Hi all,
Sorry for dropping off the radar on this topic for a bit. Got caught up in
other things at work. Anyway, I've attached the output of my little comparison
program where I compared the content from the RHEL7.3
stig-rhel7-server-upstream content to the RHEL7.5 stig-rhel7-disa content. My
program is specifically looking for cases where the rule state
(enabled/disabled/notpresent) differs, or it can figure out that a variable
used for the rule has changed (example - unlocktime). Found some surprising
results as I mentioned before, and have finally gotten back around and make the
results available.
I've also gotten initial permission to make that program available to the
group. I need to clean it up a bit, as it is some of the ugliest python code
I've ever had the audacity to make public. A case of a tool starting out to do
one things and winding up doing something different. Once the rougher edges
are off and final approval is given I'll post it. The initial purpose was to
give me a high level comparison between different releases to see what may have
changed in the content (example - upgrading from RHEL7.3 to RHEL7.5). Things
got distinctly messier when I realized the name of the profiles changed, and
even more so when I added code to accept a tailoring file as an input.
Here are a couple of surprising things I've noticed is that the following
rules are enabled in the 7.3 content and disabled in the 7.5 content:
- Direct root Logins Not Allowed
- Ensure Red Hat GPG Key Installed
- Make the auditd Configuration Immutable
- Ensure SELinux Not Disabled in /etc/default/grub
- Restrict Virtual Console Root Logins
I don't see several of these in the RHEL7 V1R4 content from DISA either, so
that may account for the missing entries - especially if the Red Hat content is
supposed to track to the official STIG. I do confess to being a bit surprised
by some of the missing items.
Anyway, attached is the output of my little checker, comparing the RHEL 7.3
'stig-rhel7-server-upstream' content with the RHEL7.5 'stig-rhel7-disa'
content. If nothing else it may be a useful sanity checker for comparing
versions.
Sincerely,
Rob Sanders
Robert Sanders
Sr. Secure Systems Engineer
FORCEPOINT
T +1.703.896.4762
F +1.703.318.5041
www.forcepoint.com
FORWARD WITHOUT FEAR
Comparing (/home/rob/rh73_xccdf.xml,stig-rhel7-server-upstream)
,(/home/rob/rh75_xccdf.xml,stig-rhel7-disa)
Found a total of 314 active rules
Assign Expiration Date to Temporary Accounts
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Ensure Home Directories are Created for New Users
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Ensure the Logon Failure Delay is Set Correctly in login.defs
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> disabled
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled
['var_accounts_fail_delay=4']
Verify All Account Password Hashes are Shadowed
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Set Password to Maximum of Consecutive Repeating Characters from Same Character
Class
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled
['var_password_pam_maxclassrepeat=4']
Set Existing Passwords Maximum Age
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Set Existing Passwords Minimum Age
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Configure the root Account for Failed Password Attempts
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> disabled
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Set Lockout Time For Failed Password Attempts
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled
['var_accounts_passwords_pam_faillock_unlock_time=604800']
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled
['var_accounts_passwords_pam_faillock_unlock_time=never']
Set Interactive Session Timeout
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled
['var_accounts_tmout=10_min']
Ensure the Default Umask is Set Correctly in login.defs
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> disabled
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled
['var_accounts_user_umask=077']
Ensure the Default Umask is Set Correctly For Interactive Users
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
User Initialization Files Must Be Group-Owned By The Primary User
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
User Initialization Files Must Not Run World-Writable Programs
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
User Initialization Files Must Be Owned By the Primary User
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Ensure that Users Path Contains Only Local Directories
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
All Interactive Users Must Have A Home Directory Defined
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
All Interactive Users Home Directories Must Exist
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
All User Files and Directories In The Home Directory Must Be Group-Owned By The
Primary User
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
All User Files and Directories In The Home Directory Must Be Owned By The
Primary User
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
All User Files and Directories In The Home Directory Must Have Mode 0750 Or
Less Permissive
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Build and Test AIDE Database
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Configure Notification of Post-AIDE Scan Details
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Configure AIDE to Use FIPS 140-2 for Validating Hashes
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Configure AIDE to Verify Access Control Lists (ACLs)
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Configure AIDE to Verify Extended Attributes
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Record Any Attempts to Run chcon
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Record Any Attempts to Run restorecon
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Record Any Attempts to Run semanage
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Record Any Attempts to Run setsebool
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Ensure auditd Collects File Deletion Events by User
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Ensure auditd Collects File Deletion Events by User - rename
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Ensure auditd Collects File Deletion Events by User - renameat
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Ensure auditd Collects File Deletion Events by User - rmdir
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Ensure auditd Collects File Deletion Events by User - unlink
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Ensure auditd Collects File Deletion Events by User - unlinkat
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Make the auditd Configuration Immutable
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Ensure auditd Collects Information on Kernel Module Loading and Unloading
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Ensure auditd Collects Information on Kernel Module Loading and Unloading -
delete_module
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Ensure auditd Collects Information on Kernel Module Loading and Unloading -
init_module
