| NaN |
Version: 5.20090506 |
NaN |
NaN |
NaN |
NaN |
| CCE ID |
CCE Description |
CCE Parameters |
CCE Technical Mechanisms |
NaN |
Internal Revenue Service Basic UNIX Security Requirements (IRS BUSR) http://www.irs.gov/irm/part10/ch03s08.html |
| CCE-5847-9 |
/export/home should be configured on an appropriate filesystem logical volume |
logical volume |
via fstab |
NaN |
10.8.10.4.2.1 (5) |
| CCE-5424-7 |
/var should be configured on an appropriate filesystem logical volume |
logical volume |
via fstab |
NaN |
10.8.10.4.2.1 (5) |
| CCE-5710-9 |
/opt should be configured on an appropriate filesystem logical volume |
logical volume |
via fstab |
NaN |
10.8.10.4.2.1 (5) |
| CCE-5662-2 |
The shell for the root account should be located on the appropriate filesystem |
filesystem |
via /etc/passwd |
NaN |
10.8.10.4.2.1 (6) |
| CCE-5317-3 |
Core dump size limits should be set appropriately |
Size (0 to disable core dumps) |
via /etc/security/limits via ulimit |
NaN |
10.8.10.4.4 (3) |
| CCE-5384-3 |
The read-only SNMP community string should be set appropriately. |
string |
via /etc/snmp.conf |
NaN |
10.8.10.5.1 (1) c) |
| CCE-5723-2 |
The read/write SNMP community string should be set appropriately. |
string |
via /etc/snmp.conf |
NaN |
10.8.10.5.1 (1) c) |
| CCE-5634-1 |
Password policy should ban or allow usernames or UIDs in passwords as appropriate |
ban/allow |
via /etc/security/user |
NaN |
10.8.10.5.1 (2) a) |
| CCE-5352-0 |
Password policy should ban or allow words found in a dictionary as appropriate. |
ban/allow |
via /etc/security/user |
NaN |
10.8.10.5.1 (2) a) |
| CCE-5848-7 |
Password policy should enforce the correct amount of special characters |
number of special characters |
via /etc/security/user |
NaN |
10.8.10.5.1 (2) a) |
| CCE-5443-7 |
Password policy should enforce or not enforce the requirement to have mixed case passwords as appropriate. |
enforce/not enforce |
via /etc/security/user |
NaN |
10.8.10.5.1 (2) a) |
| CCE-5664-8 |
The minimum password age should be set as appropriate |
number of days |
via /etc/security/user |
NaN |
10.8.10.5.1 (2) b) |
| CCE-5804-0 |
The minimum required password length should be set as appropriate |
number of characters |
via /etc/security/user |
NaN |
10.8.10.5.1 (2) c) |
| CCE-4858-7 |
Password history should be saved for an appropriate number of password changes |
number of password changes |
via /etc/security/user |
NaN |
10.8.10.5.1 (2) d) |
| CCE-5775-2 |
The number of consecutive failed login attempts required to trigger a lockout should be set as appropriate |
number of consecutive failed login attempts |
via /etc/security/user |
NaN |
10.8.10.5.1 (2) e) |
| CCE-5761-2 |
Login access to accounts without passwords should be enabled or disabled as appropriate |
enabled/disabled |
via passwd via /etc/shadow |
NaN |
10.8.10.5.1 (2) f) |
| CCE-5841-2 |
New users should be required or not required to change their password on first login as appropriate |
required/not required |
via /etc/security/passwd |
NaN |
10.8.10.5.1 (2) g) |
| CCE-5858-6 |
Access to single-user mode (maintainence mode) should require the root password or not as appropriate |
required/not required |
NaN |
NaN |
10.8.10.5.1 (3) |
| CCE-5078-1 |
The delay between failed logins should be set as appropriate |
number of seconds |
via /etc/security/user |
NaN |
10.8.10.5.1 (5) |
| CCE-5715-8 |
All files should be owned by an existing account or not as appropriate. |
existing account required / existing account not required |
via chown |
NaN |
10.8.10.5.2 (3) |
| CCE-5684-6 |
All files should be owned by an existing group or not as appropriate. |
existing group required / existing group not required |
via chgrp via chown |
NaN |
10.8.10.5.2 (3) |
| CCE-5244-9 |
The console login banner should be set appropriately. |
banner text or null |
via /etc/security/login.cfg via /etc/motd |
NaN |
10.8.10.5.2 (5) a) |
| CCE-5402-3 |
The SSH login banner should be set appropriately. |
banner text or null |
via sshd.conf |
NaN |
10.8.10.5.2 (5) b) |
| CCE-5622-6 |
The telnet login banner should be set appropriately. |
banner text or null |
NaN |
NaN |
10.8.10.5.2 (5) c) |
| CCE-5843-8 |
The ftp login banner should be set appropriately. |
banner text or null |
NaN |
NaN |
10.8.10.5.2 (5) d) |
| CCE-5842-0 |
The graphical login banner should be set appropriately. |
banner text or null |
NaN |
NaN |
10.8.10.5.2 (5) e) |
| CCE-5560-8 |
Accounts other than root should be allowed to have the UID 0 or not as appropriate |
allowed/not allowed |
via passwd via /etc/passwd |
NaN |
10.8.10.5.2.1 (2) a) |
| CCE-4873-6 |
Accounts other than root and locked system accounts should be allowed to have a GID of 0 or not as appropriate |
allowed/not allowed |
via passwd via /etc/passwd |
NaN |
10.8.10.5.2.1 (2) b) |
| CCE-5187-0 |
Each account should be assigned a unique UID or not as appropriate |
unique/not unique |
via /etc/passwd |
NaN |
10.8.10.5.2.4 (3) |
| CCE-5765-3 |
The ftp account should exist or not as appropriate |
exist/not exist |
via /etc/passwd |
NaN |
10.8.10.5.2.4 (9) |
| CCE-4884-3 |
Login accounts should include an appropriate GECOS identifier or no GECOS identifier |
GECOS value, null |
via /etc/passwd |
NaN |
10.8.10.5.2.4.1 (1) |
| CCE-5381-9 |
The screen lock should activate after an appropriate period of inactivity |
number of minutes |
via Xscreensaver via dtsession |
NaN |
10.8.10.5.2.5 (1) |
| CCE-5645-7 |
File permissions should be set appropriately for all shell executables. |
permissions |
via chmod |
NaN |
10.8.10.5.2.6 (1) |
| CCE-5597-0 |
Remote (serial) consoles should be enabled or disabled as appropriate. |
enabled/disabled |
via BIOS |
NaN |
10.8.10.5.2.6 (3) |
| CCE-5676-2 |
Root logins should be restricted to the console or not as appropriate. |
restricted/not restricted |
/etc/default/login |
NaN |
10.8.10.5.2.6 (4) |
| CCE-5733-1 |
.netrc files should exist or not as appropriate for all users. |
exist/not exist |
filesystem |
NaN |
10.8.10.5.2.6 (6) |
| CCE-5702-6 |
.rhosts files should exist or not as appropriate for all users. |
