|
<TECHNIQUE name="My technique name">
|
|
<DESCRIPTION>Audit rhel7 configuration based on CIS Benchmark</DESCRIPTION>
|
|
<USEMETHODREPORTING>true</USEMETHODREPORTING>
|
|
<AGENT type="cfengine-community,cfengine-nova">
|
|
<BUNDLES>
|
|
<NAME>CIS_rhel7_setup_filesystem</NAME>
|
|
<NAME>CIS_rhel7_setup_filesystem_rudder_reporting</NAME>
|
|
</BUNDLES>
|
|
<FILES>
|
|
<FILE name="RUDDER_CONFIGURATION_REPOSITORY/techniques/ncf_techniques/CIS_rhel7_setup_filesystem/1.0/technique.cf">
|
|
<INCLUDED>true</INCLUDED>
|
|
</FILE>
|
|
<FILE name="RUDDER_CONFIGURATION_REPOSITORY/techniques/ncf_techniques/CIS_rhel7_setup_filesystem/1.0/rudder_reporting.cf">
|
|
<INCLUDED>true</INCLUDED>
|
|
</FILE>
|
|
</FILES>
|
|
</AGENT>
|
|
<AGENT type="dsc">
|
|
<BUNDLES>
|
|
<NAME>CIS-Rhel7-Setup-Filesystem</NAME>
|
|
</BUNDLES>
|
|
<FILES>
|
|
<FILE name="RUDDER_CONFIGURATION_REPOSITORY/techniques/ncf_techniques/CIS_rhel7_setup_filesystem/1.0/technique.ps1">
|
|
<INCLUDED>true</INCLUDED>
|
|
</FILE>
|
|
</FILES>
|
|
</AGENT>
|
|
<SECTIONS>
|
|
<SECTION component="true" multivalued="true" name="Access, Authentication and Authorization" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Configure cron" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Service enabled at boot">
|
|
<REPORTKEYS>
|
|
<VALUE>crond</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Service started">
|
|
<REPORTKEYS>
|
|
<VALUE>crond</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure at/cron is restricted to authorized users" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="File absent">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/cron.deny</VALUE>
|
|
<VALUE>/etc/at.deny</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Permissions (recursive)">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/cron.allow</VALUE>
|
|
<VALUE>/etc/at.allow</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure permissions on /etc/cron.d are configured" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Permissions (recursive)">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/cron.d</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure permissions on /etc/cron.daily are configured" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Permissions (recursive)">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/cron.daily</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure permissions on /etc/cron.hourly are configured" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Permissions (recursive)">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/cron.hourly</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure permissions on /etc/cron.monthly are configured" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Permissions (recursive)">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/cron.monthly</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure permissions on /etc/cron.weekly are configured" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Permissions (recursive)">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/cron.weekly</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure permissions on /etc/crontab are configured" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Permissions (recursive)">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/crontab</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Configure PAM" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Ensure lockout for failed password attempts is configured" reporting="sum">
|
|
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure password creation requirements are configured" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="File content">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/pam.d/password-auth</VALUE>
|
|
<VALUE>/etc/pam.d/system-auth</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="File key-value present with option">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/security/pwquality.conf</VALUE>
|
|
<VALUE>/etc/security/pwquality.conf</VALUE>
|
|
<VALUE>/etc/security/pwquality.conf</VALUE>
|
|
<VALUE>/etc/security/pwquality.conf</VALUE>
|
|
<VALUE>/etc/security/pwquality.conf</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure password hashing algorithm is SHA-512" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="File content">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/pam.d/password-auth</VALUE>
|
|
<VALUE>/etc/pam.d/system-auth</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure password reuse is limited" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="File content">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/pam.d/password-auth</VALUE>
|
|
<VALUE>/etc/pam.d/system-auth</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Initial Setup" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Additional Process Hardening" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Ensure XD/NX support is enabled" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Condition from command">
|
|
<REPORTKEYS>
|
|
<VALUE>xd_nx_support_enabled</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Report if condition">
|
|
<REPORTKEYS>
|
|
<VALUE>Ensure core dumps are restricted</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure address space layout randomization (ASLR) is enabled" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Condition from variable match">
|
|
<REPORTKEYS>
|
|
<VALUE>aslr_enabled</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Report if condition">
|
|
<REPORTKEYS>
|
|
<VALUE>Ensure address space layout randomization (ASLR) is enabled</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Variable string from command">
|
|
<REPORTKEYS>
|
|
<VALUE>aslr</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure core dumps are restricted" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Condition from variable match">
|
|
<REPORTKEYS>
|
|
<VALUE>core_dump_restricted</VALUE>
|
|
<VALUE>setuid_core_dump_restricted</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Report if condition">
|
|
<REPORTKEYS>
|
|
<VALUE>Ensure core dumps are restricted</VALUE>
|
|
<VALUE>Ensure setuid programs can not dump core</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Variable string from command">
|
|
<REPORTKEYS>
|
|
<VALUE>core_dump_restriction</VALUE>
|
|
<VALUE>setuid_core_dump_restriction</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure prelink is disabled" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Package verify">
|
|
<REPORTKEYS>
|
|
<VALUE>prelink</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Command Line Warning Banners" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Ensure GDM login banner is configured" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="File key-value in INI section">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/dconf/db/gdm.d/01-banner-message</VALUE>
|
|
<VALUE>/etc/dconf/db/gdm.d/01-banner-message</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="File key-value present with option">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/dconf/profile/gdm</VALUE>
|
|
<VALUE>/etc/dconf/profile/gdm</VALUE>
|
|
<VALUE>/etc/dconf/profile/gdm</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Package verify">
|
|
<REPORTKEYS>
|
|
<VALUE>gdm</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure local login warning banner is configured properly" reporting="sum">
|
|
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure message of the day is configured properly" reporting="sum">
|
|
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure permissions on /etc/issue are configured" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Permissions (recursive)">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/issue</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure permissions on /etc/issue.net are configured" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Permissions (recursive)">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/issue.net</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure permissions on /etc/motd are configured" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Permissions (recursive)">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/motd</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure remote login warning banner is configured properly" reporting="sum">
