Policy Definition for CIS templates
Policy Definitions for all CIS templates available in BMC Server Automation are listed below:
For a list of CIS properties included in the server built-in and custom property class, see:
Microsoft Windows Server 2012
Click here to expand...
Rule Category
Following table categorizes the percentage of rules as Native and EO based:
Rule Category | % of rules |
|---|---|
Native based | 60% |
EO based | 40% |
Rule Details
To find details about all rules included in the template, see HTML Definitions for Microsoft Windows Server 2012 DC.
Asset/Part Used
Part name | Part Type |
|---|---|
Audit Policy-1.1.3.3.1 | Extended Object |
Audit Policy-1.1.3.3.2 | |
Deny logon as a batch job (SeDenyBatchLogonRight) | |
Deny log on as a service | |
Deny log on locally (SeDenyInteractiveLogonRight) | |
Deny log on through Remote Desktop Services | |
Enable computer and user accounts to be trusted for delegation (SeEnableDelegationPrivilege) | |
Interactive logon: Message text for users attempting to log on | |
Interactive logon: Message title for users attempting to log on | |
Log on as a service | |
Microsoft network server: Server SPN target name validation level | |
Minimum password length | |
Modify an object label (SeRelabelPrivilege) | |
MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended) | |
MSS: (AutoReboot) Allow Windows to automatically restart after a system crash (recommended except for highly secure environments) | |
MSS: (AutoShareServer) Enable Administrative Shares (recommended except for highly secure environments | |
MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing) | |
MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing) | |
MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes | |
MSS: (Hidden) Hide Computer From the Browse List (not recommended except for highly secure environments) | |
MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds | |
MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic | |
MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers | |
MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS) | |
MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended) | |
MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended) | |
MSS: (TCPMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is default) | |
MSS:(TCPMaxDataRetransmissions) IPv6 How many times unacknowledged data is retransmitted (3 recommended, 5 is default) | |
MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning | |
Named Pipes that can be accessed anonymously | |
Network access: Remotely accessible registry paths | |
Network access: Remotely accessible registry paths and sub-paths | |
Network access Shares that can be accessed anonymously | |
Network Security: Restrict NTLM: Add remote server exceptions for NTLM authentication | |
Network Security: Restrict NTLM: Add server exceptions in this domain | |
System settings Optional subsystems | |
User Rights Policy-SeAssignPrimaryTokenPrivilege | |
User Rights Policy-SeAuditPrivilege | |
User Rights Policy-SeBackupPrivilege | |
User Rights Policy-SeBatchLogonRight | |
User Rights Policy-SeChangeNotifyPrivilege | |
User Rights Policy-SeCreateGlobalPrivilege | |
User Rights Policy-SeCreatePagefilePrivilege | |
User Rights Policy-SeCreatePermanentPrivilege | |
User Rights Policy-SeCreateSymbolicLinkPrivilege | |
User Rights Policy-SeCreateTokenPrivilege | |
User Rights Policy-SeDebugPrivilege | |
User Rights Policy-SeDenyNetworkLogonRight | |
User Rights Policy-SeImpersonatePrivilege | |
User Rights Policy-SeIncreaseBasePriorityPrivilege | |
User Rights Policy-SeIncreaseQuotaPrivilege | |
User Rights Policy-SeIncreaseWorkingSetPrivilege | |
User Rights Policy-SeInteractiveLogonRight | |
User Rights Policy-SeLoadDriverPrivilege | |
User Rights Policy-SeLockMemoryPrivilege | |
User Rights Policy-SeMachineAccountPrivilege | |
User Rights Policy-SeManageVolumePrivilege | |
User Rights Policy-SeNetworkLogonRight | |
User Rights Policy-SeProfileSingleProcessPrivilege | |
User Rights Policy-SeRemoteInteractiveLogonRight | |
User Rights Policy-SeRemoteShutdownPrivilege | |
User Rights Policy-SeRestorePrivilege | |
User Rights Policy-SeSecurityPrivilege | |
User Rights Policy-SeShutdownPrivilege | |
User Rights Policy-SeSynchAgentPrivilege | |
User Rights Policy-SeSystemEnvironmentPrivilege | |
User Rights Policy-SeSystemProfilePrivilege | |
User Rights Policy-SeSystemTimePrivilege | |
User Rights Policy-SeTakeOwnershipPrivilege | |
User Rights Policy-SeTcbPrivilege | |
User Rights Policy-SeTimeZonePrivilege | |
User Rights Policy-SeTrustedCredManAccessPrivilege | |
User Rights Policy-SeUndockPrivilege | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDriveTypeAutorun | Registry Value |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableUIADesktopToggle | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application\MaxSize | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application\Retention | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Security\MaxSize | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Security\Retention | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\System\MaxSize | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\System\Retention | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer\AlwaysInstallElevated | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AllowLocalIPsecPolicyMerge | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AllowLocalPolicyMerge | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\DefaultInboundAction | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\DefaultOutboundAction | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\DisableNotifications | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\DisableUnicastResponsesToMulticastBroadcast | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\EnableFirewall | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\AllowLocalIPsecPolicyMerge | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\AllowLocalPolicyMerge | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\DefaultInboundAction | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\DefaultOutboundAction | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\DisableNotifications | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\DisableUnicastResponsesToMulticastBroadcast | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\EnableFirewall | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\AllowLocalIPsecPolicyMerge | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\AllowLocalPolicyMerge | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\DefaultInboundAction | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\DefaultOutboundAction | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\DisableNotifications | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\DisableUnicastResponsesToMulticastBroadcast | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\EnableFirewall | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\MinEncryptionLevel | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\scenoapplylegacyauditpolicy | |
\Network access: Allow anonymous SID/Name translation | Security Setting |
Security Settings\Account Policies\Account Lockout Policy\Account lockout duration | |
Security Settings\Account Policies\Account Lockout Policy\Account lockout threshold | |
Security Settings\Account Policies\Account Lockout Policy\Reset account lockout counter after | |
Security Settings\Account Policies\Password Policy\Enforce password history | |
Security Settings\Account Policies\Password Policy\Maximum password age | |
Security Settings\Account Policies\Password Policy\Minimum password age | |
Security Settings\Account Policies\Password Policy\Minimum password length | |
Security Settings\Account Policies\Password Policy\Passwords must meet complexity requirements | |
Security Settings\Account Policies\Password Policy\Store password using reversible encryption | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Account Logon\Audit Credential Validation | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Account Logon\Audit kerberos Authentication Service | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Account Logon\Audit Kerberos Service Ticket Operations | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Account Logon\Audit Other Account Logon Events | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Account Management\Audit Application Group Management | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Account Management\Audit Computer Account Management | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Account Management\Audit Distribution Group Management | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Account Management\Audit Other Account Management Events | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Account Management\Audit Security Group Management | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Account Management\Audit User Account Management | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Detailed Tracking\Audit DPAPI Activity | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Detailed Tracking\Audit Process Creation | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Detailed Tracking\Audit Process Termination | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Detailed Tracking\Audit RPC Events | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\DS Access\Audit Detailed Directory Service Replication | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\DS Access\Audit directory service access | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\DS Access\Audit Directory Service Changes | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\DS Access\Audit Directory Service Replication | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Logon/Logoff\Audit Account Lockout | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Logon/Logoff\Audit IPsec Extended Mode | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Logon/Logoff\Audit IPsec Main Mode | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Logon/Logoff\Audit IPsec Quick Mode | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Logon/Logoff\Audit Logoff | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Logon/Logoff\Audit Logon | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Logon/Logoff\Audit Network Policy Server | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Logon/Logoff\Audit Other Logon/Logoff Events | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Logon/Logoff\Audit Special Logon | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Object Access\Audit Application Generated | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Object Access\Audit Central Policy Staging | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Object Access\Audit Certification Services | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Object Access\Audit Detailed File Share | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Object Access\Audit File Share | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Object Access\Audit File System | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Object Access\Audit Filtering Platform Connection | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Object Access\Audit Filtering Platform Packet Drop | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Object Access\Audit Handle Manipulation | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Object Access\Audit Kernel Object | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Object Access\Audit Other Object Access Events | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Object Access\Audit Registry | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Object Access\Audit Removable Storage | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Object Access\Audit SAM | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Policy Change\Audit Audit Policy Change | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Policy Change\Audit Authentication Policy Change | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Policy Change\Audit Authorization Policy Change | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Policy Change\Audit Filtering Platform Policy Change | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Policy Change\Audit MPSSVC Rule-Level Policy Change | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Policy Change\Audit Other Policy Change Events | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Privilege Use\Audit Non Sensitive Privilege Use | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Privilege Use\Audit Other Privilege Use Events | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Privilege Use\Audit Sensitive Privilege Use | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\System\Audit IPsec Driver | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\System\Audit Other System Events | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\System\Audit Security State Change | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\System\Audit Security System Extension | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\System\Audit System Integrity | |
Security Settings\Local Policies\Security Options | |
Security Settings\Local Policies\Security Options\Accounts: Limit local account use of blank passwords to console logon only | |
Security Settings\Local Policies\Security Options\Accounts: Rename administrator account | |
Security Settings\Local Policies\Security Options\Accounts: Rename guest account | |
Security Settings\Local Policies\Security Options\Audit: Audit the access of global system objects | |
Security Settings\Local Policies\Security Options\Audit: Audit the use of Backup and Restore privilege | |
Security Settings\Local Policies\Security Options\Audit: Shut down system immediately if unable to log security audits | |
Security Settings\Local Policies\Security Options\Devices: Allowed to format and eject removable media | |
Security Settings\Local Policies\Security Options\Devices: Allow undock without having to log on | |
Security Settings\Local Policies\Security Options\Devices: Prevent users from installing printer drivers | |
Security Settings\Local Policies\Security Options\Devices: Restrict CD-ROM access to locally logged-on user only | |
Security Settings\Local Policies\Security Options\Devices: Restrict floppy access to locally logged-on user only | |
Security Settings\Local Policies\Security Options\Domain controller: Allow server operators to schedule tasks | |
Security Settings\Local Policies\Security Options\Domain controller: LDAP server signing requirements | |
Security Settings\Local Policies\Security Options\Domain controller: Refuse machine account password changes | |
Security Settings\Local Policies\Security Options\Domain member: Digitally encrypt or sign secure channel data (always) | |
Security Settings\Local Policies\Security Options\Domain member: Digitally encrypt secure channel data (when possible) | |
Security Settings\Local Policies\Security Options\Domain member: Digitally sign secure channel data (when possible) | |
Security Settings\Local Policies\Security Options\Domain member: Disable machine account password changes | |
Security Settings\Local Policies\Security Options\Domain member: Maximum machine account password age | |
Security Settings\Local Policies\Security Options\Domain member: Require strong (Windows 2000 or later) session key | |
Security Settings\Local Policies\Security Options\Interactive logon: Display user Information when the session is locked | |
Security Settings\Local Policies\Security Options\Interactive logon: Do not display last user name | |
Security Settings\Local Policies\Security Options\Interactive logon: Do not require CTRL+ALT+DEL | |
Security Settings\Local Policies\Security Options\Interactive logon: Machine account lockout threshhold | |
Security Settings\Local Policies\Security Options\Interactive logon: Machine inactivity limit | |
Security Settings\Local Policies\Security Options\Interactive logon: Number of previous logons to cache (in case domain controller is not available) | |
Security Settings\Local Policies\Security Options\Interactive logon: Prompt user to change password before expiration | |
Security Settings\Local Policies\Security Options\Interactive logon: Require Domain Controller authentication to unlock workstation | |
Security Settings\Local Policies\Security Options\Interactive logon: Require smart card | |
Security Settings\Local Policies\Security Options\Interactive logon: Smart card removal behavior | |
Security Settings\Local Policies\Security Options\Microsoft network client: Digitally sign communications (always) | |
Security Settings\Local Policies\Security Options\Microsoft network client: Digitally sign communications (if server agrees) | |
Security Settings\Local Policies\Security Options\Microsoft network client: Send unencrypted password to third-party SMB servers | |
Security Settings\Local Policies\Security Options\Microsoft network server: Amount of idle time required before suspending session | |
Security Settings\Local Policies\Security Options\Microsoft network server: Digitally sign communications (always) | |
Security Settings\Local Policies\Security Options\Microsoft network server: Digitally sign communications (if client agrees) | |
Security Settings\Local Policies\Security Options\Microsoft network server: Disconnect clients when logon hours expire | |
Security Settings\Local Policies\Security Options\Network access: Allow anonymous SID/Name translation | |
Security Settings\Local Policies\Security Options\Network access: Do not allow anonymous enumeration of SAM accounts | |
Security Settings\Local Policies\Security Options\Network access: Do not allow anonymous enumeration of SAM accounts and shares | |
Security Settings\Local Policies\Security Options\Network access: Do not allow storage of passwords and credentials or .NET Passports for network authentication | |
Security Settings\Local Policies\Security Options\Network access: Let Everyone permissions apply to anonymous users | |
Security Settings\Local Policies\Security Options\Network access: Restrict anonymous access to Named Pipes and Shares | |
Security Settings\Local Policies\Security Options\Network access: Sharing and security model for local accounts | |
Security Settings\Local Policies\Security Options\Network security: Allow LocalSystem NULL session fallback | |
Security Settings\Local Policies\Security Options\Network security: Allow Local System to use computer identity for NTLM | |
Security Settings\Local Policies\Security Options\Network security: Allow PKU2U authentication requests to this computer to use online identities | |
Security Settings\Local Policies\Security Options\Network security: Configure encryption types allowed for Kerberos | |
Security Settings\Local Policies\Security Options\Network security: Do not store LAN Manager hash value on next password change | |
Security Settings\Local Policies\Security Options\Network security: Force logoff when logon hours expire | |
Security Settings\Local Policies\Security Options\Network security: LAN Manager authentication level | |
Security Settings\Local Policies\Security Options\Network security: LDAP client signing requirements | |
Security Settings\Local Policies\Security Options\Network security: Minimum session security for NTLM SSP based (including secure RPC) clients | |
Security Settings\Local Policies\Security Options\Network security: Minimum session security for NTLM SSP based (including secure RPC) servers | |
Security Settings\Local Policies\Security Options\Network security : Restrict NTLM : Audit incoming NTLM Traffic | |
Security Settings\Local Policies\Security Options\Network security : Restrict NTLM : Audit NTLM authentication in this domatin | |
Security Settings\Local Policies\Security Options\Network security : Restrict NTLM : Incoming NTLM traffic | |
Security Settings\Local Policies\Security Options\Network security : Restrict NTLM : NTLM authentication in this domain | |
Security Settings\Local Policies\Security Options\Network security : Restrict NTLM : outgoing NTLM traffic to remote server | |
Security Settings\Local Policies\Security Options\Recovery console: Allow automatic administrative logon | |
Security Settings\Local Policies\Security Options\Recovery console: Allow floppy copy and access to all drives and all folders | |
Security Settings\Local Policies\Security Options\Shutdown: Allow system to be shut down without having to log on | |
Security Settings\Local Policies\Security Options\Shutdown: Clear virtual memory page file | |
Security Settings\Local Policies\Security Options\System cryptography: Force strong key protection for user keys stored on the computer | |
Security Settings\Local Policies\Security Options\System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing | |
Security Settings\Local Policies\Security Options\System objects: Require case insensitivity for non-Windows subsystems | |
Security Settings\Local Policies\Security Options\System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links) | |
Security Settings\Local Policies\Security Options\System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies | |
Security Settings\Local Policies\Security Options\User Account Control: Only elevate executables that are signed and validated | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object | Security Settings Category |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Account Logon |
Microsoft Windows Server 2008
Click here to expand...
Rule Category
Following table categorizes the percentage of rules as Native and EO based:
Rule Category | % of rules |
|---|---|
Native based | 60% |
EO based | 40% |
Rule Details
To find details about all rules included in the template, see HTML Definitions for Microsoft Windows Server 2008.