exist/not exist |
filesystem |
NaN |
10.8.10.5.2.6 (6) |
| CCE-5076-5 |
.shosts files should exist or not as appropriate for all users. |
exist/not exist |
filesystem |
NaN |
10.8.10.5.2.6 (6) |
| CCE-5442-9 |
The /etc/hosts.equiv file should exist or not as appropriate. |
exist/not exist |
filesystem |
NaN |
10.8.10.5.2.6 (6) |
| CCE-5640-8 |
The use of NIS special characters (+ or -) in the first field of the /etc/passwd file should be allowed or disallowed as appropriate. |
allowed/not allowed |
Text editor |
NaN |
10.8.10.5.2.6 (7) |
| CCE-4893-4 |
The use of NIS special characters (+ or -) in the first field of the /etc/shadow file should be allowed or disallowed as appropriate. |
allowed/not allowed |
Text editor |
NaN |
10.8.10.5.2.6 (7) |
| CCE-5024-5 |
The use of NIS special characters (+ or -) in the first field of the /etc/group file should be allowed or disallowed as appropriate. |
allowed/not allowed |
Text editor |
NaN |
10.8.10.5.2.6 (10) |
| CCE-5742-2 |
The /etc/shells file should exist or not as appropriate |
exist/not exist |
Text editor |
NaN |
10.8.10.5.2.6 (11) |
| CCE-5777-8 |
Shells referenced in /etc/passwd should be included in /etc/shells or not as appropriate |
included/not included |
/etc/shells |
NaN |
10.8.10.5.2.6 (12) |
| CCE-5605-1 |
Groups referenced in /etc/passwd should be included in /etc/group or not as appropriate. |
included/not included |
/etc/group |
NaN |
10.8.10.5.2.6 (15) |
| CCE-5750-5 |
The home directory for the root account should be set appropriately. |
path |
/etc/passwd |
NaN |
10.8.10.5.2.6 (16) |
| CCE-5199-5 |
The home directory for each user account should be set appropriately. |
path |
/etc/passwd |
NaN |
10.8.10.5.2.6 (17) |
| CCE-5310-8 |
Home directories referenced in /etc/passwd should exist or not as appropriate |
exist/not exist |
filesystem |
NaN |
10.8.10.5.2.6 (18) |
| CCE-5327-2 |
All device files should be located inside an appropriate directory |
path |
filesystem |
NaN |
10.8.10.5.2.6 (24) |
| CCE-4900-7 |
The ntpd service should be enabled or disabled as appropriate. |
enabled/disabled |
via RC scripts |
NaN |
10.8.10.5.3 (3) |
| CCE-5675-4 |
The Network Time Protocol (ntp) synchronization server should be set appropriately. |
timeserver |
ntpd.conf |
NaN |
NaN |
| CCE-5147-4 |
All logon attempts should be logged or not logged as appropriate |
logged/not logged |
Audit subsystem |
NaN |
10.8.10.5.3 (4) |
| CCE-5724-0 |
All su (switch user) activity should be logged or not as appropriate |
logged/not logged |
Audit subsystem |
NaN |
10.8.10.5.3 (5) |
| CCE-5614-3 |
Filesystem logging/journaling should be performed or not as appropriate |
performed/not performed |
Audit subsystem |
NaN |
10.8.10.5.3 (6) |
| CCE-5834-7 |
Automount should be enabled or disabled as appropriate |
enabled/disabled |
NaN |
NaN |
10.8.10.5.4.1 (12) |
| CCE-5745-5 |
Source-routed packets should be accepted or rejected as appropriate. |
accepted/rejected |
NaN |
NaN |
10.8.10.5.4.1 (2) a) |
| CCE-5587-1 |
Response to ICMP timestamp requests should be enabled or disabled as appropriate |
enabled/disabled |
NaN |
NaN |
10.8.10.5.4.1 (2) c) |
| CCE-5525-1 |
Response to ICMP timestamp broadcast requests should be enabled or disabled as appropriate |
enabled/disabled |
NaN |
NaN |
10.8.10.5.4.1 (2) d) |
| CCE-4930-4 |
Response to ICMP echo (ping) requests should be enabled or disabled as appropriate |
enabled/disabled |
NaN |
NaN |
10.8.10.5.4.1 (2) e) |
| CCE-4901-5 |
Executable stack should be enabled or disabled as appropriate |
enabled/disabled |
NaN |
NaN |
10.8.10.5.4.1 (3) |
| CCE-5017-9 |
The default gateway should be set appropriately. |
IP address/disabled |
via /etc/default/route.conf |
NaN |
10.8.10.5.4.1 (4) |
| CCE-5347-0 |
The inetd service should be enabled or disabled as appropriate. |
enabled/disabled |
via RC scripts |
NaN |
10.8.10.5.4.1 (5) |
| CCE-5193-8 |
echo service should be enabled or disabled as appropriate |
enabled/disabled |
via inetd via inetd.conf |
NaN |
10.8.10.5.4.1 (11) #1 |
| CCE-5725-7 |
netstat service should be enabled or disabled as appropriate |
enabled/disabled |
via inetd via inetd.conf |
NaN |
10.8.10.5.4.1 (11) #2 |
| CCE-5801-6 |
rcp service should be enabled or disabled as appropriate |
enabled/disabled |
via inetd via inetd.conf |
NaN |
10.8.10.5.4.1 (11) #3 |
| CCE-5506-1 |
chargen service should be enabled or disabled as appropriate |
enabled/disabled |
via inetd via inetd.conf |
NaN |
10.8.10.5.4.1 (11) #4 |
| CCE-5791-9 |
finger service should be enabled or disabled as appropriate |
enabled/disabled |
via inetd via inetd.conf |
NaN |
10.8.10.5.4.1 (11) #5 |
| CCE-5743-0 |
tftpd service should be enabled or disabled as appropriate |
enabled/disabled |
via inetd via inetd.conf |
NaN |
10.8.10.5.4.1 (11) #6 |
| CCE-5773-7 |
walld service should be enabled or disabled as appropriate |
enabled/disabled |
via inetd via inetd.conf |
NaN |
10.8.10.5.4.1 (11) #7 |
| CCE-5461-9 |
rstatd service should be enabled or disabled as appropriate |
enabled/disabled |
via inetd via inetd.conf |
NaN |
10.8.10.5.4.1 (11) #8 |
| CCE-4905-6 |
sprayd service should be enabled or disabled as appropriate |
enabled/disabled |
via inetd via inetd.conf |
NaN |
10.8.10.5.4.1 (11) #9 |
| CCE-5463-5 |
rusersd service should be enabled or disabled as appropriate |
enabled/disabled |
via inetd via inetd.conf |
NaN |
10.8.10.5.4.1 (11) #10 |
| CCE-5542-6 |
rlogin service should be enabled or disabled as appropriate |
enabled/disabled |
via inetd via inetd.conf |
NaN |
10.8.10.5.4.1 (11) #11 |
| CCE-5431-2 |
rsh service should be enabled or disabled as appropriate |
enabled/disabled |
via inetd via inetd.conf |
NaN |
10.8.10.5.4.1 (11) #12 |
| CCE-5780-2 |
ftp service should be enabled or disabled as appropriate |
enabled/disabled |
via inetd via inetd.conf |
NaN |
10.8.10.5.4.1 (11) #13 |
| CCE-5872-7 |
telnet service should be enabled or disabled as appropriate |
enabled/disabled |
via inetd via inetd.conf |
NaN |
10.8.10.5.4.1 (11) #14 |
| CCE-4909-8 |