|
|
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Configure SELinux" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Ensure SELinux is installed" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Package verify">
|
|
<REPORTKEYS>
|
|
<VALUE>libselinux</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure SELinux is not disabled in bootloader configuration" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Condition from command">
|
|
<REPORTKEYS>
|
|
<VALUE>selinux_not_disabled_by_grub</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Report if condition">
|
|
<REPORTKEYS>
|
|
<VALUE>Ensure core dumps are restricted</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure SELinux policy is configured" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Condition from command">
|
|
<REPORTKEYS>
|
|
<VALUE>selinuxtype_targeted_or_mls</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Report if condition">
|
|
<REPORTKEYS>
|
|
<VALUE>Ensure SELinux policy is configured</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure SETroubleshoot is not installed" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Package absent">
|
|
<REPORTKEYS>
|
|
<VALUE>setroubleshoot</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure no unconfined daemons exist" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Condition from variable match">
|
|
<REPORTKEYS>
|
|
<VALUE>unconfined_daemons_found</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Report if condition">
|
|
<REPORTKEYS>
|
|
<VALUE>Ensure no unconfined daemons exist</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Variable string from command">
|
|
<REPORTKEYS>
|
|
<VALUE>unconfined_daemons</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure the MCS Translation Service (mcstrans) is not installed" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Package absent">
|
|
<REPORTKEYS>
|
|
<VALUE>mcstrans</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure the SELinux state is enforcing" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="File key-value present with option">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/selinux/config</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Configure Software Updates" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Disable the rhnsd Daemon" reporting="sum">
|
|
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure GPG keys are configured" reporting="sum">
|
|
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure Red Hat Network or Subscription Manager connection is configured" reporting="sum">
|
|
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure gpgcheck is globally activated" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Condition from command">
|
|
<REPORTKEYS>
|
|
<VALUE>gpgcheck_enabled_everifywhere</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="File key-value in INI section">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/yum.conf</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Report if condition">
|
|
<REPORTKEYS>
|
|
<VALUE>Ensure gpgcheck is globally activated</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure package manager repositories are configured" reporting="sum">
|
|
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure updates, patches, and additional security software are installed" reporting="sum">
|
|
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Filesystem Configuration" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Disable Automounting" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Service disabled at boot">
|
|
<REPORTKEYS>
|
|
<VALUE>autofs</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Service stopped">
|
|
<REPORTKEYS>
|
|
<VALUE>autofs</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure mounting of FAT filesystems is disabled" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Condition from command">
|
|
<REPORTKEYS>
|
|
<VALUE>vfat_not_loaded</VALUE>
|
|
<VALUE>vfat_disabled</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Report if condition">
|
|
<REPORTKEYS>
|
|
<VALUE>vfat disabled</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure mounting of cramfs filesystems is disabled" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Condition from command">
|
|
<REPORTKEYS>
|
|
<VALUE>cramfs_not_loaded</VALUE>
|
|
<VALUE>cramfs_disabled</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Report if condition">
|
|
<REPORTKEYS>
|
|
<VALUE>cramfs disabled</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure mounting of freevxfs filesystems is disabled" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Condition from command">
|
|
<REPORTKEYS>
|
|
<VALUE>freevxfs_not_loaded</VALUE>
|
|
<VALUE>freevxfs_disabled</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Report if condition">
|
|
<REPORTKEYS>
|
|
<VALUE>freevxfs disabled</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure mounting of hfs filesystems is disabled " reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Condition from command">
|
|
<REPORTKEYS>
|
|
<VALUE>hfs_not_loaded</VALUE>
|
|
<VALUE>hfs_disabled</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Report if condition">
|
|
<REPORTKEYS>
|
|
<VALUE>hfs disabled</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure mounting of hfsplus filesystems is disabled " reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Condition from command">
|
|
<REPORTKEYS>
|
|
<VALUE>hfsplus_not_loaded</VALUE>
|
|
<VALUE>hfsplus_disabled</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Report if condition">
|
|
<REPORTKEYS>
|
|
<VALUE>hfsplus disabled</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure mounting of jffs2 filesystems is disabled" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Condition from command">
|
|
<REPORTKEYS>
|
|
<VALUE>jffs2_not_loaded</VALUE>
|
|
<VALUE>jffs2_disabled</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Report if condition">
|
|
<REPORTKEYS>
|
|
<VALUE>jffs2 disabled</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure mounting of squashfs filesystems is disabled" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Condition from command">
|
|
<REPORTKEYS>
|
|
<VALUE>squashfs_not_loaded</VALUE>
|
|
<VALUE>squashfs_disabled</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Report if condition">
|
|
<REPORTKEYS>
|
|
<VALUE>squashfs disabled</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure mounting of udf filesystems is disabled" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Condition from command">
|
|
<REPORTKEYS>
|
|
<VALUE>udf_not_loaded</VALUE>
|
|
<VALUE>udf_disabled</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Report if condition">
|
|
<REPORTKEYS>
|
|
<VALUE>udf disabled</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure nodev option set on /dev/shm partition" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Partition check options">
|
|
<REPORTKEYS>
|
|
<VALUE>/dev/shm</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure nodev option set on /tmp partition" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Partition check options">
|
|
<REPORTKEYS>
|
|
<VALUE>/tmp</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure nodev option set on /var/tmp partition" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Partition check options">
|
|
<REPORTKEYS>
|
|
<VALUE>/var/tmp</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure nodev option set on removable media partitions" reporting="sum">
|
|