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Ensure auditd Collects Information on Kernel Module Loading and Unloading -
insmod
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Ensure auditd Collects Information on Kernel Module Loading and Unloading -
modprobe
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Ensure auditd Collects Information on Kernel Module Loading and Unloading -
rmmod
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Record Attempts to Alter Logon and Logout Events
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Record Attempts to Alter Logon and Logout Events - faillock
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Record Attempts to Alter Logon and Logout Events - lastlog
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Record Attempts to Alter Logon and Logout Events - tallylog
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Record Events that Modify the System's Mandatory Access Controls
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Record Events that Modify the System's Network Environment
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Ensure auditd Collects Information on the Use of Privileged Commands - chage
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Ensure auditd Collects Information on the Use of Privileged Commands - chsh
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Ensure auditd Collects Information on the Use of Privileged Commands - crontab
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Ensure auditd Collects Information on the Use of Privileged Commands - gpasswd
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Ensure auditd Collects Information on the Use of Privileged Commands - newgrp
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Ensure auditd Collects Information on the Use of Privileged Commands -
pam_timestamp_check
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Ensure auditd Collects Information on the Use of Privileged Commands - passwd
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Ensure auditd Collects Information on the Use of Privileged Commands - postdrop
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Ensure auditd Collects Information on the Use of Privileged Commands - postqueue
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Ensure auditd Collects Information on the Use of Privileged Commands - pt_chown
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Ensure auditd Collects Information on the Use of Privileged Commands -
ssh-keysign
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Ensure auditd Collects Information on the Use of Privileged Commands - su
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Ensure auditd Collects Information on the Use of Privileged Commands - sudo
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Ensure auditd Collects Information on the Use of Privileged Commands - sudoedit
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Ensure auditd Collects Information on the Use of Privileged Commands - umount
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Ensure auditd Collects Information on the Use of Privileged Commands -
unix_chkpwd
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Ensure auditd Collects Information on the Use of Privileged Commands -
userhelper
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Record Attempts to Alter Process and Session Initiation Information
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Shutdown System When Auditing Failures Occur
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Record attempts to alter time through adjtimex
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Record Attempts to Alter Time Through clock_settime
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Record attempts to alter time through settimeofday
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Record Attempts to Alter Time Through stime
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Record Attempts to Alter the localtime File
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Ensure auditd Collects Unauthorized Access Attempts to Files (unsuccessful)
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Record Unauthorized Access Attempts to Files (unsuccessful) - creat
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Record Unauthorized Access Attempts to Files (unsuccessful) - ftruncate
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Record Unauthorized Access Attempts to Files (unsuccessful) - open
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Record Unauthorized Access Attempts to Files (unsuccessful) - open_by_handle_at
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Record Unauthorized Access Attempts to Files (unsuccessful) - openat
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Record Unauthorized Access Attempts to Files (unsuccessful) - truncate
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Record Events that Modify User/Group Information
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Record Events that Modify User/Group Information - /etc/group
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Record Events that Modify User/Group Information - /etc/gshadow
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Record Events that Modify User/Group Information - /etc/security/opasswd
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Record Events that Modify User/Group Information - /etc/passwd
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Record Events that Modify User/Group Information - /etc/shadow
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Configure audispd Plugin To Send Logs To Remote Server
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Configure audispd's Plugin disk_full_action When Disk Is Full
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Encrypt Audit Records Sent With audispd Plugin
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Configure audispd's Plugin network_failure_action On Network Failure
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Configure auditd to use audispd's syslog plugin
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Configure auditd admin_space_left Action on Low Disk Space
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled
['var_auditd_admin_space_left_action=single']
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Configure auditd flush priority
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled
['var_auditd_flush=data']
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Configure auditd Max Log File Size
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled
['var_auditd_max_log_file=6']
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Configure auditd max_log_file_action Upon Reaching Maximum Log Size
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled
['var_auditd_max_log_file_action=rotate']
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Configure auditd Number of Logs Retained
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled
['var_auditd_num_logs=5']
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Configure auditd space_left on Low Disk Space
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled
['var_auditd_space_left=100']
Modify the System Login Banner
