cpe:/a:open-scap:oscap5.82013-02-05T13:44:58vim5.82011-03-06T12:00:00-04:00Make the auditd Configuration ImmutableForce a reboot to change audit rules is enabledEnsure auditd Collects Information on Kernel Module Loading and UnloadingAudit rules about the Information on Kernel Module Loading and Unloading.Ensure auditd Collects System Administrator ActionsAudit rules about the System Administrator Actions are enabledEnsure auditd Collects Files Deletion Events by User (successful and unsuccessful)Audit rules about the Files Deletion Events by User (successful and unsuccessful) are enabledEnsure auditd Collects Information on Exporting to Media (successful)Audit rules about the Information on Exporting to Media (successful) are enabledEnsure auditd Collects Information on the Use of Privileged CommandsAudit rules about the Information on the Use of Privileged Commands are enabledEnsure auditd Collects Unauthorized Access Attempts to Files (unsuccessful)Audit rules about the Unauthorized Access Attempts to Files (unsuccessful) are enabledEnsure auditd Collects Discretionary Access Control Permission Modification EventsAudit rules about the Discretionary Access Control Permission Modification Events are enabledEnsure auditd Collects Process and Session Initiation InformationAudit rules about the Process and Session Initiation Information are enabledEnsure auditd Collects Logon and Logout EventsAudit rules about the Logon and Logout Events are enabledRecord Events that Modify the System’s Mandatory Access ControlsAudit rules about the System’s Mandatory Access Controls are enabledRecord Events that Modify the System’s Network EnvironmentAudit rules about the System’s Network Environment are enabledRecord Events that Modify User/Group InformationAudit rules about User/Group Information are enabledRecords Events that Modify Date and Time InformationAudit rules about time are enabledEnable Auditing for Processes Which Start Prior to the Audit DaemonLook for argument audit=1 in the kernel line in /boot/grub/grub.confEnable the auditd ServiceThe auditd service should be enabled.Ensure All Logs are Rotated by logrotateThe logrotate (syslog rotater) service should be enabled.Rsyslog shouldn't be run in a compatibility modeAn appropriate compatibility mode, that matches the daemons current version should be specified
using the SYSLOGD_OPTION variable in /etc/sysconfig/rsyslog.
Send Logs to a Remote Loghost Syslog logs should be sent to a remote loghostConfirm Existence and Permissions of System Log Files File permissions for all syslog log files should be set correctly.Confirm Existence and Permissions of System Log Files All rsyslog log files should be owned by the appropriate group.Confirm Existence and Permissions of System Log Files All rsyslog log files should be owned by the appropriate user.Configure RsyslogThe rsyslog service should be enabled.Disable Support for RDSSupport for RDS should be disabled.Disable Support for SCTPSupport for SCTP should be disabled.Disable Support for DCCPSupport for DCCP should be disabled.Log and Drop All Other PacketsLog and drop packets that were not explicitly drop in the INPUT built-in chain.Restrict ICMP message typesAccept only some ICMP messages in the INPUT built-in chain.Change the default policy to DROP (from ACCEPT) for the FORWARD built-in chainChange the default policy to DROP (from ACCEPT) for the FORWARD built-in chain.Change the default policy to DROP (from ACCEPT) for the INPUT built-in chainChange the default policy to DROP (from ACCEPT) for the INPUT built-in chain.Inspect and Activate Default Rules The iptables service should be enabled.Verify ip6tables is enabledThe ip6tables service should be enabled.Reject Connections in TCP Wrapper by DefaultTCP wrapper should be configured to reject connections that were not explicitly allowedLimit Network-Transmitted ConfigurationThe default number of global unicast IPv6 addresses allowed per network interface should be set appropriately.Limit Network-Transmitted ConfigurationThe default number of IPv6 duplicate address detection solicitations for network interfaces to send per configured address should be set appropriately.Limit Network-Transmitted ConfigurationThe default setting for autoconfiguring network interfaces using prefix information in IPv6 router advertisements should be enabled or disabled as appropriate.Limit Network-Transmitted ConfigurationThe default setting for accepting a default router via IPv6 router advertisement should be enabled or disabled for network interfaces as appropriate.Limit Network-Transmitted ConfigurationThe default setting for accepting prefix information via IPv6 router advertisement should be enabled or disabled for network interfaces as appropriate.Limit Network-Transmitted ConfigurationThe default setting for accepting router preference via IPv6 router advertisement should be disabled for network interfaces.Limit Network-Transmitted ConfigurationThe default number of IPv6 router solicitations for network interfaces to send should be set appropriately.Disable Automatic ConfigurationAutomatic IPv6 configuration should be disabled by default.Disable Automatic Loading of IPv6 Kernel ModuleAutomatic loading of the IPv6 kernel module should be disabled.Deactivate Wireless InterfacesAll wireless interfaces should be disabled.Network Parameters for Hosts and RoutersThe default setting for performing source validation by reverse path should be enabled or disabled for network interfaces as appropriate.Network Parameters for Hosts and RoutersPerforming source validation by reverse path should be enabled or disabled for all interfaces as appropriate.Network Parameters for Hosts and RoutersSending TCP syncookies should be enabled or disabled as appropriate.Network Parameters for Hosts and RoutersIgnoring bogus ICMP responses to broadcasts should be enabled or disabled as appropriate.Network Parameters for Hosts and RoutersIgnoring ICMP echo requests (pings) sent to broadcast / multicast addresses should be enabled or disabled as appropriate.Network Parameters for Hosts and RoutersDefault logging of "martian" packets (those with impossible addresses) should be enabled or disabled for network interfaces as appropriate.Network Parameters for Hosts and RoutersThe default setting for accepting "secure" ICMP redirects (those from gateways listed in the default gateways list) should be enabled or disabled for network interfaces as appropriate.Network Parameters for Hosts and RoutersThe default setting for accepting ICMP redirects should be enabled or disabled for network interfaces as appropriate.Network Parameters for Hosts and RoutersThe default setting for accepting source routed packets should be enabled or disabled for network interfaces as appropriate.Network Parameters for Hosts and RoutersLogging of "martian" packets (those with impossible addresses) should be enabled or disabled for all interfaces as appropriate.Network Parameters for Hosts and RoutersAccepting "secure" ICMP redirects (those from gateways listed in the default gateways list) should be