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure noexec option set on /dev/shm partition" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Partition check options">
|
|
<REPORTKEYS>
|
|
<VALUE>/dev/shm</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure noexec option set on /home partition" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Partition check options">
|
|
<REPORTKEYS>
|
|
<VALUE>/home</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure noexec option set on /tmp partition" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Partition check options">
|
|
<REPORTKEYS>
|
|
<VALUE>/tmp</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure noexec option set on /var/tmp partition" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Partition check options">
|
|
<REPORTKEYS>
|
|
<VALUE>/var/tmp</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure noexec option set on removable media partitions" reporting="sum">
|
|
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure nosuid option set on /dev/shm partition" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Partition check options">
|
|
<REPORTKEYS>
|
|
<VALUE>/dev/shm</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure nosuid option set on /tmp partition" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Partition check options">
|
|
<REPORTKEYS>
|
|
<VALUE>/tmp</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure nosuid option set on /var/tmp partition" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Partition check options">
|
|
<REPORTKEYS>
|
|
<VALUE>/var/tmp</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure nosuid option set on removable media partitions" reporting="sum">
|
|
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure separate partition exists for /home" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Partition check mounted">
|
|
<REPORTKEYS>
|
|
<VALUE>/home</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure separate partition exists for /tmp" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Partition check mounted">
|
|
<REPORTKEYS>
|
|
<VALUE>/tmp</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure separate partition exists for /var" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Partition check mounted">
|
|
<REPORTKEYS>
|
|
<VALUE>/var</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure separate partition exists for /var/log" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Partition check mounted">
|
|
<REPORTKEYS>
|
|
<VALUE>/var/log</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure separate partition exists for /var/log/audit" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Partition check mounted">
|
|
<REPORTKEYS>
|
|
<VALUE>/var/log/audit</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure separate partition exists for /var/tmp" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Partition check mounted">
|
|
<REPORTKEYS>
|
|
<VALUE>/var/tmp</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure sticky bit is set on all world-writable directories" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Condition from variable match">
|
|
<REPORTKEYS>
|
|
<VALUE>sticky_bit_correct</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Report if condition">
|
|
<REPORTKEYS>
|
|
<VALUE>Ensure sticky bit is set on all world-writable directories</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Variable string from command">
|
|
<REPORTKEYS>
|
|
<VALUE>missing_sticky_bit</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Filesystem Integrity Checking" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Ensure AIDE is installed" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Package verify">
|
|
<REPORTKEYS>
|
|
<VALUE>aide</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure filesystem integrity is regularly checked" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Condition from command">
|
|
<REPORTKEYS>
|
|
<VALUE>aide_scheduled</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Report if condition">
|
|
<REPORTKEYS>
|
|
<VALUE>Ensure gpgcheck is globlly activated</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Secure Boot Settings" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Ensure authentication required for single user mode" reporting="sum">
|
|
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure bootloader password is set" reporting="sum">
|
|
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure permissions on bootloader config are configured" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Permissions (recursive)">
|
|
<REPORTKEYS>
|
|
<VALUE>/boot/grub2/grub.cfg</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Logging and Auditing" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Configure Logging" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Configure rsyslog" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Ensure logging is configured" reporting="sum">
|
|
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure remote rsyslog messages are only accepted on designated log hosts" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="File key-value present with option">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/rsyslog.conf</VALUE>
|
|
<VALUE>/etc/rsyslog.conf</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure rsyslog Service is enabled" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Service enabled at boot">
|
|
<REPORTKEYS>
|
|
<VALUE>rsyslog</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Service started">
|
|
<REPORTKEYS>
|
|
<VALUE>rsyslog</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure rsyslog default file permissions configured" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="File key-value present with option">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/rsyslog.conf</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure rsyslog is configured to send logs to a remote log host" reporting="sum">
|
|
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Package verify">
|
|
<REPORTKEYS>
|
|
<VALUE>rsyslog</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Configure syslog-ng" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Ensure logging is configured" reporting="sum">
|
|
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure remote syslog-ng messages are only accepted on designated log hosts" reporting="sum">
|
|
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure syslog-ng default file permissions configured" reporting="sum">
|
|
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure syslog-ng is configured to send logs to a remote log host" reporting="sum">
|
|
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure syslog-ng service is enabled" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Service enabled at boot">
|
|
<REPORTKEYS>
|
|
<VALUE>syslog-ng</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Service started">
|
|
<REPORTKEYS>
|
|
<VALUE>syslog-ng</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Package verify">
|
|
<REPORTKEYS>
|
|
<VALUE>syslog-ng</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure permissions on all logfiles are configured" reporting="sum">
|
|
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure rsyslog or syslog-ng is installed" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Report if condition">
|
|
<REPORTKEYS>
|
|
<VALUE>Ensure rsyslog or syslog-ng is installed</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Configure System Accounting (auditd)" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Ensure audit log storage size is configured" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="File key-value present with option">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/audit/auditd.conf</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure audit logs are not automatically deleted" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="File key-value present with option">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/audit/auditd.conf</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure auditd service is enabled" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Service disabled at boot">