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled
['login_banner_text=dod_default']
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled
['login_banner_text=dod_banners']
Assign Password to Prevent Changes to Boot Firmware Configuration
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Disable Booting from USB Devices in Boot Firmware
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Enable NX or XD Support in the BIOS
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Enable Auditing for Processes Which Start Prior to the Audit Daemon
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Boat Loader Is Not Installed On Removeable Media
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Disable Kernel Support for USB via Bootloader Configuration
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Set the UEFI Boot Loader Password
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> disabled
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Configure Time Service Maxpoll Interval
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled
['var_time_service_set_maxpoll=system_default']
Specify Additional Remote NTP Servers
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled
['var_multiple_time_servers=rhel']
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Specify a Remote NTP Server
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled
['var_multiple_time_servers=rhel']
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Ensure YUM Removes Previous Package Versions
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> disabled
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Configure the Firewalld Ports
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled
['firewalld_sshd_zone=public']
Configure firewalld To Rate Limit Connections
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Enable GNOME3 Login Warning Banner
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> disabled
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Enable the GNOME3 Login Smartcard Authentication
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> disabled
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Set the GNOME3 Login Warning Banner Text
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> disabled
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Enable GNOME3 Screensaver Idle Activation
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> disabled
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Set GNOME3 Screensaver Inactivity Timeout
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> disabled
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled
['inactivity_timeout_value=15_minutes']
Set GNOME3 Screensaver Lock Delay After Activation Period
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Enable GNOME3 Screensaver Lock After Idle Period
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> disabled
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled
['var_screensaver_lock_delay=5_seconds']
Ensure Users Cannot Change GNOME3 Screensaver Settings
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Ensure Users Cannot Change GNOME3 Session Idle Settings
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Ensure All World-Writable Directories Are Owned by a System Account
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> disabled
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Verify that Interactive Boot is Disabled
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Disable Prelinking
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Ensure SELinux Not Disabled in /etc/default/grub
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Enable Encrypted X11 Fordwarding
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> N/A
Encrypt Partitions
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Ensure gpgcheck Enabled for Local Packages
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> disabled
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Ensure gpgcheck Enabled For All Yum Package Repositories
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Ensure gpgcheck Enabled for Repository Metadata
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> disabled
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Ensure Red Hat GPG Key Installed
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Verify Group Who Owns /etc/cron.allow file
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
All Interactive User Home Directories Must Be Group-Owned By The Primary User
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Verify User Who Owns /etc/cron.allow file
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
All Interactive User Home Directories Must Be Owned By The Primary User
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Ensure All User Initialization Files Have Mode 0740 Or Less Permissive
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
All Interactive User Home Directories Must Have mode 0750 Or Less Permissive
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
System Audit Logs Must Have Mode 0640 or Less Permissive
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Create Warning Banners for All FTP Users
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Disable GDM Automatic Login
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> disabled
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Disable GDM Guest Login
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> disabled
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Enable FIPS Mode in GRUB2
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> disabled
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Install PAE Kernel on Supported 32-bit x86 Systems
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Install Virus Scanning Software
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Install Intrusion Detection Software
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Install McAfee Virus Scanning Software
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> disabled
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Install Smart Card Packages For Multifactor Authentication
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
The Installed Operating System Is Vendor Supported and Certified
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Disable Bluetooth Kernel Modules
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Disable DCCP Support
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> disabled
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Configure LDAP Client to Use TLS For All Transactions
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> disabled
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Virus Scanning Software Definitions Are Updated
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> disabled
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Add nosuid Option to /home
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Mount Remote Filesystems with noexec
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Mount Remote Filesystems with nosuid
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> disabled
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Add nosuid Option to Removable Media Partitions