enabled or disabled for all interfaces as appropriate.Network Parameters for Hosts and RoutersAccepting ICMP redirects should be enabled or disabled for all interfaces as appropriate.Network Parameters for Hosts and RoutersAccepting source routed packets should be enabled or disabled for all interfaces as appropriate.Network Parameters for Hosts OnlyIP forwarding should be disabled.Network Parameters for Hosts OnlySending ICMP redirects should be disabled for all interfaces.Network Parameters for Hosts OnlyThe default setting for sending ICMP redirects should be disabled for network interfaces.Disable MCS Translation Service (mcstrans) if PossibleThe mcstrans service should be disabled.Remove SETroubleshoot if PossibleThe setroubleshoot package should be uninstalled.Set SELinux PolixyThe SELinux policy should be set appropriately.Enable SELinux stateThe SELinux state should be set appropriately.Enable SELinuxSELinux should not be disabled in /boot/grub/grub.confImplement a GUI Warning BannerThe direct GNOME login warning banner should be set correctly.Modify the System Login BannerThe system login banner text should be set correctly.Configure GUI Screen LockingThe vlock package should be installedImplement blank screen saverThe screen saver should be blank.Lock the screensaver with a passwordScreensaver should be locked with a password.Implement idle activation of screen saverIdle activation of the screen saver should be enabled.Configure GUI Screen LockingThe allowed period of inactivity for GNOME desktop lockout should be configured correctly.Implement Inactivity Time-out for C ShellsThe idle time-out value for the /bin/tcsh shell should meet the minimum requirements.Implement Inactivity Time-out for Bourne ShellsThe idle time-out value for the /bin/bash shell should meet the minimum requirements.Disable Interactive BootThe ability for users to perform interactive startups should be disabled.Require Authentication for Single-User ModeThe requirement for a password to boot into single-user mode should be configured correctly.Set Boot Loader PasswordThe grub boot loader should have password protection enabledSet Boot Configuration PermissionsFile permissions for /boot/grub/grub.conf should be set correctly.Set Boot Configuration GroupThe /boot/grub/grub.conf file should be owned by the appropriate group.Set Boot Loader Configuration OwnerThe /boot/grub/grub.conf file should be owned by the appropriate user.Ensure that Users Don't have .netrc filesNo user home directroy should contain a .netrc fileEnsure that Users Have Sensible Umask Values set in /etc/profileThe default umask for all users should be set correctly in /etc/profileEnsure that Users Have Sensible Umask Values in /etc/login.defsThe default umask for all users should be set correctlyEnsure that Users Have Sensible Umask Values set for cshThe default umask for all users should be set correctly for the csh shellEnsure that Users Have Sensible Umask Values set for bashThe default umask for all users should be set correctly for the bash shellEnsure that User Dot-Files are not World-writableFile permissions should be set correctly for dot files for all user accounts.Ensure that User Home Directories are not Group-Writable or World-ReadableFile permissions should be set correctly for the home directories for all user accounts.Write permissions are disabled for group and other in all directories in Root's PathCheck each directory in root's path and make use it does not grant write permission to group and otherEnsure that No Dangerous Directories Exist in Root's PathThe PATH variable should be set correctly for user rootLimit password reuseThe passwords to remember should be set correctly.Set Password hashing algorithmThe password hashing algorithm should be set correctly.Set pam_passwdqc min parameterpam_passwd should be configured with the specified "min" valueSet Password difok RequirementsThe password difok should meet minimum requirements using pam_cracklibSet Password lcredit RequirementsThe password lcredit should meet minimum requirements using pam_cracklibSet Password ocredit RequirementsThe password ocredit should meet minimum requirements using pam_cracklibSet Password ucredit RequirementsThe password ucredit should meet minimum requirements using pam_cracklibSet Password dcredit RequirementsThe password dcredit should meet minimum requirements using pam_cracklibSet Minimum Password Length RequirementThe password minimum length should be set appropriatelySet Password retry RequirementsThe password retry should meet minimum requirements using pam_cracklibSet Password Expiration ParametersThe password warn age should be set appropriatelySet Password Expiration ParametersThe "maximum password age" policy should meet minimum requirements. Set Password Expiration ParametersThe "minimum password age" policy should meet minimum requirements. Verify that No Non-Root Accounts Have UID 0Anonymous root logins are disabledVerify that All Account Password Hashes are ShadowedCheck that passwords are shadowedVerify that No Accounts Have Empty Password FieldsLogin access to accounts without passwords should be disabledBlock Shell and Login Access for Non-Root System AccountsLogin access to non-root system accounts should be disabledLimit command Access to the Root AccountCommand access to the root account should be restricted to the wheel group.Limit su Access to the wheel groupThe wheel group should existPrevent Root Logins to Serial ConsolesRoot logins through serial port devices should be disabledPrevent Root Logins to Virtual ConsolesRoot logins through virtual console devices should be disabledEnable ExecShield randomized placement of virtual memory regionsExecShield randomized placement of virtual memory regions should be enabledEnable ExecShieldExecShield should be enabledDisable Core Dumps for setuid programsCore dumps for setuid programs should be disabledDisable Core DumpsCore dumps for all users should be disabledSet Daemon umaskThe daemon umask should be set as appropriateFind world writable directories not owned by a system accountAll world writable directories should be owned by a system userFind files unowned by a groupAll files should be owned by a groupFind files unowned by a userAll files should be owned by a userFind Unauthorized SUID System ExecutablesThe suid bit should be not set for all files.Find Unauthorized SGID System ExecutablesThe sgid bit should be not set for all executable files.Find Unauthorized World-Writable FilesThe world-write permission should be disabled for all files.Verify that All World-Writable Directories Have Sticky Bits SetThe sticky bit should be set for all world-writable directories.Verify permissions on 'passwd' fileFile permissions for /etc/passwd should be set correctly.Verify permissions on 'gshadow' fileFile permissions for /etc/gshadow should be set correctly.Verify permissions on 'group' fileFile permissions for /etc/group should be set correctly.Verify permissions on 'shadow' fileFile permissions for /etc/shadow should be set correctly.Verify group who owns 'passwd' fileThe /etc/passwd file should be owned by the appropriate group.Verify user who owns 'passwd' fileThe /etc/passwd file should be owned by the appropriate user.Verify group who owns 'gshadow' fileThe /etc/gshadow file should be owned by the appropriate group.Verify user who owns 'gshadow' fileThe /etc/gshadow file should be owned by the appropriate user.Verify group who owns 'group' fileThe /etc/group file should be owned by the appropriate group.Verify user who owns 'group' fileThe /etc/group file should be owned by the appropriate user.Verify group who owns 'shadow' fileThe /etc/shadow file should be owned by the appropriate group.Verify user who owns 'shadow' fileThe /etc/shadow file should be owned by the appropriate user.Verify Package Integrity Using RPMVerify the integrity of installed packages by comparing the installed files with