DEPRECATED. |
NaN |
NaN |
NaN |
NaN |
| CCE-5343-9 |
inn service should be enabled or disabled as appropriate |
enabled/disabled |
via inetd via inetd.conf |
NaN |
10.8.10.5.4.1 (11) #16 |
| CCE-5611-9 |
uucp service should be enabled or disabled as appropriate |
enabled/disabled |
via inetd via inetd.conf |
NaN |
10.8.10.5.4.1 (11) #17 |
| CCE-5598-8 |
rexec service should be enabled or disabled as appropriate |
enabled/disabled |
via inetd via inetd.conf |
NaN |
10.8.10.5.4.1 (11) #18 |
| CCE-5550-9 |
inetd logging should be enabled or disabled as appropriate |
enabled/disabled |
via inetd via inetd.conf |
NaN |
10.8.10.5.4.1 (11) #19 |
| CCE-4911-4 |
font-service should be enabled or disabled as appropriate |
enabled/disabled |
via inetd via inetd.conf |
NaN |
10.8.10.5.4.1 (11) #20 |
| CCE-4926-2 |
imap2 service should be enabled or disabled as appropriate |
enabled/disabled |
via inetd via inetd.conf |
NaN |
10.8.10.5.4.1 (11) #21 |
| CCE-4913-0 |
pop3 service should be enabled or disabled as appropriate |
enabled/disabled |
via inetd via inetd.conf |
NaN |
10.8.10.5.4.1 (11) #22 |
| CCE-5681-2 |
ident service should be enabled or disabled as appropriate |
enabled/disabled |
via inetd via inetd.conf |
NaN |
10.8.10.5.4.1 (11) #23 |
| CCE-5368-6 |
rexd service should be enabled or disabled as appropriate |
enabled/disabled |
via inetd via inetd.conf |
NaN |
10.8.10.5.4.1 (11) #24 |
| CCE-5549-1 |
daytime service should be enabled or disabled as appropriate |
enabled/disabled |
via inetd via inetd.conf |
NaN |
10.8.10.5.4.1 (11) #26 |
| CCE-5144-1 |
dtspc (cde-spc) service should be enabled or disabled as appropriate |
enabled/disabled |
via inetd via inetd.conf |
NaN |
10.8.10.5.4.1 (11) #27 |
| CCE-5223-3 |
rquotad service should be enabled or disabled as appropriate |
enabled/disabled |
via inetd via inetd.conf |
NaN |
10.8.10.5.4.1 (11) #28 |
| CCE-5738-0 |
cmsd service should be enabled or disabled as appropriate |
enabled/disabled |
via inetd via inetd.conf |
NaN |
10.8.10.5.4.1 (11) #29 |
| CCE-5456-9 |
tooltalk service should be enabled or disabled as appropriate |
enabled/disabled |
via inetd via inetd.conf |
NaN |
10.8.10.5.4.1 (11) #30 |
| CCE-4918-9 |
xdmcp service should be enabled or disabled as appropriate |
enabled/disabled |
via inetd via inetd.conf |
NaN |
10.8.10.5.4.1 (11) #31 |
| CCE-5798-4 |
discard service should be enabled or disabled as appropriate |
enabled/disabled |
via inetd via inetd.conf |
NaN |
10.8.10.5.4.1 (11) #32 |
| CCE-4923-9 |
DEPRECATED. |
NaN |
NaN |
NaN |
NaN |
| CCE-5917-0 |
vino-server service should be enabled or disabled as appropriate |
enabled/disabled |
via inetd via inetd.conf |
NaN |
10.8.10.5.4.1 (11) #34 |
| CCE-4934-6 |
The bind service should be enabled or disabled as appropriate. |
enabled/disabled |
via RC scripts |
NaN |
10.8.10.5.4.1.1 (2) |
| CCE-5535-0 |
The version string reported by the bind service should be configured appropriately. |
string |
via /etc/named.conf |
NaN |
10.8.10.5.4.1.1 (5) |
| CCE-5117-7 |
SSH Protocol v1 should be enabled or disabled as appropriate |
enabled/disabled |
/etc/ssh/ssh_config |
NaN |
10.8.10.5.4.1.2 (2) |
| CCE-5690-3 |
TCP_WRAPPERS should be enabled or disabled as appropriate |
enabled/disabled |
via inetd.conf |
NaN |
10.8.10.5.4.1.3 (1) |
| CCE-5852-9 |
SNMP version 1 should be enabled or disabled as appropriate |
enabled/disabled |
NaN |
NaN |
10.8.10.5.4.1.4 (1) |
| CCE-5068-2 |
The nfsd service should be enabled or disabled as appropriate |
enabled/disabled |
via RC scripts |
NaN |
10.8.10.5.4.1.5 (1) |
| CCE-5569-9 |
The mountd service should be enabled or disabled as appropriate |
enabled/disabled |
via RC scripts |
NaN |
10.8.10.5.4.1.5 (1) |
| CCE-5806-5 |
The statd service should be enabled or disabled as appropriate |
enabled/disabled |
via RC scripts |
NaN |
10.8.10.5.4.1.5 (1) |
| CCE-5882-6 |
The lockd service should be enabled or disabled as appropriate |
enabled/disabled |
via RC scripts |
NaN |
10.8.10.5.4.1.5 (1) |
| CCE-5414-8 |
NFS should be configured to respond or not as appropriate to client requests that do not include a user id . |
respond/not respond |
NaN |
NaN |
10.8.10.5.4.1.5 (1) a) |
| CCE-5348-8 |
NFS should be configured to respond or not as appropriate to client requests that do not originate from a privileged port. |
respond/not respond |
NaN |
NaN |
10.8.10.5.4.1.5 (1) a) |
| CCE-5511-1 |
NFS server support for the AUTH_NONE authentication mechanism should be enabled or disabled as appropriate. |
enabled/disabled |
NaN |
NaN |
10.8.10.5.4.1.5 (1) f) |
| CCE-5480-9 |
NFS server support for the AUTH_UNIX authentication mechanism should be enabled or disabled as appropriate. |
enabled/disabled |
NaN |
NaN |
10.8.10.5.4.1.5 (1) f) |
| CCE-4957-7 |
NFS server support for the AUTH_DES authentication mechanism should be enabled or disabled as appropriate. |
enabled/disabled |
NaN |
NaN |
10.8.10.5.4.1.5 (1) f) |
| CCE-4958-5 |
NFS server support for the AUTH_KERB authentication mechanism should be enabled or disabled as appropriate. |
enabled/disabled |
NaN |
NaN |
10.8.10.5.4.1.5 (1) f) |
| CCE-5922-0 |
The read-only (ro) option should be enabled or disabled as appropriate for all NFS exports. |
enabled/disabled |
via /etc/exports |
NaN |
10.8.10.5.4.1.5 (1) g) |
| CCE-5790-1 |
The nosuid option should be enabled or disabled for all NFS mounts as appropriate |
enabled/disabled |
via /etc/fstab |
NaN |
10.8.10.5.4.1.5 (1) i) |
| CCE-5189-6 |
The nosgid option should be enabled or disabled for all NFS mounts as appropriate |
enabled/disabled |
via /etc/fstab |
NaN |
10.8.10.5.4.1.5 (1) i) |
| CCE-5876-8 |
Sendmail should be enabled or disabled as appropriate |
enabled/disabled |
via RC scripts |
NaN |
10.8.10.5.4.2.2 (1) |
| CCE-4959-3 |
The sendmail banner should be set appropriately. |
string |
via /etc/mail/sendmail.cf |
NaN |
10.8.10.5.4.2.2 (3) |
| CCE-5115-1 |
The decode sendmail alias should be enabled or disabled as appropriate. |
enabled/disabled |
via /etc/aliases via /usr/lib/aliases |
NaN |
