot Disabled |
| oval:ssg-service_dhcpd_disabled:def:1 |
true |
compliance |
[CCE-82864-0], [service_dhcpd_disabled] |
Service dhcpd Disabled |
| oval:ssg-service_debug-shell_disabled:def:1 |
true |
compliance |
[CCE-80876-6], [service_debug-shell_disabled] |
Service debug-shell Disabled |
| oval:ssg-service_cups_disabled:def:1 |
true |
compliance |
[CCE-82861-6], [service_cups_disabled] |
Service cups Disabled |
| oval:ssg-service_crond_enabled:def:1 |
true |
compliance |
[CCE-80875-8], [service_crond_enabled] |
Service crond Enabled |
| oval:ssg-service_chronyd_or_ntpd_enabled:def:1 |
true |
compliance |
[CCE-80874-1], [service_chronyd_or_ntpd_enabled] |
Service chronyd Or Service ntpd Enabled |
| oval:ssg-service_chronyd_enabled:def:1 |
true |
compliance |
[CCE-82875-6], [service_chronyd_enabled] |
Service chronyd Enabled |
| oval:ssg-service_certmonger_disabled:def:1 |
true |
compliance |
[CCE-82452-4], [service_certmonger_disabled] |
Service certmonger Disabled |
| oval:ssg-service_bluetooth_disabled:def:1 |
true |
compliance |
[service_bluetooth_disabled] |
Service bluetooth Disabled |
| oval:ssg-service_avahi-daemon_disabled:def:1 |
true |
compliance |
[CCE-82188-4], [service_avahi-daemon_disabled] |
Service avahi-daemon Disabled |
| oval:ssg-service_autofs_disabled:def:1 |
true |
compliance |
[CCE-80873-3], [service_autofs_disabled] |
Service autofs Disabled |
| oval:ssg-service_auditd_enabled:def:1 |
true |
compliance |
[CCE-80872-5], [service_auditd_enabled] |
Service auditd Enabled |
| oval:ssg-service_atd_disabled:def:1 |
true |
compliance |
[CCE-80871-7], [service_atd_disabled] |
Service atd Disabled |
| oval:ssg-service_acpid_disabled:def:1 |
true |
compliance |
[CCE-82407-8], [service_acpid_disabled] |
Service acpid Disabled |
| oval:ssg-service_abrtd_disabled:def:1 |
true |
compliance |
[CCE-80870-9], [service_abrtd_disabled] |
Service abrtd Disabled |
| oval:ssg-selinux_confinement_of_daemons:def:1 |
true |
compliance |
[CCE-80867-5], [selinux_confinement_of_daemons] |
Ensure No Daemons are Unconfined by SELinux |
| oval:ssg-selinux_all_devicefiles_labeled:def:1 |
true |
compliance |
[CCE-80866-7], [selinux_all_devicefiles_labeled] |
Device Files Have Proper SELinux Context |
| oval:ssg-securetty_root_login_console_only:def:1 |
true |
compliance |
[CCE-80864-2], [securetty_root_login_console_only] |
Restrict Virtual Console Root Logins |
| oval:ssg-rsyslog_nolisten:def:1 |
true |
compliance |
[CCE-84275-7], [rsyslog_nolisten] |
Disable Rsyslogd from Accepting Remote Messages on Loghosts
Only |
| oval:ssg-rsyslog_files_permissions:def:1 |
true |
compliance |
[CCE-80862-6], [rsyslog_files_permissions] |
Confirm Existence and Permissions of System Log Files |
| oval:ssg-rsyslog_files_ownership:def:1 |
true |
compliance |
[CCE-80861-8], [rsyslog_files_ownership] |
Confirm Existence and Permissions of System Log Files |
| oval:ssg-rsyslog_files_groupownership:def:1 |
true |
compliance |
[CCE-80860-0], [rsyslog_files_groupownership] |
Confirm Existence and Permissions of System Log Files |
| oval:ssg-rsyslog_cron_logging:def:1 |
true |
compliance |
[CCE-80859-2], [rsyslog_cron_logging] |
Verify Cron is Logging to Rsyslog |
| oval:ssg-rpm_verify_ownership:def:1 |
true |
compliance |
[CCE-82196-7], [rpm_verify_ownership] |
Verify File Ownership Using RPM |
| oval:ssg-rpm_verify_hashes:def:1 |
true |
compliance |
[CCE-80857-6], [rpm_verify_hashes] |
Verify File Hashes with RPM |
| oval:ssg-root_path_no_dot:def:1 |
true |
compliance |
[root_path_no_dot] |
Ensure that No Dangerous Directories Exist in Root's Path |
| oval:ssg-restrict_serial_port_logins:def:1 |
true |
compliance |
[CCE-80856-8], [restrict_serial_port_logins] |
Restrict Serial Port Root Logins |
| oval:ssg-require_singleuser_auth:def:1 |
true |
compliance |
[CCE-80855-0], [require_singleuser_auth] |
Require Authentication for Single-User Mode |
| oval:ssg-require_emergency_target_auth:def:1 |
true |
compliance |
[CCE-82186-8], [require_emergency_target_auth] |
Require Authentication for Emergency Mode |
| oval:ssg-removable_partition_doesnt_exist:def:1 |
true |
compliance |
[removable_partition_doesnt_exist] |
Device Files for Removable Media Partitions Does Not Exist on the System |
| oval:ssg-postfix_network_listening_disabled:def:1 |
true |
compliance |
