| Oval Definition Results |
|
| OVAL ID |
Result |
Class |
Reference ID |
Title |
| oval:org.open-scap.rhel6:def:1127 |
true |
compliance |
CCE-4292-9
|
Enable the auditd Service
|
| oval:org.open-scap.rhel6:def:1126 |
true |
compliance |
CCE-4182-2
|
Ensure All Logs are Rotated by logrotate
|
| oval:org.open-scap.rhel6:def:1122 |
true |
compliance |
CCE-18240-2
|
Confirm Existence and Permissions of System Log Files
|
| oval:org.open-scap.rhel6:def:1121 |
true |
compliance |
CCE-4366-1
|
Confirm Existence and Permissions of System Log Files
|
| oval:org.open-scap.rhel6:def:1120 |
true |
compliance |
TBD
|
Configure Rsyslog
|
| oval:org.open-scap.rhel6:def:1112 |
true |
compliance |
CCE-4189-7
|
Inspect and Activate Default Rules
|
| oval:org.open-scap.rhel6:def:1111 |
true |
compliance |
CCE-4167-3
|
Verify ip6tables is enabled
|
| oval:org.open-scap.rhel6:def:1109 |
true |
compliance |
CCE-4287-9
|
Limit Network-Transmitted Configuration
|
| oval:org.open-scap.rhel6:def:1108 |
true |
compliance |
CCE-3895-0
|
Limit Network-Transmitted Configuration
|
| oval:org.open-scap.rhel6:def:1107 |
true |
compliance |
CCE-4287-9
|
Limit Network-Transmitted Configuration
|
| oval:org.open-scap.rhel6:def:1106 |
true |
compliance |
CCE-4128-5
|
Limit Network-Transmitted Configuration
|
| oval:org.open-scap.rhel6:def:1105 |
true |
compliance |
CCE-4058-4
|
Limit Network-Transmitted Configuration
|
| oval:org.open-scap.rhel6:def:1104 |
true |
compliance |
CCE-4221-8
|
Limit Network-Transmitted Configuration
|
| oval:org.open-scap.rhel6:def:1103 |
true |
compliance |
CCE-4159-0
|
Limit Network-Transmitted Configuration
|
| oval:org.open-scap.rhel6:def:1099 |
true |
compliance |
CCE-3840-6
|
Network Parameters for Hosts and Routers
|
| oval:org.open-scap.rhel6:def:1097 |
true |
compliance |
CCE-4265-5
|
Network Parameters for Hosts and Routers
|
| oval:org.open-scap.rhel6:def:1096 |
true |
compliance |
CCE-4133-5
|
Network Parameters for Hosts and Routers
|
| oval:org.open-scap.rhel6:def:1095 |
true |
compliance |
CCE-3644-2
|
Network Parameters for Hosts and Routers
|
| oval:org.open-scap.rhel6:def:1094 |
true |
compliance |
CCE-4320-8
|
Network Parameters for Hosts and Routers
|
| oval:org.open-scap.rhel6:def:1093 |
true |
compliance |
CCE-3339-9
|
Network Parameters for Hosts and Routers
|
| oval:org.open-scap.rhel6:def:1092 |
true |
compliance |
CCE-4186-3
|
Network Parameters for Hosts and Routers
|
| oval:org.open-scap.rhel6:def:1091 |
true |
compliance |
CCE-4091-5
|
Network Parameters for Hosts and Routers
|
| oval:org.open-scap.rhel6:def:1090 |
true |
compliance |
CCE-4320-8
|
Network Parameters for Hosts and Routers
|
| oval:org.open-scap.rhel6:def:1089 |
true |
compliance |
CCE-3472-8
|
Network Parameters for Hosts and Routers
|
| oval:org.open-scap.rhel6:def:1087 |
true |
compliance |
CCE-4236-6
|
Network Parameters for Hosts and Routers
|
| oval:org.open-scap.rhel6:def:1083 |
true |
compliance |
CCE-3668-1
|
Disable MCS Translation Service (mcstrans) if Possible
|
| oval:org.open-scap.rhel6:def:1081 |
true |
compliance |
CCE-3624-4
|
Set SELinux Polixy
|
| oval:org.open-scap.rhel6:def:1080 |
true |
compliance |
CCE-3999-0
|
Enable SELinux state
|
| oval:org.open-scap.rhel6:def:1079 |
true |
compliance |
CCE-3977-6
|
Enable SELinux
|
| oval:org.open-scap.rhel6:def:1066 |
true |
compliance |
CCE-3923-0
|
Set Boot Configuration Permissions
|
| oval:org.open-scap.rhel6:def:1065 |