information about the files taken from the package metadata stored in the RPM
database.Ensure Package Signature Checking is Not Disabled For Any ReposTo ensure that signature checking is not disabled for any repos, ensure that the following line DOES NOT
appear in any repo configuration files in /etc/yum.repos.d or elsewhereEnsure gpgcheck is Globally ActivatedThe gpgcheck option should be used to ensure that checking of an RPM package’s signature always occurs prior
to its installation./Disable the rhnsd DaemonThe rhnsd service should be disabled.Ensure that GPG Key for Red Hat is installedThe GPG key should be installed.Ensure that /home has its own partition or logical volumeIf user home directories will be stored locally, create a separate
partition for /home. If /home will be mounted from another system such as an NFS server, then
creating a separate partition is not necessary at this time, and the mountpoint can
instead be configured later.Ensure that /var/log/audit has its own partition or logical volumeAudit logs are stored in the /var/log/audit directory.
Ensure that it has its own partition or logical volume. Make absolutely certain
that it is large enough to store all audit logs that will be created by the auditing
daemon.Ensure that /var/log has its own partition or logical volumSystem logs are stored in the /var/log directory. Ensure that it has its own partition or logical volume.Ensure that /var has its own partition or logical volumeThe /var directory is used by daemons and other system
services to store frequently-changing data. It is not uncommon for the /var directory
to contain world-writable directories, installed by other software packages.
Ensure that /var has its own partition or logical volume.Ensure that /tmp has its own partition or logical volumeThe /tmp directory is a world-writable directory used for temporary file storage. Verify that it has its own partition or logical volume./etc/pam.d/sudo-i^session[[:space:]]+required[[:space:]]+pam_tty_audit\.so[[:space:]]+open_only[[:space:]]+enable=root[[:space:]]*$1/etc/pam.d/sudo^session[[:space:]]+required[[:space:]]+pam_tty_audit\.so[[:space:]]+open_only[[:space:]]+enable=root[[:space:]]*$1/etc/pam.d/password-auth^session[[:space:]]+required[[:space:]]+pam_tty_audit\.so[[:space:]]+disable=\*[[:space:]]+enable=root[[:space:]]*$1/etc/pam.d/system-auth^session[[:space:]]+required[[:space:]]+pam_tty_audit\.so[[:space:]]+disable=\*[[:space:]]+enable=root[[:space:]]*$1/etc/audit/audit.rules^[[:space:]]*-a always,exit -F path=([^[:space:]]*) -F perm=x -F auid>=500 -F auid!=4294967295 -k privileged[[:space:]]*$1oval:org.open-scap.rhel6:obj:1023111oval:org.open-scap.rhel6:ste:1023111oval:org.open-scap.rhel6:ste:1025111oval:org.open-scap.rhel6:ste:1137111/etc/audit/audit.rules^[[:space:]]*([^#[:space:]].*[^[:space:]])[[:space:]]*$1/boot/grub/grub.conf^[[:space:]]*kernel.+[[:space:]]audit=11auditd^[35]$/etc/rsyslog.conf^[[:space:]]*[^#$\n][^[:space:]]*[[:space:]]+-?(/[^;[:space:]]+)1oval:org.open-scap.rhel6:ste:112611111/etc/logrotate.d/syslog^(.*)[[:space:]]*{1/etc/sysconfig/rsyslog^[[:space:]]*SYSLOGD_OPTIONS=.*-c[[:space:]]*41/etc/rsyslog.conf^[[:space:]]*\*\.\*[[:space:]]+(@|:omrelp)1/etc/rsyslog.conf^[[:space:]]*[^#$\n][^[:space:]]*[[:space:]]+-?(/[^;[:space:]]+)1rsyslog^[35]$/etc/modprobe.d/rds.conf^[[:space:]]*install[[:space:]]+rds[[:space:]]+/bin/true[[:space:]]*$1/etc/modprobe.d/sctp.conf^[[:space:]]*install[[:space:]]+sctp[[:space:]]+/bin/true[[:space:]]*$1/etc/modprobe.d/dccp.conf^[[:space:]]*install[[:space:]]+dccp[[:space:]]+/bin/true[[:space:]]*$1/etc/sysconfig/ip6tables^[[:space:]]*:FORWARD[[:space:]]+DROP[[:space:]]1/etc/sysconfig/iptables^[[:space:]]*:FORWARD[[:space:]]+DROP[[:space:]]1/etc/sysconfig/ip6tables^[[:space:]]*(.*[^[:space:]])[[:space:]]*$1/etc/sysconfig/iptables^[[:space:]]*(.*[^[:space:]])[[:space:]]*$1iptables^[35]$ip6tables^[35]$/proc/sys/net/ipv6/conf/default/max_addresses^(.*)$1/proc/sys/net/ipv6/conf/default/dad_transmits^(.*)$1/proc/sys/net/ipv6/conf/default/autoconf^(.*)$1/proc/sys/net/ipv6/conf/default/accept_ra_defrtr^(.*)$1/proc/sys/net/ipv6/conf/default/accept_ra_pinfo^(.*)$1/proc/sys/net/ipv6/conf/default/accept_ra_rtr_pref^(.*)$1/proc/sys/net/ipv6/conf/default/router_solicitations^(.*)$1/etc/sysconfig/network^[[:space:]]*IPV6_AUTOCONF=([^#[:space:]]*)1/etc/modprobe.d/ipv6.conf^[[:space:]]*install[[:space:]]+ipv6[[:space:]]+/bin/true[[:space:]]*$1/etc/hosts.deny^[[:space:]]*ALL[[:space:]]*:[[:space:]]*ALL[[:space:]]*$1/proc/net/wireless^.+$1/proc/net/wireless^[\s]*([\S\d]+):1/proc/sys/net/ipv4/conf/default/rp_filter^(.*)$1/proc/sys/net/ipv4/conf/all/rp_filter^(.*)$1/proc/sys/net/ipv4/tcp_syncookies^(.*)$1/proc/sys/net/ipv4/icmp_ignore_bogus_error_responses^(.*)$1/proc/sys/net/ipv4/icmp_echo_ignore_broadcasts^(.*)$1/proc/sys/net/ipv4/conf/default/log_martians^(.*)$1/proc/sys/net/ipv4/conf/default/secure_redirects^(.*)$1/proc/sys/net/ipv4/conf/default/accept_redirects^(.*)$1/proc/sys/net/ipv4/conf/default/accept_source_route^(.*)$1/proc/sys/net/ipv4/conf/all/log_martians^(.*)$1/proc/sys/net/ipv4/conf/all/secure_redirects^(.*)$1/proc/sys/net/ipv4/conf/all/accept_redirects^(.*)$1/proc/sys/net/ipv4/conf/all/accept_source_route^(.*)$1/proc/sys/net/ipv4/ip_forward^(.*)$1/proc/sys/net/ipv4/conf/all/send_redirects^(.*)$1/proc/sys/net/ipv4/conf/default/send_redirects^(.*)$1mcstrans.*setroubleshoot-server/etc/selinux/config^[[:space:]]*SELINUXTYPE=([[:alnum:]]*)1/etc/selinux/config^[[:space:]]*SELINUX=([[:alnum:]]*)1/boot/grub/grub.conf^.+$1/boot/grub/grub.conf^\s*kernel\s+.*\senforcing=0(\s.*)?$1/boot/grub/grub.conf^\s*kernel\s+.*\sselinux=0(\s.*)?$1/etc/gconf/gconf.xml.mandatory/apps/gdm/simple-greeter/%gconf.xml/gconf/entry[@name='banner_message_text']/stringvalue/text()/etc/gconf/gconf.xml.mandatory/apps/gdm/simple-greeter/%gconf.xml/gconf/entry[@name='banner_message_enable']/@value/etc/issue(.