|
|
<REPORTKEYS>
|
|
<VALUE>auditd</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Service stopped">
|
|
<REPORTKEYS>
|
|
<VALUE>auditd</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure auditing for processes that start prior to auditd is enabled" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="File key-value parameter in list">
|
|
<REPORTKEYS>
|
|
<VALUE>/boot/grub2/grub.cfg</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure changes to system administration scope (sudoers) is collected" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="File content">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/audit/audit.rules</VALUE>
|
|
<VALUE>/etc/audit/audit.rules</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure discretionary access control permission modication events are collected" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="File content">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/audit/audit.rules</VALUE>
|
|
<VALUE>/etc/audit/audit.rules</VALUE>
|
|
<VALUE>/etc/audit/audit.rules</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="File content">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/audit/audit.rules</VALUE>
|
|
<VALUE>/etc/audit/audit.rules</VALUE>
|
|
<VALUE>/etc/audit/audit.rules</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure events that mody date and time information are collected" reporting="sum">
|
|
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure events that mody the system's Mandatory Access Controls are collected" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="File content">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/audit/audit.rules</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure events that mody the system's network environment are collected" reporting="sum">
|
|
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure events that mody user/group information are collected" reporting="sum">
|
|
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure file deletion events by users are collected" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="File content">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/audit/audit.rules</VALUE>
|
|
<VALUE>/etc/audit/audit.rules</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="File content">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/audit/audit.rules</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure kernel module loading and unloading is collected" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="File content">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/audit/audit.rules</VALUE>
|
|
<VALUE>/etc/audit/audit.rules</VALUE>
|
|
<VALUE>/etc/audit/audit.rules</VALUE>
|
|
<VALUE>/etc/audit/audit.rules</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="File content">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/audit/audit.rules</VALUE>
|
|
<VALUE>/etc/audit/audit.rules</VALUE>
|
|
<VALUE>/etc/audit/audit.rules</VALUE>
|
|
<VALUE>/etc/audit/audit.rules</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure login and logout events are collected" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="File content">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/audit/audit.rules</VALUE>
|
|
<VALUE>/etc/audit/audit.rules</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure session initiation information is collected" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="File content">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/audit/audit.rules</VALUE>
|
|
<VALUE>/etc/audit/audit.rules</VALUE>
|
|
<VALUE>/etc/audit/audit.rules</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure successful file system mounts are collected" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="File content">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/audit/audit.rules</VALUE>
|
|
<VALUE>/etc/audit/audit.rules</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="File content">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/audit/audit.rules</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure system administrator actions (sudolog) are collected" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="File content">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/audit/audit.rules</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure system is disabled when audit logs are full" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="File key-value present with option">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/audit/auditd.conf</VALUE>
|
|
<VALUE>/etc/audit/auditd.conf</VALUE>
|
|
<VALUE>/etc/audit/auditd.conf</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure the audit configuration is immutable" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Condition from variable match">
|
|
<REPORTKEYS>
|
|
<VALUE>audit_configuration_is_immutable</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Report if condition">
|
|
<REPORTKEYS>
|
|
<VALUE>Ensure the audit configuration is immutable</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Variable string from command">
|
|
<REPORTKEYS>
|
|
<VALUE>audit_configuration_is_immutable</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure unsuccessful unauthorized file access attempts are collected" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="File content">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/audit/audit.rules</VALUE>
|
|
<VALUE>/etc/audit/audit.rules</VALUE>
|
|
<VALUE>/etc/audit/audit.rules</VALUE>
|
|
<VALUE>/etc/audit/audit.rules</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="File content">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/audit/audit.rules</VALUE>
|
|
<VALUE>/etc/audit/audit.rules</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure use of privileged commands is collected" reporting="sum">
|
|
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure logrotate is configured" reporting="sum">
|
|
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Network Configuration" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Firewall Configuration" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Ensure default deny firewall policy" reporting="sum">
|
|
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure firewall rules exist for all open ports" reporting="sum">
|
|
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure iptables is installed" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Package verify">
|
|
<REPORTKEYS>
|
|
<VALUE>iptables</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure loopback traffic is configured" reporting="sum">
|
|
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure outbound and established connections are configured" reporting="sum">
|
|
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure wireless interfaces are disabled" reporting="sum">
|
|
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="IPv6" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Ensure IPv6 is disabled" reporting="sum">
|
|
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure IPv6 redirects are not accepted" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Condition from variable match">
|
|
<REPORTKEYS>
|
|
<VALUE>net_ipv6_conf_all_accept_redirects_disabled</VALUE>
|
|
<VALUE>net_ipv6_conf_default_accept_redirects_disabled</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="File key-value present with option">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/sysctl.conf</VALUE>
|
|
<VALUE>/etc/sysctl.conf</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Report if condition">
|
|
<REPORTKEYS>
|
|
<VALUE>Ensure IPv6 redirects are not accepted</VALUE>
|
|