Asset/Part Used
Part name | Part Type |
|---|---|
1.1.4 Minimum password length | Extended Object |
1.1.8 Account lockout threshold | |
1.9.27 Interactive logon: Message text for users attempting to log on | |
1.9.28 Interactive logon: Message title for users attempting to log on | |
1.9.2 Network access: Remotely accessible registry paths and sub-paths | |
1.9.41 Network access: Named Pipes that can be accessed anonymously | |
1.9.42 Network access: Remotely accessible registry paths | |
1.9.47 Network security: LAN Manager authentication level | |
1.9.56 System cryptography: Force strong key protection for user keys stored on the computer | |
1.9.59 MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended) | |
1.9.60 MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing) | |
1.9.61 MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes | |
1.9.62 MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds | |
1.9.63 MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic | |
1.9.64 MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers | |
1.9.65 MSS: (NtfsDisable8dot3NameCreation) Enable the computer to stop generating 8.3 style filenames (recommended) | |
1.9.66 MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS) | |
1.9.67 MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended) | |
1.9.68 MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended) | |
1.9.69 MSS: (TCPMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is default) | |
1.9.70 MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning | |
1.9.71 MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing) | |
1.9.72 MSS: (TCPMaxDataRetransmissions) IPv6 How many times unacknowledged data is retransmitted (3 recommended, 5 is default) | |
Audit-Policy | |
Audit-Policy-1.1.10 | |
Audit-Policy-1.1.11 | |
Audit-Policy-1.1.12 | |
Audit-Policy-1.1.13 | |
Audit-Policy-1.1.14 | |
Audit-Policy-1.1.14.2 | |
Audit-Policy-1.1.15 | |
Audit-Policy-1.3.1 | |
Audit-Policy-1.3.10 | |
Audit-Policy-1.3.11 | |
Audit-Policy-1.3.12 | |
Audit-Policy-1.3.13 | |
Audit-Policy-1.3.14 | |
Audit-Policy-1.3.15 | |
Audit-Policy-1.3.16 | |
Audit-Policy-1.3.17 | |
Audit-Policy-1.3.18 | |
Audit-Policy-1.3.19 | |
Audit-Policy-1.3.2 | |
Audit-Policy-1.3.20 | |
Audit-Policy-1.3.3 | |
Audit-Policy-1.3.4 | |
Audit-Policy-1.3.5 | |
Audit-Policy-1.3.6 | |
Audit-Policy-1.3.7 | |
Audit-Policy-1.3.8 | |
Audit-Policy-1.3.9 | |
User Rights Policy-1.8.1 | |
User Rights Policy-1.8.10 | |
User Rights Policy-1.8.11 | |
User Rights Policy-1.8.12 | |
User Rights Policy-1.8.13 | |
User Rights Policy-1.8.14 | |
User Rights Policy-1.8.15 | |
User Rights Policy-1.8.16 | |
User Rights Policy-1.8.17 | |
User Rights Policy-1.8.18 | |
User Rights Policy-1.8.19 | |
User Rights Policy-1.8.2 | |
User Rights Policy-1.8.20 | |
User Rights Policy-1.8.21 | |
User Rights Policy-1.8.22 | |
User Rights Policy-1.8.23 | |
User Rights Policy-1.8.24 | |
User Rights Policy-1.8.25 | |
User Rights Policy-1.8.26 | |
User Rights Policy-1.8.27 | |
User Rights Policy-1.8.28 | |
User Rights Policy-1.8.29 | |
User Rights Policy-1.8.3 | |
User Rights Policy-1.8.30 | |
User Rights Policy-1.8.31 | |
User Rights Policy-1.8.32 | |
User Rights Policy-1.8.33 | |
User Rights Policy-1.8.34 | |
User Rights Policy-1.8.35 | |
User Rights Policy-1.8.36 | |
User Rights Policy-1.8.37 | |
User Rights Policy-1.8.38 | |
User Rights Policy-1.8.39 | |
User Rights Policy-1.8.4 | |
User Rights Policy-1.8.40 | |
User Rights Policy-1.8.5 | |
User Rights Policy-1.8.6 | |
User Rights Policy-1.8.7 | |
User Rights Policy-1.8.8 | |
User Rights Policy-1.8.9 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | Registry Key |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\windows | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Security | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Setup | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\System | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\PublicProfile | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings | |
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\CredUI\EnableSecureCredentialPrompting | Registry Value |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\CredUI\EnumerateAdministrators | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisableLocalMachineRun | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisableLocalMachineRunOnce | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPublishingWizard | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWebServices | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCAD | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DontDisplayLastUserName | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableUIADesktopToggle | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeCaption | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeText | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\scforceoption | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ShutdownWithoutLogon | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\securitylevel | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\setcommand | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateCDRoms | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateDASD | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateFloppies | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoAdminLogon | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\cachedlogonscount | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ForceUnlockLogon | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\passwordexpirywarning | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ScreenSaverGracePeriod | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\scremoveoption | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Conferencing\NoRDS | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Cryptography\ForceKeyProtection | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Messenger\Client\CEIP | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SearchCompanion\DisableContentFileUpdates | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DriverSearching\DontSearchWindowsUpdate | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\Application\MaxSize | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\Application\Retention | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\Security\MaxSize | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\Security\Retention | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\System\MaxSize | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\System\Retention | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\NoBackgroundPolicy | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\NoGPOListChanges | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Group Policy\{B087BE9D-454F-AF9C-04291E351182}\NoGPOListChanges | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\AuthenticodeEnabled | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\AUOptions | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\NoAUShutdownOption | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\RescheduleWaitTimeEnabled | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\AllowLocalIPsecPolicyMerge | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\AllowLocalPolicyMerge | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\DefaultInboundAction | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\DisableNotifications | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\EnableFirewall | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings\AllowInboundEchoRequest | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings\AllowInboundEnchoRequest | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings\AllowInboundMaskRequest | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings\AllowInboundRouterRequest | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings\AllowInboundTimestampRequest | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings\AllowOutboundDestinationUnreachable | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings\AllowOutboundPacketTooBig | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings\AllowOutboundParameterProblem | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings\AllowOutboundSourceQuench | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings\AllowOutboundTimeExceeded | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings\AllowRedirect | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile\AllowLocalIPsecPolicyMerge | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile\AllowLocalPolicyMerge | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile\DefaultInboundAction | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile\DisableNotifications | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile\EnableFirewall | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\PublicProfile\AllowLocalIPsecPolicyMerge | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\PublicProfile\AllowLocalPolicyMerge | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\PublicProfile\DefaultInboundAction | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\PublicProfile\DisableNotifications | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\PublicProfile\EnableFirewall | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\DisableNotifications | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\EnableFirewall | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings\AllowInboundEchoRequest | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings\AllowInboundEnchoRequest | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings\AllowInboundMaskRequest | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings\AllowInboundRouterRequest | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings\AllowInboundTimestampRequest | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings\AllowOutboundDestinationUnreachable | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings\AllowOutboundPacketTooBig | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings\AllowOutboundParameterProblem | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings\AllowOutboundSourceQuench | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings\AllowOutboundTimeExceeded | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings\AllowRedirect | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings\ParameterProblem | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers\DisableHTTPPrinting | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers\DisableWebPnPDownload | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Rpc\EnableAuthEpResolution | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Rpc\RestrictRemoteClients | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\DisablePasswordSaving | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\fAllowToGetHelp | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\fAllowUnsolicited | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\fDisableCdm | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\fPromptForPassword | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\MaxIdleTime | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\MinEncryptionLevel | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\FileSystem\NtfsDisable8dot3NameCreation | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\crashonauditfail | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\DisableDomainCreds | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\EveryoneIncludesAnonymous | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\ForceGuest | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\LimitBlankPasswordUse | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\LmCompatibilityLevel | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinClientSec | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinServerSec | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\NoLMHash | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymous | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymousSAM | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\scenoapplylegacyauditpolicy | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SubmitControl | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Providers\LanMan Print Services\Servers\AddPrinterDrivers | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedExactPaths\Machine | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedPaths\Machine | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Kernel\ObCaseInsensitive | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdown | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\ProtectionMode | |
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SafeDllSearchMode | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\SubSystems\optional | |
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\WarningLevel | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\IPSEC\NoDefaultExempt | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\autodisconnect | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\enableforcedlogoff | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\enablesecuritysignature | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\NullSessionPipes | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\NullSessionShares | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\requiresecuritysignature | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\restrictnullsessaccess | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnablePlainTextPassword | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnableSecuritySignature | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\RequireSecuritySignature | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LDAP\LDAPClientIntegrity | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netbt\Parameters\NoNameReleaseOnDemand | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\disablepasswordchange | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\maximumpasswordage | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RefusePasswordChange | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\requiresignorseal | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\requirestrongkey | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\sealsecurechannel | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\signsecurechannel | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\ldapserverintegrity | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\DisableIPSourceRouting | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\EnableICMPRedirect | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\KeepAliveTime | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\PerformRouterDiscovery | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxDataRetransmissions | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip6\Parameters\DisableIPSourceRouting | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip6\Parameters\TcpMaxDataRetransmissions | |
Registry Value:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\NoGPOListChanges | |
\Access Credential Manager as a trusted caller | Security Setting |
\Force shutdown from a remote system | |
\Network access: Allow anonymous SID/Name translation | |
\Synchronize directory service data | |
Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\MK Protocol Security Restriction\Enforce user logon restrictions | |
Security Settings\Account Policies | |
Security Settings\Account Policies | |
Security Settings\Account Policies | |
Security Settings\Account Policies | |
Security Settings\Account Policies\Account Lockout Policy\Account lockout duration | |
Security Settings\Account Policies\Account Lockout Policy\Account lockout threshold | |
Security Settings\Account Policies\Account Lockout Policy\Reset account lockout counter after | |
Security Settings\Account Policies\Password Policy | |
Security Settings\Account Policies\Password Policy | |
Security Settings\Account Policies\Password Policy\Enforce password history | |
Security Settings\Account Policies\Password Policy\Maximum password age | |
Security Settings\Account Policies\Password Policy\Minimum password age | |
Security Settings\Account Policies\Password Policy\Minimum password length | |
Security Settings\Account Policies\Password Policy\Passwords must meet complexity requirements | |
Security Settings\Account Policies\Password Policy\Store password using reversible encryption | |
Security Settings\Local Policies | |
Security Settings\Local Policies | |
Security Settings\Local Policies | |
Security Settings\Local Policies\Access this computer from the network | |
Security Settings\Local Policies\Act as part of the operating system | |
Security Settings\Local Policies\Add workstations to domain | |
Security Settings\Local Policies\Adjust memory quotas for a process | |
Security Settings\Local Policies\Allow log on locally | |
Security Settings\Local Policies\Audit Policy\Audit account logon events | |
Security Settings\Local Policies\Audit Policy\Audit account management | |
Security Settings\Local Policies\Audit Policy\Audit directory service access | |
Security Settings\Local Policies\Audit Policy\Audit logon events | |
Security Settings\Local Policies\Audit Policy\Audit object access | |
Security Settings\Local Policies\Audit Policy\Audit policy change | |
Security Settings\Local Policies\Audit Policy\Audit privilege use | |
Security Settings\Local Policies\Audit Policy\Audit process tracking | |
Security Settings\Local Policies\Audit Policy\Audit system events | |
Security Settings\Local Policies\Back up files and directories | |
Security Settings\Local Policies\Bypass traverse checking | |
Security Settings\Local Policies\Change the system time | |
Security Settings\Local Policies\Change the time zone | |
Security Settings\Local Policies\Create a page file | |
Security Settings\Local Policies\Create a token object | |
Security Settings\Local Policies\Create global objects | |
Security Settings\Local Policies\Create permanent shared objects | |
Security Settings\Local Policies\Create symbolic links | |
Security Settings\Local Policies\Debug programs | |
Security Settings\Local Policies\Deny access to this computer from the network | |
Security Settings\Local Policies\Deny log on as a batch job | |
Security Settings\Local Policies\Deny log on locally | |
Security Settings\Local Policies\Enable computer and user accounts to be trusted for delegation | |
Security Settings\Local Policies\Force shutdown from a remote system | |
Security Settings\Local Policies\Generate security audits | |
Security Settings\Local Policies\Impersonate a client after authentication | |
Security Settings\Local Policies\Increase a process working set | |
Security Settings\Local Policies\Increase scheduling priority | |
Security Settings\Local Policies\Load and unload device drivers | |
Security Settings\Local Policies\Lock pages in memory | |
Security Settings\Local Policies\Log on as a batch job | |
Security Settings\Local Policies\Manage auditing and security log | |
Security Settings\Local Policies\Modify firmware environment values | |
Security Settings\Local Policies\Perform volume maintenance tasks | |
Security Settings\Local Policies\Profile single process | |
Security Settings\Local Policies\Profile system performance | |
Security Settings\Local Policies\Remove computer from docking station | |
Security Settings\Local Policies\Replace a process level token | |
Security Settings\Local Policies\Restore files and directories | |
Security Settings\Local Policies\Security Options\Accounts: Guest account status | |
Security Settings\Local Policies\Security Options\Accounts: Limit local account use of blank passwords to console logon only | |
Security Settings\Local Policies\Security Options\Accounts: Rename administrator account | |
Security Settings\Local Policies\Security Options\Accounts: Rename guest account | |
Security Settings\Local Policies\Security Options\Audit: Shut down system immediately if unable to log security audits | |
Security Settings\Local Policies\Security Options\Devices: Allowed to format and eject removable media | |
Security Settings\Local Policies\Security Options\Devices: Allow undock without having to log on | |
Security Settings\Local Policies\Security Options\Devices: Prevent users from installing printer drivers | |
Security Settings\Local Policies\Security Options\Devices: Restrict CD-ROM access to locally logged-on user only | |
Security Settings\Local Policies\Security Options\Devices: Restrict floppy access to locally logged-on user only | |
Security Settings\Local Policies\Security Options\Devices: Unsigned driver installation behavior | |
Security Settings\Local Policies\Security Options\Domain controller: Allow server operators to schedule tasks | |
Security Settings\Local Policies\Security Options\Domain controller: LDAP server signing requirements | |
Security Settings\Local Policies\Security Options\Domain controller: Refuse machine account password changes | |
Security Settings\Local Policies\Security Options\Domain member: Digitally encrypt or sign secure channel data (always) | |
Security Settings\Local Policies\Security Options\Domain member: Digitally encrypt secure channel data (when possible) | |
Security Settings\Local Policies\Security Options\Domain member: Digitally sign secure channel data (when possible) | |
Security Settings\Local Policies\Security Options\Domain member: Disable machine account password changes | |
Security Settings\Local Policies\Security Options\Domain member: Maximum machine account password age | |
Security Settings\Local Policies\Security Options\Domain member: Require strong (Windows 2000 or later) session key | |
Security Settings\Local Policies\Security Options\Interactive logon: Do not display last user name | |
Security Settings\Local Policies\Security Options\Interactive logon: Do not require CTRL+ALT+DEL | |
Security Settings\Local Policies\Security Options\Interactive logon: Message text for users attempting to log on | |
Security Settings\Local Policies\Security Options\Interactive logon: Message title for users attempting to log on | |
Security Settings\Local Policies\Security Options\Interactive logon: Number of previous logons to cache (in case domain controller is not available) | |
Security Settings\Local Policies\Security Options\Interactive logon: Prompt user to change password before expiration | |
Security Settings\Local Policies\Security Options\Interactive logon: Require Domain Controller authentication to unlock workstation | |
Security Settings\Local Policies\Security Options\Interactive logon: Require smart card | |
Security Settings\Local Policies\Security Options\Interactive logon: Smart card removal behavior | |
Security Settings\Local Policies\Security Options\Microsoft network client: Digitally sign communications (always) | |
Security Settings\Local Policies\Security Options\Microsoft network client: Digitally sign communications (if server agrees) | |
Security Settings\Local Policies\Security Options\Microsoft network client: Send unencrypted password to third-party SMB servers | |
Security Settings\Local Policies\Security Options\Microsoft network server: Amount of idle time required before suspending session | |
Security Settings\Local Policies\Security Options\Microsoft network server: Digitally sign communications (always) | |
Security Settings\Local Policies\Security Options\Microsoft network server: Digitally sign communications (if client agrees) | |
Security Settings\Local Policies\Security Options\Microsoft network server: Disconnect clients when logon hours expire | |
Security Settings\Local Policies\Security Options\Network access: Allow anonymous SID/Name translation | |
Security Settings\Local Policies\Security Options\Network access: Do not allow anonymous enumeration of SAM accounts | |
Security Settings\Local Policies\Security Options\Network access: Do not allow anonymous enumeration of SAM accounts and shares | |
Security Settings\Local Policies\Security Options\Network access: Do not allow storage of passwords and credentials or .NET Passports for network authentication | |
Security Settings\Local Policies\Security Options\Network access: Let Everyone permissions apply to anonymous users | |
Security Settings\Local Policies\Security Options\Network access: Named Pipes that can be accessed anonymously | |
Security Settings\Local Policies\Security Options\Network access: Remotely accessible registry paths | |
Security Settings\Local Policies\Security Options\Network access: Remotely accessible registry paths and sub-paths | |
Security Settings\Local Policies\Security Options\Network access: Restrict anonymous access to Named Pipes and Shares | |
Security Settings\Local Policies\Security Options\Network access: Shares that can be accessed anonymously | |
Security Settings\Local Policies\Security Options\Network access: Sharing and security model for local accounts | |
Security Settings\Local Policies\Security Options\Network security: Do not store LAN Manager hash value on next password change | |
Security Settings\Local Policies\Security Options\Network security: LAN Manager authentication level | |
Security Settings\Local Policies\Security Options\Network security: LDAP client signing requirements | |
Security Settings\Local Policies\Security Options\Network security: Minimum session security for NTLM SSP based (including secure RPC) clients | |
Security Settings\Local Policies\Security Options\Network security: Minimum session security for NTLM SSP based (including secure RPC) servers | |
Security Settings\Local Policies\Security Options\Recovery console: Allow automatic administrative logon | |
Security Settings\Local Policies\Security Options\Recovery console: Allow floppy copy and access to all drives and all folders | |
Security Settings\Local Policies\Security Options\Shutdown: Allow system to be shut down without having to log on | |
Security Settings\Local Policies\Security Options\Shutdown: Clear virtual memory page file | |
Security Settings\Local Policies\Security Options\System cryptography: Force strong key protection for user keys stored on the computer | |
Security Settings\Local Policies\Security Options\System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing | |
Security Settings\Local Policies\Security Options\System objects: Default owner for objects created by members of the Administrators group | |
Security Settings\Local Policies\Security Options\System objects: Require case insensitivity for non-Windows subsystems | |
Security Settings\Local Policies\Security Options\System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links) | |
Security Settings\Local Policies\Security Options\System settings: Optional subsystems | |
Security Settings\Local Policies\Security Options\System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies | |
Security Settings\Local Policies\Shut down the system | |
Security Settings\Local Policies\Synchronize directory service data | |
Security Settings\Local Policies\Take ownership of files or other objects | |
Guests | Windows Group |
Microsoft Windows Server 2003 DC
Click here to expand...