*[^\n])\n?1vlock/etc/gconf/gconf.xml.mandatory/apps/gnome-screensaver/%gconf.xml/gconf/entry[@name='mode']/stringvalue/text()/etc/gconf/gconf.xml.mandatory/apps/gnome-screensaver/%gconf.xml/gconf/entry[@name='lock_enabled']/@value/etc/gconf/gconf.xml.mandatory/apps/gnome-screensaver/%gconf.xml/gconf/entry[@name='idle_activation_enabled']/@value/etc/gconf/gconf.xml.mandatory/desktop/gnome/session/%gconf.xml/gconf/entry[@name='idle_delay']/@value/etc/profile.d/autologout.csh^[\s]*set[\s]+-r[\s]+autologout=([^#[:space:]]*)1/etc/profile.d/tmout.sh^[\s]*TMOUT=([^#[:space:]]*)1/etc/sysconfig/init^[[:space:]]*PROMPT=([^#[:space:]]*)1/etc/sysconfig/init^[[:space:]]*SINGLE=([^#[:space:]]*)1/boot/grub/grub.conf^[[:space:]]*password[[:space:]]+--encrypted[[:space:]]+\$6\$.*$1/boot/grub/grub.conf^\.netrc$/etc/profile^[[:space:]]*umask[[:space:]]+([[:alnum:]]*)1/etc/login.defs^[[:space:]]*UMASK[[:space:]]+([[:alnum:]]*)1/etc/csh.cshrc^[[:space:]]*umask[[:space:]]+([[:alnum:]]*)1/etc/bashrc^[[:space:]]*umask[[:space:]]+([[:alnum:]]*)1^\..*oval:org.open-scap.rhel6:obj:1058111oval:org.open-scap.rhel6:ste:1022111oval:org.open-scap.rhel6:obj:104011oval:org.open-scap.rhel6:ste:1057111111oval:org.open-scap.rhel6:obj:1057111oval:org.open-scap.rhel6:ste:1057111oval:org.open-scap.rhel6:obj:1056111oval:org.open-scap.rhel6:ste:1056111PATH/etc/pam.d/password-auth^password[[:space:]]+requisite[[:space:]]+pam_pwhistory\.so[[:space:]]+.*remember=([[:digit:]]+)1/etc/pam.d/system-auth^password[[:space:]]+requisite[[:space:]]+pam_pwhistory\.so[[:space:]]+.*remember=([[:digit:]]+)1oval:org.open-scap.rhel6:var:1054/etc/libuser.conf^crypt_style[[:space:]]*\=[[:space:]]*(.*[^[:space:]])[[:space:]]*$1/etc/login.defs^ENCRYPT_METHOD[[:space:]]+([^[:space:]]*)1/etc/pam.d/password-auth^[[:space:]]*password[[:space:]]+(?:required|requisite|sufficient)[[:space:]]+pam_unix\.so.*[[:space:]]+(md5|sha256|sha512)(?:[[:space:]].*)?$1/etc/pam.d/system-auth^[[:space:]]*password[[:space:]]+(?:required|requisite|sufficient)[[:space:]]+pam_unix\.so.*[[:space:]]+(md5|sha256|sha512)(?:[[:space:]].*)?$1/etc/pam.d/password-auth^[[:space:]]*password[[:space:]]+(?:required|requisite)[[:space:]]+pam_passwdqc\.so[[:space:]]+.*min=([^[:space:]]+)1/etc/pam.d/system-auth^[[:space:]]*password[[:space:]]+(?:required|requisite)[[:space:]]+pam_passwdqc\.so[[:space:]]+.*min=([^[:space:]]+)1/etc/pam.d/password-auth^[[:space:]]*password[[:space:]]+(?:required|requisite)[[:space:]]+pam_cracklib\.so[[:space:]]+.*difok=([[:digit:]]+)1/etc/pam.d/system-auth^[[:space:]]*password[[:space:]]+(?:required|requisite)[[:space:]]+pam_cracklib\.so[[:space:]]+.*difok=([[:digit:]]+)1/etc/pam.d/password-auth^[[:space:]]*password[[:space:]]+(?:required|requisite)[[:space:]]+pam_cracklib\.so[[:space:]]+.*lcredit=(-?[[:digit:]]+)1/etc/pam.d/system-auth^[[:space:]]*password[[:space:]]+(?:required|requisite)[[:space:]]+pam_cracklib\.so[[:space:]]+.*lcredit=(-?[[:digit:]]+)1/etc/pam.d/password-auth^[[:space:]]*password[[:space:]]+(?:required|requisite)[[:space:]]+pam_cracklib\.so[[:space:]]+.*ocredit=(-?[[:digit:]]+)1/etc/pam.d/system-auth^[[:space:]]*password[[:space:]]+(?:required|requisite)[[:space:]]+pam_cracklib\.so[[:space:]]+.*ocredit=(-?[[:digit:]]+)1/etc/pam.d/password-auth^[[:space:]]*password[[:space:]]+(?:required|requisite)[[:space:]]+pam_cracklib\.so[[:space:]]+.*ucredit=(-?[[:digit:]]+)1/etc/pam.d/system-auth^[[:space:]]*password[[:space:]]+(?:required|requisite)[[:space:]]+pam_cracklib\.so[[:space:]]+.*ucredit=(-?[[:digit:]]+)1/etc/pam.d/password-auth^[[:space:]]*password[[:space:]]+(?:required|requisite)[[:space:]]+pam_cracklib\.so[[:space:]]+.*dcredit=(-?[[:digit:]]+)1/etc/pam.d/system-auth^[[:space:]]*password[[:space:]]+(?:required|requisite)[[:space:]]+pam_cracklib\.so[[:space:]]+.*dcredit=(-?[[:digit:]]+)1/etc/pam.d/password-auth^[[:space:]]*password[[:space:]]+(?:required|requisite)[[:space:]]+pam_cracklib\.so[[:space:]]+.*minlen=([[:digit:]]+)1/etc/pam.d/system-auth^[[:space:]]*password[[:space:]]+(?:required|requisite)[[:space:]]+pam_cracklib\.so[[:space:]]+.*minlen=([[:digit:]]+)1/etc/pam.d/password-auth^[[:space:]]*password[[:space:]]+(?:required|requisite)[[:space:]]+pam_cracklib\.so[[:space:]]+.*retry=([[:digit:]]+)1/etc/pam.d/system-auth^[[:space:]]*password[[:space:]]+(?:required|requisite)[[:space:]]+pam_cracklib\.so[[:space:]]+.*retry=([[:digit:]]+)1/etc/login.defs^PASS_WARN_AGE[[:space:]]*(.*)1/etc/login.defs^PASS_MAX_DAYS[[:space:]]*(.*)1/etc/login.defs^PASS_MIN_DAYS[[:space:]]*(.*)1.*/etc/shadow^.+$1/etc/shadow^[^:]*::1root/etc/pam.d/su^[[:space:]]*auth[[:space:]]+required[[:space:]]+pam_wheel\.so[[:space:]]+use_uid[[:space:]]*(#.*)?$1/etc/group^wheel:1/etc/securetty^[[:space:]]*ttyS[0-9]+[[:space:]]*(#.*)?$1/etc/securetty^.+$1/etc/securetty^[[:space:]]*vc\/[0-9]+[[:space:]]*(#.*)?$1/proc/sys/kernel/randomize_va_space^(.*)$1/proc/sys/kernel/exec-shield^(.*)$1/proc/sys/fs/suid_dumpable^(.*)$1/etc/security/limits.conf^[[:space:]]*\*[[:space:]]+hard[[:space:]]+core[[:space:]]+([[:digit:]]+)1/etc/rc.d/init.d/functions^[[:space:]]*umask[[:space:]]+([[:digit:]]+)[[:space:]]*$1oval:org.open-scap.rhel6:obj:1022111oval:org.open-scap.rhel6:ste:1028111/etc/group^[^:]+:[^:]*:([\d]+):[^:]*$1oval:org.open-scap.rhel6:obj:1023111oval:org.open-scap.rhel6:ste:1027111/etc/passwd^[^:]+:[^:]+:([\d]+):[\d]+:[^:]*:[^:]+:[^:]*$1oval:org.open-scap.rhel6:obj:1023111oval:org.open-scap.rhel6:ste:1026111oval:org.open-scap.rhel6:obj:1023111oval:org.open-scap.rhel6:ste:1023111oval:org.open-scap.rhel6:ste:1025111oval:org.open-scap.rhel6:ste:1025112oval:org.open-scap.rhel6:obj:1023111oval:org.open-scap.rhel6:ste:1023111oval:org.open-scap.rhel6:ste:1024111oval:org.open-scap.rhel6:ste:1024112/.*oval:org.open-scap.rhel6:obj:1023111oval:org.open-scap.rhel6:ste:1022111oval:org.open-scap.rhel6:ste:1023111/oval:org.open-scap.rhel6:obj:1022111oval:org.open-scap.rhel6:ste:1022111/etc/passwd/etc/gshadow/etc/group/etc/shadow/etc/yum.repos.d.*^[\s]*gpgcheck[\s]*=[\s]*([0-1])$1/etc/yum.conf^[\s]*gpgcheck[\s]*=[\s]*([0-1])$1rhnsd.*gpg-pubkey/etc/fstab^[\s]*[\S]+[\s]+([\S]+)[\s]+[\S]+[\s]+[\S]+[\s]+[\S]+[\s]+[\S]+$1-e 2-a always,exit -F arch=b64 -S init_module -S delete_module -k modules-a always,exit -F arch=b32 -S init_module -S delete_module -k modules-w /sbin/modprobe -p x -k modules-w /sbin/rmmod -p x -k modules-w /sbin/insmod -p x -k modules-w /etc/sudoers -p wa -k actions-a always,exit -F arch=b64 -S unlink -S unlinkat -S rename -S renameat -F auid>=500 -F auid!=4294967295 -k delete-a always,exit -F arch=b32 -S unlink -S unlinkat -S rename -S renameat -F auid>=500 -F auid!=4294967295 -k delete-a always,exit -F arch=b64 -S mount -F auid>=500 -F auid!=4294967295 -k export-a always,exit -F arch=b32 -S mount -F auid>=500 -F auid!=4294967295 -k export-a always,exit -F arch=B64 -S creat -S open -S openat -S truncate -S ftruncate -F exit=-EPERM -F auid>=500 -F auid!=4294967295 -k access-a always,exit -F arch=b64 -S creat -S open -S openat -S truncate -S ftruncate -F exit=-EACCES -F auid>=500 -F auid!=4294967295 -k access-a always,exit -F arch=b32 -S creat -S open -S openat -S truncate -S ftruncate -F exit=-EPERM -F auid>=500 -F auid!=4294967295 -k access-a always,exit -F arch=b32 -S creat -S open -S openat -S truncate -S ftruncate -F exit=-EACCES -F auid>=500 -F auid!=4294967295 -k access-a always,exit -F arch=b64 -S setxattr -S lsetxattr -S fsetxattr -S removexattr -S lremovexattr -S fremovexattr -F auid>=500 -F auid!