true |
compliance |
CCE-4197-0
|
Set Boot Configuration Group
|
| oval:org.open-scap.rhel6:def:1064 |
true |
compliance |
CCE-4144-2
|
Set Boot Loader Configuration Owner
|
| oval:org.open-scap.rhel6:def:1063 |
true |
compliance |
TBD
|
Ensure that Users Don't have .netrc files
|
| oval:org.open-scap.rhel6:def:1061 |
true |
compliance |
CCE-14107-7
|
Ensure that Users Have Sensible Umask Values in /etc/login.defs
|
| oval:org.open-scap.rhel6:def:1060 |
true |
compliance |
CCE-4227-5
|
Ensure that Users Have Sensible Umask Values set for csh
|
| oval:org.open-scap.rhel6:def:1059 |
true |
compliance |
|
Ensure that Users Have Sensible Umask Values set for bash
|
| oval:org.open-scap.rhel6:def:1056 |
true |
compliance |
CCE-14957-5
|
Write permissions are disabled for group and other in all directories in Root's Path
|
| oval:org.open-scap.rhel6:def:1055 |
true |
compliance |
CCE-3301-9
|
Ensure that No Dangerous Directories Exist in Root's Path
|
| oval:org.open-scap.rhel6:def:1045 |
true |
compliance |
CCE-15054-0
|
Set Password retry Requirements
|
| oval:org.open-scap.rhel6:def:1044 |
true |
compliance |
CCE-4097-2
|
Set Password Expiration Parameters
|
| oval:org.open-scap.rhel6:def:1043 |
true |
compliance |
CCE-4092-3
|
Set Password Expiration Parameters
|
| oval:org.open-scap.rhel6:def:1042 |
true |
compliance |
CCE-4180-6
|
Set Password Expiration Parameters
|
| oval:org.open-scap.rhel6:def:1041 |
true |
compliance |
CCE-4009-7
|
Verify that No Non-Root Accounts Have UID 0
|
| oval:org.open-scap.rhel6:def:1040 |
true |
compliance |
CCE-14300-8
|
Verify that All Account Password Hashes are Shadowed
|
| oval:org.open-scap.rhel6:def:1039 |
true |
compliance |
CCE-4238-2
|
Verify that No Accounts Have Empty Password Fields
|
| oval:org.open-scap.rhel6:def:1036 |
true |
compliance |
CCE-14088-9
|
Limit su Access to the wheel group
|
| oval:org.open-scap.rhel6:def:1033 |
true |
compliance |
CCE-4146-7
|
Enable ExecShield randomized placement of virtual memory regions
|
| oval:org.open-scap.rhel6:def:1032 |
true |
compliance |
CCE-4168-1
|
Enable ExecShield
|
| oval:org.open-scap.rhel6:def:1031 |
true |
compliance |
CCE-4247-3
|
Disable Core Dumps for setuid programs
|
| oval:org.open-scap.rhel6:def:1029 |
true |
compliance |
CCE-4220-0
|
Set Daemon umask
|
| oval:org.open-scap.rhel6:def:1028 |
true |
compliance |
CCE-14794-2
|
Find world writable directories not owned by a system account
|
| oval:org.open-scap.rhel6:def:1027 |
true |
compliance |
CCE-3573-3
|
Find files unowned by a group
|
| oval:org.open-scap.rhel6:def:1026 |
true |
compliance |
CCE-4223-4
|
Find files unowned by a user
|
| oval:org.open-scap.rhel6:def:1024 |
true |
compliance |
CCE-4178-0
|
Find Unauthorized SGID System Executables
|
| oval:org.open-scap.rhel6:def:1021 |
true |
compliance |
CCE-3566-7
|
Verify permissions on 'passwd' file
|
| oval:org.open-scap.rhel6:def:1020 |
true |
compliance |
CCE-3932-1
|
Verify permissions on 'gshadow' file
|
| oval:org.open-scap.rhel6:def:1019 |
true |
compliance |
CCE-3967-7
|
Verify permissions on 'group' file
|
| oval:org.open-scap.rhel6:def:1018 |
true |
compliance |
CCE-4130-1
|
Verify permissions on 'shadow' file
|
| oval:org.open-scap.rhel6:def:1017 |
true |
compliance |
CCE-3495-9
|
Verify group who owns 'passwd' file
|
| oval:org.open-scap.rhel6:def:1016 |
true |
compliance |
CCE-3958-6
|
Verify user who owns 'passwd' file
|