10.8.10.5.4.2.2 (4) c) |
| CCE-5445-2 |
.forward files should be allowed or disallowed as appropriate for all users |
allow/disallow |
via rm |
NaN |
10.8.10.5.4.2.2 (4) e) |
| CCE-4960-1 |
Programs executed through the aliases file should be owned by an appropriate user |
user |
via chown |
NaN |
10.8.10.5.4.2.2 (4) f) |
| CCE-5802-4 |
Programs executed through the aliases file should reside a directory with an appropriate user owner |
user |
via chown |
NaN |
10.8.10.5.4.2.2 (4) f) |
| CCE-5212-6 |
Sendmail vrfy command should be allowed or not as appropriate |
allow/disallow |
via /etc/mail/sendmail.cf |
NaN |
10.8.10.5.4.2.2 (4) g) |
| CCE-5291-0 |
Sendmail expn command should be allowed or not as appropriate |
allow/disallow |
via /etc/mail/sendmail.cf |
NaN |
10.8.10.5.4.2.2 (4) h) |
| CCE-5741-4 |
Sendmail should be configured with an appropriate logging level |
logging level |
via /etc/mail/sendmail.cf |
NaN |
10.8.10.5.4.2.2 (4) i) |
| CCE-4967-6 |
The sendmail help command should be allowed or not as appropriate |
allow/disallow |
via /etc/mail/sendmail.cf |
NaN |
10.8.10.5.4.2.2 (4) k) |
| CCE-5783-6 |
NIS should be enabled or disabled as appropriate |
enabled/disabled |
via RC scripts |
NaN |
10.8.10.5.4.2.3 (1) |
| CCE-4975-9 |
NIS+ server should operate at an appropriate security level |
security level |
via NIS+ via RC scripts |
NaN |
10.8.10.5.4.2.3 (1) b) |
| CCE-5138-3 |
X-Windows should be enabled or disabled as appropriate |
enabled/disabled |
via Xwindows via /etc/inittab vi RC scripts |
NaN |
10.8.10.5.4.2.4 (1) |
| CCE-5711-7 |
Authorized X-clients should be listed or not in the X*.hosts file as appropriate |
listed/not listed |
via /etc/X*.hosts |
NaN |
10.8.10.5.4.2.4 (2) b) |
| CCE-4984-1 |
X-Windows should write .Xauthority files to users' home directories or not as appropriate |
write/not write |
via xdm via gdm via kdm |
NaN |
10.8.10.5.4.2.4 (2) d) |
| CCE-5975-8 |
X11 forwarding via SSH should be enabled or disabled as appropriate. |
enabled/disabled |
via sshd_config |
NaN |
10.8.10.5.4.2.4 (2) f) |
| CCE-5931-1 |
Samba should be enabled or disabled as appropriate |
enabled/disabled |
via smbd via RC scripts |
NaN |
10.8.10.5.4.2.6 (1) |
| CCE-4994-0 |
Samba 'hosts allow' option should be configured with an appropriate set of networks |
list of networks |
via smbd via smb.conf |
NaN |
10.8.10.5.4.2.6 (3) a) |
| CCE-5923-8 |
Samba 'security option' option should be set as appropriate |
NaN |
via smbd via smb.conf |
NaN |
10.8.10.5.4.2.6 (3) b) |
| CCE-5939-4 |
Samba 'encrypt' passwords option should be set as appropriate |
yes/no |
via smbd via smb.conf |
NaN |
10.8.10.5.4.2.6 (3) c) |
| CCE-5891-7 |
Samba 'smb passwd file' option should be set to an appropriate password file or no password file |
file/nothing |
via smbd via smb.conf |
NaN |
10.8.10.5.4.2.6 (3) d) |
| CCE-5234-0 |
IPv6 should be enabled or disabled as appropriate |
enabled/disabled |
via SMIT |
NaN |
10.8.10.5.4.3 (1) |
| CCE-5767-9 |
The "at" utility directory permissions should be set as appropriate |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #1 |
| CCE-5846-1 |
at.allow file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #2 |
| CCE-5991-5 |
at.deny file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #2 |
| CCE-5705-9 |
Cron directory permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #5 |
| CCE-5678-8 |
Crontab directory permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #5 |
| CCE-5942-8 |
Cron log file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #6 |
| CCE-5770-3 |
cron.allow file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #7 |
| CCE-5280-3 |
cron.deny file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #7 |
| CCE-5896-6 |
Crontab file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #8 |
| CCE-5474-2 |
/dev/kmem file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #9 |
| CCE-5363-7 |
/dev/mem file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #10 |
| CCE-5566-5 |
/dev/null file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #11 |
| CCE-5851-1 |
resolv.conf file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #13 |
| CCE-5821-4 |
/etc/named.conf file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #14 |
| CCE-5755-4 |
File permissions should be set appropriately for all user home directories. |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #21 |
| CCE-5807-3 |
/etc/exports file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #23 |
| CCE-5759-6 |
/usr/bin/at file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #25 |
| CCE-5979-0 |
/usr/bin/rdist file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #26 |
| CCE-5228-2 |
/usr/sbin/sync file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #27 |
| CCE-5951-9 |
Superuser account home directories' permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #29 |
| CCE-5981-6 |
/etc/samba/smb.conf file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #31 |
| CCE-5668-9 |
smbpassword executable permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #32 |
| CCE-5010-4 |
Aliases file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #34 |
| CCE-5666-3 |
File permissions should be set as appropriate for the log file configured to capture critical sendmail messages. |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #35 |
| CCE-5012-0 |
All files executed through /etc/aliases file entries should have file permissions set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #36 |
| CCE-5796-8 |
/bin/csh file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #37 |
| CCE-5747-1 |
/bin/jsh file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #38 |
| CCE-5849-5 |
/bin/ksh file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #39 |
| CCE-5893-3 |
The /bin/rsh file should exist or not as appropriate |
exist/not exist |
via filesystem |
NaN |
10.8.10-1 A.1 1) #40 |
| CCE-5734-9 |
/bin/sh file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #41 |
| CCE-5862-8 |