Rule Category
Following table categorizes the percentage of rules as Native and EO based:
Rule Category | % of rules |
|---|---|
Native based | 60% |
EO based | 40% |
Asset/Part Used
Part name | Part Type |
|---|---|
??TARGET.SYSTEMDRIVE?? | Directory |
Application | Event Log |
Security | |
System | |
Audit Policy-3.2.1.10 | Extended Object |
Audit-Policy-3.2.1.45 | |
Audit-Policy-3.2.1.46 | |
Audit-Policy-3.2.1.67 | |
Audit-Policy-3.2.1.68 | |
Audit-Policy-3.2.1.69 | |
Audit Policy-3.2.1.70 | |
Audit-Policy-3.2.1.71 | |
Audit-Policy-3.2.1.72 | |
Audit-Policy-3.2.1.73 | |
Audit-Policy-3.2.1.74 | |
Audit Policy-3.2.1.75 | |
Audit-Policy-3.2.1.76 | |
Audit-Policy-3.2.1.77 | |
Audit-Policy-3.2.1.78 | |
Audit-Policy-3.2.1.79 | |
Audit Policy-3.2.1.80 | |
Audit-Policy-3.2.1.81 | |
Audit-Policy-3.2.1.82 | |
Audit-Policy-3.2.1.83 | |
Audit-Policy-3.2.1.84 | |
Audit Policy-3.2.1.85 | |
Audit-Policy-3.2.1.86 | |
Audit Policy-3.2.1.9 | |
Audit-Policy-4.2.1 | |
Audit-Policy-4.2.10 | |
Audit-Policy-4.2.11 | |
Audit-Policy-4.2.13 | |
Audit-Policy-4.2.14 | |
Audit-Policy-4.2.15 | |
Audit-Policy-4.2.16 | |
Audit-Policy-4.2.17 | |
Audit-Policy-4.2.19 | |
Audit-Policy-4.2.2 | |
Audit-Policy-4.2.20 | |
Audit-Policy-4.2.21 | |
Audit-Policy-4.2.22 | |
Audit-Policy-4.2.23 | |
Audit-Policy-4.2.24 | |
Audit-Policy-4.2.25 | |
Audit-Policy-4.2.26 | |
Audit-Policy-4.2.27 | |
Audit-Policy-4.2.28 | |
Audit-Policy-4.2.29 | |
Audit-Policy-4.2.3 | |
Audit-Policy-4.2.30 | |
Audit-Policy-4.2.31 | |
Audit-Policy-4.2.32 | |
Audit-Policy-4.2.33 | |
Audit-Policy-4.2.34 | |
Audit-Policy-4.2.35 | |
Audit-Policy-4.2.36 | |
Audit-Policy-4.2.37 | |
Audit-Policy-4.2.38 | |
Audit-Policy-4.2.39 | |
Audit-Policy-4.2.4 | |
Audit-Policy-4.2.5 | |
Audit-Policy-4.2.6 | |
Audit-Policy-4.2.7 | |
Audit-Policy-4.2.8 | |
Audit-Policy-4.2.9 | |
Audit-Policy-4.3.4 | |
DEP-4.1.42 | |
File System information | |
Service Alerter Permissions | |
Service AppMgr Permissions | |
Service Appmon Permissions | |
Service BINLSVC Permissions | |
Service cisvc Permissions | |
Service ClipSrv Permissions | |
Service Fax Permissions | |
Service helpsvc Permissions | |
Service HTTPFilter Permissions | |
Service IISADMIN Permissions | |
Service LicenseService Permissions | |
Service MacFile Permissions | |
Service MacPrint Permissions | |
Service Messenger Permissions | |
Service mnmsrvc Permissions | |
Service MSFtpsvc Permissions | |
Service NetMan Permissions | |
Service NntpSvc Permissions | |
Service NtFrs Permissions | |
Service NWCWorkstation Permissions | |
Service Pop3Svc Permissions | |
Service RasAuto Permissions | |
Service RasMan Permissions | |
Service RDSessMgr Permissions | |
Service Remote_Storage_Server Permissions | |
Service Remote_Storage_User_Link Permissions | |
Service Remote Administration Service | |
Service RemoteRegistry Permissions | |
Service RpcLocator Permissions | |
Service SMTPSVC Permissions | |
Service SNMP Permissions | |
Service SNMPTRAP Permissions | |
Service Spooler Permissions | |
Service srvcsurg Permissions | |
Service TapiSrv Permissions | |
Service TermService Permissions | |
Service tftpd Permissions | |
Service TlntSvr Permissions | |
Service VSS Permissions | |
Service W3SVC Permissions | |
Service wmserver Permissions | |
Service WZCSVC Permissions | |
??TARGET.WINDIR??/regedit.exe | File |
??TARGET.WINDIR??/system32/at.exe | |
??TARGET.WINDIR??/system32/attrib.exe | |
??TARGET.WINDIR??/system32/cacls.exe | |
??TARGET.WINDIR??/system32/debug.exe | |
??TARGET.WINDIR??/system32/drwatson.exe | |
??TARGET.WINDIR??/system32/drwtsn32.exe | |
??TARGET.WINDIR??/system32/edlin.exe | |
??TARGET.WINDIR??/system32/eventcreate.exe | |
??TARGET.WINDIR??/system32/eventtriggers.exe | |
??TARGET.WINDIR??/system32/ftp.exe | |
??TARGET.WINDIR??/system32/net.exe | |
??TARGET.WINDIR??/system32/net1.exe | |
??TARGET.WINDIR??/system32/netsh.exe | |
??TARGET.WINDIR??/system32/rcp.exe | |
??TARGET.WINDIR??/system32/reg.exe | |
??TARGET.WINDIR??/system32/regedt32.exe | |
??TARGET.WINDIR??/system32/regsvr32.exe | |
??TARGET.WINDIR??/system32/rexec.exe | |
??TARGET.WINDIR??/system32/rsh.exe | |
??TARGET.WINDIR??/system32/runas.exe | |
??TARGET.WINDIR??/system32/sc.exe | |
??TARGET.WINDIR??/system32/subst.exe | |
??TARGET.WINDIR??/system32/telnet.exe | |
??TARGET.WINDIR??/system32/tftp.exe | |
??TARGET.WINDIR??/system32/tftpd.exe | |
??TARGET.WINDIR??/system32/tlntsvr.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE | Registry Key |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSDTC | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit | |
HKEY_LOCAL_MACHINE\SYSTEM | |
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum | |
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\PermittedManagers | |
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\ValidCommunities | |
HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\Root\ProtectedRoots | |
Security Settings\Account Policies\Account Lockout Policy\Account lockout duration | Security Setting |
Security Settings\Account Policies\Account Lockout Policy\Account lockout threshold | |
Security Settings\Account Policies\Account Lockout Policy\Reset account lockout counter after | |
Security Settings\Account Policies\Password Policy\Enforce password history | |
Security Settings\Account Policies\Password Policy\Maximum password age | |
Security Settings\Account Policies\Password Policy\Minimum password age | |
Security Settings\Account Policies\Password Policy\Minimum password length | |
Security Settings\Account Policies\Password Policy\Passwords must meet complexity requirements | |
Security Settings\Account Policies\Password Policy\Store password using reversible encryption | |
Security Settings\Local Policies\Audit Policy\Audit account logon events | |
Security Settings\Local Policies\Audit Policy\Audit account management | |
Security Settings\Local Policies\Audit Policy\Audit directory service access | |
Security Settings\Local Policies\Audit Policy\Audit logon events | |
Security Settings\Local Policies\Audit Policy\Audit object access | |
Security Settings\Local Policies\Audit Policy\Audit policy change | |
Security Settings\Local Policies\Audit Policy\Audit privilege use | |
Security Settings\Local Policies\Audit Policy\Audit process tracking | |
Security Settings\Local Policies\Audit Policy\Audit system events | |
Security Settings\Local Policies\Security Options\Accounts: Administrator account status | |
Security Settings\Local Policies\Security Options\Accounts: Guest account status | |
Security Settings\Local Policies\Security Options\Accounts: Limit local account use of blank passwords to console logon only | |
Security Settings\Local Policies\Security Options\Accounts: Rename administrator account | |
Security Settings\Local Policies\Security Options\Accounts: Rename guest account | |
Security Settings\Local Policies\Security Options\Audit: Audit the access of global system objects | |
Security Settings\Local Policies\Security Options\Audit: Audit the use of Backup and Restore privilege | |
Security Settings\Local Policies\Security Options\Audit: Shut down system immediately if unable to log security audits | |
Security Settings\Local Policies\Security Options\Devices: Allowed to format and eject removable media | |
Security Settings\Local Policies\Security Options\Devices: Allow undock without having to log on | |
Security Settings\Local Policies\Security Options\Devices: Prevent users from installing printer drivers | |
Security Settings\Local Policies\Security Options\Devices: Restrict CD-ROM access to locally logged-on user only | |
Security Settings\Local Policies\Security Options\Devices: Restrict floppy access to locally logged-on user only | |
Security Settings\Local Policies\Security Options\Devices: Unsigned driver installation behavior | |
Security Settings\Local Policies\Security Options\Domain controller: Allow server operators to schedule tasks | |
Security Settings\Local Policies\Security Options\Domain controller: LDAP server signing requirements | |
Security Settings\Local Policies\Security Options\Domain controller: Refuse machine account password changes | |
Security Settings\Local Policies\Security Options\Domain member: Digitally encrypt or sign secure channel data (always) | |
Security Settings\Local Policies\Security Options\Domain member: Digitally encrypt secure channel data (when possible) | |
Security Settings\Local Policies\Security Options\Domain member: Digitally sign secure channel data (when possible) | |
Security Settings\Local Policies\Security Options\Domain member: Disable machine account password changes | |
Security Settings\Local Policies\Security Options\Domain member: Maximum machine account password age | |
Security Settings\Local Policies\Security Options\Domain member: Require strong (Windows 2000 or later) session key | |
Security Settings\Local Policies\Security Options\Interactive logon: Do not display last user name | |
Security Settings\Local Policies\Security Options\Interactive logon: Do not require CTRL+ALT+DEL | |
Security Settings\Local Policies\Security Options\Interactive logon: Message text for users attempting to log on | |
Security Settings\Local Policies\Security Options\Interactive logon: Message title for users attempting to log on | |
Security Settings\Local Policies\Security Options\Interactive logon: Number of previous logons to cache (in case domain controller is not available) | |
Security Settings\Local Policies\Security Options\Interactive logon: Prompt user to change password before expiration | |
Security Settings\Local Policies\Security Options\Interactive logon: Require Domain Controller authentication to unlock workstation | |
Security Settings\Local Policies\Security Options\Interactive logon: Require smart card | |
Security Settings\Local Policies\Security Options\Interactive logon: Smart card removal behavior | |
Security Settings\Local Policies\Security Options\Microsoft network client: Digitally sign communications (always) | |
Security Settings\Local Policies\Security Options\Microsoft network client: Digitally sign communications (if server agrees) | |
Security Settings\Local Policies\Security Options\Microsoft network client: Send unencrypted password to third-party SMB servers | |
Security Settings\Local Policies\Security Options\Microsoft network server: Amount of idle time required before suspending session | |
Security Settings\Local Policies\Security Options\Microsoft network server: Digitally sign communications (always) | |
Security Settings\Local Policies\Security Options\Microsoft network server: Digitally sign communications (if client agrees) | |
Security Settings\Local Policies\Security Options\Microsoft network server: Disconnect clients when logon hours expire | |
Security Settings\Local Policies\Security Options\Network access: Allow anonymous SID/Name translation | |
Security Settings\Local Policies\Security Options\Network access: Do not allow anonymous enumeration of SAM accounts | |
Security Settings\Local Policies\Security Options\Network access: Do not allow anonymous enumeration of SAM accounts and shares | |
Security Settings\Local Policies\Security Options\Network access: Do not allow storage of passwords and credentials or .NET Passports for network authentication | |
Security Settings\Local Policies\Security Options\Network access: Let Everyone permissions apply to anonymous users | |
Security Settings\Local Policies\Security Options\Network access: Named Pipes that can be accessed anonymously | |
Security Settings\Local Policies\Security Options\Network access: Remotely accessible registry paths | |
Security Settings\Local Policies\Security Options\Network access: Remotely accessible registry paths and sub-paths | |
Security Settings\Local Policies\Security Options\Network access: Restrict anonymous access to Named Pipes and Shares | |
Security Settings\Local Policies\Security Options\Network access: Shares that can be accessed anonymously | |
Security Settings\Local Policies\Security Options\Network access: Sharing and security model for local accounts | |
Security Settings\Local Policies\Security Options\Network security: Do not store LAN Manager hash value on next password change | |
Security Settings\Local Policies\Security Options\Network security: Force logoff when logon hours expire | |
Security Settings\Local Policies\Security Options\Network security: LAN Manager authentication level | |
Security Settings\Local Policies\Security Options\Network security: LDAP client signing requirements | |
Security Settings\Local Policies\Security Options\Network security: Minimum session security for NTLM SSP based (including secure RPC) clients | |
Security Settings\Local Policies\Security Options\Network security: Minimum session security for NTLM SSP based (including secure RPC) servers | |
Security Settings\Local Policies\Security Options\Recovery console: Allow automatic administrative logon | |
Security Settings\Local Policies\Security Options\Recovery console: Allow floppy copy and access to all drives and all folders | |
Security Settings\Local Policies\Security Options\Shutdown: Allow system to be shut down without having to log on | |
Security Settings\Local Policies\Security Options\Shutdown: Clear virtual memory page file | |
Security Settings\Local Policies\Security Options\System cryptography: Force strong key protection for user keys stored on the computer | |
Security Settings\Local Policies\Security Options\System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing | |
Security Settings\Local Policies\Security Options\System objects: Default owner for objects created by members of the Administrators group | |
Security Settings\Local Policies\Security Options\System objects: Require case insensitivity for non-Windows subsystems | |
Security Settings\Local Policies\Security Options\System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links) | |
Security Settings\Local Policies\Security Options\System settings: Optional subsystems | |
Security Settings\Local Policies\Security Options\System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies | |
Windows Service List | Windows Service List |
Microsoft Windows Server 2003 MS
Click here to expand...
Rule Category
Following table categorizes the percentage of rules as Native and EO based:
Rule Category | % of rules |
|---|---|
Native based | 60% |
EO based | 40% |
Asset/Part Used
Part name | Part Type |
|---|---|
??TARGET.SYSTEMDRIVE?? | Directory |
??TARGET.WINDIR?? | |
Application | Event Log |
Security | |
System | |
Audit Policy-3.2.1.10 | Extended Object |
Audit Policy-3.2.1.11 | |
Audit-Policy-3.2.1.45 | |
Audit-Policy-3.2.1.46 | |
Audit-Policy-3.2.1.67 | |
Audit-Policy-3.2.1.68 | |
Audit-Policy-3.2.1.69 | |
Audit Policy-3.2.1.70 | |
Audit-Policy-3.2.1.71 | |
Audit-Policy-3.2.1.72 | |
Audit-Policy-3.2.1.73 | |
Audit-Policy-3.2.1.74 | |
Audit Policy-3.2.1.75 | |
Audit-Policy-3.2.1.76 | |
Audit-Policy-3.2.1.77 | |
Audit-Policy-3.2.1.78 | |
Audit-Policy-3.2.1.79 | |
Audit Policy-3.2.1.80 | |
Audit-Policy-3.2.1.81 | |
Audit-Policy-3.2.1.82 | |
Audit-Policy-3.2.1.83 | |
Audit-Policy-3.2.1.84 | |
Audit Policy-3.2.1.85 | |
Audit-Policy-3.2.1.86 | |
Audit Policy-3.2.1.9 | |
Audit-Policy-4.2.1 | |
Audit-Policy-4.2.10 | |
Audit-Policy-4.2.11 | |
Audit-Policy-4.2.13 | |
Audit-Policy-4.2.14 | |
Audit-Policy-4.2.15 | |
Audit-Policy-4.2.16 | |
Audit-Policy-4.2.17 | |
Audit-Policy-4.2.19 | |
Audit-Policy-4.2.2 | |
Audit-Policy-4.2.20 | |
Audit-Policy-4.2.21 | |
Audit-Policy-4.2.22 | |
Audit-Policy-4.2.23 | |
Audit-Policy-4.2.24 | |
Audit-Policy-4.2.25 | |
Audit-Policy-4.2.26 | |
Audit-Policy-4.2.27 | |
Audit-Policy-4.2.28 | |
Audit-Policy-4.2.29 | |
Audit-Policy-4.2.3 | |
Audit-Policy-4.2.30 | |
Audit-Policy-4.2.31 | |
Audit-Policy-4.2.32 | |
Audit-Policy-4.2.33 | |
Audit-Policy-4.2.34 | |
Audit-Policy-4.2.35 | |
Audit-Policy-4.2.36 | |
Audit-Policy-4.2.37 | |
Audit-Policy-4.2.38 | |
Audit-Policy-4.2.39 | |
Audit-Policy-4.2.4 | |
Audit-Policy-4.2.5 | |
Audit-Policy-4.2.6 | |
Audit-Policy-4.2.7 | |
Audit-Policy-4.2.8 | |
Audit-Policy-4.2.9 | |
Audit-Policy-4.3.4 | |
DEP-4.1.42 | |
File System information | |
Service Alerter Permissions | |
Service AppMgr Permissions | |
Service Appmon Permissions | |
Service BINLSVC Permissions | |
Service cisvc Permissions | |
Service ClipSrv Permissions | |
Service Fax Permissions | |
Service helpsvc Permissions | |
Service HTTPFilter Permissions | |
Service IISADMIN Permissions | |
Service LicenseService Permissions | |
Service MacFile Permissions | |
Service MacPrint Permissions | |
Service Messenger Permissions | |
Service mnmsrvc Permissions | |
Service MSFtpsvc Permissions | |
Service NetMan Permissions | |
Service NntpSvc Permissions | |
Service NtFrs Permissions | |
Service NWCWorkstation Permissions | |
Service Pop3Svc Permissions | |
Service RasAuto Permissions | |
Service RasMan Permissions | |
Service RDSessMgr Permissions | |
Service Remote_Storage_Server Permissions | |
Service Remote_Storage_User_Link Permissions | |
Service Remote Administration Service | |
Service RemoteRegistry Permissions | |
Service RpcLocator Permissions | |
Service SMTPSVC Permissions | |
Service SNMP Permissions | |
Service SNMPTRAP Permissions | |
Service Spooler Permissions | |
Service srvcsurg Permissions | |
Service TapiSrv Permissions | |
Service TermService Permissions | |
Service tftpd Permissions | |
Service TlntSvr Permissions | |
Service VSS Permissions | |
Service W3SVC Permissions | |
Service wmserver Permissions | |
Service WZCSVC Permissions | |
??TARGET.WINDIR??/regedit.exe | File |
??TARGET.WINDIR??/system32/at.exe | |
??TARGET.WINDIR??/system32/attrib.exe | |
??TARGET.WINDIR??/system32/cacls.exe | |
??TARGET.WINDIR??/system32/debug.exe | |
??TARGET.WINDIR??/system32/drwatson.exe | |
??TARGET.WINDIR??/system32/drwtsn32.exe | |
??TARGET.WINDIR??/system32/edlin.exe | |
??TARGET.WINDIR??/system32/eventcreate.exe | |
??TARGET.WINDIR??/system32/eventtriggers.exe | |
??TARGET.WINDIR??/system32/ftp.exe | |
??TARGET.WINDIR??/system32/net.exe | |
??TARGET.WINDIR??/system32/net1.exe | |
??TARGET.WINDIR??/system32/netsh.exe | |
??TARGET.WINDIR??/system32/rcp.exe | |
??TARGET.WINDIR??/system32/reg.exe | |
??TARGET.WINDIR??/system32/regedt32.exe | |
??TARGET.WINDIR??/system32/regsvr32.exe | |
??TARGET.WINDIR??/system32/rexec.exe | |
??TARGET.WINDIR??/system32/rsh.exe | |
??TARGET.WINDIR??/system32/runas.exe | |
??TARGET.WINDIR??/system32/sc.exe | |
??TARGET.WINDIR??/system32/subst.exe | |
??TARGET.WINDIR??/system32/telnet.exe | |
??TARGET.WINDIR??/system32/tftp.exe | |
??TARGET.WINDIR??/system32/tlntsvr.exe | |
FileSystem | FileSystem |
HKEY_LOCAL_MACHINE\SOFTWARE | Registry Key |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSDTC | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit | |
HKEY_LOCAL_MACHINE\SYSTEM | |
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum | |
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\PermittedManagers | |
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\ValidCommunities | |
HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\Root\ProtectedRoots | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\MachineLaunchRestriction | Registry Value |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDriveTypeAutoRun | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ScreenSaverGracePeriod | |
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SafeDllSearchMode | |
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Parameters\DynamicBacklogGrowthDelta | |
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Parameters\minimumdynamicbacklog | |
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\WarningLevel | |
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\nonamereleaseondemand | |
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DisableIPSourceRouting | |
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableDeadGWDetect | |
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PerformRouterDiscovery | |
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\SynAttackProtect | |
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\tcpmaxportsexhausted | |
Security Settings\Account Policies\Account Lockout Policy\Account lockout duration | Security Setting |
Security Settings\Account Policies\Account Lockout Policy\Account lockout threshold | |
Security Settings\Account Policies\Account Lockout Policy\Reset account lockout counter after | |
Security Settings\Account Policies\Password Policy\Enforce password history | |
Security Settings\Account Policies\Password Policy\Maximum password age | |
Security Settings\Account Policies\Password Policy\Minimum password age | |
Security Settings\Account Policies\Password Policy\Minimum password length | |
Security Settings\Account Policies\Password Policy\Passwords must meet complexity requirements | |
Security Settings\Account Policies\Password Policy\Store password using reversible encryption | |
Security Settings\Local Policies\Act as part of the operating system | |
Security Settings\Local Policies\Add workstations to domain | |
Security Settings\Local Policies\Adjust memory quotas for a process | |