<VALUE>Ensure IPv6 redirects are not accepted</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Variable string from command">
|
|
<REPORTKEYS>
|
|
<VALUE>net_ipv6_conf_all_accept_redirects</VALUE>
|
|
<VALUE>net_ipv6_conf_default_accept_redirects</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure IPv6 router advertisements are not accepted" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Condition from variable match">
|
|
<REPORTKEYS>
|
|
<VALUE>net_ipv6_conf_all_accept_ra_disabled</VALUE>
|
|
<VALUE>net_ipv6_conf_default_accept_ra_disabled</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="File key-value present with option">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/sysctl.conf</VALUE>
|
|
<VALUE>/etc/sysctl.conf</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Report if condition">
|
|
<REPORTKEYS>
|
|
<VALUE>Ensure IPv6 router advertisements are not accepted</VALUE>
|
|
<VALUE>Ensure IPv6 router advertisements are not accepted</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Variable string from command">
|
|
<REPORTKEYS>
|
|
<VALUE>net_ipv6_conf_all_accept_ra</VALUE>
|
|
<VALUE>net_ipv6_conf_default_accept_ra</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Network Parameters (Host Only)" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Ensure IP forwarding is disabled" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Condition from variable match">
|
|
<REPORTKEYS>
|
|
<VALUE>ipv4_forward_disabled</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="File key-value present with option">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/sysctl.conf</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Report if condition">
|
|
<REPORTKEYS>
|
|
<VALUE>Ensure IP forwarding is disabled</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Variable string from command">
|
|
<REPORTKEYS>
|
|
<VALUE>disable_ipv4_forward</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure packet redirect sending is disabled" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Condition from variable match">
|
|
<REPORTKEYS>
|
|
<VALUE>net_ipv4_conf_all_send_redirects_disabled</VALUE>
|
|
<VALUE>net_ipv4_conf_default_send_redirects_disabled</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="File key-value present with option">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/sysctl.conf</VALUE>
|
|
<VALUE>/etc/sysctl.conf</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Report if condition">
|
|
<REPORTKEYS>
|
|
<VALUE>Ensure packet redirect sending is disabled</VALUE>
|
|
<VALUE>Ensure packet redirect sending is disabled</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Variable string from command">
|
|
<REPORTKEYS>
|
|
<VALUE>net_ipv4_conf_all_send_redirects</VALUE>
|
|
<VALUE>net_ipv4_conf_default_send_redirects</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Network Parameters (Host and Router)" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Ensure Reverse Path Filtering is enabled" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Condition from variable match">
|
|
<REPORTKEYS>
|
|
<VALUE>net_ipv4_conf_all_rp_filter_enabled</VALUE>
|
|
<VALUE>net_ipv4_conf_default_rp_filter_enabled</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="File key-value present with option">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/sysctl.conf</VALUE>
|
|
<VALUE>/etc/sysctl.conf</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Report if condition">
|
|
<REPORTKEYS>
|
|
<VALUE>Ensure Reverse Path Filtering is enabled</VALUE>
|
|
<VALUE>Ensure Reverse Path Filtering is enabled</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Variable string from command">
|
|
<REPORTKEYS>
|
|
<VALUE>net_ipv4_conf_all_rp_filter</VALUE>
|
|
<VALUE>net_ipv4_conf_default_rp_filter</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure TCP SYN Cookies is enabled" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Condition from variable match">
|
|
<REPORTKEYS>
|
|
<VALUE>net_ipv4_tcp_syncookies_enabled</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="File key-value present with option">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/sysctl.conf</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Report if condition">
|
|
<REPORTKEYS>
|
|
<VALUE>Ensure TCP SYN Cookies is enabled</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Variable string from command">
|
|
<REPORTKEYS>
|
|
<VALUE>net_ipv4_tcp_syncookies</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure bogus ICMP responses are ignored" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Condition from variable match">
|
|
<REPORTKEYS>
|
|
<VALUE>net_ipv4_icmp_ignore_bogus_error_responses_enabled</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="File key-value present with option">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/sysctl.conf</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Report if condition">
|
|
<REPORTKEYS>
|
|
<VALUE>Ensure bogus ICMP responses are ignored</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Variable string from command">
|
|
<REPORTKEYS>
|
|
<VALUE>net_ipv4_icmp_ignore_bogus_error_responses</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure broadcast ICMP requests are ignored" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Condition from variable match">
|
|
<REPORTKEYS>
|
|
<VALUE>net_ipv4_icmp_echo_ignore_broadcasts_enabled</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="File key-value present with option">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/sysctl.conf</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Report if condition">
|
|
<REPORTKEYS>
|
|
<VALUE>Ensure broadcast ICMP requests are ignored</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Variable string from command">
|
|
<REPORTKEYS>
|
|
<VALUE>net_ipv4_icmp_echo_ignore_broadcasts</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure secure ICMP redirects are not accepted" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Condition from variable match">
|
|
<REPORTKEYS>
|
|
<VALUE>net_ipv4_conf_all_secure_redirects_disabled</VALUE>
|
|
<VALUE>net_ipv4_conf_default_secure_redirects_disabled</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="File key-value present with option">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/sysctl.conf</VALUE>
|
|
<VALUE>/etc/sysctl.conf</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Report if condition">
|
|
<REPORTKEYS>
|
|
<VALUE>Ensure secure ICMP redirects are not accepted</VALUE>
|
|
<VALUE>Ensure secure ICMP redirects are not accepted</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Variable string from command">
|
|
<REPORTKEYS>
|
|
<VALUE>net_ipv4_conf_all_secure_redirects</VALUE>
|
|
<VALUE>net_ipv4_conf_default_secure_redirects</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure source routed packets are not accepted" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Condition from variable match">
|
|
<REPORTKEYS>
|
|
<VALUE>net_ipv4_conf_all_accept_source_route_disabled</VALUE>
|
|
<VALUE>net_ipv4_conf_default_accept_source_route_disabled</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="File key-value present with option">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/sysctl.conf</VALUE>
|
|
<VALUE>/etc/sysctl.conf</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Report if condition">
|
|
<REPORTKEYS>
|
|
<VALUE>Ensure source routed packets are not accepted</VALUE>
|
|
<VALUE>Ensure source routed packets are not accepted</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Variable string from command">
|
|
<REPORTKEYS>
|
|
<VALUE>net_ipv4_conf_all_accept_source_route</VALUE>
|
|
<VALUE>net_ipv4_conf_default_accept_source_route</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure source routed packets are not accepted" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Condition from variable match">
|
|
<REPORTKEYS>
|
|
<VALUE>net_ipv4_conf_all_accept_redirects_disabled</VALUE>
|
|