[CCE-82174-4], [postfix_network_listening_disabled] |
Postfix network listening should be disabled |
| oval:ssg-package_ypserv_removed:def:1 |
true |
compliance |
[CCE-82432-6], [package_ypserv_removed] |
Package ypserv Removed |
| oval:ssg-package_ypbind_removed:def:1 |
true |
compliance |
[CCE-82181-9], [package_ypbind_removed] |
Package ypbind Removed |
| oval:ssg-package_xorg-x11-server-common_removed:def:1 |
true |
compliance |
[CCE-82757-6], [package_xorg-x11-server-common_removed] |
Package xorg-x11-server-common Removed |
| oval:ssg-package_xinetd_removed:def:1 |
true |
compliance |
[CCE-80850-1], [package_xinetd_removed] |
Package xinetd Removed |
| oval:ssg-package_vsftpd_removed:def:1 |
true |
compliance |
[CCE-82414-4], [package_vsftpd_removed] |
Package vsftpd Removed |
| oval:ssg-package_tmux_installed:def:1 |
true |
compliance |
[CCE-80644-8], [package_tmux_installed] |
Package tmux Installed |
| oval:ssg-package_tftp_removed:def:1 |
true |
compliance |
[package_tftp_removed] |
Package tftp Removed |
| oval:ssg-package_tftp-server_removed:def:1 |
true |
compliance |
[CCE-82436-7], [package_tftp-server_removed] |
Package tftp-server Removed |
| oval:ssg-package_telnetd_removed:def:1 |
true |
compliance |
[package_telnetd_removed] |
Package telnetd Removed |
| oval:ssg-package_telnetd-ssl_removed:def:1 |
true |
compliance |
[package_telnetd-ssl_removed] |
Package telnetd-ssl Removed |
| oval:ssg-package_telnet_removed:def:1 |
true |
compliance |
[CCE-80849-3], [package_telnet_removed] |
Package telnet Removed |
| oval:ssg-package_telnet-server_removed:def:1 |
true |
compliance |
[CCE-82182-7], [package_telnet-server_removed] |
Package telnet-server Removed |
| oval:ssg-package_tar_installed:def:1 |
true |
compliance |
[CCE-82965-5], [package_tar_installed] |
Package tar Installed |
| oval:ssg-package_talk_removed:def:1 |
true |
compliance |
[CCE-80848-5], [package_talk_removed] |
Package talk Removed |
| oval:ssg-package_talk-server_removed:def:1 |
true |
compliance |
[CCE-82180-1], [package_talk-server_removed] |
Package talk-server Removed |
| oval:ssg-package_sudo_installed:def:1 |
true |
compliance |
[CCE-82214-8], [package_sudo_installed] |
Package sudo Installed |
| oval:ssg-package_subscription-manager_installed:def:1 |
true |
compliance |
[CCE-82316-1], [package_subscription-manager_installed] |
Package subscription-manager Installed |
| oval:ssg-package_squid_removed:def:1 |
true |
compliance |
[CCE-82189-2], [package_squid_removed] |
Package squid Removed |
| oval:ssg-package_setroubleshoot_removed:def:1 |
true |
compliance |
[CCE-82755-0], [package_setroubleshoot_removed] |
Package setroubleshoot Removed |
| oval:ssg-package_sendmail_removed:def:1 |
true |
compliance |
[CCE-81039-0], [package_sendmail_removed] |
Package sendmail Removed |
| oval:ssg-package_scap-security-guide_installed:def:1 |
true |
compliance |
[CCE-82949-9], [package_scap-security-guide_installed] |
Package scap-security-guide Installed |
| oval:ssg-package_samba_removed:def:1 |
true |
compliance |
[package_samba_removed] |
Package samba Removed |
| oval:ssg-package_samba-common_installed:def:1 |
true |
compliance |
[package_samba-common_installed] |
Package samba-common Installed |
| oval:ssg-package_rsyslog_installed:def:1 |
true |
compliance |
[CCE-80847-7], [package_rsyslog_installed] |
Package rsyslog Installed |
| oval:ssg-package_rsh_removed:def:1 |
true |
compliance |
[CCE-82183-5], [package_rsh_removed] |
Package rsh Removed |
| oval:ssg-package_rsh-server_removed:def:1 |
true |
compliance |
[CCE-82184-3], [package_rsh-server_removed] |
Package rsh-server Removed |
| oval:ssg-package_rng-tools_installed:def:1 |
true |
compliance |
[CCE-82968-9], [package_rng-tools_installed] |
Package rng-tools Installed |
| oval:ssg-package_quagga_removed:def:1 |
true |
compliance |
[CCE-82187-6], [package_quagga_removed] |
Package quagga Removed |
| oval:ssg-package_prelink_removed:def:1 |
true |
compliance |
[package_prelink_removed] |
Package prelink Removed |
| oval:ssg-package_policycoreutils_installed:def:1 |
true |
compliance |
[CCE-82976-2], [package_policycoreutils_installed] |
Package policycoreutils Installed |
| oval:ssg-package_policycoreutils-python-utils_installed:def:1 |
true |
compliance |
[CCE-82724-6], [package_policycoreutils-python-utils_installed] |
