The following ssg-ids are not included within the DISA RHEL6V1R2 STIG for profiles stig-rhel6-server and/or usgcb-rhel6-server, as indicated below: STIG USGCB x x Ensure All Files Are Owned by a User - (CCE-27032-2) x x Ensure All Files Are Owned by a Group - (CCE-26872-2) x x Ensure No Device Files are Unlabeled by SELinux - (CCE-26774-0) x Require Authentication for Single User Mode - (CCE-27040-5) x Bind Mount /var/tmp To /tmp - (CCE-26582-7) x Disable Mounting of cramfs - (CCE-26340-0) x Disable Mounting of freevxfs - (CCE-26544-7) x Disable Mounting of jffs2 - (CCE-26670-0) x Disable Mounting of hfs - (CCE-26800-3) x Disable Mounting of hfsplus - (CCE-26361-6) x Disable Mounting of squashfs - (CCE-26404-4) x Disable Mounting of udf - (CCE-26677-5) x Ensure that Root's Path Does Not Include Relative Paths or Null Directories - (CCE-26826-8) x Ensure that Root's Path Does Not Include World or Group-Writable Directories - (CCE-26768-2) x Disable Accepting IPv6 Router Advertisements - (CCE-27164-3) x Disable Zeroconf Networking - (CCE-27151-0) x Make the auditd Configuration Immutable - (CCE-26612-2) x Disable Portreserve (portreserve) - (CCE-27258-3) x Disable Network File System Lock Service (nfslock) - (CCE-27104-9) x Disable Secure RPC Client Service (rpcgssd) - (CCE-26864-9) x Disable RPC ID Mapping Service (rpcidmapd) - (CCE-26870-6) x Disable Network File Systems (netfs) - (CCE-27137-9) x Uninstall vsftpd Package - (CCE-26687-4) x Disable Samba - (CCE-27143-7) x Uninstall net-snmp Package - (CCE-26332-7) x Disable Support for RPC IPv6 - (CCE-27232-8) x Ensure All SGID Executables Are Authorized - (CCE-26769-0) x Ensure All SUID Executables Are Authorized - (CCE-26497-8) x x Ensure SELinux Not Disabled in /etc/grub.conf - (CCE-26956-3) x x Ensure SELinux State is Enforcing - (CCE-26969-6) x x Configure SELinux Policy - (CCE-26875-5) x Ensure that System Accounts Do Not Run a Shell Upon Login - (CCE-26966-2) x x Set Password Retry Prompts Permitted Per-Session - (CCE-27123-9) x Ensure that User Home Directories are not Group-Writable or World-Readable - (CCE-26981-1) x Deactivate Wireless Network Interfaces - (CCE-27057-9) x Ensure rsyslog Does Not Accept Remote Messages Unless Acting As Log Server - (CCE-26803-7) x Disable KDump Kernel Crash Analyzer (kdump) - (CCE-26850-8) x Uninstall DHCP Server Package - (CCE-27120-5) x Disable Secure RPC Server Service (rpcsvcgssd) - (CCE-27122-1) x Disable DNS Server - (CCE-26873-0) x Uninstall bind Package - (CCE-27030-6) x Disable vsftpd Service - (CCE-26948-0) x Disable httpd Service - (CCE-27075-1) x Uninstall httpd Package - (CCE-27133-8) x Disable Dovecot Service - (CCE-26922-5) x Uninstall dovecot Package - (CCE-27039-7) x Disable Samba - (CCE-27143-7) x Disable Squid - (CCE-27146-0) x Uninstall squid Package - (CCE-26977-9) x Disable snmpd Service - (CCE-26906-8)
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