Security Settings\Local Policies\Audit Policy\Audit account logon events | |
Security Settings\Local Policies\Audit Policy\Audit account management | |
Security Settings\Local Policies\Audit Policy\Audit directory service access | |
Security Settings\Local Policies\Audit Policy\Audit logon events | |
Security Settings\Local Policies\Audit Policy\Audit object access | |
Security Settings\Local Policies\Audit Policy\Audit policy change | |
Security Settings\Local Policies\Audit Policy\Audit privilege use | |
Security Settings\Local Policies\Audit Policy\Audit process tracking | |
Security Settings\Local Policies\Audit Policy\Audit system events | |
Security Settings\Local Policies\Back up files and directories | |
Security Settings\Local Policies\Bypass traverse checking | |
Security Settings\Local Policies\Change the system time | |
Security Settings\Local Policies\Create a token object | |
Security Settings\Local Policies\Create global objects | |
Security Settings\Local Policies\Create permanent shared objects | |
Security Settings\Local Policies\Deny log on as a batch job | |
Security Settings\Local Policies\Deny log on as a service | |
Security Settings\Local Policies\Deny log on locally | |
Security Settings\Local Policies\Enable computer and user accounts to be trusted for delegation | |
Security Settings\Local Policies\Force shutdown from a remote system | |
Security Settings\Local Policies\Generate security audits | |
Security Settings\Local Policies\Load and unload device drivers | |
Security Settings\Local Policies\Lock pages in memory | |
Security Settings\Local Policies\Log on as a batch job | |
Security Settings\Local Policies\Manage auditing and security log | |
Security Settings\Local Policies\Modify firmware environment values | |
Security Settings\Local Policies\Perform volume maintenance tasks | |
Security Settings\Local Policies\Remove computer from docking station | |
Security Settings\Local Policies\Replace a process level token | |
Security Settings\Local Policies\Restore files and directories | |
Security Settings\Local Policies\Security Options\Accounts: Administrator account status | |
Security Settings\Local Policies\Security Options\Accounts: Guest account status | |
Security Settings\Local Policies\Security Options\Accounts: Limit local account use of blank passwords to console logon only | |
Security Settings\Local Policies\Security Options\Accounts: Rename administrator account | |
Security Settings\Local Policies\Security Options\Accounts: Rename guest account | |
Security Settings\Local Policies\Security Options\Audit: Audit the access of global system objects | |
Security Settings\Local Policies\Security Options\Audit: Audit the use of Backup and Restore privilege | |
Security Settings\Local Policies\Security Options\Audit: Shut down system immediately if unable to log security audits | |
Security Settings\Local Policies\Security Options\Devices: Allowed to format and eject removable media | |
Security Settings\Local Policies\Security Options\Devices: Allow undock without having to log on | |
Security Settings\Local Policies\Security Options\Devices: Prevent users from installing printer drivers | |
Security Settings\Local Policies\Security Options\Devices: Restrict CD-ROM access to locally logged-on user only | |
Security Settings\Local Policies\Security Options\Devices: Restrict floppy access to locally logged-on user only | |
Security Settings\Local Policies\Security Options\Devices: Unsigned driver installation behavior | |
Security Settings\Local Policies\Security Options\Domain controller: Allow server operators to schedule tasks | |
Security Settings\Local Policies\Security Options\Domain controller: LDAP server signing requirements | |
Security Settings\Local Policies\Security Options\Domain member: Digitally encrypt or sign secure channel data (always) | |
Security Settings\Local Policies\Security Options\Domain member: Digitally encrypt secure channel data (when possible) | |
Security Settings\Local Policies\Security Options\Domain member: Digitally sign secure channel data (when possible) | |
Security Settings\Local Policies\Security Options\Domain member: Disable machine account password changes | |
Security Settings\Local Policies\Security Options\Domain member: Maximum machine account password age | |
Security Settings\Local Policies\Security Options\Domain member: Require strong (Windows 2000 or later) session key | |
Security Settings\Local Policies\Security Options\Interactive logon: Do not display last user name | |
Security Settings\Local Policies\Security Options\Interactive logon: Do not require CTRL+ALT+DEL | |
Security Settings\Local Policies\Security Options\Interactive logon: Message text for users attempting to log on | |
Security Settings\Local Policies\Security Options\Interactive logon: Message title for users attempting to log on | |
Security Settings\Local Policies\Security Options\Interactive logon: Number of previous logons to cache (in case domain controller is not available) | |
Security Settings\Local Policies\Security Options\Interactive logon: Prompt user to change password before expiration | |
Security Settings\Local Policies\Security Options\Interactive logon: Require Domain Controller authentication to unlock workstation | |
Security Settings\Local Policies\Security Options\Interactive logon: Require smart card | |
Security Settings\Local Policies\Security Options\Interactive logon: Smart card removal behavior | |
Security Settings\Local Policies\Security Options\Microsoft network client: Digitally sign communications (always) | |
Security Settings\Local Policies\Security Options\Microsoft network client: Digitally sign communications (if server agrees) | |
Security Settings\Local Policies\Security Options\Microsoft network client: Send unencrypted password to third-party SMB servers | |
Security Settings\Local Policies\Security Options\Microsoft network server: Amount of idle time required before suspending session | |
Security Settings\Local Policies\Security Options\Microsoft network server: Digitally sign communications (always) | |
Security Settings\Local Policies\Security Options\Microsoft network server: Digitally sign communications (if client agrees) | |
Security Settings\Local Policies\Security Options\Microsoft network server: Disconnect clients when logon hours expire | |
Security Settings\Local Policies\Security Options\Network access: Allow anonymous SID/Name translation | |
Security Settings\Local Policies\Security Options\Network access: Do not allow anonymous enumeration of SAM accounts | |
Security Settings\Local Policies\Security Options\Network access: Do not allow anonymous enumeration of SAM accounts and shares | |
Security Settings\Local Policies\Security Options\Network access: Do not allow storage of passwords and credentials or .NET Passports for network authentication | |
Security Settings\Local Policies\Security Options\Network access: Let Everyone permissions apply to anonymous users | |
Security Settings\Local Policies\Security Options\Network access: Named Pipes that can be accessed anonymously | |
Security Settings\Local Policies\Security Options\Network access: Remotely accessible registry paths | |
Security Settings\Local Policies\Security Options\Network access: Remotely accessible registry paths and sub-paths | |
Security Settings\Local Policies\Security Options\Network access: Restrict anonymous access to Named Pipes and Shares | |
Security Settings\Local Policies\Security Options\Network access: Shares that can be accessed anonymously | |
Security Settings\Local Policies\Security Options\Network access: Sharing and security model for local accounts | |
Security Settings\Local Policies\Security Options\Network security: Do not store LAN Manager hash value on next password change | |
Security Settings\Local Policies\Security Options\Network security: Force logoff when logon hours expire | |
Security Settings\Local Policies\Security Options\Network security: LAN Manager authentication level | |
Security Settings\Local Policies\Security Options\Network security: LDAP client signing requirements | |
Security Settings\Local Policies\Security Options\Network security: Minimum session security for NTLM SSP based (including secure RPC) clients | |
Security Settings\Local Policies\Security Options\Network security: Minimum session security for NTLM SSP based (including secure RPC) servers | |
Security Settings\Local Policies\Security Options\Recovery console: Allow automatic administrative logon | |
Security Settings\Local Policies\Security Options\Recovery console: Allow floppy copy and access to all drives and all folders | |
Security Settings\Local Policies\Security Options\Shutdown: Allow system to be shut down without having to log on | |
Security Settings\Local Policies\Security Options\Shutdown: Clear virtual memory page file | |
Security Settings\Local Policies\Security Options\System cryptography: Force strong key protection for user keys stored on the computer | |
Security Settings\Local Policies\Security Options\System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing | |
Security Settings\Local Policies\Security Options\System objects: Default owner for objects created by members of the Administrators group | |
Security Settings\Local Policies\Security Options\System objects: Require case insensitivity for non-Windows subsystems | |
Security Settings\Local Policies\Security Options\System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links) | |
Security Settings\Local Policies\Security Options\System settings: Optional subsystems | |
Security Settings\Local Policies\Security Options\System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies | |
Security Settings\Local Policies\Synchronize directory service data | |
Security Settings\Local Policies\Take ownership of files or other objects | |
Microsoft POP3 Service | Windows Service |
Print Spooler | |
Remote Registry | |
Simple Mail Transfer Protocol (SMTP) | |
Terminal Services | |
Windows Service List | Windows Service List |
RHEL 6.x
Click here to expand...
Rule Category
Following table categorizes the percentage of rules as Native and EO based:
Rule Category | % of rules |
|---|---|
Native based | 60% |
EO based | 40% |
Rule Details
To find details about all rules included in the template, see HTML Definitions for RHEL 6.x.
Asset/Part Used
Part name | Part Type |
|---|---|
authconfig --test | grep hashing | grep sha512|wc -l| sed 's/ //g' | Command |
cat /etc/hosts.allow | tr -s '\t' ' ' | egrep -v '^ *#' | egrep -v '^ *$' | sed 's/\?/\\\?/g' | |
cat /var/spool/cron/root | tr -s '\t' ' ' | tr -s ' ' | grep -v '^ *#'| egrep '??VAR_AIDE_RUN_SCHEDULE_PARAM??' |wc -l | awk '{print $1}' | |
echo ??VAR_ALLOWED_HOST?? | egrep -v '\.|:' | |
echo ??VAR_MOUNTING_OPTION_PARAM??|tr ',' '\n'|egrep 'dev|nodev'|tail -1 | |
echo ??VAR_MOUNTING_OPTION_PARAM?? |tr ',' '\n'|egrep 'dev|nodev'|tail -1 | |
echo ??VAR_MOUNTING_OPTION_PARAM??|tr ',' '\n'|egrep 'exec|noexec'|tail -1 | |
echo ??VAR_MOUNTING_OPTION_PARAM??|tr ',' '\n'|egrep 'suid|nosuid'|tail -1 | |
echo ??VAR_MOUNTING_OPTION_PARAM?? |tr ',' '\n'|egrep 'suid|nosuid'|tail -1 | |
echo '??EXCLUDE_DAEMONS_LIST??'|tr -s ',' '|'|tr -d ' ' | |
egrep 'password(.*)pam_unix.so(.*)remember=(.*)' /etc/pam.d/system-auth|tr '\t' ' ' | grep -v '^ *#' | egrep ' remember' | egrep -v 'remember=( |$)' | wc -l | sed 's/ //g' | |
egrep 'password(.*)required(.*)pam_cracklib.so(.*)lcredit=(.*)' /etc/pam.d/system-auth | tr '\t' ' ' | grep -v '^ *#' | egrep ' lcredit' | egrep -v '(lcredit|ucredit|dcredit|ocredit|retry|minlen)=( |$)' | wc -l | sed 's/ //g' | |
egrep 'password(.*)sufficient(.*)pam_unix.so(.*)remember(.*)' /etc/pam.d/system-auth | grep -v '^ *#' | awk -F'remember=' '{print $NF}'| cut -d ' ' -f1 | |
eval modprobe -c 2>/dev/null|tr -s '\t' ' '|tr -s ' '| egrep '^ *alias +dccp +off( |$)|^ *install +dccp +(/bin/true|/bin/false)( |$)'|wc -l|tr -d ' ' | |
eval modprobe -c 2>/dev/null|tr -s '\t' ' '|tr -s ' '| egrep '^ *alias +rds +off( |$)|^ *install +rds +(/bin/true|/bin/false)( |$)'|wc -l|tr -d ' ' | |
eval modprobe -c 2>/dev/null|tr -s '\t' ' '|tr -s ' '| egrep '^ *alias +sctp +off( |$)|^ *install +sctp +(/bin/true|/bin/false)( |$)'|wc -l|tr -d ' ' | |
eval modprobe -c 2>/dev/null|tr -s '\t' ' '|tr -s ' '| egrep '^ *alias +tipc +off( |$)|^ *install +tipc +(/bin/true|/bin/false)( |$)'|wc -l|tr -d ' ' | |
gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory --get /apps/gdm/simple-greeter/banner_message_enable | |
gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory --get /apps/gdm/simple-greeter/banner_message_text | |
grep ':??VAR_GROUP_ID??:' /etc/group | |
lsmod | egrep '^cramfs ' | wc -l | sed 's/ //g' | |
lsmod | egrep '^freevxfs ' | wc -l | sed 's/ //g' | |
lsmod | egrep '^hfs ' | wc -l | sed 's/ //g' | |
lsmod | egrep '^hfsplus ' | wc -l | sed 's/ //g' | |
lsmod | egrep '^jffs2 ' | wc -l | sed 's/ //g' | |
lsmod | egrep '^squashfs ' | wc -l | sed 's/ //g' | |
lsmod | egrep '^udf ' | wc -l | sed 's/ //g' | |
lsmod|egrep 'dccp'|wc -l|tr -d ' ' | |
lsmod | egrep ' jffs2 ' | wc -l | |
lsmod|egrep 'rds'|wc -l|tr -d ' ' | |
lsmod|egrep 'sctp'|wc -l|tr -d ' ' | |
lsmod|egrep 'tipc'|wc -l|tr -d ' ' | |
mkdir -p ??TARGET.RSCD_DIR??/tmp/preCIS | |
mkdir -p ??TARGET.RSCD_DIR??/tmp/preCIS/ | |
modprobe -c | egrep '(^| )(alias|install) +cramfs +(off|/bin/true|/bin/false)( |$)' |grep -v '^ *#' | wc -l | sed 's/ //g' | |
modprobe -c | egrep '(^| )(alias|install) +freevxfs +(off|/bin/true|/bin/false)( |$)' |grep -v '^ *#' | wc -l | sed 's/ //g' | |
modprobe -c | egrep '(^| )(alias|install) +hfs +(off|/bin/true|/bin/false)( |$)' |grep -v '^ *#' | wc -l | sed 's/ //g' | |
modprobe -c | egrep '(^| )(alias|install) +jffs2 +(off|/bin/true|/bin/false)( |$)' |grep -v '^ *#' | wc -l | sed 's/ //g' | |
modprobe -c | egrep '(^| )(alias|install) +squashfs +(off|/bin/true|/bin/false)( |$)' |grep -v '^ *#' | wc -l | sed 's/ //g' | |
modprobe -c | egrep '(^| )(alias|install) +udf +(off|/bin/true|/bin/false)( |$)' |grep -v '^ *#' | wc -l | sed 's/ //g' | |
modprobe -l | egrep 'cramfs.k?o' | wc -l | sed 's/ //g' | |
modprobe -l | egrep 'freevxfs.k?o' | wc -l | sed 's/ //g' | |
modprobe -l | egrep 'hfs.k?o' | wc -l | sed 's/ //g' | |
modprobe -l | egrep 'hfsplus.k?o' | wc -l | sed 's/ //g' | |
modprobe -l | egrep 'jffs2.k?o' | wc -l | |
modprobe -l | egrep 'jffs2.k?o' | wc -l | sed 's/ //g' | |
modprobe -l | egrep 'squashfs.k?o' | wc -l | sed 's/ //g' | |
modprobe -l | egrep 'udf.k?o' | wc -l | sed 's/ //g' | |
modprobe -l|egrep -v '^ *#'|egrep '/dccp\.k'|wc -l|tr -d ' ' | |
modprobe -l|egrep -v '^ *#'|egrep '/rds\.k'|wc -l|tr -d ' ' | |
modprobe -l|egrep -v '^ *#'|egrep '/sctp\.k'|wc -l|tr -d ' ' | |
modprobe -l|egrep -v '^ *#'|egrep '/tipc\.k'|wc -l|tr -d ' ' | |
mount|grep ' /dev/shm '|cut -d' ' -f6 | |
mount|grep ' /home '|cut -d' ' -f3 | |
mount|grep ' /home '|cut -d' ' -f6 | |
mount |grep ' /home ' | wc -l | tr -d ' ' | |
mount|grep ' /tmp ' | |
mount|grep ' /tmp '|cut -d' ' -f3 | |
mount|grep ' /tmp '|cut -d' ' -f6 | |
mount|grep ' /var/log/audit '|cut -d' ' -f3 | |
mount |grep ' /var/log/audit ' | wc -l | tr -d ' ' | |
mount|grep ' /var/log '|cut -d' ' -f3 | |
mount |grep ' /var/log ' | wc -l | tr -d ' ' | |
mount|grep ' /var '|cut -d' ' -f3 | |
mount |grep ' /var ' | wc -l | tr -d ' ' | |
mount | grep '^/tmp ' | egrep ' /var/tmp ' | grep 'bind' | wc -l | sed 's/ //g' | |
mount|grep -c ' /dev/shm ' | |
mount|grep -c ' /home ' | |
mount|grep -c ' /tmp ' | |
ps -eZ|egrep 'initrc'|egrep -vw '??VAR_EXCLUDE_DAEMONS_LIST_PARAM??'|tr ':' ' '|awk '{ print $NF }' | |
subscription-manager list| tr '\n' ' '|sed 's/.* Product Name: *Red Hat Enterprise Linux Server.*Status: *\(.*\) Status Details.*/\1/' | |
yum check-update | |
/etc/audit/auditd.conf | Configuration File |
/etc/fstab | |
/etc/group | |
/etc/grub.conf | |
/etc/hosts.allow | |
/etc/hosts.deny | |
/etc/inittab | |
/etc/login.defs | |
/etc/ntp.conf | |
/etc/pam.d/su | |
/etc/pam.d/system-auth | |
/etc/passwd | |
/etc/rsyslog.conf | |
/etc/securetty | |
/etc/security/limits.conf | |
/etc/selinux/config | |
/etc/shadow | |
/etc/ssh/sshd_config | |
/etc/sysconfig/init | |
/etc/sysconfig/network | |
/etc/sysctl.conf | |
??TARGET.RSCD_DIR??/tmp/preCIS | Directory |
/etc/cron.d | |
/etc/cron.daily | |
/etc/cron.hourly | |
/etc/cron.monthly | |
/etc/cron.weekly | |
/etc/init | |
/etc/modprobe.d | |
/tmp | |
/var/tmp | |
1.1.11 Add nodev Option to Removable Media Partitions | Extended Object |
1.1.12 Add noexec Option to Removable Media Partitions | |
1.1.13 Add nosuid Option to Removable Media Partitions | |
1.1.17 Set Sticky Bit on All World-Writable Directories | |
1.2.3 Verify that gpgcheck is Globally Activated | |
3.16.1 Configure Mail Transfer Agent for Local-Only Mode | |
3.16.2 Configure Mail Transfer Agent for Local-Only Mode | |
3.16.3 Configure Mail Transfer Agent for Local-Only Mode | |
3.1 Set Daemon umask | |
3.3 Disable Avahi Server | |
4.3.1 Deactivate Wireless Interfaces | |
4.4.1 Disable IPv6 | |
4.5.1 Install TCP Wrappers | |
5.1.3 Configure etc rsyslog.conf | |
5.1.4.1 Create and Set Permissions on rsyslog Log Files | |
5.1.4.2 Create and Set Permissions on rsyslog Log Files(Secure group) | |
5.1.5 Configure rsyslog to Send Logs to a Remote LOGHOST | |
5.2.1.2 Disable System on Audit Log Full | |
5.2.10.1 Collect Discretionary Access Control Permission Modification Events (64 bit) | |
5.2.10.2 Collect Discretionary Access Control Permission Modification Events (32 bit) | |
5.2.11.1 Collect Unsuccessful Unauthorized Access Attempts to Files (64 bit) | |
5.2.11.2 Collect Unsuccessful Unauthorized Access Attempts to Files (32 bit) | |
5.2.12 Collect Use of Privileged Commands | |
5.2.13.1 Collect Successful File System Mounts (64 bit) | |
5.2.13.2 Collect Successful File System Mounts (32 bit) | |
5.2.14.1 Collect File Deletion Events by User (64 bit) | |
5.2.14.2 Collect File Deletion Events by User (32 bit) | |
5.2.15 Collect Changes to System Administration Scope (sudoers) | |
5.2.16 Collect System Administrator Actions (sudolog) | |
5.2.17.1 Collect Kernel Module Loading and Unloading | |
5.2.17.2 Collect Kernel Module Loading and Unloading | |
5.2.18 Make the Audit Configuration Immutable | |
5.2.3 Enable Auditing for Processes That Start Prior to auditd | |
5.2.4.1 Record Events That Modify Date and Time Information (64 bit) | |
5.2.4.2 Record Events That Modify Date and Time Information (32 bit) | |
5.2.5 Record Events That Modify User Group Information | |
5.2.6.1 Record Events That Modify the Systems Network Environment (64 bit) | |
5.2.6.2 Record Events That Modify the Systems Network Environment (32 bit) | |
5.2.7 Record Events That Modify the Systems Mandatory Access Controls | |
5.2.8 Collect Login and Logout Events | |
5.2.9 Collect Session Initiation Information | |
5.3 Configure logrotate | |
6.1.10 Restrict at Daemon | |
6.2.11 Use Only Approved Ciphers in Counter Mode | |
6.2.13.1 Limit Users SSH Access (AllowUsers) | |
6.2.13.2 Limit Users SSH Access (AllowGroups) | |
6.2.13.3 Limit Users SSH Access (DenyUsers) | |
6.2.13.4 Limit Users SSH Access (DenyGroups) | |
7.4 Set Default umask for Users | |
7.5 Lock Inactive User Accounts | |
8.1.1 Set Warning Banner for Standard Login Services | |
8.1.2.1 Set Warning Banner for Standard Login Services | |
8.1.2.2 Set Warning Banner for Standard Login Services | |
8.1.2.3 Set Warning Banner for Standard Login Services | |
9.1.10 Find World Writable Files | |
9.1.11 Find Un-owned Files and Directories | |
9.1.12 Find Un-grouped Files and Directories | |
9.1.13 Find SUID System Executables | |
9.1.14 Find SGID System Executables | |
9.1.1 Verify System File Permissions | |
9.2.10 Check for Presence of User .rhosts Files | |
9.2.12 Check That Users Are Assigned Home Directories | |
9.2.13 Check That Defined Home Directories Exist | |
9.2.13 Check User Home Directory Ownership | |
9.2.14 Check for Duplicate UIDs | |
9.2.15 Check for Duplicate GIDs | |
9.2.16 Check for Duplicate User Names | |
9.2.17 Check for Duplicate Group Names | |
9.2.6 Ensure root PATH Integrity | |
9.2.7 Check Permissions on User Home Directories | |
9.2.8 Check User Dot File Permissions | |
9.2.9 Check Permissions on User .netrc Files | |
Kernel Parameters | |
Running Processes | |
Unix Services | |
??TARGET.RSCD_DIR??/tmp/preCIS/parameter_remediation | File |
/.forward | |
/.netrc | |
/etc/anacrontab | |
/etc/at.allow | |
/etc/at.deny | |
/etc/cron.allow | |
/etc/cron.deny | |
/etc/crontab | |
/etc/fstab | |
/etc/group | |
/etc/grub.conf | |
/etc/gshadow | |
/etc/hosts.allow | |
/etc/hosts.deny | |
/etc/inittab | |
/etc/issue | |
/etc/issue.net | |
/etc/modprobe.conf | |
/etc/motd | |
/etc/passwd | |
/etc/securetty | |
/etc/selinux/config | |
/etc/shadow | |
/etc/ssh/sshd_config | |
aide | RPM |
bind | |
cronie-anacron | |
dhcp | |
dovecot | |
gpg-pubkey | |
httpd | |
mcstrans | |
net-snmp | |
openldap-clients | |
openldap-servers | |
rsh | |
rsh-server | |
rsyslog | |
samba | |
setroubleshoot | |
squid | |
talk | |
talk-server | |
telnet | |
telnet-server | |
tftp | |
tftp-server | |
vsftpd | |
xinetd | |
xorg-x11-server-common | |
ypbind | |
ypserv |
RHEL 5.x
Click here to expand...