<VALUE>net_ipv4_conf_default_accept_redirects_disabled</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="File key-value present with option">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/sysctl.conf</VALUE>
|
|
<VALUE>/etc/sysctl.conf</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Report if condition">
|
|
<REPORTKEYS>
|
|
<VALUE>Ensure source routed packets are not accepted</VALUE>
|
|
<VALUE>Ensure source routed packets are not accepted</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Variable string from command">
|
|
<REPORTKEYS>
|
|
<VALUE>net_ipv4_conf_all_accept_redirects</VALUE>
|
|
<VALUE>net_ipv4_conf_default_accept_redirects</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure suspicious packets are logged" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Condition from variable match">
|
|
<REPORTKEYS>
|
|
<VALUE>net_ipv4_conf_all_log_martians_logged</VALUE>
|
|
<VALUE>net_ipv4_conf_default_log_martians_logged</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="File key-value present with option">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/sysctl.conf</VALUE>
|
|
<VALUE>/etc/sysctl.conf</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Report if condition">
|
|
<REPORTKEYS>
|
|
<VALUE>Ensure suspicious packets are logged</VALUE>
|
|
<VALUE>Ensure suspicious packets are logged</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Variable string from command">
|
|
<REPORTKEYS>
|
|
<VALUE>net_ipv4_conf_all_log_martians</VALUE>
|
|
<VALUE>net_ipv4_conf_default_log_martians</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="TCP Wrappers" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Ensure /etc/hosts.allow is configured" reporting="sum">
|
|
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure /etc/hosts.deny is configured" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="File content">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/hosts.deny</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure TCP Wrappers is installed " reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Package verify">
|
|
<REPORTKEYS>
|
|
<VALUE>tcp_wrappers</VALUE>
|
|
<VALUE>tcp_wrappers-libs</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure permissions on /etc/hosts.allow are configured" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Permissions (recursive)">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/hosts.allow</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure permissions on /etc/hosts.deny are 644" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Permissions (recursive)">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/hosts.deny</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Uncommon Network Protocols" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Ensure DCCP is disabled" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Condition from command">
|
|
<REPORTKEYS>
|
|
<VALUE>dccp_not_loaded</VALUE>
|
|
<VALUE>dccp_disabled</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Report if condition">
|
|
<REPORTKEYS>
|
|
<VALUE>dccp disabled</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure RDS is disabled" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Condition from command">
|
|
<REPORTKEYS>
|
|
<VALUE>rds_not_loaded</VALUE>
|
|
<VALUE>rds_disabled</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Report if condition">
|
|
<REPORTKEYS>
|
|
<VALUE>rds disabled</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure SCTP is disabled" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Condition from command">
|
|
<REPORTKEYS>
|
|
<VALUE>sctp_not_loaded</VALUE>
|
|
<VALUE>sctp_disabled</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Report if condition">
|
|
<REPORTKEYS>
|
|
<VALUE>sctp disabled</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure TIPC is disabled" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Condition from command">
|
|
<REPORTKEYS>
|
|
<VALUE>tipc_not_loaded</VALUE>
|
|
<VALUE>tipc_disabled</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Report if condition">
|
|
<REPORTKEYS>
|
|
<VALUE>tipc disabled</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="SSH Server Configuration" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Ensure SSH HostbasedAuthentication is disabled" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="File key-value present with option">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/ssh/sshd_config</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure SSH HostbasedAuthentication is disabled" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="File key-value present with option">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/ssh/sshd_config</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure SSH Idle Timeout Interval is configured" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="File key-value present with option">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/ssh/sshd_config</VALUE>
|
|
<VALUE>/etc/ssh/sshd_config</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure SSH IgnoreRhosts is enabled" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="File key-value present with option">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/ssh/sshd_config</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure SSH LogLevel is set to INFO" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="File key-value present with option">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/ssh/sshd_config</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure SSH LoginGraceTime is set to one minute or less" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="File key-value present with option">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/ssh/sshd_config</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure SSH MaxAuthTries is set to 4 or less" reporting="sum">
|
|
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure SSH PermitEmptyPasswords is disabled" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="File key-value present with option">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/ssh/sshd_config</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure SSH PermitUserEnvironment is disabled" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="File key-value present with option">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/ssh/sshd_config</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure SSH Protocol is set to 2" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="File key-value present with option">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/ssh/sshd_config</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure SSH X11 forwarding is disabled" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="File key-value present with option">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/ssh/sshd_config</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure SSH access is limited" reporting="sum">
|
|
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure SSH warning banner is configured" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="File key-value present with option">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/ssh/sshd_config</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure only approved MAC algorithms are used" reporting="sum">
|
|
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure only approved ciphers are used" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="File key-value parameter in list">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/ssh/sshd</VALUE>
|
|
<VALUE>/etc/ssh/sshd</VALUE>
|
|
<VALUE>/etc/ssh/sshd</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="File key-value parameter not in list">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/ssh/sshd</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure permissions on /etc/ssh/sshd_config are configured" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Permissions (recursive)">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/ssh/sshd_config</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Package verify">