Package policycoreutils-python-utils Installed |
| oval:ssg-package_pam_ldap_removed:def:1 |
true |
compliance |
[package_pam_ldap_removed] |
Package pam_ldap Removed |
| oval:ssg-package_openssh-server_installed:def:1 |
true |
compliance |
[CCE-83303-8], [package_openssh-server_installed] |
Package openssh-server Installed |
| oval:ssg-package_openssh-clients_installed:def:1 |
true |
compliance |
[CCE-82722-0], [package_openssh-clients_installed] |
Package openssh-clients Installed |
| oval:ssg-package_openscap-scanner_installed:def:1 |
true |
compliance |
[CCE-82220-5], [package_openscap-scanner_installed] |
Package openscap-scanner Installed |
| oval:ssg-package_openldap-servers_removed:def:1 |
true |
compliance |
[CCE-82415-1], [package_openldap-servers_removed] |
Package openldap-servers Removed |
| oval:ssg-package_ntpdate_removed:def:1 |
true |
compliance |
[package_ntpdate_removed] |
Package ntpdate Removed |
| oval:ssg-package_nss-tools_installed:def:1 |
true |
compliance |
[CCE-82396-3], [package_nss-tools_installed] |
Package nss-tools Installed |
| oval:ssg-package_nis_removed:def:1 |
true |
compliance |
[package_nis_removed] |
Package nis Removed |
| oval:ssg-package_nfs-utils_removed:def:1 |
true |
compliance |
[CCE-82932-5], [package_nfs-utils_removed] |
Package nfs-utils Removed |
| oval:ssg-package_net-snmp_removed:def:1 |
true |
compliance |
[package_net-snmp_removed] |
Package net-snmp Removed |
| oval:ssg-package_mcstrans_removed:def:1 |
true |
compliance |
[CCE-82756-8], [package_mcstrans_removed] |
Package mcstrans Removed |
| oval:ssg-package_libselinux_installed:def:1 |
true |
compliance |
[CCE-82877-2], [package_libselinux_installed] |
Package libselinux Installed |
| oval:ssg-package_libreswan_installed:def:1 |
true |
compliance |
[CCE-80845-1], [package_libreswan_installed] |
Package libreswan Installed |
| oval:ssg-package_krb5-workstation_removed:def:1 |
true |
compliance |
[CCE-82931-7], [package_krb5-workstation_removed] |
Package krb5-workstation Removed |
| oval:ssg-package_krb5-server_removed:def:1 |
true |
compliance |
[package_krb5-server_removed] |
Package krb5-server Removed |
| oval:ssg-package_iptables_installed:def:1 |
true |
compliance |
[CCE-82982-0], [package_iptables_installed] |
Package iptables Installed |
| oval:ssg-package_inetutils-telnetd_removed:def:1 |
true |
compliance |
[package_inetutils-telnetd_removed] |
Package inetutils-telnetd Removed |
| oval:ssg-package_gssproxy_removed:def:1 |
true |
compliance |
[CCE-82943-2], [package_gssproxy_removed] |
Package gssproxy Removed |
| oval:ssg-package_gdm_removed:def:1 |
true |
compliance |
[CCE-82367-4], [package_gdm_removed] |
Package gdm Removed |
| oval:ssg-package_freeradius_removed:def:1 |
true |
compliance |
[CCE-82752-7], [package_freeradius_removed] |
Package freeradius Removed |
| oval:ssg-package_firewalld_installed:def:1 |
true |
compliance |
[CCE-82998-6], [package_firewalld_installed] |
Package firewalld Installed |
| oval:ssg-package_dovecot_removed:def:1 |
true |
compliance |
[package_dovecot_removed] |
Package dovecot Removed |
| oval:ssg-package_dnf-plugin-subscription-manager_installed:def:1 |
true |
compliance |
[CCE-82315-3], [package_dnf-plugin-subscription-manager_installed] |
Package dnf-plugin-subscription-manager Installed |
| oval:ssg-package_dhcp_removed:def:1 |
true |
compliance |
[package_dhcp_removed] |
Package dhcp Removed |
| oval:ssg-package_dconf_installed:def:1 |
true |
compliance |
[package_dconf_installed] |
Package dconf Installed |
| oval:ssg-package_crypto-policies_installed:def:1 |
true |
compliance |
[CCE-82723-8], [package_crypto-policies_installed] |
Package crypto-policies Installed |
| oval:ssg-package_chrony_installed:def:1 |
true |
compliance |
[CCE-82874-9], [package_chrony_installed] |
Package chrony Installed |
| oval:ssg-package_binutils_installed:def:1 |
true |
compliance |
[CCE-82989-5], [package_binutils_installed] |
Package binutils Installed |
| oval:ssg-package_bind_removed:def:1 |
true |
compliance |
[CCE-82408-6], [package_bind_removed] |
Package bind Removed |
| oval:ssg-package_audit_installed:def:1 |
true |
compliance |
[CCE-81043-2], [package_audit_installed] |
Package audit Installed |
| oval:ssg-package_abrt_removed:def:1 |
true |
compliance |