/bin/bash file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #42 |
| CCE-5954-3 |
/sbin/csh file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #43 |
| CCE-5027-8 |
/sbin/jsh file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #44 |
| CCE-5206-8 |
/sbin/ksh file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #45 |
| CCE-5907-1 |
The /sbin/rsh file should exist or not as appropriate |
exist/not exist |
via filesystem |
NaN |
10.8.10-1 A.1 1) #46 |
| CCE-5040-1 |
/sbin/sh file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #47 |
| CCE-5049-2 |
/sbin/bash file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #48 |
| CCE-5056-7 |
/usr/bin/csh file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #49 |
| CCE-6031-9 |
/usr/bin/jsh file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #50 |
| CCE-6004-6 |
/usr/bin/ksh file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #51 |
| CCE-5974-1 |
The /usr/bin/rsh file should exist or not as appropriate |
exist/not exist |
via filesystem |
NaN |
10.8.10-1 A.1 1) #52 |
| CCE-5863-6 |
/usr/bin/sh file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #53 |
| CCE-5815-6 |
/usr/bin/bash file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #54 |
| CCE-5955-0 |
snmpd.conf file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #56 |
| CCE-6052-5 |
/tmp file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #57 |
| CCE-6021-0 |
/usr/tmp file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #58 |
| CCE-5272-0 |
traceroute executable file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #59 |
| CCE-5884-2 |
.Xauthority file permissions should be set appropriately for all users. |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #60 |
| CCE-6023-6 |
/etc/aliases file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #61 |
| CCE-5349-6 |
/etc/cron.d/at.allow file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #62 |
| CCE-6050-9 |
/etc/cron.d/cron.allow file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #63 |
| CCE-5833-9 |
/etc/csh file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #64 |
| CCE-5803-2 |
/etc/default/* file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #65 |
| CCE-5820-6 |
/etc/default/login file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #66 |
| CCE-5397-5 |
The /etc/ftpusers file should exist or not as appropriate |
exist/not exist |
via filesystem |
NaN |
10.8.10-1 A.1 1) #69 |
| CCE-5226-6 |
/etc/host.lpd file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #70 |
| CCE-5903-0 |
/etc/hostname* file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #71 |
| CCE-5970-9 |
/etc/hosts file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #72 |
| CCE-5930-3 |
/etc/inetd.conf file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #73 |
| CCE-5698-6 |
/etc/issue file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #75 |
| CCE-5641-6 |
/etc/jsh file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #76 |
| CCE-5909-7 |
/etc/ksh file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #77 |
| CCE-5985-7 |
/etc/mail/aliases file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #78 |
| CCE-5350-4 |
/etc/motd file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #79 |
| CCE-5988-1 |
/etc/netconfig file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #80 |
| CCE-5817-2 |
/etc/notrouter file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #81 |
| CCE-5231-6 |
/etc/pam.conf file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #82 |
| CCE-5323-1 |
/etc/passwd file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #83 |
| CCE-5526-9 |
The /etc/rsh file should exist or not as appropriate |
exist/not exist |
via filesystem |
NaN |
10.8.10-1 A.1 1) #84 |
| CCE-5631-7 |
/etc/security file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #85 |
| CCE-5728-1 |
/etc/services file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #86 |
| CCE-5512-9 |
/etc/sh file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #87 |
| CCE-5074-0 |
/etc/shadow file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #88 |
| CCE-5808-1 |
/etc/syslog.conf file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #89 |
| CCE-5075-7 |
DEPRECATED. |
NaN |
NaN |
NaN |
NaN |
| CCE-5932-9 |
/etc/fstab file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #91 |
| CCE-5825-5 |
DEPRECATED. |
NaN |
NaN |
NaN |
NaN |
| CCE-5279-5 |
/var/adm/loginlog file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #93 |
| CCE-5984-0 |
/var/adm/messages file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #94 |
| CCE-5656-4 |
/var/adm/sulog file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #95 |
| CCE-5736-4 |
/var/adm/utmp file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #96 |
| CCE-6062-4 |
/var/adm/wtmp file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #97 |
| CCE-5453-6 |
/var/adm/authlog file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #98 |
| CCE-6048-3 |
/var/adm/syslog file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #99 |
| CCE-5832-1 |
/var/mail file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #100 |
| CCE-6017-8 |
/var/tmp file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #101 |
| CCE-5986-5 |
/usr/lib/pt_chmod file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #103 |
| CCE-5875-0 |
/usr/lib/embedded_us file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #104 |
| CCE-5977-4 |
/usr/lib/sendmail file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #105 |
| CCE-5627-5 |
/usr/kerberos/bin/rsh file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #107 |
| CCE-5455-1 |
/var/spool/mail file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #108 |
| CCE-5077-3 |
smbpassword file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-1 A.1 1) #109 |
| CCE-5695-2 |
At directory should be owned by an appropriate user |
list of users |
via chown |
NaN |
10.8.10-1 A.1 2) #1 |
| CCE-5646-5 |
At directory should be owned by an appropriate group |
list of groups |
via chgrp via chown |