Rule Category
Following table categorizes the percentage of rules as Native and EO based:
Rule Category | % of rules |
|---|---|
Native based | 60% |
EO based | 40% |
Rule Details
To find details about all rules included in the template, see HTML Definitions for RHEL 5.x.
Asset/Part Used
Part name | Part Type |
|---|---|
/etc/grub.conf | Configuration File |
/etc/inittab | |
/etc/passwd | |
/etc/cron.d | Directory |
/etc/cron.daily | |
/etc/cron.hourly | |
/etc/cron.monthly | |
/etc/cron.weekly | |
/tmp | |
/var/tmp | |
1.1.10 Add nodev Option to User Partitions | Extended Object |
1.1.11 Add nodev Option to Removable Media Partitions | |
1.1.12 Add noexec Option to Removable Media Partitions | |
1.1.13 Add nosuid Option to Removable Media Partitions | |
1.1.14 Add nodev Option to dev shm Partition | |
1.1.15 Add nosuid Option to dev shm Partition | |
1.1.16 Add noexec Option to dev shm Partition | |
1.1.17 Set Sticky Bit on All World-Writable Directories | |
1.1.18 Disable Mounting of cramfs Filesystems | |
1.1.19 Disable Mounting of freevxfs Filesystems | |
1.1.1 Create Separate Partition for tmp | |
1.1.20 Disable Mounting of jffs2 Filesystems | |
1.1.21 Disable Mounting of hfs Filesystems | |
1.1.22 Disable Mounting of hfsplus Filesystems | |
1.1.23 Disable Mounting of squashfs Filesystems | |
1.1.24 Disable Mounting of udf Filesystems | |
1.1.2 Set nodev option for tmp Partition | |
1.1.3 Set nosuid option for tmp Partition | |
1.1.4 Set noexec option for tmp Partition | |
1.1.5 Create Separate Partition for var | |
1.1.6 Bind Mount the vartmp directory to tmp | |
1.1.7 Create Separate Partition for var log | |
1.1.8 Create Separate Partition for varl og audit | |
1.1.9 Create Separate Partition for home | |
1.3.1 Configure Connection to the RHN RPM Repositories | |
1.3.2 Verify Red Hat GPG Key is Installed | |
1.3.3 Verify that gpgcheck is Globally Activated | |
1.3.6 Obtain Software Package Updates with yum | |
1.4.1 Install AIDE | |
1.4.2 Implement Periodic Execution of File Integrity | |
1.5.1 Enable SELinux in etc grub.conf | |
1.5.2 Set the SELinux State | |
1.5.3 Set the SELinux Policy | |
1.5.4.2 setroubleshoot package | |
1.5.6 Check for Unconfined Daemons | |
1.6.1 Set Boot Loader UserGroup Owner | |
1.6.2 Set Permissions on etc grub.conf | |
1.6.4 Require Authentication for Single-User Mode | |
1.6.5 Disable Interactive Boot | |
1.7.1.1 Restrict Core Dumps | |
1.7.1.2 Restrict Core Dumps | |
1.7.1.3 Restrict Core Dumps | |
1.7.2.1 Configure ExecShield | |
1.7.2.2 Configure ExecShield | |
1.7.3.1 Enable Randomized Virtual Memory Region Placement | |
1.7.3.2 Enable Randomized Virtual Memory Region Placement | |
1.7.5 Disable Prelink | |
3.16.1 Configure Mail Transfer Agent for Local-Only Mode | |
3.16.2 Configure Mail Transfer Agent for Local-Only Mode | |
3.1 Set Daemon umask | |
3.3 B Disable Avahi Server | |
3.6.1.1 Configure Network Time Protocol (NTP) | |
3.6.1.2 Configure Network Time Protocol (NTP) | |
3.6.1 Configure Network Time Protocol (NTP) | |
3.6.2 Configure Network Time Protocol (NTP) | |
4.1.1.1 Disable IP Forwarding | |
4.1.1.2 Disable IP Forwarding | |
4.1.2.1 Disable Send Packet Redirects | |
4.1.2.2 Disable Send Packet Redirects | |
4.1.2.3 Disable Send Packet Redirects | |
4.2.1.1 Disable Source Routed Packet Acceptance | |
4.2.1.2 Disable Source Routed Packet Acceptance | |
4.2.1.3 Disable Source Routed Packet Acceptance | |
4.2.2.1 Disable ICMP Redirect Acceptance | |
4.2.2.2 Disable ICMP Redirect Acceptance | |
4.2.2.3 Disable ICMP Redirect Acceptance | |
4.2.3.1 Disable Secure ICMP Redirect Acceptance | |
4.2.3.2 Disable Secure ICMP Redirect Acceptance | |
4.2.3.3 Disable Secure ICMP Redirect Acceptance | |
4.2.4.1 Log Suspicious Packets | |
4.2.4.2 Log Suspicious Packets | |
4.2.5.1 Enable Ignore Broadcast Requests | |
4.2.5.2 Enable Ignore Broadcast Requests | |
4.2.6.1 Enable Bad Error Message Protection | |
4.2.6.2 Enable Bad Error Message Protection | |
4.2.7.1 Enable RFC-recommended Source Route Validation | |
4.2.7.2 Enable RFC-recommended Source Route Validation | |
4.2.7.3 Enable RFC-recommended Source Route Validation | |
4.2.8.1 Enable TCP SYN Cookies | |
4.2.8.2 Enable TCP SYN Cookies | |
4.3.1 Deactivate Wireless Interfaces | |
4.4.1 Disable IPv6 | |
4.4.2.1.1 Disable IPv6 Router Advertisements | |
4.4.2.1.2 Disable IPv6 Router Advertisements | |
4.4.2.2.1 Disable IPv6 Redirect Acceptance | |
4.4.2.2.2 Disable IPv6 Redirect Acceptance | |
4.5.1.1 Create etchosts.allow | |
4.5.1 Create etchosts.allow | |
4.5.2 Verify Permissions on etchosts.allow | |
4.5.3 Create etchosts.deny | |
4.5.4 Verify Permissions on etchosts.deny | |
4.5 Install TCP Wrappers | |
4.8.1 Disable DCCP | |
4.8.2 Disable SCTP | |
4.8.3 Disable RDS | |
4.8.4 Disable TIPC | |
5.1.1 Configure etc syslog.conf | |
5.1.2.1 Create and Set Permissions on syslog Log Files | |
5.1.2.2 Create and Set Permissions on syslog Log Files(Secure group) | |
5.1.3 Configure syslog to Send Logs to a Remote LOGHOST | |
5.1.4.1 Accept Remote syslog Messages Only on Designated LOGHOSTS | |
5.1.4.2 Accept Remote syslog Messages Only on Designated LOGHOSTS | |
5.2.1 rsyslog package | |
5.2.3 Configure etc rsyslog.conf | |
5.2.4.1 Create and Set Permissions on rsyslog Log Files | |
5.2.4.2 Create and Set Permissions on rsyslog Log Files(Secure group) | |
5.2.5 Configure rsyslog to Send Logs to a Remote LOGHOST | |
5.2.6 Accept Remote rsyslog Messages Only on Designated LOGHOSTS | |
5.3.10.1 Collect Discretionary Access Control Permission Modification Events (64 bit) | |
5.3.10.2 Collect Discretionary Access Control Permission Modification Events (32 bit) | |
5.3.11.1 Collect Unsuccessful Unauthorized Access Attempts to Files (64 bit) | |
5.3.11.2 Collect Unsuccessful Unauthorized Access Attempts to Files (32 bit) | |
5.3.12 Collect Use of Privileged Commands | |
5.3.13.1 Collect Successful File System Mounts (64 bit) | |
5.3.13.2 Collect Successful File System Mounts (32 bit) | |
5.3.14.1 Collect File Deletion Events by User (64 bit) | |
5.3.14.2 Collect File Deletion Events by User (32 bit) | |
5.3.15 Collect Changes to System Administration Scope (sudoers) | |
5.3.16 Collect System Administrator Actions (sudolog) | |
5.3.17 Collect Kernel Module Loading and Unloading | |
5.3.18 Make the Audit Configuration Immutable | |
5.3.2.1 Configure Audit Log Storage Size | |
5.3.2.2 Disable System on Audit Log Full | |
5.3.2.3 Keep All Auditing Information | |
5.3.3 Enable Auditing for Processes That Start Prior to auditd | |
5.3.4.1 Record Events That Modify Date and Time Information (64 bit) | |
5.3.4.2 Record Events That Modify Date and Time Information (32 bit) | |
5.3.5 Record Events That Modify User Group Information | |
5.3.7 Record Events That Modify the Systems Mandatory Access Controls | |
5.3.8 Collect Login and Logout Events | |
5.3.9 Collect Session Initiation Information | |
5.4 Configure logrotate | |
6.1.10 Restrict at Daemon | |
6.1.11.1.1 Restrict atcron to Authorized Users | |
6.1.11.1.2 Restrict cron to Authorized Users | |
6.1.3 Set User-group Owner and Permission on anacrontab | |
6.1.4 Set usergroup owner and permission on crontab | |
6.1.5 Set usergroup owner and permission on cron.hourly | |
6.1.6 Set usergroup owner and permission on cron.daily | |
6.1.7 Set usergroup owner and permission on cron.weekly | |
6.1.8 Set Usergroup Owner and Permission on cron.monthly | |
6.1.9 Set Usergroup Owner and Permission on cron.d | |
6.2.10 Do Not Allow Users to Set Environment Options | |
6.2.11 Use Only Approved Ciphers in Counter Mode | |
6.2.12 Set Idle Timeout Interval for User Login | |
6.2.13.1 Limit Users SSH Access (AllowUsers) | |
6.2.13.2 Limit Users SSH Access (AllowGroups) | |
6.2.13.3 Limit Users SSH Access (DenyUsers) | |
6.2.13.4 Limit Users SSH Access (DenyGroups) | |
6.2.14 Set SSH Banner | |
6.2.1 Set SSH Protocol to 2 | |
6.2.2 Set LogLevel to VERBOSE | |
6.2.3 Set Permissions on etcsshd_config | |
6.2.4 Disable SSH X11 Forwarding | |
6.2.5 Set SSH MaxAuthTries to 4 | |
6.2.6 Set SSH IgnoreRhosts to Yes | |
6.2.7 Set SSH HostbasedAuthentication to No | |
6.2.8 Disable SSH Root Login | |
6.2.9 Set SSH PermitEmptyPasswords to No | |
6.3.1 Set Password Creation Requirement Parameters Using pam_cracklib | |
6.3.2 Set Strong Password Creation Policy Using pam_passwdqc | |
6.3.3 Set Lockout for Failed Password Attempts | |
6.3.4 Use pam_deny.so to Deny Services | |
6.3.5.1 Upgrade Password Hashing Algorithm to SHA-512 | |
6.3.5 Upgrade Password Hashing Algorithm to SHA-512 | |
6.3.6 Limit Password Reuse | |
6.4 Restrict root Login to System Console | |
6.5.1 Restrict Access to the su Command | |
6.5.2 Restrict Access to the su Command | |
7.1 Disable System Accounts | |
7.2.1.1 Set Password Expiration Days (Defalut) | |
7.2.1.2 Set Password Expiration Days (Users) | |
7.2.2.1 Set Password Change Minimum Number of Days (Defalut) | |
7.2.2.2 Set Password Change Minimum Number of Days (Users) | |
7.2.3.1 Set Password Expiring Warning Days (Default) | |
7.2.3.2 Set Password Expiring Warning Days (Users) | |
7.3 Set Default Group for root Account | |
7.4.1 Set Default umask for Users (bashrc) | |
7.4.2 Set Default umask for Users (profile) | |
7.5 Lock Inactive User Accounts | |
8.1.1 Remove OS Information from Login Warning Banners (issue.net) | |
8.1.1 Remove OS Information from Login Warning Banners (issue) | |
8.1.1 Remove OS Information from Login Warning Banners (motd) | |
8.1.1 Set Warning Banner for Standard Login Services | |
8.1.2.1 Set Warning Banner for Standard Login Services | |
8.1.2.2 Set Warning Banner for Standard Login Services | |
8.1.2.3 Set Warning Banner for Standard Login Services | |
8.2 Set GNOME Warning Banner | |
9.1.10 Find Un-owned Files and Directories | |
9.1.11 Find Un-grouped Files and Directories | |
9.1.12 Find SUID System Executables | |
9.1.13 Find SGID System Executables | |
9.1.5 Verify user:group Ownership on etc passwd | |
9.1.6 Verify user:group Ownership on etc shadow | |
9.1.7 Verify user:group Ownership on etc gshadow | |
9.1.8 Verify user:group Ownership on etc group | |
9.1.9 Find World Writable Files | |
9.2.10 Check for Presence of User .rhosts Files | |
9.2.11 Check Groups in etc passwd | |
9.2.12 Check That Users Are Assigned Home Directories | |
9.2.13 Check That Defined Home Directories Exist | |
9.2.14 Check User Home Directory Ownership | |
9.2.15 Check for Duplicate UIDs | |
9.2.16 Check for Duplicate GIDs | |
9.2.17 Check That Reserved UIDs Are Assigned to System Accounts | |
9.2.18 Check for Duplicate User Names | |
9.2.19 Check for Duplicate Group Names | |
9.2.1 Ensure Password Fields are Not Empty | |
9.2.20 Check for Presence of User .netrc Files | |
9.2.21 Check for Presence of User .forward Files | |
9.2.2 Verify No Legacy + Entries Exist in the etc passwd File | |
9.2.3 Verify No Legacy + Entries Exist in etc shadow Files | |
9.2.4 Verify No Legacy + Entries Exist in etc shadow Files | |
9.2.5 Verify No UID 0 Accounts Exist Other Than root | |
9.2.6 Ensure root PATH Integrity | |
9.2.7 Check Permissions on User Home Directories | |
9.2.8 Check User Dot File Permissions | |
9.2.9 Check Permissions on User .netrc Files | |
DHCP Server package | |
DNS server package | |
Dovecot package | |
FTP server package | |
HTTP Proxy server package | |
HTTP server package | |
kernel-PAE package | |
LDAP package | |
NIS Client package | |
NIS Server package | |
pam_ccreds package | |
rsh package | |
rsh-services package | |
Running Processes | |
Samba package | |
SNMP server package | |
talk package | |
talk-server package | |
telnet Clients package | |
Telnet-Server package | |
tftp package | |
tftp-server package | |
Unix Services | |
xinetd package | |
X windows package | |
/etc/anacrontab | File |
/etc/at.allow | |
/etc/at.deny | |
/etc/cron.allow | |
/etc/cron.deny | |
/etc/crontab | |
/etc/group | |
/etc/grub.conf | |
/etc/gshadow | |
/etc/hosts.allow | |
/etc/hosts.deny | |
/etc/inittab | |
/etc/issue | |
/etc/issue.net | |
/etc/motd | |
/etc/passwd | |
/etc/shadow | |
/etc/ssh/sshd_config | |
/proc/cpuinfo |
IBM AIX 7.1
Click here to expand...
Rule Category
Following table categorizes the percentage of rules as Native and EO based:
Rule Category | % of rules |
|---|---|
Native based | 60% |
EO based | 40% |
Rule Details
To find details about all rules included in the template, see HTML Definitions for AIX 7.1 .