[CCE-80948-3], [package_abrt_removed] |
Package abrt Removed |
| oval:ssg-package_abrt-plugin-sosreport_removed:def:1 |
true |
compliance |
[CCE-82910-1], [package_abrt-plugin-sosreport_removed] |
Package abrt-plugin-sosreport Removed |
| oval:ssg-package_abrt-plugin-rhtsupport_removed:def:1 |
true |
compliance |
[CCE-82916-8], [package_abrt-plugin-rhtsupport_removed] |
Package abrt-plugin-rhtsupport Removed |
| oval:ssg-package_abrt-plugin-logger_removed:def:1 |
true |
compliance |
[CCE-82913-5], [package_abrt-plugin-logger_removed] |
Package abrt-plugin-logger Removed |
| oval:ssg-package_abrt-cli_removed:def:1 |
true |
compliance |
[CCE-82907-7], [package_abrt-cli_removed] |
Package abrt-cli Removed |
| oval:ssg-package_abrt-addon-python_removed:def:1 |
true |
compliance |
[CCE-82923-4], [package_abrt-addon-python_removed] |
Package abrt-addon-python Removed |
| oval:ssg-package_abrt-addon-kerneloops_removed:def:1 |
true |
compliance |
[CCE-82926-7], [package_abrt-addon-kerneloops_removed] |
Package abrt-addon-kerneloops Removed |
| oval:ssg-package_abrt-addon-ccpp_removed:def:1 |
true |
compliance |
[CCE-82919-2], [package_abrt-addon-ccpp_removed] |
Package abrt-addon-ccpp Removed |
| oval:ssg-package_GConf2_installed:def:1 |
true |
compliance |
[package_GConf2_installed] |
Package GConf2 Installed |
| oval:ssg-no_user_host_based_files:def:1 |
true |
compliance |
[no_user_host_based_files] |
No .shosts file deployed on the system |
| oval:ssg-no_shelllogin_for_systemaccounts:def:1 |
true |
compliance |
[CCE-80843-6], [no_shelllogin_for_systemaccounts] |
System Accounts Do Not Run a Shell |
| oval:ssg-no_rsh_trust_files:def:1 |
true |
compliance |
[CCE-80842-8], [no_rsh_trust_files] |
No Legacy .rhosts Or hosts.equiv Files |
| oval:ssg-no_netrc_files:def:1 |
true |
compliance |
[CCE-83444-0], [no_netrc_files] |
Verify No netrc Files Exist |
| oval:ssg-no_legacy_plus_entries_etc_shadow:def:1 |
true |
compliance |
[CCE-84290-6], [no_legacy_plus_entries_etc_shadow] |
Ensure there are no legacy + NIS entries in /etc/shadow |
| oval:ssg-no_legacy_plus_entries_etc_passwd:def:1 |
true |
compliance |
[CCE-82890-5], [no_legacy_plus_entries_etc_passwd] |
Ensure there are no legacy + NIS entries in /etc/passwd |
| oval:ssg-no_legacy_plus_entries_etc_group:def:1 |
true |
compliance |
[CCE-83389-7], [no_legacy_plus_entries_etc_group] |
Ensure there are no legacy + NIS entries in /etc/group |
| oval:ssg-no_insecure_locks_exports:def:1 |
true |
compliance |
[no_insecure_locks_exports] |
Ensure insecure_locks is disabled |
| oval:ssg-no_host_based_files:def:1 |
true |
compliance |
[no_host_based_files] |
No shosts.equiv file deployed on the system |
| oval:ssg-no_files_unowned_by_user:def:1 |
true |
compliance |
[CCE-83499-4], [no_files_unowned_by_user] |
Find files unowned by a user |
| oval:ssg-no_cd_dvd_drive_in_etc_fstab:def:1 |
true |
compliance |
[no_cd_dvd_drive_in_etc_fstab] |
No CD/DVD drive is configured to automount in /etc/fstab |
| oval:ssg-network_sniffer_disabled:def:1 |
true |
compliance |
[CCE-82283-3], [network_sniffer_disabled] |
Disable the network sniffer |
| oval:ssg-network_disable_ddns_interfaces:def:1 |
true |
compliance |
[network_disable_ddns_interfaces] |
Disable Client Dynamic DNS Updates |
| oval:ssg-mount_option_smb_client_signing:def:1 |
true |
compliance |
[mount_option_smb_client_signing] |
Require Client SMB Packet Signing, if using
mount.cifs |
| oval:ssg-mount_option_nosuid_removable_partitions:def:1 |
true |
compliance |
[CCE-82744-4], [mount_option_nosuid_removable_partitions] |
Add nosuid Option to Removable Media Partitions |
| oval:ssg-mount_option_nosuid_remote_filesystems:def:1 |
true |
compliance |
[mount_option_nosuid_remote_filesystems] |
Mount Remote Filesystems with nosuid |
| oval:ssg-mount_option_noexec_removable_partitions:def:1 |
true |
compliance |
[CCE-82746-9], [mount_option_noexec_removable_partitions] |
Add noexec Option to Removable Media Partitions |
| oval:ssg-mount_option_noexec_remote_filesystems:def:1 |
true |
compliance |
[mount_option_noexec_remote_filesystems] |
Mount Remote Filesystems with noexec |
| oval:ssg-mount_option_nodev_removable_partitions:def:1 |
true |
compliance |
[CCE-82742-8], [mount_option_nodev_removable_partitions] |
Add nodev Option to Removable Media Partitions |