NaN |
10.8.10-1 A.1 2) #1 |
| CCE-5161-5 |
at.allow file should be owned by an appropriate user |
list of users |
via chown |
NaN |
10.8.10-1 A.1 2) #2 |
| CCE-5254-8 |
at.allow file should be owned by an appropriate group |
list of groups |
via chgrp via chown |
NaN |
10.8.10-1 A.1 2) #2 |
| CCE-5853-7 |
at.deny file should be owned by an appropriate user |
list of users |
via chown |
NaN |
10.8.10-1 A.1 2) #2 |
| CCE-5632-5 |
at.deny file should be owned by an appropriate group |
list of groups |
via chgrp via chown |
NaN |
10.8.10-1 A.1 2) #2 |
| CCE-5319-9 |
Cron directories should be owned by an appropriate user |
list of users |
via chown |
NaN |
10.8.10-1 A.1 2) #4 |
| CCE-5412-2 |
Cron directories should be owned by an appropriate group |
list of groups |
via chgrp via chown |
NaN |
10.8.10-1 A.1 2) #4 |
| CCE-5082-3 |
Crontab directories should be owned by an appropriate user |
list of users |
via chown |
NaN |
10.8.10-1 A.1 2) #4 |
| CCE-5754-7 |
Crontab directories should be owned by an appropriate group |
list of groups |
via chgrp via chown |
NaN |
10.8.10-1 A.1 2) #4 |
| CCE-6022-8 |
cron.allow file should be owned by an appropriate user |
list of users |
via chown |
NaN |
10.8.10-1 A.1 2) #5 |
| CCE-5868-5 |
cron.allow file should be owned by an appropriate group |
list of groups |
via chgrp via chown |
NaN |
10.8.10-1 A.1 2) #5 |
| CCE-5961-8 |
cron.deny should be owned by an appropriate user |
list of users |
via chown |
NaN |
10.8.10-1 A.1 2) #5 |
| CCE-5837-0 |
cron.deny data should be owned by an appropriate group |
list of groups |
via chgrp via chown |
NaN |
10.8.10-1 A.1 2) #5 |
| CCE-5929-5 |
crontab files should be owned by an appropriate user |
list of users |
via chown |
NaN |
10.8.10-1 A.1 2) #6 |
| CCE-5085-6 |
crontab files should be owned by an appropriate group |
list of groups |
via chgrp via chown |
NaN |
10.8.10-1 A.1 2) #6 |
| CCE-5919-6 |
/etc/resolv.conf file should be owned by an appropriate user |
list of users |
via chown |
NaN |
10.8.10-1 A.1 2) #7 |
| CCE-5888-3 |
/etc/resolv.conf file should be owned by an appropriate group |
list of groups |
via chgrp via chown |
NaN |
10.8.10-1 A.1 2) #7 |
| CCE-5941-0 |
/etc/named.boot file should be owned by an appropriate user |
list of users |
via chown |
NaN |
10.8.10-1 A.1 2) #7 |
| CCE-5910-5 |
/etc/named.boot file should be owned by an appropriate group |
list of groups |
via chgrp via chown |
NaN |
10.8.10-1 A.1 2) #7 |
| CCE-5822-2 |
/etc/named.conf file should be owned by an appropriate user |
list of users |
via chown |
NaN |
10.8.10-1 A.1 2) #7 |
| CCE-5663-0 |
/etc/named.conf file should be owned by an appropriate group |
list of groups |
via chgrp via chown |
NaN |
10.8.10-1 A.1 2) #7 |
| CCE-5086-4 |
Each user home directory should be owned by an appropriate user. |
user |
via chown |
NaN |
10.8.10-1 A.1 2) #11 |
| CCE-6007-9 |
Each user home directory should be owned by an appropriate group. |
group |
via chgrp via chown |
NaN |
10.8.10-1 A.1 2) #11 |
| CCE-5088-0 |
inetd.conf file should be owned by an appropriate user |
user |
via chown |
NaN |
10.8.10-1 A.1 2) #12 |
| CCE-5732-3 |
inetd.conf file should be owned by an appropriate group |
group |
via chgrp via chown |
NaN |
10.8.10-1 A.1 2) #12 |
| CCE-5326-4 |
/etc/exports should be owned by an appropriate user |
list of users |
via chown |
NaN |
10.8.10-1 A.1 2) #13 |
| CCE-5296-9 |
/etc/exports should be owned by an appropriate group |
list of groups |
via chgrp via chown |
NaN |
10.8.10-1 A.1 2) #13 |
| CCE-5283-7 |
Exported files and directories should be owned by an appropriate user |
list of users |
via chown |
NaN |
10.8.10-1 A.1 2) #14 |
| CCE-5428-8 |
Exported files and directories should be owned by an appropriate group |
list of groups |
via chgrp via chown |
NaN |
10.8.10-1 A.1 2) #14 |
| CCE-5626-7 |
/etc/services file should be owned by an appropriate user |
list of users |
via chown |
NaN |
10.8.10-1 A.1 2) #16 |
| CCE-5957-6 |
/etc/services file should be owned by an appropriate group |
list of groups |
via chgrp via chown |
NaN |
10.8.10-1 A.1 2) #16 |
| CCE-5740-6 |
/etc/notrouter file should be owned by an appropriate user |
list of users |
via chown |
NaN |
10.8.10-1 A.1 2) #18 |
| CCE-5090-6 |
/etc/notrouter file should be owned by an appropriate group |
list of groups |
via chgrp via chown |
NaN |
10.8.10-1 A.1 2) #18 |
| CCE-6086-3 |
/etc/samba/smb.conf file should be owned by an appropriate user |
list of users |
via chown |
NaN |
10.8.10-1 A.1 2) #21 |
| CCE-6055-8 |
/etc/samba/smb.conf file should be owned by an appropriate group |
list of groups |
via chgrp via chown |
NaN |
10.8.10-1 A.1 2) #21 |
| CCE-6024-4 |
smbpasswd executable should be owned by an appropriate user |
list of users |
via chown |
NaN |
10.8.10-1 A.1 2) #22 |
| CCE-5839-6 |
smbpasswd executable should be owned by an appropriate group |
list of groups |
via chgrp via chown |
NaN |
10.8.10-1 A.1 2) #22 |
| CCE-5091-4 |
aliases file should be owned by an appropriate user |
list of users |
via chown |
NaN |
10.8.10-1 A.1 2) #24 |
| CCE-5497-3 |
aliases file should be owned by an appropriate group |
list of groups |
via chgrp via chown |
NaN |
10.8.10-1 A.1 2) #24 |
| CCE-6029-3 |
The log file configured to capture critical sendmail messages should be owned by the appropriate user. |
list of users |
via chown |
NaN |
10.8.10-1 A.1 2) #25 |
| CCE-5116-9 |
The log file configured to capture critical sendmail messages should be owned by the appropriate group. |
list of groups |
via chgrp via chown |
NaN |
10.8.10-1 A.1 2) #25 |
| CCE-5154-0 |
Programs executed through aliases file entries should be owned by an appropriate user |
list of users |
via chown |
NaN |
10.8.10-1 A.1 2) #26 |
| CCE-6013-7 |
Programs executed through aliases file entries should be owned by an appropriate group |
list of groups |
via chgrp via chown |
NaN |
10.8.10-1 A.1 2) #26 |
| CCE-5999-8 |
Shell files should be owned by an appropriate user |
list of users |
via chown |
NaN |
10.8.10-1 A.1 2) #27 |
| CCE-6003-8 |