Asset/Part Used
Part name | Part Type |
|---|---|
bos.acct | AIX Package |
bos.net.nfs | |
bos.net.nfs.client | |
bos.net.nfs.server | |
bos.net.nis.client | |
bos.net.nis.server | |
clic.rte.includes | |
clic.rte.kernext | |
clic.rte.lib | |
clic.rte.pkcs11 | |
netsec.options.idprotocol | |
netsec.options.tcpwrapper.base | |
netsec.options.tcpwrapper.license | |
netsec.options.tcpwrapper.man.en_US | |
netsec.options.tcpwrapper.msg.en_US | |
openssh.base.client | |
openssh.base.server | |
openssh.license | |
openssh.msg.en_US | |
openssl | |
openssl.base | |
openssl.license | |
openssl.man.en_US | |
sudo | |
cat ??SENDMAIL-CONF-FILE?? | grep SmtpGreetingMessage | egrep -v '^ *#' | cut -d '=' -f2 | Command |
cat /etc/exports' | |
cat /etc/filesystems|tr '\t' ' '|tr -s ' '|sed 's/ //g'|grep -v '^#'|grep 'vfs=nfs'|wc -l|sed 's/ //g' | |
cat /etc/ftpusers | |
cat /etc/hosts.allow | egrep -v '^ *#' | egrep '\?\?|\/|\:\:' | wc -l | |
cat /etc/hosts.allow | egrep -v '^ *#' | egrep -w '^ *ALL' | cut -d':' -f2| sed 's/ //g' | uniq| egrep -w 'ALL' | wc -l | |
cat /etc/hosts.deny | egrep -v '^ *#' | egrep -w '^ *ALL' | cut -d':' -f2| sed 's/ //g' | uniq| egrep -w 'ALL' | |
cat /etc/inetd.conf | egrep -v '^#' | egrep '^ftp' | |
cat /etc/inetd.conf | tr '\t' ' ' | grep -v '^ *#' | egrep '^ *ftp'| tr -s ' ' |tr -s ' ' '\n' | |
cat /etc/rc.tcpip | tr '\t' ' ' |tr -s ' ' | egrep '^ *start +/usr/lib/sendmail +' | |
cat /etc/rc.tcpip | tr '\t' ' ' |tr -s ' ' | egrep '^ *start +/usr/sbin/aixmibd +' | |
cat /etc/rc.tcpip | tr '\t' ' ' |tr -s ' ' | egrep '^ *start +/usr/sbin/autoconf6 +' | |
cat /etc/rc.tcpip | tr '\t' ' ' |tr -s ' ' | egrep '^ *start +/usr/sbin/dhcpcd +' | |
cat /etc/rc.tcpip | tr '\t' ' ' |tr -s ' ' | egrep '^ *start +/usr/sbin/dhcprd +' | |
cat /etc/rc.tcpip | tr '\t' ' ' |tr -s ' ' | egrep '^ *start +/usr/sbin/dhcpsd +' | |
cat /etc/rc.tcpip | tr '\t' ' ' |tr -s ' ' | egrep '^ *start +/usr/sbin/dpid2 +' | |
cat /etc/rc.tcpip | tr '\t' ' ' |tr -s ' ' | egrep '^ *start +/usr/sbin/gated +' | |
cat /etc/rc.tcpip | tr '\t' ' ' |tr -s ' ' | egrep '^ *start +/usr/sbin/hostmibd +' | |
cat /etc/rc.tcpip | tr '\t' ' ' |tr -s ' ' | egrep '^ *start +/usr/sbin/inetd +' | |
cat /etc/rc.tcpip | tr '\t' ' ' |tr -s ' ' | egrep '^ *start +/usr/sbin/mrouted +' | |
cat /etc/rc.tcpip | tr '\t' ' ' |tr -s ' ' | egrep '^ *start +/usr/sbin/ndpd-host +' | |
cat /etc/rc.tcpip | tr '\t' ' ' |tr -s ' ' | egrep '^ *start +/usr/sbin/ndpd-router +' | |
cat /etc/rc.tcpip | tr '\t' ' ' |tr -s ' ' | egrep '^ *start +/usr/sbin/portmap +' | |
cat /etc/rc.tcpip | tr '\t' ' ' |tr -s ' ' | egrep '^ *start +/usr/sbin/routed +' | |
cat /etc/rc.tcpip | tr '\t' ' ' |tr -s ' ' | egrep '^ *start +/usr/sbin/rwhod +' | |
cat /etc/rc.tcpip | tr '\t' ' ' |tr -s ' ' | egrep '^ *start +/usr/sbin/snmpd +' | |
cat /etc/rc.tcpip | tr '\t' ' ' |tr -s ' ' | egrep '^ *start +/usr/sbin/snmpmibd +' | |
cat /etc/rc.tcpip | tr '\t' ' ' |tr -s ' ' | egrep '^ *start +/usr/sbin/timed +' | |
cut -d: -f 3 /etc/group |sort -n | uniq -d | |
cut -d: -f 3 /etc/passwd |sort -n | uniq -d | |
dspcat -g /usr/lib/nls/msg/en_US/ftpd.cat | egrep '^9'| egrep -w '9' | |
echo ??VAR_TUNABLE_PARAMETER?? | cut -d, -f2 | |
echo ??VAR_TUNABLE_PARAMETER?? | cut -d, -f4 | |
egrep -v '^ *#' /etc/hosts.equiv | egrep -v '^$' | wc -l | |
egrep -v '^ *#' /var/adm/cron/at.allow | egrep -v '^$' | |
egrep -v '^ *#' /var/adm/cron/cron.allow | egrep -v '^$' | egrep '^ *adm *$' | wc -l | |
egrep -v '^ *#' /var/adm/cron/cron.allow | egrep -v '^$' | egrep '^ *root *$' | wc -l | |
egrep -v '(root|adm)' /var/adm/cron/cron.allow | egrep -v '^$' | egrep -v '^ *#' | wc -l | |
egrep -w 'root' /etc/ftpusers | |
genkex|grep 'crypt' | |
grep '^PATH=' /etc/environment | |
grep '^PATH=' /etc/environment | tr -d ' \t\r' | awk '/((::)|(:$)|(^:)|(^.:)|(:.$)|(:.:)|(=:))/' | |
grep mesg /etc/csh.login|tr '\t' ' '|egrep '(^| ) *mesg n( |$) *' | |
grep mesg /etc/profile|tr '\t' ' '|egrep '(^| ) *mesg n( |$) *' | |
grep -v '^ *#' /etc/exports|egrep 'localhost' |wc -l | |
grep -v '^ *#' /etc/exports|grep 'anon=' |wc -l |sed 's/ //g' | |
lsattr -El sys0 -a fullcore |egrep '(.*)fullcore false(.*)'| wc -l | |
lsitab -a|egrep '^tty.*:(0|1|2|3|4|5|6|7|8|9)+:once:/usr/sbin/getty' | |
lsitab dt | |
lsitab httpdlite | |
lsitab i4ls | |
lsitab lpd | |
lsitab piobe | |
lsitab pmd | |
lsitab qdaemon | |
lsitab rcncs | |
lsitab rcnfs | |
lsitab writesrv | |
lslpp -L 'bos.msg.en_US.net.tcp.client' | egrep '^ *Fileset'| wc -l | |
lslpp -L|egrep '^ *openssl ' | |
lslpp -L|egrep '^ *sudo ' | |
lslpp -l|grep -i 'CDE'|wc -l|sed 's/ //g' | |
lssec -f /etc/security/limits -s default -a core -a core_hard |egrep '(.*)core_hard(=0)(.*)' | wc -l | |
lssec -f /etc/security/limits -s default -a core -a core_hard |egrep '(.*)core(=0)(.*)' | wc -l | |
lssec -f /etc/security/login.cfg -s default -a herald | awk -F '=' '{print $2}' | tr -s ' ' | |
lssec -f /etc/security/login.cfg -s default -a logindelay | awk -F '=' '{print $2}' | tr -s ' ' | |
lssec -f /etc/security/login.cfg -s default -a logindisable | awk -F '=' '{print $2}' | tr -s ' ' | |
lssec -f /etc/security/login.cfg -s default -a logininterval | awk -F '=' '{print $2}' | tr -s ' ' | |
lssec -f /etc/security/login.cfg -s default -a loginreenable | awk -F '=' '{print $2}' | tr -s ' ' | |
lssec -f /etc/security/login.cfg -s usw -a logintimeout | awk -F '=' '{print $2}' | tr -s ' ' | |
lssec -f /etc/security/login.cfg -s usw -a pwd_algorithm | awk -F '=' '{print $2}' | tr -s ' ' | |
lssec -f /etc/security/user -s default -a histexpire | awk -F '=' '{print $2}' | tr -s ' ' | |
lssec -f /etc/security/user -s default -a histsize | awk -F '=' '{print $2}' | tr -s ' ' | |
lssec -f /etc/security/user -s default -a loginretries | awk -F '=' '{print $2}' | tr -s ' ' | |
lssec -f /etc/security/user -s default -a maxage | awk -F '=' '{print $2}' | tr -s ' ' | |
lssec -f /etc/security/user -s default -a maxexpired | awk -F '=' '{print $2}' | tr -s ' ' | |
lssec -f /etc/security/user -s default -a maxrepeats | awk -F '=' '{print $2}' | tr -s ' ' | |
lssec -f /etc/security/user -s default -a minage | awk -F '=' '{print $2}' | tr -s ' ' | |
lssec -f /etc/security/user -s default -a minalpha | awk -F '=' '{print $2}' | tr -s ' ' | |
lssec -f /etc/security/user -s default -a mindiff | awk -F '=' '{print $2}' | tr -s ' ' | |
lssec -f /etc/security/user -s default -a mindigit | awk -F '=' '{print $2}' | tr -s ' ' | |
lssec -f /etc/security/user -s default -a minlen | awk -F '=' '{print $2}' | tr -s ' ' | |
lssec -f /etc/security/user -s default -a minloweralpha | awk -F '=' '{print $2}' | tr -s ' ' | |
lssec -f /etc/security/user -s default -a minother | awk -F '=' '{print $2}' | tr -s ' ' | |
lssec -f /etc/security/user -s default -a minspecialchar | awk -F '=' '{print $2}' | tr -s ' ' | |
lssec -f /etc/security/user -s default -a minupperalpha | awk -F '=' '{print $2}' | tr -s ' ' | |
lssec -f /etc/security/user -s default -a umask | cut -d'=' -f2 | |
lssec -f /etc/security/user -s default -a umask | cut -d'=' -f2 | tr -s ' ' | |
lssec -f /etc/security/user -s root -a rlogin | awk -F '=' '{print $2}' | tr -s ' ' | |
lssec -f /etc/security/user -s root -a su | awk -F '=' '{print $2}' | tr -s ' ' | |
lssec -f /etc/security/user -s root -a sugroups | awk -F '=' '{print $2}' | tr -s ' ' | |
lssrc -g yp |grep 'active'|wc -l|sed 's/ //g' | |
lssrc -ls inetd|grep 'active'|wc -l|sed 's/ //g' | |
lssrc -ls inetd|tr '\n' ' '|tr -s ' ' | grep '.*' | sed 's/\(.*Service\)\(.*\)/\2/'|grep 'active' | |
lsuser -a login rlogin adm | egrep 'login=true|rlogin=true' | |
lsuser -a login rlogin bin | egrep 'login=true|rlogin=true' | |
lsuser -a login rlogin daemon | egrep 'login=true|rlogin=true' | |
lsuser -a login rlogin lpd | egrep 'login=true|rlogin=true' | |
lsuser -a login rlogin nobody | egrep 'login=true|rlogin=true' | |
lsuser -a login rlogin sys | egrep 'login=true|rlogin=true' | |
lsuser -a login rlogin uucp | egrep 'login=true|rlogin=true' | |
mount |grep 'nfs' |grep 'nosuid' |wc -l | |
mount |grep 'nfs' |wc -l | |
mount | grep -v 'mounted' | grep -v '^-' | awk -F ' ' '{print $3}' | egrep 'nfs'|wc -l|sed 's/ //g' | |
nfso -x nfs_use_reserved_ports | |
nfso -x portcheck | |
no -x bcastping | |
no -x clean_partial_conns | |
no -x directed_broadcast | |
no -x icmpaddressmask | |
no -x ip6srcrouteforward | |
no -x ipforwarding | |
no -x ipignoreredirects | |
no -x ipsendredirects | |
no -x ipsrcrouteforward | |
no -x ipsrcrouterecv | |
no -x nonlocsrcroute | |
no -x rfc1323 | |
no -x sockthresh | |
no -x tcp_mssdflt | |
no -x tcp_pmtu_discover | |
no -x tcp_recvspace | |
no -x tcp_sendspace | |
no -x tcp_tcpsecure | |
no -x udp_pmtu_discover | |
ps -ef | grep 'syslogd' | |
pwdck -n ALL | |
rpcinfo -p | grep -v service | grep -v portmapper | |
rpcinfo -p 2>/dev/null | |
su - root -c 'echo ${PATH}' | |
su - root -c 'echo ${PATH}' | tr -d ' \t\r' | awk '/((::)|(:$)|(^:)|(^.:)|(:.$)|(:.:)|(=:))/' | |
trustchk -p TE 2>&1 | head -1 | |
trustchk -p TEP 2>&1 | head -1 | |
/etc/dt/config/Xconfig | Configuration File |
/etc/exports | |
/etc/group | |
/etc/hosts.allow | |
/etc/inetd.conf | |
/etc/passwd | |
/etc/security/user | |
/etc/ssh/ssh_config | |
/etc/ssh/sshd_config | |
/var/adm/cron/at.allow | |
/var/adm/cron/cron.allow | |
/audit | Directory |
/etc/dt/config | |
/etc/security | |
/etc/security/audit | |
/usr/dt | |
/var/adm/ras | |
/var/adm/sa | |
/var/spool/cron/atjobs | |
/var/spool/cron/atjobs/ | |
/var/spool/cron/crontabs | |
/var/spool/mqueue | |
2.11.18 | Extended Object |
2.11.19 | |
2.11.20 | |
3.5.1 Removal of .rhosts and .netrc files | |
4.16.2 Unowned Files | |
4.2.10 | |
4.4.4 | |
4.4.5 | |
4.4.6 | |
Find World Writable Files | |
Limit Users SSH Access (AllowGroups) | |
Limit Users SSH Access (AllowUsers) | |
Limit Users SSH Access (DenyGroups) | |
Limit Users SSH Access (DenyUsers) | |
suid and sgid files and programs | |
Use Only Approved Ciphers in Counter Mode | |
/etc/dt/config/Xconfig | File |
/etc/dt/config/Xservers | |
/etc/exports | |
/etc/ftpusers | |
/etc/group | |
/etc/hosts.allow | |
/etc/hosts.deny | |
/etc/hosts.equiv | |
/etc/inetd.conf | |
/etc/mail/sendmail.cf | |
/etc/motd | |
/etc/passwd | |
/etc/rc.d/rc2.d/Ssshd | |
/etc/shosts.equiv | |
/etc/ssh/ssh_banner | |
/etc/ssh/ssh_config | |
/etc/ssh/sshd_config | |
/etc/sudoers | |
/smit.log | |
/usr/bin/rcp | |
/usr/bin/rlogin | |
/usr/bin/rsh | |
/usr/dt/bin/dtaction | |
/usr/dt/bin/dtappgather | |
/usr/dt/bin/dtprintinfo | |
/usr/dt/bin/dtsession | |
/usr/sbin/rlogind | |
/usr/sbin/rshd | |
/usr/sbin/tftpd | |
/var/adm/cron/at.allow | |
/var/adm/cron/at.deny | |
/var/adm/cron/cron.allow | |
/var/adm/cron/cron.deny | |
/var/adm/cron/log | |
/var/ct/RMstart.log | |
/var/tmp/dpid2.log | |
/var/tmp/hostmibd.log | |
/var/tmp/snmpd.log |
IBM AIX 6.1/5.3
Click here to expand...
Rule Category
Following table categorizes the percentage of rules as Native and EO based:
Rule Category | % of rules |
|---|---|
Native based | 60% |
EO based | 40% |
Rule Details
To find details about all rules included in the template, see HTML Definitions for AIX 6.1/5.3.