| oval:org.open-scap.rhel6:def:1015 |
true |
compliance |
CCE-4064-2
|
Verify group who owns 'gshadow' file
|
| oval:org.open-scap.rhel6:def:1014 |
true |
compliance |
CCE-4210-1
|
Verify user who owns 'gshadow' file
|
| oval:org.open-scap.rhel6:def:1013 |
true |
compliance |
CCE-3883-6
|
Verify group who owns 'group' file
|
| oval:org.open-scap.rhel6:def:1012 |
true |
compliance |
CCE-3276-3
|
Verify user who owns 'group' file
|
| oval:org.open-scap.rhel6:def:1011 |
true |
compliance |
CCE-3988-3
|
Verify group who owns 'shadow' file
|
| oval:org.open-scap.rhel6:def:1010 |
true |
compliance |
CCE-3918-0
|
Verify user who owns 'shadow' file
|
| oval:org.open-scap.rhel6:def:1007 |
true |
compliance |
TBD
|
Ensure gpgcheck is Globally Activated
|
| oval:org.open-scap.rhel6:def:1005 |
true |
compliance |
TBD
|
Ensure that GPG Key for Red Hat is installed
|
| oval:org.open-scap.rhel6:def:1142 |
not evaluated |
compliance |
CCE-14692-8
|
Make the auditd Configuration Immutable
|
| oval:org.open-scap.rhel6:def:1141 |
not evaluated |
compliance |
CCE-14688-6
|
Ensure auditd Collects Information on Kernel Module Loading and Unloading
|
| oval:org.open-scap.rhel6:def:1140 |
not evaluated |
compliance |
CCE-14824-7
|
Ensure auditd Collects System Administrator Actions
|
| oval:org.open-scap.rhel6:def:1139 |
not evaluated |
compliance |
CCE-14820-5
|
Ensure auditd Collects Files Deletion Events by User (successful and unsuccessful)
|
| oval:org.open-scap.rhel6:def:1138 |
not evaluated |
compliance |
CCE-14569-8
|
Ensure auditd Collects Information on Exporting to Media (successful)
|
| oval:org.open-scap.rhel6:def:1137 |
not evaluated |
compliance |
CCE-14296-8
|
Ensure auditd Collects Information on the Use of Privileged Commands
|
| oval:org.open-scap.rhel6:def:1136 |
not evaluated |
compliance |
CCE-14917-9
|
Ensure auditd Collects Unauthorized Access Attempts to Files (unsuccessful)
|
| oval:org.open-scap.rhel6:def:1135 |
not evaluated |
compliance |
CCE-14058-2
|
Ensure auditd Collects Discretionary Access Control Permission Modification Events
|
| oval:org.open-scap.rhel6:def:1134 |
not evaluated |
compliance |
CCE-14679-5
|
Ensure auditd Collects Process and Session Initiation Information
|
| oval:org.open-scap.rhel6:def:1133 |
not evaluated |
compliance |
CCE-14904-7
|
Ensure auditd Collects Logon and Logout Events
|
| oval:org.open-scap.rhel6:def:1132 |
not evaluated |
compliance |
CCE-14821-3
|
Record Events that Modify the System’s Mandatory Access Controls
|
| oval:org.open-scap.rhel6:def:1131 |
not evaluated |
compliance |
CCE-14816-3
|
Record Events that Modify the System’s Network Environment
|
| oval:org.open-scap.rhel6:def:1130 |
not evaluated |
compliance |
CCE-14829-6
|
Record Events that Modify User/Group Information
|
| oval:org.open-scap.rhel6:def:1129 |
not evaluated |
compliance |
CCE-14051-7
|
Records Events that Modify Date and Time Information
|
| oval:org.open-scap.rhel6:def:1128 |
not evaluated |
compliance |
CCE-15026-8
|
Enable Auditing for Processes Which Start Prior to the Audit Daemon
|
| oval:org.open-scap.rhel6:def:1124 |
not evaluated |
compliance |
CCE-17248-6
|
Send Logs to a Remote Loghost
|
| oval:org.open-scap.rhel6:def:1123 |
not evaluated |
compliance |
CCE-18095-0
|
Confirm Existence and Permissions of System Log Files
|
| oval:org.open-scap.rhel6:def:1119 |
not evaluated |
compliance |
CCE-14027-7
|
Disable Support for RDS
|