|
|
<REPORTKEYS>
|
|
<VALUE>sshd</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Services" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Service Clients" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Ensure LDAP client is not installed" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Package absent">
|
|
<REPORTKEYS>
|
|
<VALUE>openldap-clients</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure NIS Client is not installed" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Package absent">
|
|
<REPORTKEYS>
|
|
<VALUE>ypbind</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure rsh client is not installed" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Package absent">
|
|
<REPORTKEYS>
|
|
<VALUE>rsh</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure talk client is not installed" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Package absent">
|
|
<REPORTKEYS>
|
|
<VALUE>talk</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure telnet client is not installed" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Package absent">
|
|
<REPORTKEYS>
|
|
<VALUE>telnet</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Special Purpose Services" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Ensure Avahi Server is not enabled" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Service disabled at boot">
|
|
<REPORTKEYS>
|
|
<VALUE>avahi-daemon</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Service stopped">
|
|
<REPORTKEYS>
|
|
<VALUE>avahi-daemon</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure CUPS is not enabled" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Service disabled at boot">
|
|
<REPORTKEYS>
|
|
<VALUE>cups</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Service stopped">
|
|
<REPORTKEYS>
|
|
<VALUE>cups</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure DHCP Server is not enabled" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Service disabled at boot">
|
|
<REPORTKEYS>
|
|
<VALUE>dhcpd</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Service stopped">
|
|
<REPORTKEYS>
|
|
<VALUE>dhcpd</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure DNS Server is not enabled" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Service disabled at boot">
|
|
<REPORTKEYS>
|
|
<VALUE>named</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Service stopped">
|
|
<REPORTKEYS>
|
|
<VALUE>named</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure FTP Server is not enabled " reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Service disabled at boot">
|
|
<REPORTKEYS>
|
|
<VALUE>vsftpd</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Service stopped">
|
|
<REPORTKEYS>
|
|
<VALUE>vsftpd</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure HTTP Proxy Server is not enabled" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Service disabled at boot">
|
|
<REPORTKEYS>
|
|
<VALUE>squid</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Service stopped">
|
|
<REPORTKEYS>
|
|
<VALUE>squid</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure HTTP server is not enabled" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Service disabled at boot">
|
|
<REPORTKEYS>
|
|
<VALUE>httpd</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Service stopped">
|
|
<REPORTKEYS>
|
|
<VALUE>httpd</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure IMAP and POP3 server is not enabled " reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Service disabled at boot">
|
|
<REPORTKEYS>
|
|
<VALUE>dovecot</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Service stopped">
|
|
<REPORTKEYS>
|
|
<VALUE>dovecot</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure LDAP server is not enabled " reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Service disabled at boot">
|
|
<REPORTKEYS>
|
|
<VALUE>slapd</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Service stopped">
|
|
<REPORTKEYS>
|
|
<VALUE>slapd</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure NFS and RPC are not enabled" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Service disabled at boot">
|
|
<REPORTKEYS>
|
|
<VALUE>nfs</VALUE>
|
|
<VALUE>rpcbind</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Service stopped">
|
|
<REPORTKEYS>
|
|
<VALUE>nfs</VALUE>
|
|
<VALUE>rpcbind</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure NIS Server is not enabled" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Service disabled at boot">
|
|
<REPORTKEYS>
|
|
<VALUE>ypserv</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Service stopped">
|
|
<REPORTKEYS>
|
|
<VALUE>ypserv</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure SNMP Server is not enabled" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Service disabled at boot">
|
|
<REPORTKEYS>
|
|
<VALUE>snmpd</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Service stopped">
|
|
<REPORTKEYS>
|
|
<VALUE>snmpd</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure Samba is not enabled" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Service disabled at boot">
|
|
<REPORTKEYS>
|
|
<VALUE>smb</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Service stopped">
|
|
<REPORTKEYS>
|
|
<VALUE>smb</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure X Window System is not installed" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Package absent">
|
|
<REPORTKEYS>
|
|
<VALUE>xorg-x11</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure mail transfer agent is configured for local-only mode" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="File key-value present with option">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/postfix/main.cf</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure rsh server is not enabled" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Service disabled at boot">
|
|
<REPORTKEYS>
|
|
<VALUE>rsh.socket</VALUE>
|
|
<VALUE>rlogin.socket</VALUE>
|
|
<VALUE>rexec.socket</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Service stopped">
|
|
<REPORTKEYS>
|
|
<VALUE>rsh.socket</VALUE>
|
|
<VALUE>rlogin.socket</VALUE>
|
|
<VALUE>rexec.socket</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure rsync service is not enabled" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Service disabled at boot">
|
|
<REPORTKEYS>
|
|
<VALUE>rsyncd</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Service stopped">
|
|
<REPORTKEYS>
|
|
<VALUE>rsyncd</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure talk server is not enabled" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Service disabled at boot">
|
|
<REPORTKEYS>
|
|
<VALUE>ntalk</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Service stopped">
|
|
<REPORTKEYS>
|
|
<VALUE>ntalk</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure telnet server is not enabled" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Service disabled at boot">
|
|
<REPORTKEYS>
|
|
<VALUE>telnet.socket</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Service stopped">
|
|
<REPORTKEYS>
|
|
<VALUE>telnet.socket</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure tftp server is not enabled" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Service disabled at boot">
|
|
<REPORTKEYS>
|
|
<VALUE>tftp.socket</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Service stopped">
|
|
<REPORTKEYS>
|
|
<VALUE>tftp.socket</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Time Synchronization" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Ensure chrony is configured" reporting="sum">
|
|
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure ntp is configured" reporting="sum">
|
|
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure time synchronization is in use" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Package verify">