| oval:ssg-mount_option_nodev_remote_filesystems:def:1 |
true |
compliance |
[mount_option_nodev_remote_filesystems] |
Mount Remote Filesystems with nodev |
| oval:ssg-mount_option_krb_sec_remote_filesystems:def:1 |
true |
compliance |
[mount_option_krb_sec_remote_filesystems] |
Mount Remote Filesystems with sec_krb5_krb5i_krb5p |
| oval:ssg-mount_option_dev_shm_nosuid:def:1 |
true |
compliance |
[CCE-80839-4], [mount_option_dev_shm_nosuid] |
Add nosuid Option to /dev/shm |
| oval:ssg-mount_option_dev_shm_nodev:def:1 |
true |
compliance |
[CCE-80837-8], [mount_option_dev_shm_nodev] |
Add nodev Option to /dev/shm |
| oval:ssg-kerberos_disable_no_keytab:def:1 |
true |
compliance |
[CCE-82175-1], [kerberos_disable_no_keytab] |
Restrict Kerberos operation by removing keytab files |
| oval:ssg-installed_OS_is_vendor_supported:def:1 |
true |
compliance |
[CCE-80947-5], [installed_OS_is_vendor_supported] |
Vendor Supported Operating System |
| oval:ssg-installed_OS_is_FIPS_certified:def:1 |
true |
compliance |
[CCE-80830-3], [installed_OS_is_FIPS_certified] |
FIPS 140-2 Certified Operating System |
| oval:ssg-install_hids:def:1 |
true |
compliance |
[CCE-80831-1], [install_hids] |
Install Intrusion Detection Software |
| oval:ssg-install_PAE_kernel_on_x86-32:def:1 |
true |
compliance |
[install_PAE_kernel_on_x86-32] |
Package kernel-PAE Installed |
| oval:ssg-grub2_uefi_password:def:1 |
true |
compliance |
[CCE-80829-5], [grub2_uefi_password] |
Set the UEFI Boot Loader Password |
| oval:ssg-grub2_uefi_admin_username:def:1 |
true |
compliance |
[CCE-83542-1], [grub2_uefi_admin_username] |
Set the UEFI Boot Loader Superuser Username to Unique Value |
| oval:ssg-grub2_no_removeable_media:def:1 |
true |
compliance |
[grub2_no_removeable_media] |
Boot Loader Is Not Installed On Removeable Media |
| oval:ssg-grub2_enable_selinux:def:1 |
true |
compliance |
[CCE-80827-9], [grub2_enable_selinux] |
Enable SELinux in the GRUB2 Bootloader" |
| oval:ssg-grub2_disable_interactive_boot:def:1 |
true |
compliance |
[CCE-80826-1], [grub2_disable_interactive_boot] |
Verify that Interactive Boot is Disabled |
| oval:ssg-gnome_gdm_disable_guest_login:def:1 |
true |
compliance |
[CCE-80824-6], [gnome_gdm_disable_guest_login] |
Disable GDM Guest Login |
| oval:ssg-gnome_gdm_disable_automatic_login:def:1 |
true |
compliance |
[CCE-80823-8], [gnome_gdm_disable_automatic_login] |
Disable GDM Automatic Login |
| oval:ssg-gid_passwd_group_same:def:1 |
true |
compliance |
[CCE-80822-0], [gid_passwd_group_same] |
All GIDs Are Present In /etc/group |
| oval:ssg-ftp_present_banner:def:1 |
true |
compliance |
[ftp_present_banner] |
Banner for FTP Users |
| oval:ssg-ftp_log_transactions:def:1 |
true |
compliance |
[ftp_log_transactions] |
Banner for FTP Users |
| oval:ssg-file_permissions_var_log_audit:def:1 |
true |
compliance |
[CCE-80819-6], [file_permissions_var_log_audit] |
Verify /var/log/audit Permissions |
| oval:ssg-file_permissions_ungroupowned:def:1 |
true |
compliance |
[CCE-83497-8], [file_permissions_ungroupowned] |
Find files unowned by a group |
| oval:ssg-file_permissions_unauthorized_world_writable:def:1 |
true |
compliance |
[CCE-80818-8], [file_permissions_unauthorized_world_writable] |
Find Unauthorized World-Writable Files |
| oval:ssg-file_permissions_systemmap:def:1 |
true |
compliance |
[file_permissions_systemmap] |
Verify that System.map files are readable only by root |
| oval:ssg-file_permissions_sshd_pub_key:def:1 |
true |
compliance |
[CCE-82428-4], [file_permissions_sshd_pub_key] |
Verify /etc/ssh/ Mode Permissions |
| oval:ssg-file_permissions_sshd_private_key:def:1 |
true |
compliance |
[CCE-82424-3], [file_permissions_sshd_private_key] |
Verify /etc/ssh/ Mode Permissions |
| oval:ssg-file_permissions_sshd_config:def:1 |
true |
compliance |
[CCE-82894-7], [file_permissions_sshd_config] |
Verify /etc/ssh/sshd_config Mode Permissions |
| oval:ssg-file_permissions_library_dirs:def:1 |
true |
compliance |
[CCE-80815-4], [file_permissions_library_dirs] |
Verify that Shared Library Files Have Restrictive Permissions |
| oval:ssg-file_permissions_home_dirs:def:1 |
true |
compliance |
[CCE-84274-0], [file_permissions_home_dirs] |
Proper Permissions User Home Directories |
| oval:ssg-file_permissions_etc_shadow:def:1 |
true |
compliance |