=4294967295 -k perm_mod-a always,exit -F arch=b64 -S chown -S fchown -S fchownat -S lchown -F auid>=500 -F auid!=4294967295 -k perm_mod-a always,exit -F arch=b64 -S chmod -S fchmod -S fchmodat -F auid>=500 -F auid!=4294967295 -k perm_mod-a always,exit -F arch=b32 -S setxattr -S lsetxattr -S fsetxattr -S removexattr -S lremovexattr -S fremovexattr -F auid>=500 -F auid!=4294967295 -k perm_mod-a always,exit -F arch=b32 -S chown -S fchown -S fchownat -S lchown -F auid>=500 -F auid!=4294967295 -k perm_mod-a always,exit -F arch=b32 -S chmod -S fchmod -S fchmodat -F auid>=500 -F auid!=4294967295 -k perm_mod-w /var/log/wtmp -p wa -k session-w /var/log/btmp -p wa -k session-w /var/run/utmp -p wa -k session-w /var/log/lastlog -p wa -k logins-w /var/log/faillock/ -p wa -k logins-w /var/log/tallylog -p wa -k logins-w /etc/selinux/ -p wa -k MAC-policy-w /etc/sysconfig/network -p wa -k system-locale-w /etc/hosts -p wa -k system-locale-w /etc/issue.net -p wa -k system-locale-w /etc/issue -p wa -k system-locale-a exit,always -F arch=b64 -S sethostname -S setdomainname -k system-locale-a exit,always -F arch=b32 -S sethostname -S setdomainname -k system-locale-w /etc/security/opasswd -p wa -k identity-w /etc/shadow -p wa -k identity-w /etc/gshadow -p wa -k identity-w /etc/passwd -p wa -k identity-w /etc/group -p wa -k identity-w /etc/localtime -p wa -k time-change-a always,exit -F arch=b64 -S clock_settime -k time-change-a always,exit -F arch=b64 -S adjtimex -S settimeofday -S stime -k time-change-a always,exit -F arch=b32 -S clock_settime -k time-change-a always,exit -F arch=b32 -S adjtimex -S settimeofday -S stime -k time-change^(x86_64|ia64|ppc64|s390x)$^.*$/var/log/boot.log-A INPUT -j DROP-A INPUT -j LOG-A INPUT -p icmpv6 --icmpv6-type router-advertisement -j DROP-A INPUT -p icmpv6 --icmpv6-type echo-request -j DROP-A INPUT -p icmp --icmp-type echo-request -j ACCEPT-A INPUT -p icmp --icmp-type time-exceeded -j ACCEPT-A INPUT -p icmp --icmp-type destination-unreachable -j ACCEPT-A INPUT -p icmp --icmp-type echo-reply -j ACCEPT-A INPUT -p icmp -j ACCEPT^:FORWARD[[:space:]]+DROP[[:space:]]^:INPUT[[:space:]]+DROP[[:space:]]truefalsetrueblank-onlytruetrueno/sbin/sulogintruetruefalsefalsefalsefalsefalsefalsefalseroot50000000^:|^\.|.*::.*|.*:\.:.*|:$|:\.$00x500/sbin/nologin100500000regular01truetruefalsetruefalsefalsetruefalsefalsefalsefalsefalsefalsefalsefalsefalsefalsefalse001falsetrue4ae0493bfd431d51/home/var/log/audit/var/log/var/tmp60/bin/fusermount/bin/mount/bin/ping6/bin/ping/bin/su/bin/umount/lib64/dbus-1/dbus-daemon-launch-helper/lib/dbus-1/dbus-daemon-launch-helper/sbin/mount.ecryptfs_private/sbin/mount.nfs/sbin/pam_timestamp_check/sbin/unix_chkpwd/usr/bin/abrt-action-install-debuginfo-to-abrt-cache/usr/bin/at/usr/bin/chage/usr/bin/chfn/usr/bin/chsh/usr/bin/crontab/usr/bin/gpasswd/usr/bin/kgrantpty/usr/bin/kpac_dhcp_helper/usr/bin/ksu/usr/bin/newgrp/usr/bin/newrole/usr/bin/passwd/usr/bin/pkexec/usr/bin/rcp/usr/bin/rlogin/usr/bin/rsh/usr/bin/sperl5.10.1/usr/bin/staprun/usr/bin/sudoedit/usr/bin/sudo/usr/bin/Xorg/usr/lib64/amanda/calcsize/usr/lib64/amanda/dumper/usr/lib64/amanda/killpgrp/usr/lib64/amanda/planner/usr/lib64/amanda/rundump/usr/lib64/amanda/runtar/usr/lib64/nspluginwrapper/plugin-config/usr/lib/amanda/calcsize/usr/lib/amanda/dumper/usr/lib/amanda/killpgrp/usr/lib/amanda/planner/usr/lib/amanda/rundump/usr/lib/amanda/runtar/usr/libexec/mc/cons.saver/usr/libexec/openssh/ssh-keysign/usr/libexec/polkit-1/polkit-agent-helper-1/usr/libexec/pt_chown/usr/libexec/pulse/proximity-helper/usr/lib/nspluginwrapper/plugin-config/usr/sbin/amcheck/usr/sbin/seunshare/usr/sbin/suexec/usr/sbin/userhelper/usr/sbin/usernetctl/bin/cgexec/sbin/netreport/usr/bin/crontab/usr/bin/gnomine/usr/bin/iagno/usr/bin/locate/usr/bin/lockfile/usr/bin/same-gnome/usr/bin/screen/usr/bin/ssh-agent/usr/bin/wall/usr/bin/write/usr/lib64/vte/gnome-pty-helper/usr/libexec/kde4/kdesud/usr/libexec/utempter/utempter/usr/lib/mailman/cgi-bin/admindb/usr/lib/mailman/cgi-bin/admin/usr/lib/mailman/cgi-bin/confirm/usr/lib/mailman/cgi-bin/create/usr/lib/mailman/cgi-bin/edithtml/usr/lib/mailman/cgi-bin/listinfo/usr/lib/mailman/cgi-bin/options/usr/lib/mailman/cgi-bin/private/usr/lib/mailman/cgi-bin/rmlist/usr/lib/mailman/cgi-bin/roster/usr/lib/mailman/cgi-bin/subscribe/usr/lib/mailman/mail/mailman/usr/lib/vte/gnome-pty-helper/usr/sbin/lockdev/usr/sbin/postdrop/usr/sbin/postqueue/usr/sbin/sendmail.sendmail/var/log/messages/var/log/secure/var/log/maillog/var/log/cron/var/log/spooler/var/log/boot.log/var/log/messages/var/log/secure/var/log/maillog/var/log/cron/var/log/spooler/var/log/boot.log/root/bin/sbin/var/adm/var/spool/lpd/sbin/sbin/sbin/var/spool/mail/var/spool/uucp/root/usr/games/var/gopher/var/ftp///dev/var/cache/rpcbind/etc/abrt//etc/ntp/var/empty/saslauth/var/spool/postfix/var/lib/nfs/var/lib/nfs/var/empty/sshd//usr/local/sbin/usr/local/bin/sbin/bin/usr/sbin/usr/bin/opt/cov-sa-6.5.0/bin//root/bin0123456789101214152030394050546399100812235196932173113318683876908929655341561571587472218449901234567810111213149981693217368384998929655347472/bin/fusermount/bin/mount/bin/ping6/bin/ping/bin/su/bin/umount/lib64/dbus-1/dbus-daemon-launch-helper/lib/dbus-1/dbus-daemon-launch-helper/sbin/mount.ecryptfs_private/sbin/mount.nfs/sbin/pam_timestamp_check/sbin/unix_chkpwd/usr/bin/abrt-action-install-debuginfo-to-abrt-cache/usr/bin/at/usr/bin/chage/usr/bin/chfn/usr/bin/chsh/usr/bin/crontab/usr/bin/gpasswd/usr/bin/kgrantpty/usr/bin/kpac_dhcp_helper/usr/bin/ksu/usr/bin/newgrp/usr/bin/newrole/usr/bin/passwd/usr/bin/pkexec/usr/bin/rcp/usr/bin/rlogin/usr/bin/rsh/usr/bin/sperl5.10.1/usr/bin/staprun/usr/bin/sudoedit/usr/bin/sudo/usr/bin/Xorg/usr/lib64/amanda/calcsize/usr/lib64/amanda/dumper/usr/lib64/amanda/killpgrp/usr/lib64/amanda/planner/usr/lib64/amanda/rundump/usr/lib64/amanda/runtar/usr/lib64/nspluginwrapper/plugin-config/usr/lib/amanda/calcsize/usr/lib/amanda/dumper/usr/lib/amanda/killpgrp/usr/lib/amanda/planner/usr/lib/amanda/rundump/usr/lib/amanda/runtar/usr/libexec/mc/cons.saver/usr/libexec/openssh/ssh-keysign/usr/libexec/polkit-1/polkit-agent-helper-1/usr/libexec/pt_chown/usr/libexec/pulse/proximity-helper/usr/lib/nspluginwrapper/plugin-config/usr/sbin/amcheck/usr/sbin/seunshare/usr/sbin/suexec/usr/sbin/userhelper/usr/sbin/usernetctl/bin/cgexec/sbin/netreport/usr/bin/crontab/usr/bin/gnomine/usr/bin/iagno/usr/bin/locate/usr/bin/lockfile/usr/bin/same-gnome/usr/bin/screen/usr/bin/ssh-agent/usr/bin/wall/usr/bin/write/usr/lib64/vte/gnome-pty-helper/usr/libexec/kde4/kdesud/usr/libexec/utempter/utempter/usr/lib/mailman/cgi-bin/admindb/usr/lib/mailman/cgi-bin/admin/usr/lib/mailman/cgi-bin/confirm/usr/lib/mailman/cgi-bin/create/usr/lib/mailman/cgi-bin/edithtml/usr/lib/mailman/cgi-bin/listinfo/usr/lib/mailman/cgi-bin/options/usr/lib/mailman/cgi-bin/private/usr/lib/mailman/cgi-bin/rmlist/usr/lib/mailman/cgi-bin/roster/usr/lib/mailman/cgi-bin/subscribe/usr/lib/mailman/mail/mailman/usr/lib/vte/gnome-pty-helper/usr/sbin/lockdev/usr/sbin/postdrop/usr/sbin/postqueue/usr/sbin/sendmail.sendmailcpe:/a:open-scap:oscap5.82013-02-05T13:44:58Linux#1 SMP