Asset/Part Used
Part name | Part Type |
|---|---|
bos.acct | AIX Package |
bos.net.nfs | |
bos.net.nfs.client | |
bos.net.nfs.server | |
bos.net.nis.client | |
bos.net.nis.server | |
clic.rte.includes | |
clic.rte.kernext | |
clic.rte.lib | |
clic.rte.pkcs11 | |
netsec.options.idprotocol | |
netsec.options.tcpwrapper.base | |
netsec.options.tcpwrapper.license | |
netsec.options.tcpwrapper.man.en_US | |
netsec.options.tcpwrapper.msg.en_US | |
openssh.base.client | |
openssh.base.server | |
openssh.license | |
openssh.msg.en_US | |
openssl | |
openssl.base | |
openssl.license | |
openssl.man.en_US | |
sudo | |
cat ??SENDMAIL-CONF-FILE?? | grep SmtpGreetingMessage | egrep -v '^ *#' | cut -d '=' -f2 | Command |
cat /etc/exports' | |
cat /etc/filesystems|tr '\t' ' '|tr -s ' '|sed 's/ //g'|grep -v '^#'|grep 'vfs=nfs'|wc -l|sed 's/ //g' | |
cat /etc/ftpusers | |
cat /etc/hosts.allow | egrep -v '^ *#' | egrep '\?\?|\/|\:\:' | wc -l | |
cat /etc/hosts.allow | egrep -v '^ *#' | egrep -w '^ *ALL' | cut -d':' -f2| sed 's/ //g' | uniq| egrep -w 'ALL' | wc -l | |
cat /etc/hosts.deny | egrep -v '^ *#' | egrep -w '^ *ALL' | cut -d':' -f2| sed 's/ //g' | uniq| egrep -w 'ALL' | |
cat /etc/inetd.conf | egrep -v '^#' | egrep '^ftp' | |
cat /etc/inetd.conf | tr '\t' ' ' | grep -v '^ *#' | egrep '^ *ftp'| tr -s ' ' |tr -s ' ' '\n' | |
cat /etc/rc.tcpip | tr '\t' ' ' |tr -s ' ' | egrep '^ *start +/usr/lib/sendmail +' | |
cat /etc/rc.tcpip | tr '\t' ' ' |tr -s ' ' | egrep '^ *start +/usr/sbin/aixmibd +' | |
cat /etc/rc.tcpip | tr '\t' ' ' |tr -s ' ' | egrep '^ *start +/usr/sbin/autoconf6 +' | |
cat /etc/rc.tcpip | tr '\t' ' ' |tr -s ' ' | egrep '^ *start +/usr/sbin/dhcpcd +' | |
cat /etc/rc.tcpip | tr '\t' ' ' |tr -s ' ' | egrep '^ *start +/usr/sbin/dhcprd +' | |
cat /etc/rc.tcpip | tr '\t' ' ' |tr -s ' ' | egrep '^ *start +/usr/sbin/dhcpsd +' | |
cat /etc/rc.tcpip | tr '\t' ' ' |tr -s ' ' | egrep '^ *start +/usr/sbin/dpid2 +' | |
cat /etc/rc.tcpip | tr '\t' ' ' |tr -s ' ' | egrep '^ *start +/usr/sbin/gated +' | |
cat /etc/rc.tcpip | tr '\t' ' ' |tr -s ' ' | egrep '^ *start +/usr/sbin/hostmibd +' | |
cat /etc/rc.tcpip | tr '\t' ' ' |tr -s ' ' | egrep '^ *start +/usr/sbin/inetd +' | |
cat /etc/rc.tcpip | tr '\t' ' ' |tr -s ' ' | egrep '^ *start +/usr/sbin/mrouted +' | |
cat /etc/rc.tcpip | tr '\t' ' ' |tr -s ' ' | egrep '^ *start +/usr/sbin/ndpd-host +' | |
cat /etc/rc.tcpip | tr '\t' ' ' |tr -s ' ' | egrep '^ *start +/usr/sbin/ndpd-router +' | |
cat /etc/rc.tcpip | tr '\t' ' ' |tr -s ' ' | egrep '^ *start +/usr/sbin/portmap +' | |
cat /etc/rc.tcpip | tr '\t' ' ' |tr -s ' ' | egrep '^ *start +/usr/sbin/routed +' | |
cat /etc/rc.tcpip | tr '\t' ' ' |tr -s ' ' | egrep '^ *start +/usr/sbin/rwhod +' | |
cat /etc/rc.tcpip | tr '\t' ' ' |tr -s ' ' | egrep '^ *start +/usr/sbin/snmpd +' | |
cat /etc/rc.tcpip | tr '\t' ' ' |tr -s ' ' | egrep '^ *start +/usr/sbin/snmpmibd +' | |
cat /etc/rc.tcpip | tr '\t' ' ' |tr -s ' ' | egrep '^ *start +/usr/sbin/timed +' | |
cut -d: -f 3 /etc/group |sort -n | uniq -d | |
cut -d: -f 3 /etc/passwd |sort -n | uniq -d | |
dspcat -g /usr/lib/nls/msg/en_US/ftpd.cat | egrep '^9'| egrep -w '9' | |
echo ??VAR_TUNABLE_PARAMETER?? | cut -d, -f2 | |
echo ??VAR_TUNABLE_PARAMETER?? | cut -d, -f4 | |
egrep -v '^ *#' /etc/hosts.equiv | egrep -v '^$' | wc -l | |
egrep -v '^ *#' /var/adm/cron/at.allow | egrep -v '^$' | |
egrep -v '^ *#' /var/adm/cron/cron.allow | egrep -v '^$' | egrep '^ *adm *$' | wc -l | |
egrep -v '^ *#' /var/adm/cron/cron.allow | egrep -v '^$' | egrep '^ *root *$' | wc -l | |
egrep -v '(root|adm)' /var/adm/cron/cron.allow | egrep -v '^$' | egrep -v '^ *#' | wc -l | |
egrep -w 'root' /etc/ftpusers | |
genkex|grep 'crypt' | |
grep '^PATH=' /etc/environment | |
grep '^PATH=' /etc/environment | tr -d ' \t\r' | awk '/((::)|(:$)|(^:)|(^.:)|(:.$)|(:.:)|(=:))/' | |
grep mesg /etc/csh.login|tr '\t' ' '|egrep '(^| ) *mesg n( |$) *' | |
grep mesg /etc/profile|tr '\t' ' '|egrep '(^| ) *mesg n( |$) *' | |
grep -v '^ *#' /etc/exports|egrep 'localhost' |wc -l | |
grep -v '^ *#' /etc/exports|grep 'anon=' |wc -l |sed 's/ //g' | |
lsattr -El sys0 -a fullcore |egrep '(.*)fullcore false(.*)'| wc -l | |
lsitab -a|egrep '^tty.*:(0|1|2|3|4|5|6|7|8|9)+:once:/usr/sbin/getty' | |
lsitab dt | |
lsitab httpdlite | |
lsitab i4ls | |
lsitab lpd | |
lsitab piobe | |
lsitab pmd | |
lsitab qdaemon | |
lsitab rcncs | |
lsitab rcnfs | |
lsitab writesrv | |
lslpp -L 'bos.msg.en_US.net.tcp.client' | egrep '^ *Fileset'| wc -l | |
lslpp -L|egrep '^ *openssl ' | |
lslpp -L|egrep '^ *sudo ' | |
lslpp -l|grep -i 'CDE'|wc -l|sed 's/ //g' | |
lssec -f /etc/security/limits -s default -a core -a core_hard |egrep '(.*)core_hard(=0)(.*)' | wc -l | |
lssec -f /etc/security/limits -s default -a core -a core_hard |egrep '(.*)core(=0)(.*)' | wc -l | |
lssec -f /etc/security/login.cfg -s default -a herald | awk -F '=' '{print $2}' | tr -s ' ' | |
lssec -f /etc/security/login.cfg -s default -a logindelay | awk -F '=' '{print $2}' | tr -s ' ' | |
lssec -f /etc/security/login.cfg -s default -a logindisable | awk -F '=' '{print $2}' | tr -s ' ' | |
lssec -f /etc/security/login.cfg -s default -a logininterval | awk -F '=' '{print $2}' | tr -s ' ' | |
lssec -f /etc/security/login.cfg -s default -a loginreenable | awk -F '=' '{print $2}' | tr -s ' ' | |
lssec -f /etc/security/login.cfg -s usw -a logintimeout | awk -F '=' '{print $2}' | tr -s ' ' | |
lssec -f /etc/security/login.cfg -s usw -a pwd_algorithm | awk -F '=' '{print $2}' | tr -s ' ' | |
lssec -f /etc/security/user -s default -a histexpire | awk -F '=' '{print $2}' | tr -s ' ' | |
lssec -f /etc/security/user -s default -a histsize | awk -F '=' '{print $2}' | tr -s ' ' | |
lssec -f /etc/security/user -s default -a loginretries | awk -F '=' '{print $2}' | tr -s ' ' | |
lssec -f /etc/security/user -s default -a maxage | awk -F '=' '{print $2}' | tr -s ' ' | |
lssec -f /etc/security/user -s default -a maxexpired | awk -F '=' '{print $2}' | tr -s ' ' | |
lssec -f /etc/security/user -s default -a maxrepeats | awk -F '=' '{print $2}' | tr -s ' ' | |
lssec -f /etc/security/user -s default -a minage | awk -F '=' '{print $2}' | tr -s ' ' | |
lssec -f /etc/security/user -s default -a minalpha | awk -F '=' '{print $2}' | tr -s ' ' | |
lssec -f /etc/security/user -s default -a mindiff | awk -F '=' '{print $2}' | tr -s ' ' | |
lssec -f /etc/security/user -s default -a mindigit | awk -F '=' '{print $2}' | tr -s ' ' | |
lssec -f /etc/security/user -s default -a minlen | awk -F '=' '{print $2}' | tr -s ' ' | |
lssec -f /etc/security/user -s default -a minloweralpha | awk -F '=' '{print $2}' | tr -s ' ' | |
lssec -f /etc/security/user -s default -a minother | awk -F '=' '{print $2}' | tr -s ' ' | |
lssec -f /etc/security/user -s default -a minspecialchar | awk -F '=' '{print $2}' | tr -s ' ' | |
lssec -f /etc/security/user -s default -a minupperalpha | awk -F '=' '{print $2}' | tr -s ' ' | |
lssec -f /etc/security/user -s default -a umask | cut -d'=' -f2 | |
lssec -f /etc/security/user -s default -a umask | cut -d'=' -f2 | tr -s ' ' | |
lssec -f /etc/security/user -s root -a rlogin | awk -F '=' '{print $2}' | tr -s ' ' | |
lssec -f /etc/security/user -s root -a su | awk -F '=' '{print $2}' | tr -s ' ' | |
lssec -f /etc/security/user -s root -a sugroups | awk -F '=' '{print $2}' | tr -s ' ' | |
lssrc -g yp |grep 'active'|wc -l|sed 's/ //g' | |
lssrc -ls inetd|grep 'active'|wc -l|sed 's/ //g' | |
lssrc -ls inetd|tr '\n' ' '|tr -s ' ' | grep '.*' | sed 's/\(.*Service\)\(.*\)/\2/'|grep 'active' | |
lsuser -a login rlogin adm | egrep 'login=true|rlogin=true' | |
lsuser -a login rlogin bin | egrep 'login=true|rlogin=true' | |
lsuser -a login rlogin daemon | egrep 'login=true|rlogin=true' | |
lsuser -a login rlogin lpd | egrep 'login=true|rlogin=true' | |
lsuser -a login rlogin nobody | egrep 'login=true|rlogin=true' | |
lsuser -a login rlogin sys | egrep 'login=true|rlogin=true' | |
lsuser -a login rlogin uucp | egrep 'login=true|rlogin=true' | |
mount |grep 'nfs' |grep 'nosuid' |wc -l | |
mount |grep 'nfs' |wc -l | |
mount | grep -v 'mounted' | grep -v '^-' | awk -F ' ' '{print $3}' | egrep 'nfs'|wc -l|sed 's/ //g' | |
nfso -x nfs_use_reserved_ports | |
nfso -x portcheck | |
no -x bcastping | |
no -x clean_partial_conns | |
no -x directed_broadcast | |
no -x icmpaddressmask | |
no -x ip6srcrouteforward | |
no -x ipforwarding | |
no -x ipignoreredirects | |
no -x ipsendredirects | |
no -x ipsrcrouteforward | |
no -x ipsrcrouterecv | |
no -x nonlocsrcroute | |
no -x rfc1323 | |
no -x sockthresh | |
no -x tcp_mssdflt | |
no -x tcp_pmtu_discover | |
no -x tcp_recvspace | |
no -x tcp_sendspace | |
no -x tcp_tcpsecure | |
no -x udp_pmtu_discover | |
ps -ef | grep 'syslogd' | |
pwdck -n ALL | |
rpcinfo -p | grep -v service | grep -v portmapper | |
rpcinfo -p 2>/dev/null | |
su - root -c 'echo ${PATH}' | |
su - root -c 'echo ${PATH}' | tr -d ' \t\r' | awk '/((::)|(:$)|(^:)|(^.:)|(:.$)|(:.:)|(=:))/' | |
trustchk -p TE 2>&1 | head -1 | |
trustchk -p TEP 2>&1 | head -1 | |
/etc/dt/config/Xconfig | Configuration File |
/etc/exports | |
/etc/group | |
/etc/hosts.allow | |
/etc/inetd.conf | |
/etc/passwd | |
/etc/security/user | |
/etc/ssh/ssh_config | |
/etc/ssh/sshd_config | |
/var/adm/cron/at.allow | |
/var/adm/cron/cron.allow | |
/audit | Directory |
/etc/dt/config | |
/etc/security | |
/etc/security/audit | |
/usr/dt | |
/var/adm/ras | |
/var/adm/sa | |
/var/spool/cron/atjobs | |
/var/spool/cron/atjobs/ | |
/var/spool/cron/crontabs | |
/var/spool/mqueue | |
2.11.18 | Extended Object |
2.11.19 | |
2.11.20 | |
3.5.1 Removal of .rhosts and .netrc files | |
4.16.2 Unowned Files | |
4.2.10 | |
4.4.4 | |
4.4.5 | |
4.4.6 | |
Find World Writable Files | |
Limit Users SSH Access (AllowGroups) | |
Limit Users SSH Access (AllowUsers) | |
Limit Users SSH Access (DenyGroups) | |
Limit Users SSH Access (DenyUsers) | |
suid and sgid files and programs | |
Use Only Approved Ciphers in Counter Mode | |
/etc/dt/config/Xconfig | File |
/etc/dt/config/Xservers | |
/etc/exports | |
/etc/ftpusers | |
/etc/group | |
/etc/hosts.allow | |
/etc/hosts.deny | |
/etc/hosts.equiv | |
/etc/inetd.conf | |
/etc/mail/sendmail.cf | |
/etc/motd | |
/etc/passwd | |
/etc/rc.d/rc2.d/Ssshd | |
/etc/shosts.equiv | |
/etc/ssh/ssh_banner | |
/etc/ssh/ssh_config | |
/etc/ssh/sshd_config | |
/etc/sudoers | |
/smit.log | |
/usr/bin/rcp | |
/usr/bin/rlogin | |
/usr/bin/rsh | |
/usr/dt/bin/dtaction | |
/usr/dt/bin/dtappgather | |
/usr/dt/bin/dtprintinfo | |
/usr/dt/bin/dtsession | |
/usr/sbin/rlogind | |
/usr/sbin/rshd | |
/usr/sbin/tftpd | |
/var/adm/cron/at.allow | |
/var/adm/cron/at.deny | |
/var/adm/cron/cron.allow | |
/var/adm/cron/cron.deny | |
/var/adm/cron/log | |
/var/ct/RMstart.log | |
/var/tmp/dpid2.log | |
/var/tmp/hostmibd.log | |
/var/tmp/snmpd.log |
Novell SuSE Linux® Enterprise Server 11
Click here to expand...
Rule Category
Following table categorizes the percentage of rules as Native and EO based:
Rule Category | % of rules |
|---|---|
Native based | 60% |
EO based | 40% |
Rule Details
To find details about all rules included in the template, see HTML Definitions for SuSE 11.
Asset/Part Used
Part name | Part Type |
|---|---|
Command | |
cat /etc/hosts.allow | tr -s '\t' ' ' | egrep -v '^ *#' | egrep -v '^ *$' | sed 's/\?/\\\?/g' | |
cat /etc/logrotate.d/syslog | sed '/^#/d' | egrep '{' | sed 's/\(.*\)\({.*\)/\1/g' | tr ' ' '\n' | sed '/^$/d' | |
cat /var/spool/cron/tabs/root | tr -s '\t' ' ' | tr -s ' ' | grep -v '^ *#'| egrep '??VAR_AIDE_RUN_SCHEDULE_PARAM??' |wc -l | awk '{print $1}' | |
Directory:??TARGET.RSCD_DIR??/tmp/preCIS | |
echo ??VAR_ALLOWED_HOST?? | egrep -v '\.|:' | |
echo ??VAR_MOUNTING_OPTION_FSTAB?? | tr ',' '\n' | egrep 'dev|nodev' | tail -1 | |
echo ??VAR_MOUNTING_OPTION_FSTAB?? | tr ',' '\n' | egrep 'exec|noexec' | tail -1 | |
echo ??VAR_MOUNTING_OPTION_FSTAB?? | tr ',' '\n' | egrep 'suid|nosuid' | tail -1 | |
echo ??VAR_MOUNTING_OPTION_FSTAB?? | tr ',' '\n' | grep 'bind' | tail -1 | |
echo '??AIDE_RUN_SCHEDULE??' | sed 's%*%\\\*%g' | |
echo '??AIDE_RUN_SCHEDULE??' | sed -e 's%\/%\\\/%g' -e 's%?%\\\?%g' -e 's%*%\\\*%g' | |
echo '??REQUIRED_SHELL_FEILD_PASSWD_FILE??'|egrep '??SHELL_FEILD_PASSWD_FILE??'|wc -l | |
egrep 'password(.*)pam_pwhistory.so(.*)remember=(.*)' /etc/pam.d/common-password-pc|tr '\t' ' ' | grep -v '^ *#' | egrep ' remember' | egrep -v 'remember=( |$)' | wc -l | sed 's/ //g' | |
egrep -v '^($| *#)' '??AUDIT_RULES_FILE??' | tail -1 | |
egrep -w '^restrict -6 default' /etc/ntp.conf | egrep -w 'kod' | egrep -w 'nomodify' | egrep -w 'notrap' | egrep -w 'nopeer' | egrep -w 'noquery' | wc -l | |
egrep -w '^restrict default' /etc/ntp.conf | egrep -w 'kod' | egrep -w 'nomodify' | egrep -w 'notrap' | egrep -w 'nopeer' | egrep -w 'noquery' | wc -l | |
grep ':??VAR_GROUP_ID??:' /etc/group | |
grep '$ModLoad imtcp.so' /etc/rsyslog.conf | grep -v ^# | |
grep 'ntp:ntp' ??NTP_SYSCONFIG_FILE?? | grep -v ^# | |
lsmod | egrep '^cramfs ' | wc -l | sed 's/ //g' | |
lsmod | egrep '^freevxfs ' | wc -l | sed 's/ //g' | |
lsmod | egrep '^hfs ' | wc -l | sed 's/ //g' | |
lsmod | egrep '^hfsplus ' | wc -l | sed 's/ //g' | |
lsmod | egrep '^jffs2 ' | wc -l | |
lsmod | egrep '^jffs2 ' | wc -l | sed 's/ //g' | |
lsmod | egrep '^squashfs ' | wc -l | sed 's/ //g' | |
lsmod | egrep '^udf ' | wc -l | sed 's/ //g' | |
lsmod|egrep 'dccp'|wc -l|tr -d ' ' | |
mkdir -p ??TARGET.RSCD_DIR??/tmp/preCIS | |
mkdir -p ??TARGET.RSCD_DIR??/tmp/preCIS/ | |
modprobe -c | egrep '(^| )(alias|install) +cramfs +(off|/bin/true|/bin/false)( |$)' |grep -v '^ *#' | wc -l | sed 's/ //g' | |
modprobe -c | egrep '(^| )(alias|install) +freevxfs +(off|/bin/true|/bin/false)( |$)' |grep -v '^ *#' | wc -l | sed 's/ //g' | |
modprobe -c | egrep '(^| )(alias|install) +hfs +(off|/bin/true|/bin/false)( |$)' |grep -v '^ *#' | wc -l | sed 's/ //g' | |
modprobe -c | egrep '(^| )(alias|install) +hfsplus +(off|/bin/true|/bin/false)( |$)' |grep -v '^ *#' | wc -l | sed 's/ //g' | |
modprobe -c | egrep '(^| )(alias|install) +jffs2 +(off|/bin/true|/bin/false)( |$)' |grep -v '^ *#' | wc -l | sed 's/ //g' | |
modprobe -c | egrep '(^| )(alias|install) +squashfs +(off|/bin/true|/bin/false)( |$)' |grep -v '^ *#' | wc -l | sed 's/ //g' | |
modprobe -c | egrep '(^| )(alias|install) +udf +(off|/bin/true|/bin/false)( |$)' |grep -v '^ *#' | wc -l | sed 's/ //g' | |
modprobe -l | egrep 'cramfs.k?o' | wc -l | sed 's/ //g' | |
modprobe -l | egrep 'freevxfs.k?o' | wc -l | sed 's/ //g' | |
modprobe -l | egrep 'hfs.k?o' | wc -l | sed 's/ //g' | |
modprobe -l | egrep 'hfsplus.k?o' | wc -l | sed 's/ //g' | |
modprobe -l | egrep 'jffs2.k?o' | wc -l | |
modprobe -l | egrep 'jffs2.k?o' | wc -l | sed 's/ //g' | |
modprobe -l | egrep 'squashfs.k?o' | wc -l | sed 's/ //g' | |
modprobe -l | egrep 'udf.k?o' | wc -l | sed 's/ //g' | |
mount| awk '($3 ~/^\/tmp$/ && $5 !~/^none$/) {print $3}' | |
mount|awk '($3 ~/^\/var$/ && $5 !~/^none$/) {print $3}' | |
mount|grep ' /dev/shm '|cut -d' ' -f6 | |
mount|grep ' /home '|cut -d' ' -f6 | |
mount|grep ' /tmp '|cut -d' ' -f6 | |
mount | grep '^/tmp ' | egrep ' /var/tmp '|cut -d' ' -f6 | |
mount | grep '^/tmp ' | egrep ' /var/tmp '|wc -l | |
mount|grep -c ' /dev/shm ' | |
mount|grep -c ' /home ' | |
mount|grep -c ' /tmp ' | |
netstat -an | grep LISTEN | grep -E '(::1:25|127\.0\.0\.1:25)' | wc -l | |
pam-config -q --pwhistory| awk -F 'remember=' '{print $2}' | cut -d ' ' -f1 | |
pam-config -q --umask | |
rm -f ??TARGET.RSCD_DIR??/tmp/preCIS/9.1.8.1 | |
su - ??GNOME_CHECK_USER?? -s ??GNOME_USER_SHELL?? -c 'gconftool-2 --get /apps/gdm/simple-greeter/banner_message_enable' | |
su - ??GNOME_CHECK_USER?? -s ??GNOME_USER_SHELL?? -c 'gconftool-2 --get /apps/gdm/simple-greeter/banner_message_text' | |
sysctl fs.suid_dumpable | |
useradd -D|grep INACTIVE|cut -d'=' -f2 | |
zypper list-updates | egrep 'No updates found.' | wc -l | |
zypper repos | egrep 'Enabled' | wc -l | |
zypper repos | egrep -v 'Enabled' | egrep '^1' | cut -d'|' -f4 | sed 's/ //g' | |
/apps/gdm/simple-greeter/banner_message_text | Configuration File |
/boot/grub/menu.lst | |
/etc/audit/auditd.conf | |
/etc/fstab | |
/etc/group | |
/etc/hosts.allow | |
/etc/hosts.deny | |
/etc/inittab | |
/etc/login.defs | |
/etc/ntp.conf | |
/etc/pam.d/common-password-pc | |
/etc/pam.d/su | |
/etc/passwd | |
/etc/rsyslog.conf | |
/etc/securetty | |
/etc/security/limits.conf | |
/etc/shadow | |
/etc/ssh/sshd_config | |
/etc/sysconfig/boot | |
/etc/sysconfig/syslog | |
/etc/sysctl.conf | |
/etc/cron.d | Directory |
/etc/cron.daily | |
/etc/cron.hourly | |
/etc/cron.monthly | |
/etc/cron.weekly | |
/etc/init | |
/etc/modprobe.d | |
/tmp | |
/var/tmp | |
10.1.1.2 Set Password Expiration Days (Users) | Extended Object |
10.1.2.2 Set Password Change Minimum Number of Days (Users) | |
10.1.3.2 Set Password Expiring Warning Days (Users) | |
11.1.1 Set Warning Banner for Standard Login Services | |
12.10 Find Un-grouped Files and Directories | |
12.11 Find SUID System Executables | |
12.12 Find SGID System Executables | |
12.1 Verify System File Permissions | |
12.8 Find World Writable Files | |
12.9 Find Un-owned Files and Directories | |
13.10 Check for Presence of User .rhosts Files | |
13.13 Check User Home Directory Ownership | |
13.14 Check for Duplicate UIDs | |
13.15 Check for Duplicate GIDs | |
13.16 Check for Duplicate User Names | |
13.17 Check for Duplicate Group Names | |
13.6 Ensure root PATH Integrity | |
13.7 Check Permissions on User Home Directories | |
13.8 Check User Dot File Permissions | |
13.9 Check Permissions on User .netrc Files | |
2.11 Add nodev Option to Removable Media Partitions | |
2.12 Add noexec Option to Removable Media Partitions | |
2.13 Add nosuid Option to Removable Media Partitions | |
2.17 Set Sticky Bit on All World-Writable Directories | |
4.5 Activate AppArmor | |
7.3.3 Disable IPv6 | |
7.6 Deactivate Wireless Interfaces | |
7.8 Limit access to trusted networks | |
8.1.1.2 Disable System on Audit Log Full | |
8.1.10-1 Collect Discretionary Access Control Permission Modification Events (64 bit) | |
8.1.10-2 Collect Discretionary Access Control Permission Modification Events (32 bit) | |
8.1.11 Collect Unsuccessful Unauthorized Access Attempts to Files | |
8.1.12 Collect Use of Privileged Commands | |
8.1.13 Collect Successful File System Mounts | |
8.1.14 Collect File Deletion Events by User | |
8.1.15 Collect Changes to System Administration Scope | |
8.1.16 Collect System Administrator Actions (sudolog) | |
8.1.17-1 Collect Kernel Module Loading and Unloading | |
8.1.17-2 Collect Kernel Module Loading and Unloading | |
8.1.3 Enable Auditing for Processes That Start Prior to auditd | |
8.1.4-1 Record Events That Modify Date and Time Information | |
8.1.4-2 Record Events That Modify Date and Time Information | |
8.1.5 Record Events That Modify UserGroup Information | |
8.1.6-1 | |
8.1.6-2 | |
8.1.6-3 | |
8.1.7 Record Events That Modify the Systems Mandatory Access Controls | |
8.1.8 Collect Login and Logout Events | |
8.1.9 Collect Session Initiation Information | |
8.2.4.1 Create and Set Permissions on rsyslog Log Files | |
8.2.4.2 Create and Set Permissions on rsyslog Log Files(Secure group) | |
8.2.5 Configure rsyslog to Send Logs to a Remote LOGHOST | |
9.2.11 Use Only Approved Ciphers in Counter Mode | |
9.2.13.1 Limit Users SSH Access (AllowUsers) | |
9.2.13.2 Limit Users SSH Access (AllowGroups) | |
9.2.13.3 Limit Users SSH Access (DenyUsers) | |
9.2.13.4 Limit Users SSH Access (DenyGroups) | |
9.3.1 Set Password Creation Requirement Parameters Using pam_cracklib | |
9.3.2-1 Set Lockout for Failed Password Attempts | |
9.3.2-2 Set Lockout for Failed Password Attempts | |
Kernel Parameters | |
Running Processes | |
Unix Services | |
??TARGET.RSCD_DIR??/tmp/preCIS/parameter_remediation | File |
/.forward | |
/.netrc | |
/boot/grub/menu.lst | |
/etc/at.allow | |
/etc/at.deny | |
/etc/audit/audit.rules | |
/etc/cron.allow | |
/etc/cron.deny | |
/etc/crontab | |
/etc/group | |
/etc/hosts.allow | |
/etc/hosts.deny | |
/etc/inittab | |
/etc/issue | |
/etc/issue.net | |
/etc/logrotate.d/syslog | |
/etc/modprobe.conf | |
/etc/modprobe.d/CIS.conf | |
/etc/motd | |
/etc/passwd | |
/etc/securetty | |
/etc/shadow | |
/etc/ssh/sshd_config | |
/usr/share/kde4/config/kdm/kdmrc | |
aide | RPM |
biosdevname | |
kernel-pae | |
openldap2 | |
openldap2-client | |
prelink | |
rsh | |
rsyslog | |
talk | |
tcpd | |
xorg-x11 | |
ypbind | |
RPMs | RPM List |
Novell SuSE Linux® Enterprise Server 10
Click here to expand...