[CCE-80813-9], [file_permissions_etc_shadow] |
Verify /etc/shadow Mode Permissions |
| oval:ssg-file_permissions_etc_passwd:def:1 |
true |
compliance |
[CCE-80812-1], [file_permissions_etc_passwd] |
Verify /etc/passwd Mode Permissions |
| oval:ssg-file_permissions_etc_motd:def:1 |
true |
compliance |
[CCE-83338-4], [file_permissions_etc_motd] |
Verify /etc/motd Mode Permissions |
| oval:ssg-file_permissions_etc_issue:def:1 |
true |
compliance |
[CCE-83348-3], [file_permissions_etc_issue] |
Verify /etc/issue Mode Permissions |
| oval:ssg-file_permissions_etc_gshadow:def:1 |
true |
compliance |
[CCE-80811-3], [file_permissions_etc_gshadow] |
Verify /etc/gshadow Mode Permissions |
| oval:ssg-file_permissions_etc_group:def:1 |
true |
compliance |
[CCE-80810-5], [file_permissions_etc_group] |
Verify /etc/group Mode Permissions |
| oval:ssg-file_permissions_efi_grub2_cfg:def:1 |
true |
compliance |
[file_permissions_efi_grub2_cfg] |
Verify the UEFI Boot Loader grub.cfg Permissions |
| oval:ssg-file_permissions_binary_dirs:def:1 |
true |
compliance |
[CCE-80809-7], [file_permissions_binary_dirs] |
Verify that System Executables Have Restrictive Permissions |
| oval:ssg-file_permissions_backup_etc_shadow:def:1 |
true |
compliance |
[CCE-83417-6], [file_permissions_backup_etc_shadow] |
Verify /etc/shadow- Mode Permissions |
| oval:ssg-file_permissions_backup_etc_passwd:def:1 |
true |
compliance |
[CCE-83332-7], [file_permissions_backup_etc_passwd] |
Verify /etc/passwd- Mode Permissions |
| oval:ssg-file_permissions_backup_etc_gshadow:def:1 |
true |
compliance |
[CCE-83573-6], [file_permissions_backup_etc_gshadow] |
Verify /etc/gshadow- Mode Permissions |
| oval:ssg-file_permissions_backup_etc_group:def:1 |
true |
compliance |
[CCE-83483-8], [file_permissions_backup_etc_group] |
Verify /etc/group- Mode Permissions |
| oval:ssg-file_ownership_var_log_audit:def:1 |
true |
compliance |
[CCE-80808-9], [file_ownership_var_log_audit] |
Verify /var/log/audit Ownership |
| oval:ssg-file_ownership_library_dirs:def:1 |
true |
compliance |
[CCE-80807-1], [file_ownership_library_dirs] |
Verify that Shared Library Files Have Root Ownership |
| oval:ssg-file_ownership_binary_dirs:def:1 |
true |
compliance |
[CCE-80806-3], [file_ownership_binary_dirs] |
Verify that System Executables Have Root Ownership |
| oval:ssg-file_owner_sshd_config:def:1 |
true |
compliance |
[CCE-82898-8], [file_owner_sshd_config] |
Verify /etc/ssh/sshd_config Owner |
| oval:ssg-file_owner_grub2_cfg:def:1 |
true |
compliance |
[CCE-80805-5], [file_owner_grub2_cfg] |
Verify /boot/grub2/grub.cfg Owner |
| oval:ssg-file_owner_etc_shadow:def:1 |
true |
compliance |
[CCE-80804-8], [file_owner_etc_shadow] |
Verify /etc/shadow Owner |
| oval:ssg-file_owner_etc_passwd:def:1 |
true |
compliance |
[CCE-80803-0], [file_owner_etc_passwd] |
Verify /etc/passwd Owner |
| oval:ssg-file_owner_etc_motd:def:1 |
true |
compliance |
[CCE-83738-5], [file_owner_etc_motd] |
Verify /etc/motd Owner |
| oval:ssg-file_owner_etc_issue:def:1 |
true |
compliance |
[CCE-83718-7], [file_owner_etc_issue] |
Verify /etc/issue Owner |
| oval:ssg-file_owner_etc_gshadow:def:1 |
true |
compliance |
[CCE-80802-2], [file_owner_etc_gshadow] |
Verify /etc/gshadow Owner |
| oval:ssg-file_owner_etc_group:def:1 |
true |
compliance |
[CCE-80801-4], [file_owner_etc_group] |
Verify /etc/group Owner |
| oval:ssg-file_owner_efi_grub2_cfg:def:1 |
true |
compliance |
[file_owner_efi_grub2_cfg] |
Verify the UEFI Boot Loader grub.cfg Owner |
| oval:ssg-file_owner_crontab:def:1 |
true |
compliance |
[CCE-82224-7], [file_owner_crontab] |
Verify /etc/crontab Owner |
| oval:ssg-file_owner_cron_weekly:def:1 |
true |
compliance |
[CCE-82247-8], [file_owner_cron_weekly] |
Verify /etc/cron.weekly/ Owner |
| oval:ssg-file_owner_cron_monthly:def:1 |
true |
compliance |
[CCE-82260-1], [file_owner_cron_monthly] |
Verify /etc/cron.monthly/ Owner |
| oval:ssg-file_owner_cron_hourly:def:1 |
true |
compliance |
[CCE-82209-8], [file_owner_cron_hourly] |
Verify /etc/cron.hourly/ Owner |
| oval:ssg-file_owner_cron_daily:def:1 |
true |
compliance |
[CCE-82237-9], [file_owner_cron_daily] |
Verify /etc/cron.daily/ Owner |
| oval:ssg-file_owner_cron_d:def:1 |
true |
compliance |
[CCE-82272-6], [file_owner_cron_d] |
Verify /etc/cron.d/ Owner |
| oval:ssg-file_owner_cron_allow:def:1 |