| oval:org.open-scap.rhel6:def:1118 |
not evaluated |
compliance |
CCE-14132-5
|
Disable Support for SCTP
|
| oval:org.open-scap.rhel6:def:1117 |
not evaluated |
compliance |
CCE-14268-7
|
Disable Support for DCCP
|
| oval:org.open-scap.rhel6:def:1116 |
not evaluated |
compliance |
TBD
|
Log and Drop All Other Packets
|
| oval:org.open-scap.rhel6:def:1115 |
not evaluated |
compliance |
TBD
|
Restrict ICMP message types
|
| oval:org.open-scap.rhel6:def:1114 |
not evaluated |
compliance |
TBD
|
Change the default policy to DROP (from ACCEPT) for the FORWARD built-in chain
|
| oval:org.open-scap.rhel6:def:1113 |
not evaluated |
compliance |
CCE-14264-6
|
Change the default policy to DROP (from ACCEPT) for the INPUT built-in chain
|
| oval:org.open-scap.rhel6:def:1110 |
not evaluated |
compliance |
TBD
|
Reject Connections in TCP Wrapper by Default
|
| oval:org.open-scap.rhel6:def:1102 |
not evaluated |
compliance |
|
Disable Automatic Configuration
|
| oval:org.open-scap.rhel6:def:1101 |
not evaluated |
compliance |
CCE-3562-6
|
Disable Automatic Loading of IPv6 Kernel Module
|
| oval:org.open-scap.rhel6:def:1100 |
not evaluated |
compliance |
CCE-4276-2
|
Deactivate Wireless Interfaces
|
| oval:org.open-scap.rhel6:def:1098 |
not evaluated |
compliance |
CCE-4080-8
|
Network Parameters for Hosts and Routers
|
| oval:org.open-scap.rhel6:def:1088 |
not evaluated |
compliance |
CCE-4217-6
|
Network Parameters for Hosts and Routers
|
| oval:org.open-scap.rhel6:def:1086 |
not evaluated |
compliance |
CCE-3561-8
|
Network Parameters for Hosts Only
|
| oval:org.open-scap.rhel6:def:1085 |
not evaluated |
compliance |
CCE-4155-8
|
Network Parameters for Hosts Only
|
| oval:org.open-scap.rhel6:def:1084 |
not evaluated |
compliance |
CCE-4151-7
|
Network Parameters for Hosts Only
|
| oval:org.open-scap.rhel6:def:1082 |
not evaluated |
compliance |
CCE-4148-3
|
Remove SETroubleshoot if Possible
|
| oval:org.open-scap.rhel6:def:1078 |
not evaluated |
compliance |
CCE-4188-9
|
Implement a GUI Warning Banner
|
| oval:org.open-scap.rhel6:def:1077 |
not evaluated |
compliance |
CCE-4060-0
|
Modify the System Login Banner
|
| oval:org.open-scap.rhel6:def:1076 |
not evaluated |
compliance |
CCE-3910-7
|
Configure GUI Screen Locking
|
| oval:org.open-scap.rhel6:def:1075 |
not evaluated |
compliance |
CCE-14735-5
|
Implement blank screen saver
|
| oval:org.open-scap.rhel6:def:1074 |
not evaluated |
compliance |
CCE-14023-6
|
Lock the screensaver with a password
|
| oval:org.open-scap.rhel6:def:1073 |
not evaluated |
compliance |
CCE-14604-3
|
Implement idle activation of screen saver
|
| oval:org.open-scap.rhel6:def:1072 |
not evaluated |
compliance |
CCE-3315-9
|
Configure GUI Screen Locking
|
| oval:org.open-scap.rhel6:def:1071 |
not evaluated |
compliance |
CCE-3707-7
|
Implement Inactivity Time-out for C Shells
|
| oval:org.open-scap.rhel6:def:1070 |
not evaluated |
compliance |
CCE-3707-7
|
Implement Inactivity Time-out for Bourne Shells
|
| oval:org.open-scap.rhel6:def:1069 |
not evaluated |
compliance |
CCE-4245-7
|
Disable Interactive Boot
|
| oval:org.open-scap.rhel6:def:1068 |
not evaluated |
compliance |
CCE-4241-6
|
Require Authentication for Single-User Mode
|
| oval:org.open-scap.rhel6:def:1067 |
not evaluated |
compliance |
CCE-3818-2
|
Set Boot Loader Password
|
| oval:org.open-scap.rhel6:def:1062 |
not evaluated |
compliance |
TBD
|
Ensure that Users Have Sensible Umask Values set in /etc/profile