|
|
<REPORTKEYS>
|
|
<VALUE>ntp</VALUE>
|
|
<VALUE>chrony</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Report if condition">
|
|
<REPORTKEYS>
|
|
<VALUE>Ensure time synchronization is in use</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="inetd Services" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Ensure NIS Server is not enabled" reporting="sum">
|
|
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure chargen services are not enabled" reporting="sum">
|
|
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure daytime services are not enabled" reporting="sum">
|
|
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure discard services are not enabled" reporting="sum">
|
|
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure echo services are not enabled" reporting="sum">
|
|
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure time services are not enabled" reporting="sum">
|
|
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure xinetd is not enabled" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Service disabled at boot">
|
|
<REPORTKEYS>
|
|
<VALUE>xinetd</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Service stopped">
|
|
<REPORTKEYS>
|
|
<VALUE>xinetd</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Package verify">
|
|
<REPORTKEYS>
|
|
<VALUE>xinetd</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="System Maintenance" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="System File Permissions" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Audit SGID executables" reporting="sum">
|
|
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Audit SUID executables" reporting="sum">
|
|
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Audit system file permissions" reporting="sum">
|
|
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure no ungrouped files or directories exist" reporting="sum">
|
|
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure no unowned files or directories exist" reporting="sum">
|
|
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure no world writable files exist" reporting="sum">
|
|
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure permissions on /etc/group are configured " reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Permissions (recursive)">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/group</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure permissions on /etc/group- are configured" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Permissions (recursive)">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/group-</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure permissions on /etc/gshadow are configured" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Permissions (recursive)">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/gshadow</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure permissions on /etc/gshadow- are configured" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Permissions (recursive)">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/gshadow-</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure permissions on /etc/passwd are configured" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Permissions (recursive)">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/passwd</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure permissions on /etc/passwd- are configured" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Permissions (recursive)">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/passwd-</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure permissions on /etc/shadow are configured" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Permissions (recursive)">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/shadow</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure permissions on /etc/shadow- are configured" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Permissions (recursive)">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/shadow-</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="User and Group Settings" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Ensure all groups in /etc/passwd exist in /etc/group " reporting="sum">
|
|
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure all users' home directories exist" reporting="sum">
|
|
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure no duplicate GIDs exist" reporting="sum">
|
|
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure no duplicate UIDs exist" reporting="sum">
|
|
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure no duplicate group names exist" reporting="sum">
|
|
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure no duplicate user names exist" reporting="sum">
|
|
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure no legacy "+" entries exist in /etc/group" reporting="sum">
|
|
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure no legacy "+" entries exist in /etc/passwd" reporting="sum">
|
|
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure no legacy "+" entries exist in /etc/shadow" reporting="sum">
|
|
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure no users have .forward files" reporting="sum">
|
|
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure no users have .netrc files" reporting="sum">
|
|
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure no users have .rhosts files" reporting="sum">
|
|
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure password fields are not empty" reporting="sum">
|
|
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure root PATH Integrity" reporting="sum">
|
|
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure root is the only UID 0 account" reporting="sum">
|
|
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure users own their home directories" reporting="sum">
|
|
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure users' .netrc Files are not group or world accessible" reporting="sum">
|
|
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure users' dot files are not group or world writable" reporting="sum">
|
|
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure users' home directories permissions are 750 or more restrictive" reporting="sum">
|
|
|
|
</SECTION>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="User Accounts and Environment" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="Ensure access to the su command is restricted" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="File content">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/pam.d/su</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure default group for the root account is GID 0" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="User uid">
|
|
<REPORTKEYS>
|
|
<VALUE>root</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure default user umask is 027 or more restrictive" reporting="sum">
|
|
<SECTION component="true" multivalued="true" name="File key-value present with option">
|
|
<REPORTKEYS>
|
|
<VALUE>/etc/bashrc</VALUE>
|
|
<VALUE>/etc/profile</VALUE>
|
|
</REPORTKEYS>
|
|
</SECTION>
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure inactive password lock is 30 days or less" reporting="sum">
|
|
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure minimum days between password changes is 7 or more" reporting="sum">
|
|
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure password expiration warning days is 7 or more" reporting="sum">
|
|
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure root login is restricted to system console" reporting="sum">
|
|
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Ensure system accounts are non-login" reporting="sum">
|
|
|
|
</SECTION>
|
|
<SECTION component="true" multivalued="true" name="Set Shadow Password Suite Parameters" reporting="sum">
|
|
|
|
</SECTION>
|
|
</SECTION>
|
|
</SECTIONS>
|
|
</TECHNIQUE>
|