true |
compliance |
[file_owner_cron_allow] |
Verify /etc/cron.allow Owner |
| oval:ssg-file_owner_backup_etc_shadow:def:1 |
true |
compliance |
[CCE-83413-5], [file_owner_backup_etc_shadow] |
Verify /etc/shadow- Owner |
| oval:ssg-file_owner_backup_etc_passwd:def:1 |
true |
compliance |
[CCE-83326-9], [file_owner_backup_etc_passwd] |
Verify /etc/passwd- Owner |
| oval:ssg-file_owner_backup_etc_gshadow:def:1 |
true |
compliance |
[CCE-83533-0], [file_owner_backup_etc_gshadow] |
Verify /etc/gshadow- Owner |
| oval:ssg-file_owner_backup_etc_group:def:1 |
true |
compliance |
[CCE-83473-9], [file_owner_backup_etc_group] |
Verify /etc/group- Owner |
| oval:ssg-file_groupowner_sshd_config:def:1 |
true |
compliance |
[CCE-82901-0], [file_groupowner_sshd_config] |
Verify /etc/ssh/sshd_config Group Owner |
| oval:ssg-file_groupowner_grub2_cfg:def:1 |
true |
compliance |
[CCE-80800-6], [file_groupowner_grub2_cfg] |
Verify /boot/grub2/grub.cfg Group Owner |
| oval:ssg-file_groupowner_etc_shadow:def:1 |
true |
compliance |
[CCE-80799-0], [file_groupowner_etc_shadow] |
Verify /etc/shadow Group Owner |
| oval:ssg-file_groupowner_etc_passwd:def:1 |
true |
compliance |
[CCE-80798-2], [file_groupowner_etc_passwd] |
Verify /etc/passwd Group Owner |
| oval:ssg-file_groupowner_etc_motd:def:1 |
true |
compliance |
[CCE-83728-6], [file_groupowner_etc_motd] |
Verify /etc/motd Group Owner |
| oval:ssg-file_groupowner_etc_issue:def:1 |
true |
compliance |
[CCE-83708-8], [file_groupowner_etc_issue] |
Verify /etc/issue Group Owner |
| oval:ssg-file_groupowner_etc_gshadow:def:1 |
true |
compliance |
[CCE-80797-4], [file_groupowner_etc_gshadow] |
Verify /etc/gshadow Group Owner |
| oval:ssg-file_groupowner_etc_group:def:1 |
true |
compliance |
[CCE-80796-6], [file_groupowner_etc_group] |
Verify /etc/group Group Owner |
| oval:ssg-file_groupowner_efi_grub2_cfg:def:1 |
true |
compliance |
[file_groupowner_efi_grub2_cfg] |
Verify the UEFI Boot Loader grub.cfg Group Owner |
| oval:ssg-file_groupowner_crontab:def:1 |
true |
compliance |
[CCE-82223-9], [file_groupowner_crontab] |
Verify /etc/crontab Group Owner |
| oval:ssg-file_groupowner_cron_weekly:def:1 |
true |
compliance |
[CCE-82244-5], [file_groupowner_cron_weekly] |
Verify /etc/cron.weekly/ Group Owner |
| oval:ssg-file_groupowner_cron_monthly:def:1 |
true |
compliance |
[CCE-82256-9], [file_groupowner_cron_monthly] |
Verify /etc/cron.monthly/ Group Owner |
| oval:ssg-file_groupowner_cron_hourly:def:1 |
true |
compliance |
[CCE-82227-0], [file_groupowner_cron_hourly] |
Verify /etc/cron.hourly/ Group Owner |
| oval:ssg-file_groupowner_cron_daily:def:1 |
true |
compliance |
[CCE-82234-6], [file_groupowner_cron_daily] |
Verify /etc/cron.daily/ Group Owner |
| oval:ssg-file_groupowner_cron_d:def:1 |
true |
compliance |
[CCE-82268-4], [file_groupowner_cron_d] |
Verify /etc/cron.d/ Group Owner |
| oval:ssg-file_groupowner_cron_allow:def:1 |
true |
compliance |
[file_groupowner_cron_allow] |
Verify /etc/cron.allow Group Owner |
| oval:ssg-file_groupowner_backup_etc_shadow:def:1 |
true |
compliance |
[CCE-83415-0], [file_groupowner_backup_etc_shadow] |
Verify /etc/shadow- Group Owner |
| oval:ssg-file_groupowner_backup_etc_passwd:def:1 |
true |
compliance |
[CCE-83324-4], [file_groupowner_backup_etc_passwd] |
Verify /etc/passwd- Group Owner |
| oval:ssg-file_groupowner_backup_etc_gshadow:def:1 |
true |
compliance |
[CCE-83535-5], [file_groupowner_backup_etc_gshadow] |
Verify /etc/gshadow- Group Owner |
| oval:ssg-file_groupowner_backup_etc_group:def:1 |
true |
compliance |
[CCE-83475-4], [file_groupowner_backup_etc_group] |
Verify /etc/group- Group Owner |
| oval:ssg-ensure_redhat_gpgkey_installed:def:1 |
true |
compliance |
[CCE-80795-8], [ensure_redhat_gpgkey_installed] |
Red Hat Release and Auxiliary gpg-pubkey Packages Installed |
| oval:ssg-ensure_gpgcheck_globally_activated:def:1 |
true |
compliance |
[CCE-80790-9], [ensure_gpgcheck_globally_activated] |
Ensure yum gpgcheck Globally Activated |
| oval:ssg-enable_dconf_user_profile:def:1 |
true |
compliance |
[enable_dconf_user_profile] |
Implement Local DB for DConf User Profile |
| oval:ssg-dovecot_enable_ssl:def:1 |
true |
compliance |
[dovecot_enable_ssl] |
Enable SSL in Dovecot |
| oval:ssg-dovecot_disable_plaintext_auth:def:1 |
true |