Shell files should be owned by an appropriate group |
list of groups |
via chgrp via chown |
NaN |
10.8.10-1 A.1 2) #27 |
| CCE-6096-2 |
snmpd.conf file should be owned by an appropriate user |
list of users |
via chown |
NaN |
10.8.10-1 A.1 2) #29 |
| CCE-6107-7 |
snmpd.conf file should be owned by an appropriate group |
list of groups |
via chgrp via chown |
NaN |
10.8.10-1 A.1 2) #29 |
| CCE-5171-4 |
/etc/syslog.conf file should be owned by an appropriate user |
list of users |
via chown |
NaN |
10.8.10-1 A.1 2) #30 |
| CCE-5688-7 |
/etc/syslog.conf file should be owned by an appropriate group |
list of groups |
via chgrp via chown |
NaN |
10.8.10-1 A.1 2) #30 |
| CCE-5185-4 |
traceroute executable should be owned by an appropriate user |
list of users |
via chown |
NaN |
10.8.10-1 A.1 2) #31 |
| CCE-5671-3 |
traceroute executable should be owned by an appropriate group |
list of groups |
via chgrp via chown |
NaN |
10.8.10-1 A.1 2) #31 |
| CCE-5706-7 |
/usr/lib/sendmail file should be owned by an appropriate user |
list of users |
via chown |
NaN |
10.8.10-1 A.1 2) #32 |
| CCE-6177-0 |
/usr/lib/sendmail file should be owned by an appropriate group |
list of groups |
via chgrp via chown |
NaN |
10.8.10-1 A.1 2) #32 |
| CCE-5860-2 |
/etc/passwd file should be owned by an appropriate user |
list of users |
via chown |
NaN |
10.8.10-1 A.1 2) #35 |
| CCE-6146-5 |
/etc/passwd file should be owned by an appropriate group |
list of groups |
via chgrp via chown |
NaN |
10.8.10-1 A.1 2) #35 |
| CCE-5992-3 |
/etc/shadow file should be owned by an appropriate user |
list of users |
via chown |
NaN |
10.8.10-1 A.1 2) #36 |
| CCE-5615-0 |
/etc/shadow file should be owned by an appropriate group |
list of groups |
via chgrp via chown |
NaN |
10.8.10-1 A.1 2) #36 |
| CCE-5580-6 |
smbpasswd file should be owned by an appropriate user |
list of users |
via chown |
NaN |
10.8.10-1 A.1 2) #37 |
| CCE-5191-2 |
smbpasswd file should be owned by an appropriate group |
list of groups |
via chgrp via chown |
NaN |
10.8.10-1 A.1 2) #37 |
| CCE-6088-9 |
Environmental variable PATH for superuser accounts should or should not contain world-writable files as appropriate |
should/should not |
via chmod via profile |
NaN |
10.8.10-1 A.2 1) #1 |
| CCE-6044-2 |
Environmental variable PATH for superuser accounts should not contain the current directory as the first or last entry |
should/should not |
via local init files |
NaN |
10.8.10-1 A.2 1) #2 |
| CCE-5195-3 |
The current working directory should or should not be added to the environmental variable PATH by global initialization files as appropriate |
should/should not |
via local init files |
NaN |
10.8.10-1 A.2 1) #3 |
| CCE-6012-9 |
The current working directory should or should not be added to the environmental variable PATH by local initialization files as appropriate |
should/should not |
via local init files |
NaN |
10.8.10-1 A.2 1) #4 |
| CCE-5361-1 |
DEPRECATED. |
NaN |
NaN |
NaN |
NaN |
| CCE-5204-3 |
The current working directory should or should not be added to the environmental variable PATH by run control scripts as appropriate |
should/should not |
NaN |
NaN |
10.8.10-1 A.2 1) #7 |
| CCE-6087-1 |
The system umask should be set appropriately |
umask |
via global init files |
NaN |
10.8.10-1 A.2 1) #8 |
| CCE-6056-6 |
The user umask should be set appropriately |
umask |
via local init files |
NaN |
10.8.10-1 A.2 1) #8 |
| CCE-5816-4 |
The cron.allow file should be configured with the set of users permitted to use the cron facility as appropriate. |
list of users |
Text editor |
NaN |
NaN |
| CCE-5785-1 |
The cron.deny file should be configured with the set of users not permitted to use the cron facility as appropriate. |
list of users |
Text editor |
NaN |
NaN |
| CCE-5661-4 |
Cron logging should be enabled or disabled as appropriate |
enabled/disabled |
NaN |
NaN |
10.8.10-1 A.3 4) |
| CCE-5877-6 |
The at.allow file should be configured with the set of users permitted to use the at facility as appropriate. |
list of users |
Text editor |
NaN |
NaN |
| CCE-5600-2 |
The at.deny file should be configured with the set of users not permitted to use the at facility as appropriate. |
list of users |
Text editor |
NaN |
NaN |
| CCE-5489-0 |
/etc/security/audit/config file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-5 E.1 1) #1 |
| CCE-6066-5 |
/etc/security/audit/events file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-5 E.1 1) #2 |
| CCE-6084-8 |
/etc/security/audit/objects file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-5 E.1 1) #3 |
| CCE-5819-8 |
/usr/lib/trcload file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-5 E.1 1) #5 |
| CCE-5648-1 |
/usr/lib/semutil file permissions should be set appropriately |
permissions |
via chmod |
NaN |
10.8.10-5 E.1 1) #6 |
| CCE-5205-0 |
/etc/security/audit/config file should be owned by an appropriate user |
list of users |
via chown |
NaN |
10.8.10-5 E.1 1) #1 |
| CCE-5548-3 |
/etc/security/audit/events file should be owned by an appropriate user |
list of users |
via chgrp via chown |
NaN |
10.8.10-5 E.1 1) #2 |
| CCE-6085-5 |
/etc/security/audit/objects file should be owned by an appropriate user |
list of users |
via chown |
NaN |
10.8.10-5 E.1 1) #3 |
| CCE-5926-1 |
/usr/lib/trcload file should be owned by an appropriate user |
list of users |
via chown |
NaN |
10.8.10-5 E.1 1) #5 |
| CCE-5224-1 |
/usr/lib/semutil file should be owned by an appropriate user |
list of users |
via chown |
NaN |
10.8.10-5 E.1 1) #6 |
| CCE-6037-6 |
/etc/security/audit/config file should be owned by an appropriate group |
list of groups |
via chown |
NaN |
10.8.10-5 E.1 1) #1 |
| CCE-6011-1 |
/etc/security/audit/events file should be owned by an appropriate group |
list of groups |
via chgrp via chown |
NaN |
10.8.10-5 E.1 1) #2 |
| CCE-5980-8 |
/etc/security/audit/objects file should be owned by an appropriate group |
list of groups |
via chgrp via chown |
NaN |
10.8.10-5 E.1 1) #3 |
| CCE-6103-6 |
/usr/lib/trcload file should be owned by an appropriate group |