Rule Category
Following table categorizes the percentage of rules as Native and EO based:
Rule Category | % of rules |
|---|---|
Native based | 60% |
EO based | 40% |
Rule Details
To find details about all rules included in the template, see HTML Definitions for SuSE 10.
Asset/Part Used
Part name | Part Type |
|---|---|
Command | |
cat /etc/hosts.allow | tr -s '\t' ' ' | egrep -v '^ *#' | egrep -v '^ *$' | sed 's/\?/\\\?/g' | |
cat /etc/logrotate.d/syslog | sed '/^#/d' | egrep '{' | sed 's/\(.*\)\({.*\)/\1/g' | tr ' ' '\n' | sed '/^$/d' | |
cat /var/spool/cron/tabs/root | tr -s '\t' ' ' | tr -s ' ' | grep -v '^ *#'| egrep '??VAR_AIDE_RUN_SCHEDULE_PARAM??' |wc -l | awk '{print $1}' | |
Directory:??TARGET.RSCD_DIR??/tmp/preCIS | |
echo ??VAR_ALLOWED_HOST?? | egrep -v '\.|:' | |
echo ??VAR_MOUNTING_OPTION_FSTAB?? | tr ',' '\n' | egrep 'dev|nodev' | tail -1 | |
echo ??VAR_MOUNTING_OPTION_FSTAB?? | tr ',' '\n' | egrep 'exec|noexec' | tail -1 | |
echo ??VAR_MOUNTING_OPTION_FSTAB?? | tr ',' '\n' | egrep 'suid|nosuid' | tail -1 | |
echo ??VAR_MOUNTING_OPTION_FSTAB?? | tr ',' '\n' | grep 'bind' | tail -1 | |
echo '??AIDE_RUN_SCHEDULE??' | sed 's%*%\\\*%g' | |
echo '??AIDE_RUN_SCHEDULE??' | sed -e 's%\/%\\\/%g' -e 's%?%\\\?%g' -e 's%*%\\\*%g' | |
echo '??REQUIRED_SHELL_FEILD_PASSWD_FILE??'|egrep '??SHELL_FEILD_PASSWD_FILE??'|wc -l | |
egrep 'password(.*)pam_pwhistory.so(.*)remember=(.*)' /etc/pam.d/common-password|tr '\t' ' ' | grep -v '^ *#' | egrep ' remember' | egrep -v 'remember=( |$)' | wc -l | sed 's/ //g' | |
egrep -v '^($| *#)' '??AUDIT_RULES_FILE??' | tail -1 | |
egrep -v '^ *#' /etc/pam.d/common-session | egrep 'session(.*)pam_umask.so(.*)umask(.*)' | sed 's/\(.*\)\(umask.*\)/\2/' | cut -d'=' -f2 | cut -d ' ' -f1 | sed 's/ //g' | |
egrep -w '^restrict -6 default' /etc/ntp.conf | egrep -w 'kod' | egrep -w 'nomodify' | egrep -w 'notrap' | egrep -w 'nopeer' | egrep -w 'noquery' | wc -l | |
egrep -w '^restrict default' /etc/ntp.conf | egrep -w 'kod' | egrep -w 'nomodify' | egrep -w 'notrap' | egrep -w 'nopeer' | egrep -w 'noquery' | wc -l | |
grep ':??VAR_GROUP_ID??:' /etc/group | |
grep '$ModLoad imtcp.so' /etc/rsyslog.conf | grep -v ^# | |
grep 'ntp:ntp' ??NTP_SYSCONFIG_FILE?? | grep -v ^# | |
lsmod | egrep '^cramfs ' | wc -l | sed 's/ //g' | |
lsmod | egrep '^freevxfs ' | wc -l | sed 's/ //g' | |
lsmod | egrep '^hfs ' | wc -l | sed 's/ //g' | |
lsmod | egrep '^hfsplus ' | wc -l | sed 's/ //g' | |
lsmod | egrep '^jffs2 ' | wc -l | |
lsmod | egrep '^jffs2 ' | wc -l | sed 's/ //g' | |
lsmod | egrep '^squashfs ' | wc -l | sed 's/ //g' | |
lsmod | egrep '^udf ' | wc -l | sed 's/ //g' | |
lsmod|egrep 'dccp'|wc -l|tr -d ' ' | |
mkdir -p ??TARGET.RSCD_DIR??/tmp/preCIS | |
mkdir -p ??TARGET.RSCD_DIR??/tmp/preCIS/ | |
modprobe -c | egrep '(^| )(alias|install) +cramfs +(off|/bin/true|/bin/false)( |$)' |grep -v '^ *#' | wc -l | sed 's/ //g' | |
modprobe -c | egrep '(^| )(alias|install) +freevxfs +(off|/bin/true|/bin/false)( |$)' |grep -v '^ *#' | wc -l | sed 's/ //g' | |
modprobe -c | egrep '(^| )(alias|install) +hfs +(off|/bin/true|/bin/false)( |$)' |grep -v '^ *#' | wc -l | sed 's/ //g' | |
modprobe -c | egrep '(^| )(alias|install) +hfsplus +(off|/bin/true|/bin/false)( |$)' |grep -v '^ *#' | wc -l | sed 's/ //g' | |
modprobe -c | egrep '(^| )(alias|install) +jffs2 +(off|/bin/true|/bin/false)( |$)' |grep -v '^ *#' | wc -l | sed 's/ //g' | |
modprobe -c | egrep '(^| )(alias|install) +squashfs +(off|/bin/true|/bin/false)( |$)' |grep -v '^ *#' | wc -l | sed 's/ //g' | |
modprobe -c | egrep '(^| )(alias|install) +udf +(off|/bin/true|/bin/false)( |$)' |grep -v '^ *#' | wc -l | sed 's/ //g' | |
modprobe -l | egrep 'cramfs.k?o' | wc -l | sed 's/ //g' | |
modprobe -l | egrep 'freevxfs.k?o' | wc -l | sed 's/ //g' | |
modprobe -l | egrep 'hfs.k?o' | wc -l | sed 's/ //g' | |
modprobe -l | egrep 'hfsplus.k?o' | wc -l | sed 's/ //g' | |
modprobe -l | egrep 'jffs2.k?o' | wc -l | |
modprobe -l | egrep 'jffs2.k?o' | wc -l | sed 's/ //g' | |
modprobe -l | egrep 'squashfs.k?o' | wc -l | sed 's/ //g' | |
modprobe -l | egrep 'udf.k?o' | wc -l | sed 's/ //g' | |
mount| awk '($3 ~/^\/tmp$/ && $5 !~/^none$/) {print $3}' | |
mount|awk '($3 ~/^\/var$/ && $5 !~/^none$/) {print $3}' | |
mount|grep ' /dev/shm '|cut -d' ' -f6 | |
mount|grep ' /home '|cut -d' ' -f6 | |
mount|grep ' /tmp '|cut -d' ' -f6 | |
mount | grep '^/tmp ' | egrep ' /var/tmp '|cut -d' ' -f6 | |
mount | grep '^/tmp ' | egrep ' /var/tmp '|wc -l | |
mount|grep -c ' /dev/shm ' | |
mount|grep -c ' /home ' | |
mount|grep -c ' /tmp ' | |
netstat -an | grep LISTEN | grep -E '(::1:25|127\.0\.0\.1:25)' | wc -l | |
pam-config -q --pwhistory| awk -F 'remember=' '{print $2}' | cut -d ' ' -f1 | |
rm -f ??TARGET.RSCD_DIR??/tmp/preCIS/9.1.8.1 | |
su - ??GNOME_CHECK_USER?? -s ??GNOME_USER_SHELL?? -c 'gconftool-2 --get /apps/gdm/simple-greeter/banner_message_enable' | |
su - ??GNOME_CHECK_USER?? -s ??GNOME_USER_SHELL?? -c 'gconftool-2 --get /apps/gdm/simple-greeter/banner_message_text' | |
sysctl fs.suid_dumpable | |
useradd -D|grep INACTIVE|cut -d'=' -f2 | |
zypper list-updates | egrep 'No updates found.' | wc -l | |
zypper repos | egrep 'Enabled' | wc -l | |
zypper repos | egrep -v 'Enabled' | egrep '^1' | cut -d'|' -f4 | sed 's/ //g' | |
/apps/gdm/simple-greeter/banner_message_text | Configuration File |
/boot/grub/menu.lst | |
/etc/auditd.conf | |
/etc/fstab | |
/etc/group | |
/etc/hosts.allow | |
/etc/hosts.deny | |
/etc/inittab | |
/etc/login.defs | |
/etc/ntp.conf | |
/etc/pam.d/common-password | |
/etc/pam.d/common-session | |
/etc/pam.d/su | |
/etc/passwd | |
/etc/rsyslog.conf | |
/etc/securetty | |
/etc/security/limits.conf | |
/etc/shadow | |
/etc/ssh/sshd_config | |
/etc/sysconfig/boot | |
/etc/sysconfig/mail | |
/etc/sysconfig/syslog | |
/etc/sysctl.conf | |
/etc/vsftpd/vsftpd.conf | |
??TARGET.RSCD_DIR??/tmp/preCIS | Directory |
/etc/cron.d | |
/etc/cron.daily | |
/etc/cron.hourly | |
/etc/cron.monthly | |
/etc/cron.weekly | |
/etc/init | |
/etc/modprobe.d | |
/tmp | |
/var/tmp | |
10.1.1.2 Set Password Expiration Days (Users) | Extended Object |
10.1.2.2 Set Password Change Minimum Number of Days (Users) | |
10.1.3.2 Set Password Expiring Warning Days (Users) | |
11.1.1 Set Warning Banner for Standard Login Services | |
12.10 Find Un-grouped Files and Directories | |
12.11 Find SUID System Executables | |
12.12 Find SGID System Executables | |
12.1 Verify System File Permissions | |
12.8 Find World Writable Files | |
12.9 Find Un-owned Files and Directories | |
13.10 Check for Presence of User .rhosts Files | |
13.13 Check User Home Directory Ownership | |
13.14 Check for Duplicate UIDs | |
13.15 Check for Duplicate GIDs | |
13.16 Check for Duplicate User Names | |
13.17 Check for Duplicate Group Names | |
13.6 Ensure root PATH Integrity | |
13.7 Check Permissions on User Home Directories | |
13.8 Check User Dot File Permissions | |
13.9 Check Permissions on User .netrc Files | |
2.11 Add nodev Option to Removable Media Partitions | |
2.12 Add noexec Option to Removable Media Partitions | |
2.13 Add nosuid Option to Removable Media Partitions | |
2.17 Set Sticky Bit on All World-Writable Directories | |
4.5 Activate AppArmor | |
7.1 Remove .rhosts Support In PAM Configuration Files | |
7.2 etc ftpusers | |
7.3.3 Disable IPv6 | |
7.6 Configure xinetd Access Control | |
7.6 Deactivate Wireless Interfaces | |
7.8 Limit access to trusted networks | |
8.1.1.2 Disable System on Audit Log Full | |
8.1.10-1 Collect Discretionary Access Control Permission Modification Events (64 bit) | |
8.1.10-2 Collect Discretionary Access Control Permission Modification Events (32 bit) | |
8.1.11 Collect Unsuccessful Unauthorized Access Attempts to Files | |
8.1.12 Collect Use of Privileged Commands | |
8.1.13 Collect Successful File System Mounts | |
8.1.14 Collect File Deletion Events by User | |
8.1.15 Collect Changes to System Administration Scope | |
8.1.16 Collect System Administrator Actions (sudolog) | |
8.1.17-1 Collect Kernel Module Loading and Unloading | |
8.1.17-2 Collect Kernel Module Loading and Unloading | |
8.1.3 Enable Auditing for Processes That Start Prior to auditd | |
8.1.4-1 Record Events That Modify Date and Time Information | |
8.1.4-2 Record Events That Modify Date and Time Information | |
8.1.5 Record Events That Modify UserGroup Information | |
8.1.6-1 | |
8.1.6-2 | |
8.1.6-3 | |
8.1.7 Record Events That Modify the Systems Mandatory Access Controls | |
8.1.8 Collect Login and Logout Events | |
8.1.9 Collect Session Initiation Information | |
8.2.4.1 Create and Set Permissions on rsyslog Log Files | |
8.2.4.2 Create and Set Permissions on rsyslog Log Files(Secure group) | |
8.2.5 Configure rsyslog to Send Logs to a Remote LOGHOST | |
9.2.11 Use Only Approved Ciphers in Counter Mode | |
9.2.13.1 Limit Users SSH Access (AllowUsers) | |
9.2.13.2 Limit Users SSH Access (AllowGroups) | |
9.2.13.3 Limit Users SSH Access (DenyUsers) | |
9.2.13.4 Limit Users SSH Access (DenyGroups) | |
9.3.1 Set Password Creation Requirement Parameters Using pam_cracklib | |
9.3.2-1 Set Lockout for Failed Password Attempts | |
9.3.2-2 Set Lockout for Failed Password Attempts | |
Kernel Parameters | |
Running Processes | |
Unix Services | |
??TARGET.RSCD_DIR??/tmp/preCIS/parameter_remediation | File |
/.forward | |
/.netrc | |
/boot/grub/menu.lst | |
/etc/at.allow | |
/etc/at.deny | |
/etc/audit/audit.rules | |
/etc/cron.allow | |
/etc/cron.deny | |
/etc/crontab | |
/etc/exports | |
/etc/group | |
/etc/hosts.allow | |
/etc/hosts.deny | |
/etc/hosts.equiv | |
/etc/inittab | |
/etc/issue | |
/etc/issue.net | |
/etc/lilo.conf | |
/etc/logrotate.d/syslog | |
/etc/modprobe.conf | |
/etc/modprobe.d/CIS.conf | |
/etc/motd | |
/etc/passwd | |
/etc/securetty | |
/etc/shadow | |
/etc/ssh/sshd_config | |
/etc/sysctl.conf | |
/root/.rhosts | |
/root/.shosts | |
/usr/share/kde4/config/kdm/kdmrc | |
aide | RPM |
biosdevname | |
kernel-pae | |
openldap2 | |
openldap2-client | |
prelink | |
rsh | |
rsyslog | |
seccheck | |
talk | |
tcpd | |
xorg-x11 | |
ypbind | |
RPMs | RPM List |