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> disabled
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled
['var_removable_partition=dev_cdrom']
Configure Multiple DNS Servers in /etc/resolv.conf
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Disable Client Dynamic DNS Updates
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Ensure System is Not Acting as a Network Sniffer
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> disabled
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Direct root Logins Not Allowed
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Remove Host-Based Authentication Files
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Remove Rsh Trust Files
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Remove User Host-Based Authentication Files
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Install the OpenSSH Server Package
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> disabled
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Uninstall rsh Package
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Uninstall talk-server Package
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Uninstall talk Package
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Remove telnet Clients
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Uninstall vsftpd Package
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> disabled
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Uninstall xinetd Package
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Remove NIS Client
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Prevent Unrestricted Mail Relaying
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Restrict Serial Port Root Logins
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Verify and Correct Ownership with RPM
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Ensure cron Is Logging To Rsyslog
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Ensure rsyslog Does Not Accept Remote Messages Unless Acting As Log Server
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> disabled
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Ensure Logs Sent To Remote Host
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled
['rsyslog_remote_loghost_address=logcollector']
Restrict Virtual Console Root Logins
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Ensure No Daemons are Unconfined by SELinux
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Map System Users To The Appropriate SELinux Role
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Disable Bluetooth Service
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Enable the NTP Daemon
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Enable cron Service
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Disable debug-shell SystemD Service
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Disable rexec Service
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Disable rlogin Service
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Disable rsh Service
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Enable the OpenSSH Service
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> disabled
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Disable telnet Service
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Disable xinetd Service
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Disable ypbind Service
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Disable Quagga Service
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Enable Smart Card Login
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> disabled
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Configure Smart Card Certificate Status Checking
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Disable SSH Support for Rhosts RSA Authentication
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Disable SSH Support for User Known Hosts
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Enable Encrypted X11 Forwarding
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Print Last Log
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> disabled
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Set SSH Idle Timeout Interval
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled
['sshd_idle_timeout_value=15_minutes']
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled
['sshd_idle_timeout_value=10_minutes']
Use Only FIPS 140-2 Validated MACs
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled
['sshd_approved_macs=hmac-sha2-512,hmac-sha2-256,hmac-sha1,hmac-sha1-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com']
Configure PAM in SSSD Services
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Configure SSSD LDAP Backend Client CA Certificate
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Configure SSSD LDAP Backend Client CA Certificate Location
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> N/A
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Ensure Users Re-Authenticate for Privilege Escalation - sudo !authenticate
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> disabled
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Ensure Users Re-Authenticate for Privilege Escalation - sudo NOPASSWD
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> disabled
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Disable Core Dumps for SUID programs
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Restrict Access to Kernel Message Buffer
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Enable ExecShield
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Configure Kernel Parameter for Accepting Source-Routed Packets for All
Interfaces
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> disabled
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled
['sysctl_net_ipv4_conf_all_accept_source_route_value=disabled']
Disable Kernel Parameter for IP Forwarding
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> disabled
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Configure Kernel Parameter to Use TCP Syncookies
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled
['sysctl_net_ipv4_tcp_syncookies_value=enabled']
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Configure Kernel Parameter for Accepting Source-Routed Packets for All
Interfaces
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled
['sysctl_net_ipv6_conf_all_accept_source_route_value=disabled']
Ensure tftp Daemon Uses Secure Mode
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> disabled
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> enabled []
Set Daemon Umask
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled
['var_umask_for_daemons=022']
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Use Kerberos Security on All Exports
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Disable WiFi or Bluetooth in BIOS
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
Disable X Windows Startup By Setting Default Target
/home/rob/rh73_xccdf.xml(stig-rhel7-server-upstream) -> enabled []
/home/rob/rh75_xccdf.xml(stig-rhel7-disa) -> disabled
_______________________________________________
Open-scap-list mailing list
Open-scap-list@redhat.com
https://www.redhat.com/mailman/listinfo/open-scap-list