|
| oval:org.open-scap.rhel6:def:1058 |
not evaluated |
compliance |
TBD
|
Ensure that User Dot-Files are not World-writable
|
| oval:org.open-scap.rhel6:def:1057 |
not evaluated |
compliance |
CCE-4090-7
|
Ensure that User Home Directories are not Group-Writable or World-Readable
|
| oval:org.open-scap.rhel6:def:1054 |
not evaluated |
compliance |
CCE-14939-3
|
Limit password reuse
|
| oval:org.open-scap.rhel6:def:1053 |
not evaluated |
compliance |
CCE-14063-2
|
Set Password hashing algorithm
|
| oval:org.open-scap.rhel6:def:1052 |
not evaluated |
compliance |
TBD
|
Set pam_passwdqc min parameter
|
| oval:org.open-scap.rhel6:def:1051 |
not evaluated |
compliance |
CCE-14701-7
|
Set Password difok Requirements
|
| oval:org.open-scap.rhel6:def:1050 |
not evaluated |
compliance |
CCE-14712-4
|
Set Password lcredit Requirements
|
| oval:org.open-scap.rhel6:def:1049 |
not evaluated |
compliance |
CCE-14122-6
|
Set Password ocredit Requirements
|
| oval:org.open-scap.rhel6:def:1048 |
not evaluated |
compliance |
CCE-14672-0
|
Set Password ucredit Requirements
|
| oval:org.open-scap.rhel6:def:1047 |
not evaluated |
compliance |
CCE-14113-5
|
Set Password dcredit Requirements
|
| oval:org.open-scap.rhel6:def:1046 |
not evaluated |
compliance |
CCE-4154-1
|
Set Minimum Password Length Requirement
|
| oval:org.open-scap.rhel6:def:1038 |
not evaluated |
compliance |
CCE-3987-5
|
Block Shell and Login Access for Non-Root System Accounts
|
| oval:org.open-scap.rhel6:def:1037 |
not evaluated |
compliance |
CCE-15047-4
|
Limit command Access to the Root Account
|
| oval:org.open-scap.rhel6:def:1034 |
not evaluated |
compliance |
TBD
|
Prevent Root Logins to Virtual Consoles
|
| oval:org.open-scap.rhel6:def:1030 |
not evaluated |
compliance |
CCE-4225-9
|
Disable Core Dumps
|
| oval:org.open-scap.rhel6:def:1009 |
not evaluated |
compliance |
CCE-14931-0
|
Verify Package Integrity Using RPM
|
| oval:org.open-scap.rhel6:def:1006 |
not evaluated |
compliance |
CCE-3416-5
|
Disable the rhnsd Daemon
|
| oval:org.open-scap.rhel6:def:1004 |
not evaluated |
compliance |
TBD
|
Ensure that /home has its own partition or logical volume
|
| oval:org.open-scap.rhel6:def:1003 |
not evaluated |
compliance |
TBD
|
Ensure that /var/log/audit has its own partition or logical volume
|
| oval:org.open-scap.rhel6:def:1002 |
not evaluated |
compliance |
TBD
|
Ensure that /var/log has its own partition or logical volum
|
| oval:org.open-scap.rhel6:def:1001 |
not evaluated |
compliance |
TBD
|
Ensure that /var has its own partition or logical volume
|
| oval:org.open-scap.rhel6:def:1000 |
not evaluated |
compliance |
TBD
|
Ensure that /tmp has its own partition or logical volume
|
| oval:org.open-scap.rhel6:def:1125 |
false |
compliance |
CCE-17248-6
|
Rsyslog shouldn't be run in a compatibility mode
|
| oval:org.open-scap.rhel6:def:1035 |
false |
compliance |
TBD
|
Prevent Root Logins to Serial Consoles
|
| oval:org.open-scap.rhel6:def:1025 |
false |
compliance |
CCE-3324-1
|
Find Unauthorized SUID System Executables
|
| oval:org.open-scap.rhel6:def:1023 |
false |
compliance |
CCE-3795-2
|
Find Unauthorized World-Writable Files
|
| oval:org.open-scap.rhel6:def:1022 |
false |
compliance |
CCE-3399-3
|
Verify that All World-Writable Directories Have Sticky Bits Set
|
| oval:org.open-scap.rhel6:def:1008 |
false |
compliance |
TBD
|
Ensure Package Signature Checking is Not Disabled For Any Repos
|