list of groups |
via chgrp via chown |
NaN |
10.8.10-5 E.1 1) #5 |
| CCE-5945-1 |
/usr/lib/semutil file should be owned by an appropriate group |
list of groups |
via chgrp via chown |
NaN |
10.8.10-5 E.1 1) #6 |
| CCE-6079-8 |
The authentication mechanism (SYSTEM attribute) should be set appropriately for each user |
authentication system |
via /etc/security/user |
NaN |
10.8.10-5 E.1 2) |
| CCE-6158-0 |
Trusted Computing Base should be installed or not as appropriate |
installed/not installed |
via /etc/security/user |
NaN |
10.8.10-5 E.2 1) |
| CCE-5484-1 |
Auditing should be enabled or disabled as appropriate in runcontrol scripts |
enabled/disabled |
via /etc/inittab via RC scripts |
NaN |
10.8.10-5 E.3 1) |
| CCE-5378-5 |
BIN mode auditing should be enabled or disabled as appropriate |
enabled/disabled |
via /etc/security/audit/config |
NaN |
10.8.10-5 E.3 2) |
| CCE-5235-7 |
Accounts should be present or absent from the audit config file as appropriate |
present/absent |
via /etc/security/audit/config |
NaN |
10.8.10-5 E.3 3) |
| CCE-5913-9 |
System logons should be audited or not as appropriate |
audited/not audited |
via /etc/security/audit/config |
NaN |
10.8.10-5 E.3 4) #1 |
| CCE-5993-1 |
System logoffs should be audited or not as appropriate |
audited/not audited |
via /etc/security/audit/config |
NaN |
10.8.10-5 E.3 4) #2 |
| CCE-5693-7 |
Password changes should be audited or not as appropriate |
audited/not audited |
via /etc/security/audit/config |
NaN |
10.8.10-5 E.3 4) #3 |
| CCE-6230-7 |
su usage should be audited or not as appropriate |
audited/not audited |
via /etc/security/audit/config |
NaN |
10.8.10-5 E.3 4) #4 |
| CCE-5697-8 |
Creation/modification of superuser groups should be audited or not as appropriate |
audited/not audited |
via /etc/security/audit/config |
NaN |
10.8.10-5 E.3 4) #5 |
| CCE-6197-8 |
Startup/shutdown of audit functions should be audited or not as appropriate |
audited/not audited |
via /etc/security/audit/config |
NaN |
10.8.10-5 E.3 4) #9 |
| CCE-5889-1 |
Certificate revocation should be audited or not as appropriate |
audited/not audited |
via /etc/security/audit/config |
NaN |
10.8.10-5 E.3 4) #10 |
| CCE-6109-3 |
Remote access from outside the corporate network should be audited or not as appropriate |
audited/not audited |
via /etc/security/audit/config |
NaN |
10.8.10-5 E.3 4) #11 |
| CCE-5242-3 |
Use of chown command should be audited or not as appropriate |
audited/not audited |
via /etc/security/audit/config |
NaN |
10.8.10-5 E.3 4) #13 |
| CCE-6213-3 |
File permissions of the rcp binary should be set correctly |
permissions |
via chmod |
NaN |
10.8.10-5 E.4 1) |
| CCE-5680-4 |
File permissions of the rlogin binary should be set correctly |
permissions |
via chmod |
NaN |
10.8.10-5 E.4 1) |
| CCE-5591-3 |
File permissions of the rlogind binary should be set correctly |
permissions |
via chmod |
NaN |
10.8.10-5 E.4 1) |
| CCE-5543-4 |
File permissions of the rsh binary should be set correctly |
permissions |
via chmod |
NaN |
10.8.10-5 E.4 1) |
| CCE-5934-5 |
File permissions of the rshd binary should be set correctly |
permissions |
via chmod |
NaN |
10.8.10-5 E.4 1) |
| CCE-6009-5 |
File permissions of the tftp binary should be set correctly |
permissions |
via chmod |
NaN |
10.8.10-5 E.4 1) |
| CCE-5996-4 |
File permissions of the tftpd binary should be set correctly |
permissions |
via chmod |
NaN |
10.8.10-5 E.4 1) |
| CCE-6135-8 |
Global initialization files should allow or deny write access to the terminal as appropriate |
allow/deny |
via global init files |
NaN |
10.8.10-5 E.5 1) #1 |
| CCE-5963-4 |
Netrc should be configured with an appropriate set of services |
list of services |
via /etc/security/sysck.cfg |
NaN |
10.8.10-5 E.4 1) |
| CCE-6104-4 |
Change of file ownership should be audited or not as appropriate |
audited/not audited |
via /etc/security/audit/config |
NaN |
10.8.10-5 E.3 4) #13 |
| CCE-5324-9 |
Use of chmod command should be audited or not as appropriate |
audited/not audited |
via /etc/security/audit/config |
NaN |
10.8.10-5 E.3 4) #13 |
| CCE-6170-5 |
Certificate creation should be audited or not as appropriate |
audited/not audited |
via /etc/security/audit/config |
NaN |
10.8.10-5 E.3 4) #10 |
| CCE-5243-1 |
Certificate deletion should be audited or not as appropriate |
audited/not audited |
via /etc/security/audit/config |
NaN |
10.8.10-5 E.3 4) #10 |
| CCE-6016-0 |
Certificate retrieval should be audited or not as appropriate |
audited/not audited |
via /etc/security/audit/config |
NaN |
10.8.10-5 E.3 4) #10 |
| CCE-6174-7 |
Startup or shutdown of the audit process should be audited or not as appropriate |
audited/not audited |
via /etc/security/audit/config |
NaN |
10.8.10-5 E.3 4) #9 |
| CCE-5245-6 |
Use of chgrp should be audited or not as appropriate |
audited/not audited |
via /etc/security/audit/config |
NaN |
10.8.10-5 E.3 4) #5 |
| CCE-5253-0 |
Use of mkgroup should be audited or not as appropriate |
audited/not audited |
via /etc/security/audit/config |
NaN |
10.8.10-5 E.3 4) #5 |
| CCE-6189-5 |
Use of rmgroup should be audited or not as appropriate |
audited/not audited |
via /etc/security/audit/config |
NaN |
10.8.10-5 E.3 4) #5 |
| CCE-6035-0 |
Use of change user functions should be audited or not as appropriate |
audited/not audited |
via /etc/security/audit/config |
NaN |
10.8.10-5 E.3 4) #4 |
| CCE-6100-2 |
Terminal logoffs should be audited or not as appropriate |
audited/not audited |
via /etc/security/audit/config |
NaN |
10.8.10-5 E.3 4) #2 |
| CCE-6157-2 |
Exit function usage should be audited or not as appropriate |
audited/not audited |
via /etc/security/audit/config |
NaN |
10.8.10-5 E.3 4) #2 |
| CCE-6156-4 |
Hard core dump size limits should be set appropriately |
Size (0 to disable core dumps) |
via /etc/security/limits ulimit |
NaN |
10.8.10.4.4 (3) |
| CCE-5751-3 |
Remote root logins via SSH should be allowed or not as appropriate. |
allowed/not allowed |
via /etc/ssh/sshd_config |
NaN |
10.8.10.5.2.6 (4) |