Sat Nov 24 14:35:28 EST 2012x86_64rhel-6-openscaplo127.0.0.100:00:00:00:00:00eth0192.168.122.6252:54:00:AA:D2:17lo::100:00:00:00:00:00eth0fe80::5054:ff:feaa:d21752:54:00:AA:D2:17auditd5truefalseauditd3truefalsersyslog5truefalsersyslog3truefalseiptables5truefalseiptables3truefalseip6tables5truefalseip6tables3truefalsePATH/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/opt/cov-sa-6.5.0/bin/:/root/binmailx812mail/var/spool/mail/sbin/nologinhaltx70halt/sbin/sbin/haltshutdownx60shutdown/sbin/sbin/shutdownsyncx50sync/sbin/bin/synclpx47lp/var/spool/lpd/sbin/nologinadmx34adm/var/adm/sbin/nologindaemonx22daemon/sbin/sbin/nologintcpdumpx7272//sbin/nologinsshdx7474Privilege-separated SSH/var/empty/sshd/sbin/nologinnfsnobodyx6553465534Anonymous NFS User/var/lib/nfs/sbin/nologinrpcuserx2929RPC Service User/var/lib/nfs/sbin/nologinpostfixx8989/var/spool/postfix/sbin/nologinsaslauthx49976"Saslauthd user"/var/empty/saslauth/sbin/nologinntpx3838/etc/ntp/sbin/nologinhaldaemonx6868HAL daemon//sbin/nologinbinx11bin/bin/sbin/nologinabrtx173173/etc/abrt/sbin/nologinrpcx3232Rpcbind Daemon/var/cache/rpcbind/sbin/nologinvcsax6969virtual console memory owner/dev/sbin/nologindbusx8181System message bus//sbin/nologinnobodyx9999Nobody//sbin/nologinftpx1450FTP User/var/ftp/sbin/nologingopherx1330gopher/var/gopher/sbin/nologingamesx12100games/usr/games/sbin/nologinoperatorx110operator/root/sbin/nologinuucpx1014uucp/var/spool/uucp/sbin/nologinrootx00root/root/bin/bash/tmp/.covlk/0308000000000000.6e32080000000000/tmp/.covlk0308000000000000.6e32080000000000regular001359604474135960447413596044741falsefalsefalsetruetruefalsetruetruefalsetruetruefalse/tmp/.ICE-unixdirectory001360066450136006531113600653114096falsefalsetruetruetruetruetruetruetruetruetruetrue/tmp/.covlkdirectory001360067221136006721813596044754096falsefalsefalsetruetruetruetruetruetruetruetruetrue/tmpdirectory0013600672211360067249136006724912288falsefalsetruetruetruetruetruetruetruetruetruetrue/var/tmpdirectory001360067223136006721813596034254096falsefalsetruetruetruetruetruetruetruetruetruetrue/etc/passwd/etcpasswdregular001360065311134063841113406384111248falsefalsefalsetruetruefalsetruefalsefalsetruefalsefalse/etc/gshadow/etcgshadowregular00135954670913571416791357141679523falsefalsefalsefalsefalsefalsefalsefalsefalsefalsefalsefalse/var/log/boot.log/var/logboot.logregular001360065311136006531913600653191524falsefalsefalsetruetruefalsetruefalsefalsetruefalsefalse/var/log/spooler/var/logspoolerregular001360067102136006710213600671020falsefalsefalsetruetruefalsefalsefalsefalsefalsefalsefalse/var/log/cron/var/logcronregular001360067102136006830113600683011575falsefalsefalsetruetruefalsefalsefalsefalsefalsefalsefalse/var/log/maillog/var/logmaillogregular001360067102136006710213600671020falsefalsefalsetruetruefalsefalsefalsefalsefalsefalsefalse/var/log/secure/var/logsecureregular001360067102136006825713600682571260falsefalsefalsetruetruefalsefalsefalsefalsefalsefalsefalse/var/log/messages/var/logmessagesregular00136006829913600682981360068298646falsefalsefalsetruetruefalsefalsefalsefalsefalsefalsefalse/etc/group/etcgroupregular00136006531113571416791357141679641falsefalsefalsetruetruefalsetruefalsefalsetruefalsefalse/boot/grub/grub.conf/boot/grubgrub.confregular001360067249135597469913559746991579falsefalsefalsetruetruefalsefalsefalsefalsefalsefalsefalse/usr/libexec/abrt-action-install-debuginfo-to-abrt-cache/usr/libexecabrt-action-install-debuginfo-to-abrt-cacheregular17317313600671421352448987133717546010752truefalsefalsetruetruetruetruefalsetruetruefalsetrue/tmp/.covlk/0308000000000000.a524060000000000/tmp/.covlk0308000000000000.a524060000000000regular001359604630135960463013596046301falsefalsefalsetruetruefalsetruetruefalsetruetruefalse/tmp/.covlk/0308000000000000.3e22040000000000/tmp/.covlk0308000000000000.3e22040000000000regular001359604469135960446913596044691falsefalsefalsetruetruefalsetruetruefalsetruetruefalse/tmp/.covlk/0308000000000000.bb32080000000000/tmp/.covlk0308000000000000.bb32080000000000regular001359604474135960447413596044741falsefalsefalsetruetruefalsetruetruefalsetruetruefalse/tmp/.covlk/0308000000000000.a724060000000000/tmp/.covlk0308000000000000.a724060000000000regular001359604630135960463013596046301falsefalsefalsetruetruefalsetruetruefalsetruetruefalse/tmp/.covlk/0308000000000000.a124060000000000/tmp/.covlk0308000000000000.a124060000000000regular001359604474135960447413596044741falsefalsefalsetruetruefalsetruetruefalsetruetruefalse/tmp/.covlk/0308000000000000.9e24060000000000/tmp/.covlk0308000000000000.9e24060000000000regular001359604474135960447413596044741falsefalsefalsetruetruefalsetruetruefalsetruetruefalse/tmp/.covlk/0308000000000000.5722040000000000/tmp/.covlk0308000000000000.5722040000000000regular001359604474135960447413596044741falsefalsefalsetruetruefalsetruetruefalsetruetruefalse/tmp/.covlk/0308000000000000.ad24060000000000/tmp/.covlk0308000000000000.ad24060000000000regular001359604475135960447513596044751falsefalsefalsetruetruefalsetruetruefalsetruetruefalse/etc/shadow/etcshadowregular00136006543913595468181359546818765falsefalsefalsefalsefalsefalsefalsefalsefalsefalsefalsefalse/etc/pam.d/password-auth/etc/pam.dpassword-auth^[[:space:]]*password[[:space:]]+(?:required|requisite)[[:space:]]+pam_cracklib\.so[[:space:]]+.*retry=([[:digit:]]+)1^[[:space:]]*password[[:space:]]+(?:required|requisite)[[:space:]]+pam_cracklib\.so[[:space:]]+.*retry=([[:digit:]]+)
password requisite pam_cracklib.so try_first_pass retry=33/etc/pam.d/system-auth/etc/pam.dsystem-auth^[[:space:]]*password[[:space:]]+(?:required|requisite)[[:space:]]+pam_cracklib\.so[[:space:]]+.*retry=([[:digit:]]+)1^[[:space:]]*password[[:space:]]+(?:required|requisite)[[:space:]]+pam_cracklib\.so[[:space:]]+.*retry=([[:digit:]]+)
password requisite pam_cracklib.so try_first_pass retry=33/etc/login.defs/etclogin.defs^PASS_WARN_AGE[[:space:]]*(.*)1^PASS_WARN_AGE[[:space:]]*(.*)PASS_WARN_AGE 77/etc/login.defs/etclogin.defs^PASS_MAX_DAYS[[:space:]]*(.*)1^PASS_MAX_DAYS[[:space:]]*(.*)PASS_MAX_DAYS 9999999999/etc/login.defs/etclogin.defs^PASS_MIN_DAYS[[:space:]]*(.*)1^PASS_MIN_DAYS[[:space:]]*(.*)PASS_MIN_DAYS 00/etc/shadow/etcshadow^.+$1^.+$root:$6$TjCwwjLo$Dkq43X4c88tE/K0NtPxC8bdFgZqgr/e7TaE9BsPVJKXPp1uY18z92JxSrSYoREFrxrrPwLyfOqurdvn9.BZUH.:15735:0:99999:7:::/etc/group/etcgroup^wheel:1^wheel:wheel:/etc/securetty/etcsecuretty^.+$1^.+$console/etc/securetty/etcsecuretty^[[:space:]]*ttyS[0-9]+[[:space:]]*(#.*)?$1^[[:space:]]*ttyS[0-9]+[[:space:]]*(#.*)?$ttyS0
/proc/sys/kernel/randomize_va_space/proc/sys/kernelrandomize_va_space^(.*)$1^(.*)$22/etc/yum.repos.d/epel-testing.repo/etc/yum.repos.depel-testing.repo^[\s]*gpgcheck[\s]*=[\s]*([0-1])$3^[\s]*gpgcheck[\s]*=[\s]*([0-1])$gpgcheck=11/proc/sys/kernel/exec-shield/proc/sys/kernelexec-shield^(.*)$1^(.*)$11/proc/sys/fs/suid_dumpable/proc/sys/fssuid_dumpable^(.*)$1^(.*)$00/etc/rc.d/init.d/functions/etc/rc.d/init.dfunctions^[[:space:]]*umask[[:space:]]+([[:digit:]]+)[[:space:]]*$1^[[:space:]]*umask[[:space:]]+([[:digit:]]+)[[:space:]]*$umask 022
022/etc/group/etcgroup^[^:]+:[^:]*:([\d]+):[^:]*$48^[^:]+:[^:]*:([\d]+):[^:]*$mock:x:499:
499/etc/group/etcgroup^[^:]+:[^:]*:([\d]+):[^:]*$47^[^:]+:[^:]*:([\d]+):[^:]*$screen:x:84:84/etc/group/etcgroup^[^:]+:[^:]*:([\d]+):[^:]*$46^[^:]+:[^:]*:([\d]+):[^:]*$slocate:x:21:21/etc/group/etcgroup^[^:]+:[^:]*:([\d]+):[^:]*$45^[^:]+:[^:]*:([\d]+):[^:]*$tcpdump:x:72:72/etc/group/etcgroup^[^:]+:[^:]*:([\d]+):[^:]*$44^[^:]+:[^:]*:([\d]+):[^:]*$sshd:x:74:74/etc/group/etcgroup^[^:]+:[^:]*:([\d]+):[^:]*$43^[^:]+:[^:]*:([\d]+):[^:]*$stapdev:x:158:158/etc/group/etcgroup^[^:]+:[^:]*:([\d]+):[^:]*$42^[^:]+:[^:]*:([\d]+):[^:]*$stapsys:x:157:157/etc/yum.repos.d/epel-testing.repo/etc/yum.repos.depel-testing.repo^[\s]*gpgcheck[\s]*=[\s]*([0-1])$2^[\s]*gpgcheck[\s]*=[\s]*([0-1])$gpgcheck=11/etc/group/etcgroup^[^:]+:[^:]*:([\d]+):[^:]*$41^[^:]+:[^:]*:([\d]+):[^:]*$stapusr:x:156:156/etc/group/etcgroup^[^:]+:[^:]*:([\d]+):[^:]*$40^[^:]+:[^:]*:([\d]+):[^:]*$nfsnobody:x:65534:65534/etc/group/etcgroup^[^:]+:[^:]*:([\d]+):[^:]*$39^[^:]+:[^:]*:([\d]+):[^:]*$rpcuser:x:29:29/etc/group/etcgroup^[^:]+:[^:]*:([\d]+):[^:]*$38^[^:]+:[^:]*:([\d]+):[^:]*$postfix:x:89:89/etc/group/etcgroup^[^:]+:[^:]*:([\d]+):[^:]*$37^[^:]+:[^:]*:([\d]+):[^:]*$postdrop:x:90:90/etc/group/etcgroup^[^:]+:[^:]*:([\d]+):[^:]*$36^[^:]+:[^:]*:([\d]+):[^:]*$saslauth:x:76:76/etc/group/etcgroup^[^:]+:[^:]*:([\d]+):[^:]*$35^[^:]+:[^:]*:([\d]+):[^:]*$ntp:x:38:38/etc/group/etcgroup^[^:]+:[^:]*:([\d]+):[^:]*$34^[^:]+:[^:]*:([\d]+):[^:]*$haldaemon:x:68:haldaemon68/etc/group/etcgroup^[^:]+:[^:]*:([\d]+):[^:]*$33^[^:]+:[^:]*:([\d]+):[^:]*$dialout:x:18:18/etc/group/etcgroup^[^:]+:[^:]*:([\d]+):[^:]*$32^[^:]+:[^:]*:([\d]+):[^:]*$tape:x:33:33/etc/yum.repos.d/epel-testing.repo/etc/yum.repos.depel-testing.repo^[\s]*gpgcheck[\s]*=[\s]*([0-1])$1^[\s]*gpgcheck[\s]*=[\s]*([0-1])$gpgcheck=11/etc/group/etcgroup^[^:]+:[^:]*:([\d]+):[^:]*$31^[^:]+:[^:]*:([\d]+):[^:]*$cdrom:x:11:11/etc/group/etcgroup^[^:]+:[^:]*:([\d]+):[^:]*$30^[^:]+:[^:]*:([\d]+):[^:]*$abrt:x:173:173/etc/group/etcgroup^[^:]+:[^:]*:([\d]+):[^:]*$29^[^:]+:[^:]*:([\d]+):[^:]*$rpc:x:32:32/etc/group/etcgroup^[^:]+:[^:]*:([\d]+):[^:]*$28^[^:]+:[^:]*:([\d]+):[^:]*$vcsa:x:69:69/etc/group/etcgroup^[^:]+:[^:]*:([\d]+):[^:]*$27^[^:]+:[^:]*:([\d]+):[^:]*$floppy:x:19:19/etc/group/etcgroup^[^:]+:[^:]*:([\d]+):[^:]*$26^[^:]+:[^:]*:([\d]+):[^:]*$utempter:x:35:35/etc/group/etcgroup^[^:]+:[^:]*:([\d]+):[^:]*$25^[^:]+:[^:]*:([\d]+):[^:]*$utmp:x:22:22/etc/group/etcgroup^[^:]+:[^:]*:([\d]+):[^:]*$24^[^:]+:[^:]*:([\d]+):[^:]*$dbus:x:81:81/etc/group/etcgroup^[^:]+:[^:]*:([\d]+):[^:]*$23^[^:]+:[^:]*:([\d]+):[^:]*$users:x:100:100/etc/group/etcgroup^[^:]+:[^:]*:([\d]+):[^:]*$22^[^:]+:[^:]*:([\d]+):[^:]*$nobody:x:99:99/etc/yum.repos.d/epel.repo/etc/yum.repos.depel.repo^[\s]*gpgcheck[\s]*=[\s]*([0-1])$3^[\s]*gpgcheck[\s]*=[\s]*([0-1])$gpgcheck=11/etc/group/etcgroup^[^:]+:[^:]*:([\d]+):[^:]*$21^[^:]+:[^:]*:([\d]+):[^:]*$audio:x:63:63/etc/group/etcgroup^[^:]+:[^:]*:([\d]+):[^:]*$20^[^:]+:[^:]*:([\d]+):[^:]*$lock:x:54:54/etc/group/etcgroup^[^:]+:[^:]*:([\d]+):[^:]*$19^[^:]+:[^:]*:([\d]+):[^:]*$ftp:x:50:50/etc/group/etcgroup^[^:]+:[^:]*:([\d]+):[^:]*$18^[^:]+:[^:]*:([\d]+):[^:]*$dip:x:40:40/etc/group/etcgroup^[^:]+:[^:]*:([\d]+):[^:]*$17^[^:]+:[^:]*:([\d]+):[^:]*$video:x:39:39/etc/group/etcgroup^[^:]+:[^:]*:([\d]+):[^:]*$16^[^:]+:[^:]*:([\d]+):[^:]*$gopher:x:30:30/etc/group/etcgroup^[^:]+:[^:]*:([\d]+):[^:]*$15^[^:]+:[^:]*:([\d]+):[^:]*$games:x:20:20/etc/group/etcgroup^[^:]+:[^:]*:([\d]+):[^:]*$14^[^:]+:[^:]*:([\d]+):[^:]*$man:x:15:15/etc/group/etcgroup^[^:]+:[^:]*:([\d]+):[^:]*$13^[^:]+:[^:]*:([\d]+):[^:]*$uucp:x:14:14/etc/group/etcgroup^[^:]+:[^:]*:([\d]+):[^:]*$12^[^:]+:[^:]*:([\d]+):[^:]*$mail:x:12:mail,postfix12/etc/yum.repos.d/epel.repo/etc/yum.repos.depel.repo^[\s]*gpgcheck[\s]*=[\s]*([0-1])$2^[\s]*gpgcheck[\s]*=[\s]*([0-1])$gpgcheck=11/etc/group/etcgroup^[^:]+:[^:]*:([\d]+):[^:]*$11^[^:]+:[^:]*:([\d]+):[^:]*$wheel:x:10:10/etc/group/etcgroup^[^:]+:[^:]*:([\d]+):[^:]*$10^[^:]+:[^:]*:([\d]+):[^:]*$kmem:x:9:9/etc/group/etcgroup^[^:]+:[^:]*:([\d]+):[^:]*$9^[^:]+:[^:]*:([\d]+):[^:]*$mem:x:8:8/etc/group/etcgroup^[^:]+:[^:]*:([\d]+):[^:]*$8^[^:]+:[^:]*:([\d]+):[^:]*$lp:x:7:daemon7/etc/group/etcgroup^[^:]+:[^:]*:([\d]+):[^:]*$7^[^:]+:[^:]*:([\d]+):[^:]*$disk:x:6:6/etc/group/etcgroup^[^:]+:[^:]*:([\d]+):[^:]*$6^[^:]+:[^:]*:([\d]+):[^:]*$tty:x:5:5/etc/group/etcgroup^[^:]+:[^:]*:([\d]+):[^:]*$5^[^:]+:[^:]*:([\d]+):[^:]*$adm:x:4:adm,daemon4/etc/group/etcgroup^[^:]+:[^:]*:([\d]+):[^:]*$4^[^:]+:[^:]*:([\d]+):[^:]*$sys:x:3:bin,adm3/etc/group/etcgroup^[^:]+:[^:]*:([\d]+):[^:]*$3^[^:]+:[^:]*:([\d]+):[^:]*$daemon:x:2:bin,daemon2/etc/group/etcgroup^[^:]+:[^:]*:([\d]+):[^:]*$2^[^:]+:[^:]*:([\d]+):[^:]*$bin:x:1:bin,daemon1/etc/yum.repos.d/epel.repo/etc/yum.repos.depel.repo^[\s]*gpgcheck[\s]*=[\s]*([0-1])$1^[\s]*gpgcheck[\s]*=[\s]*([0-1])$gpgcheck=11/etc/group/etcgroup^[^:]+:[^:]*:([\d]+):[^:]*$1^[^:]+:[^:]*:([\d]+):[^:]*$root:x:0:0/etc/passwd/etcpasswd^[^:]+:[^:]+:([\d]+):[\d]+:[^:]*:[^:]+:[^:]*$27^[^:]+:[^:]+:([\d]+):[\d]+:[^:]*:[^:]+:[^:]*$tcpdump:x:72:72::/:/sbin/nologin
72/etc/passwd/etcpasswd^[^:]+:[^:]+:([\d]+):[\d]+:[^:]*:[^:]+:[^:]*$26^[^:]+:[^:]+:([\d]+):[\d]+:[^:]*:[^:]+:[^:]*$sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin74/etc/passwd/etcpasswd^[^:]+:[^:]+:([\d]+):[\d]+:[^:]*:[^:]+:[^:]*$25^[^:]+:[^:]+:([\d]+):[\d]+:[^:]*:[^:]+:[^:]*$nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin65534/etc/passwd/etcpasswd^[^:]+:[^:]+:([\d]+):[\d]+:[^:]*:[^:]+:[^:]*$24^[^:]+:[^:]+:([\d]+):[\d]+:[^:]*:[^:]+:[^:]*$rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin29/etc/passwd/etcpasswd^[^:]+:[^:]+:([\d]+):[\d]+:[^:]*:[^:]+:[^:]*$23^[^:]+:[^:]+:([\d]+):[\d]+:[^:]*:[^:]+:[^:]*$postfix:x:89:89::/var/spool/postfix:/sbin/nologin89/etc/passwd/etcpasswd^[^:]+:[^:]+:([\d]+):[\d]+:[^:]*:[^:]+:[^:]*$22^[^:]+:[^:]+:([\d]+):[\d]+:[^:]*:[^:]+:[^:]*$saslauth:x:499:76:"Saslauthd user":/var/empty/saslauth:/sbin/nologin499/etc/passwd/etcpasswd^[^:]+:[^:]+:([\d]+):[\d]+:[^:]*:[^:]+:[^:]*$21^[^:]+:[^:]+:([\d]+):[\d]+:[^:]*:[^:]+:[^:]*$ntp:x:38:38::/etc/ntp:/sbin/nologin38/etc/passwd/etcpasswd^[^:]+:[^:]+:([\d]+):[\d]+:[^:]*:[^:]+:[^:]*$20^[^:]+:[^:]+:([\d]+):[\d]+:[^:]*:[^:]+:[^:]*$haldaemon:x:68:68:HAL daemon:/:/sbin/nologin68/etc/passwd/etcpasswd^[^:]+:[^:]+:([\d]+):[\d]+:[^:]*:[^:]+:[^:]*$19^[^:]+:[^:]+:([\d]+):[\d]+:[^:]*:[^:]+:[^:]*$abrt:x:173:173::/etc/abrt:/sbin/nologin173/etc/yum.repos.d/covscan-rhel.repo/etc/yum.repos.dcovscan-rhel.repo^[\s]*gpgcheck[\s]*=[\s]*([0-1])$2^[\s]*gpgcheck[\s]*=[\s]*([0-1])$gpgcheck=00/etc/passwd/etcpasswd^[^:]+:[^:]+:([\d]+):[\d]+:[^:]*:[^:]+:[^:]*$18^[^:]+:[^:]+:([\d]+):[\d]+:[^:]*:[^:]+:[^:]*$rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin32/etc/passwd/etcpasswd^[^:]+:[^:]+:([\d]+):[\d]+:[^:]*:[^:]+:[^:]*$17^[^:]+:[^:]+:([\d]+):[\d]+:[^:]*:[^:]+:[^:]*$vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin69/etc/passwd/etcpasswd^[^:]+:[^:]+:([\d]+):[\d]+:[^:]*:[^:]+:[^:]*$16^[^:]+:[^:]+:([\d]+):[\d]+:[^:]*:[^:]+:[^:]*$dbus:x:81:81:System message