compliance |
[dovecot_disable_plaintext_auth] |
Disable Plaintext Authentication in Dovecot |
| oval:ssg-display_login_attempts:def:1 |
true |
compliance |
[CCE-80788-3], [display_login_attempts] |
Set Last Login/Access Notification |
| oval:ssg-disable_prelink:def:1 |
true |
compliance |
[CCE-80787-5], [disable_prelink] |
Disable Prelinking |
| oval:ssg-directory_permissions_var_log_audit:def:1 |
true |
compliance |
[directory_permissions_var_log_audit] |
Verify /var/log/audit Directory Permissions |
| oval:ssg-dir_perms_world_writable_system_owned:def:1 |
true |
compliance |
[dir_perms_world_writable_system_owned] |
Find world writable directories not owned by a system account |
| oval:ssg-dir_perms_world_writable_sticky_bits:def:1 |
true |
compliance |
[CCE-80783-4], [dir_perms_world_writable_sticky_bits] |
Verify that All World-Writable Directories Have Sticky Bits Set |
| oval:ssg-dir_perms_var_log_httpd:def:1 |
true |
compliance |
[dir_perms_var_log_httpd] |
Directory /var/log/httpd/ Permissions |
| oval:ssg-dconf_db_up_to_date:def:1 |
true |
compliance |
[CCE-81003-6], [dconf_db_up_to_date] |
The dconf databases are up-to-date. |
| oval:ssg-configure_ssh_crypto_policy:def:1 |
true |
compliance |
[CCE-80939-2], [configure_ssh_crypto_policy] |
Configure SSH to use System Crypto Policy. |
| oval:ssg-configure_openssl_crypto_policy:def:1 |
true |
compliance |
[CCE-80938-4], [configure_openssl_crypto_policy] |
Configure OpenSSL to use System Crypto Policy |
| oval:ssg-configure_libreswan_crypto_policy:def:1 |
true |
compliance |
[CCE-80937-6], [configure_libreswan_crypto_policy] |
Configure Libreswan to use System Crypto Policy. |
| oval:ssg-configure_kerberos_crypto_policy:def:1 |
true |
compliance |
[CCE-80936-8], [configure_kerberos_crypto_policy] |
Configure kerberos to use System Crypto Policy |
| oval:ssg-configure_bind_crypto_policy:def:1 |
true |
compliance |
[CCE-80934-3], [configure_bind_crypto_policy] |
Configure BIND to use System Crypto Policy. |
| oval:ssg-clean_components_post_updating:def:1 |
true |
compliance |
[CCE-82476-3], [clean_components_post_updating] |
Ensure YUM Removes Previous Package Versions |
| oval:ssg-chronyd_specify_remote_server:def:1 |
true |
compliance |
[CCE-82873-1], [chronyd_specify_remote_server] |
Specify a Remote NTP Server for Time Data |
| oval:ssg-chronyd_or_ntpd_specify_remote_server:def:1 |
true |
compliance |
[CCE-80765-1], [chronyd_or_ntpd_specify_remote_server] |
Specify Remote NTP chronyd Or ntpd Server for Time Data |
| oval:ssg-bootloader_disable_recovery_set_to_true:def:1 |
true |
compliance |
[bootloader_disable_recovery_set_to_true] |
Verify GRUB_DISABLE_RECOVERY Set to true |
| oval:ssg-auditd_write_logs:def:1 |
true |
compliance |
[CCE-82366-6], [auditd_write_logs] |
Write Audit Logs to the Disk |
| oval:ssg-auditd_log_format:def:1 |
true |
compliance |
[CCE-82201-5], [auditd_log_format] |
Resolve information before writing to audit logs |
| oval:ssg-auditd_local_events:def:1 |
true |
compliance |
[CCE-82233-8], [auditd_local_events] |
Include Local Events in Audit Logs |
| oval:ssg-auditd_freq:def:1 |
true |
compliance |
[CCE-82258-5], [auditd_freq] |
Set number of records to cause an explicit flush to audit logs |
| oval:ssg-audit_rules_augenrules:def:1 |
true |
compliance |
[audit_rules_augenrules] |
Record Any Attempts to Run semanage |
| oval:ssg-accounts_root_path_dirs_no_write:def:1 |
true |
compliance |
[CCE-80672-9], [accounts_root_path_dirs_no_write] |
Write permissions are disabled for group and other in all
directories in Root's Path |
| oval:ssg-accounts_password_pam_pwquality:def:1 |
true |
compliance |
[accounts_password_pam_pwquality] |
Check pam_pwquality Existence in system-auth |
| oval:ssg-accounts_password_all_shadowed:def:1 |
true |
compliance |
[CCE-80651-3], [accounts_password_all_shadowed] |
All Password Hashes Shadowed |
| oval:ssg-accounts_no_uid_except_zero:def:1 |
true |
compliance |
[CCE-80649-7], [accounts_no_uid_except_zero] |
UID 0 Belongs Only To Root |
| oval:ssg-accounts_have_homedir_login_defs:def:1 |
true |
compliance |
[accounts_have_homedir_login_defs] |
Ensure new users receive home directories |
| oval:ssg-account_unique_name:def:1 |
true |
compliance |
[CCE-80674-5], [account_unique_name] |
Set All Accounts To Have Unique Names |