bus:/:/sbin/nologin81/etc/passwd/etcpasswd^[^:]+:[^:]+:([\d]+):[\d]+:[^:]*:[^:]+:[^:]*$15^[^:]+:[^:]+:([\d]+):[\d]+:[^:]*:[^:]+:[^:]*$nobody:x:99:99:Nobody:/:/sbin/nologin99/etc/passwd/etcpasswd^[^:]+:[^:]+:([\d]+):[\d]+:[^:]*:[^:]+:[^:]*$14^[^:]+:[^:]+:([\d]+):[\d]+:[^:]*:[^:]+:[^:]*$ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin14/etc/passwd/etcpasswd^[^:]+:[^:]+:([\d]+):[\d]+:[^:]*:[^:]+:[^:]*$13^[^:]+:[^:]+:([\d]+):[\d]+:[^:]*:[^:]+:[^:]*$gopher:x:13:30:gopher:/var/gopher:/sbin/nologin13/etc/passwd/etcpasswd^[^:]+:[^:]+:([\d]+):[\d]+:[^:]*:[^:]+:[^:]*$12^[^:]+:[^:]+:([\d]+):[\d]+:[^:]*:[^:]+:[^:]*$games:x:12:100:games:/usr/games:/sbin/nologin12/etc/passwd/etcpasswd^[^:]+:[^:]+:([\d]+):[\d]+:[^:]*:[^:]+:[^:]*$11^[^:]+:[^:]+:([\d]+):[\d]+:[^:]*:[^:]+:[^:]*$operator:x:11:0:operator:/root:/sbin/nologin11/etc/passwd/etcpasswd^[^:]+:[^:]+:([\d]+):[\d]+:[^:]*:[^:]+:[^:]*$10^[^:]+:[^:]+:([\d]+):[\d]+:[^:]*:[^:]+:[^:]*$uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin10/etc/passwd/etcpasswd^[^:]+:[^:]+:([\d]+):[\d]+:[^:]*:[^:]+:[^:]*$9^[^:]+:[^:]+:([\d]+):[\d]+:[^:]*:[^:]+:[^:]*$mail:x:8:12:mail:/var/spool/mail:/sbin/nologin8/etc/yum.repos.d/covscan-rhel.repo/etc/yum.repos.dcovscan-rhel.repo^[\s]*gpgcheck[\s]*=[\s]*([0-1])$1^[\s]*gpgcheck[\s]*=[\s]*([0-1])$gpgcheck=00/etc/passwd/etcpasswd^[^:]+:[^:]+:([\d]+):[\d]+:[^:]*:[^:]+:[^:]*$8^[^:]+:[^:]+:([\d]+):[\d]+:[^:]*:[^:]+:[^:]*$halt:x:7:0:halt:/sbin:/sbin/halt7/etc/passwd/etcpasswd^[^:]+:[^:]+:([\d]+):[\d]+:[^:]*:[^:]+:[^:]*$7^[^:]+:[^:]+:([\d]+):[\d]+:[^:]*:[^:]+:[^:]*$shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown6/etc/passwd/etcpasswd^[^:]+:[^:]+:([\d]+):[\d]+:[^:]*:[^:]+:[^:]*$6^[^:]+:[^:]+:([\d]+):[\d]+:[^:]*:[^:]+:[^:]*$sync:x:5:0:sync:/sbin:/bin/sync5/etc/passwd/etcpasswd^[^:]+:[^:]+:([\d]+):[\d]+:[^:]*:[^:]+:[^:]*$5^[^:]+:[^:]+:([\d]+):[\d]+:[^:]*:[^:]+:[^:]*$lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin4/etc/passwd/etcpasswd^[^:]+:[^:]+:([\d]+):[\d]+:[^:]*:[^:]+:[^:]*$4^[^:]+:[^:]+:([\d]+):[\d]+:[^:]*:[^:]+:[^:]*$adm:x:3:4:adm:/var/adm:/sbin/nologin3/etc/passwd/etcpasswd^[^:]+:[^:]+:([\d]+):[\d]+:[^:]*:[^:]+:[^:]*$3^[^:]+:[^:]+:([\d]+):[\d]+:[^:]*:[^:]+:[^:]*$daemon:x:2:2:daemon:/sbin:/sbin/nologin2/etc/logrotate.d/syslog/etc/logrotate.dsyslog^(.*)[[:space:]]*{1^(.*)[[:space:]]*{/var/log/cron
/var/log/maillog
/var/log/messages
/var/log/secure
/var/log/spooler
{/var/log/cron
/var/log/maillog
/var/log/messages
/var/log/secure
/var/log/spooler
/etc/passwd/etcpasswd^[^:]+:[^:]+:([\d]+):[\d]+:[^:]*:[^:]+:[^:]*$2^[^:]+:[^:]+:([\d]+):[\d]+:[^:]*:[^:]+:[^:]*$bin:x:1:1:bin:/bin:/sbin/nologin1/etc/rsyslog.conf/etcrsyslog.conf^[[:space:]]*[^#$\n][^[:space:]]*[[:space:]]+-?(/[^;[:space:]]+)6^[[:space:]]*[^#$\n][^[:space:]]*[[:space:]]+-?(/[^;[:space:]]+)local7.* /var/log/boot.log/var/log/boot.log/etc/rsyslog.conf/etcrsyslog.conf^[[:space:]]*[^#$\n][^[:space:]]*[[:space:]]+-?(/[^;[:space:]]+)5^[[:space:]]*[^#$\n][^[:space:]]*[[:space:]]+-?(/[^;[:space:]]+)uucp,news.crit /var/log/spooler/var/log/spooler/etc/rsyslog.conf/etcrsyslog.conf^[[:space:]]*[^#$\n][^[:space:]]*[[:space:]]+-?(/[^;[:space:]]+)4^[[:space:]]*[^#$\n][^[:space:]]*[[:space:]]+-?(/[^;[:space:]]+)cron.* /var/log/cron/var/log/cron/etc/rsyslog.conf/etcrsyslog.conf^[[:space:]]*[^#$\n][^[:space:]]*[[:space:]]+-?(/[^;[:space:]]+)3^[[:space:]]*[^#$\n][^[:space:]]*[[:space:]]+-?(/[^;[:space:]]+)mail.* -/var/log/maillog/var/log/maillog/etc/rsyslog.conf/etcrsyslog.conf^[[:space:]]*[^#$\n][^[:space:]]*[[:space:]]+-?(/[^;[:space:]]+)2^[[:space:]]*[^#$\n][^[:space:]]*[[:space:]]+-?(/[^;[:space:]]+)authpriv.* /var/log/secure/var/log/secure/etc/rsyslog.conf/etcrsyslog.conf^[[:space:]]*[^#$\n][^[:space:]]*[[:space:]]+-?(/[^;[:space:]]+)1^[[:space:]]*[^#$\n][^[:space:]]*[[:space:]]+-?(/[^;[:space:]]+)*.info;mail.none;authpriv.none;cron.none /var/log/messages/var/log/messages/proc/sys/net/ipv6/conf/default/max_addresses/proc/sys/net/ipv6/conf/defaultmax_addresses^(.*)$1^(.*)$1616/proc/sys/net/ipv6/conf/default/dad_transmits/proc/sys/net/ipv6/conf/defaultdad_transmits^(.*)$1^(.*)$11/proc/sys/net/ipv6/conf/default/autoconf/proc/sys/net/ipv6/conf/defaultautoconf^(.*)$1^(.*)$11/proc/sys/net/ipv6/conf/default/accept_ra_defrtr/proc/sys/net/ipv6/conf/defaultaccept_ra_defrtr^(.*)$1^(.*)$11/etc/passwd/etcpasswd^[^:]+:[^:]+:([\d]+):[\d]+:[^:]*:[^:]+:[^:]*$1^[^:]+:[^:]+:([\d]+):[\d]+:[^:]*:[^:]+:[^:]*$root:x:0:0:root:/root:/bin/bash0/proc/sys/net/ipv6/conf/default/accept_ra_pinfo/proc/sys/net/ipv6/conf/defaultaccept_ra_pinfo^(.*)$1^(.*)$11/proc/sys/net/ipv6/conf/default/accept_ra_rtr_pref/proc/sys/net/ipv6/conf/defaultaccept_ra_rtr_pref^(.*)$1^(.*)$11/proc/sys/net/ipv6/conf/default/router_solicitations/proc/sys/net/ipv6/conf/defaultrouter_solicitations^(.*)$1^(.*)$33/proc/sys/net/ipv4/conf/default/rp_filter/proc/sys/net/ipv4/conf/defaultrp_filter^(.*)$1^(.*)$11/proc/sys/net/ipv4/tcp_syncookies/proc/sys/net/ipv4tcp_syncookies^(.*)$1^(.*)$11/proc/sys/net/ipv4/icmp_ignore_bogus_error_responses/proc/sys/net/ipv4icmp_ignore_bogus_error_responses^(.*)$1^(.*)$11/proc/sys/net/ipv4/icmp_echo_ignore_broadcasts/proc/sys/net/ipv4icmp_echo_ignore_broadcasts^(.*)$1^(.*)$11/proc/sys/net/ipv4/conf/default/log_martians/proc/sys/net/ipv4/conf/defaultlog_martians^(.*)$1^(.*)$00/proc/sys/net/ipv4/conf/default/secure_redirects/proc/sys/net/ipv4/conf/defaultsecure_redirects^(.*)$1^(.*)$11/proc/sys/net/ipv4/conf/default/accept_redirects/proc/sys/net/ipv4/conf/defaultaccept_redirects^(.*)$1^(.*)$11/etc/yum.repos.d/rhel-source.repo/etc/yum.repos.drhel-source.repo^[\s]*gpgcheck[\s]*=[\s]*([0-1])$2^[\s]*gpgcheck[\s]*=[\s]*([0-1])$gpgcheck=11/proc/sys/net/ipv4/conf/default/accept_source_route/proc/sys/net/ipv4/conf/defaultaccept_source_route^(.*)$1^(.*)$00/proc/sys/net/ipv4/conf/all/log_martians/proc/sys/net/ipv4/conf/alllog_martians^(.*)$1^(.*)$00/proc/sys/net/ipv4/conf/all/secure_redirects/proc/sys/net/ipv4/conf/allsecure_redirects^(.*)$1^(.*)$11/proc/sys/net/ipv4/conf/all/accept_source_route/proc/sys/net/ipv4/conf/allaccept_source_route^(.*)$1^(.*)$00/etc/selinux/config/etc/selinuxconfig^[[:space:]]*SELINUXTYPE=([[:alnum:]]*)1^[[:space:]]*SELINUXTYPE=([[:alnum:]]*)SELINUXTYPE=targetedtargeted/etc/selinux/config/etc/selinuxconfig^[[:space:]]*SELINUX=([[:alnum:]]*)1^[[:space:]]*SELINUX=([[:alnum:]]*)SELINUX=enforcingenforcing/boot/grub/grub.conf/boot/grubgrub.conf^.+$1^.+$# grub.conf generated by anaconda/etc/login.defs/etclogin.defs^[[:space:]]*UMASK[[:space:]]+([[:alnum:]]*)1^[[:space:]]*UMASK[[:space:]]+([[:alnum:]]*)UMASK 077077/etc/csh.cshrc/etccsh.cshrc^[[:space:]]*umask[[:space:]]+([[:alnum:]]*)1^[[:space:]]*umask[[:space:]]+([[:alnum:]]*) umask 002002/etc/bashrc/etcbashrc^[[:space:]]*umask[[:space:]]+([[:alnum:]]*)1^[[:space:]]*umask[[:space:]]+([[:alnum:]]*) umask 002002/etc/yum.repos.d/rhel-source.repo/etc/yum.repos.drhel-source.repo^[\s]*gpgcheck[\s]*=[\s]*([0-1])$1^[\s]*gpgcheck[\s]*=[\s]*([0-1])$gpgcheck=11/etc/yum.conf/etcyum.conf^[\s]*gpgcheck[\s]*=[\s]*([0-1])$1^[\s]*gpgcheck[\s]*=[\s]*([0-1])$gpgcheck=11gpg-pubkey(none)04bd229420608b8950:0608b895-4bd229420gpg-pubkey(none)045700c692fa658e00:2fa658e0-45700c690gpg-pubkey(none)04ae0493bfd431d510:fd431d51-4ae0493b0