| BSI-100-2: S 2.33: Division of administrator roles under Unix: Password length >= 12 | IDENTIFICATION AND AUTHENTICATION |
| BSI-100-2: S 4.13: Careful allocation of identifiers: /etc/group consistency | IDENTIFICATION AND AUTHENTICATION |
| BSI-100-2: S 4.13: Careful allocation of identifiers: /etc/password consistency | IDENTIFICATION AND AUTHENTICATION |
| BSI-100-2: S 4.13: Careful allocation of identifiers: Every GID must be unique | IDENTIFICATION AND AUTHENTICATION |
| BSI-100-2: S 4.13: Careful allocation of identifiers: Every GID must be valid | ACCESS CONTROL |
| BSI-100-2: S 4.13: Careful allocation of identifiers: Every group ID (GID) must be unique - Duplicate GID | IDENTIFICATION AND AUTHENTICATION |
| BSI-100-2: S 4.13: Careful allocation of identifiers: Every group ID (GID) must be unique - Zero GID | IDENTIFICATION AND AUTHENTICATION |
| BSI-100-2: S 4.13: Careful allocation of identifiers: Every group log-in name must be unique | IDENTIFICATION AND AUTHENTICATION |
| BSI-100-2: S 4.13: Careful allocation of identifiers: Every log-in name must be unique | IDENTIFICATION AND AUTHENTICATION |
| BSI-100-2: S 4.13: Careful allocation of identifiers: Every UID must be unique | IDENTIFICATION AND AUTHENTICATION |
| BSI-100-2: S 4.13: Careful allocation of identifiers: UID 0 - /etc/group | IDENTIFICATION AND AUTHENTICATION |
| BSI-100-2: S 4.13: Careful allocation of identifiers: UID 0 - /etc/passwd | IDENTIFICATION AND AUTHENTICATION |
| BSI-100-2: S 4.14: Mandatory password protection under Unix: Passwords should not be stored in the universally readable /etc/passwd file | IDENTIFICATION AND AUTHENTICATION |
| BSI-100-2: S 4.18: Administrative and technical means to control access to the system-monitor and single-user mode: console access password | ACCESS CONTROL |
| BSI-100-2: S 4.18: Administrative and technical means to control access to the system-monitor and single-user mode: sulogin | ACCESS CONTROL |
| BSI-100-2: S 4.21: Preventing unauthorised acquisition of administrator rights: Administrative tasks should only be performed from console | ACCESS CONTROL |
| BSI-100-2: S 4.21: Preventing unauthorised acquisition of administrator rights: Block ftp for administrative accesses. | ACCESS CONTROL |
| BSI-100-2: S 4.21: Preventing unauthorised acquisition of administrator rights: Limiting access to su | ACCESS CONTROL |
| BSI-100-2: S 4.22: Prevention of loss of confidentiality of sensitive data in the Unix system: Finger service | CONFIGURATION MANAGEMENT |
| BSI-100-2: S 4.22: Prevention of loss of confidentiality of sensitive data in the Unix system: FTP service | CONFIGURATION MANAGEMENT |
| BSI-100-2: S 4.22: Prevention of loss of confidentiality of sensitive data in the Unix system: Restrict access to commands | ACCESS CONTROL |
| BSI-100-2: S 4.22: Prevention of loss of confidentiality of sensitive data in the Unix system: SMB service | CONFIGURATION MANAGEMENT |
| BSI-100-2: S 4.22: Prevention of loss of confidentiality of sensitive data in the Unix system: Telnet service | CONFIGURATION MANAGEMENT |
| BSI-100-2: S 4.22: Prevention of loss of confidentiality of sensitive data in the Unix system: TFTP service | CONFIGURATION MANAGEMENT |
| BSI-100-2: S 4.25: Use of logging in Unix systems: Dedicated loghost | AUDIT AND ACCOUNTABILITY |
| BSI-100-2: S 4.96: Deactivating DNS | CONFIGURATION MANAGEMENT |
| BSI-100-2: S 4.105: Initial measures after a Unix standard installation: /etc/X11/xinit/xinitrc - 'xhost +' should never be used | CONFIGURATION MANAGEMENT |
| BSI-100-2: S 4.105: Initial measures after a Unix standard installation: /usr/X11R6/bin/startx - 'xhost +' should never be used. | CONFIGURATION MANAGEMENT |
| BSI-100-2: S 4.105: Initial measures after a Unix standard installation: /usr/X11R6/lib/X11/xdm/Xsession - 'xhost +' should never be used. | CONFIGURATION MANAGEMENT |
| BSI-100-2: S 4.105: Initial measures after a Unix standard installation: ~/.Xclients - 'xhost +' should never be used. | CONFIGURATION MANAGEMENT |
| BSI-100-2: S 4.105: Initial measures after a Unix standard installation: ~/.Xclients.gnome - 'xhost +' should never be used. | CONFIGURATION MANAGEMENT |
| BSI-100-2: S 4.105: Initial measures after a Unix standard installation: ~/.Xclients.kde - 'xhost +' should never be used. | CONFIGURATION MANAGEMENT |
| BSI-100-2: S 4.105: Initial measures after a Unix standard installation: ~/.xinitrc - 'xhost +' should never be used. | CONFIGURATION MANAGEMENT |
| BSI-100-2: S 4.105: Initial measures after a Unix standard installation: ~/.xsession - 'xhost +' should never be used. | CONFIGURATION MANAGEMENT |
| BSI-100-2: S 4.105: Initial measures after a Unix standard installation: FTP - Remove non-required services from /etc/inetd.conf | CONFIGURATION MANAGEMENT |
| BSI-100-2: S 4.105: Initial measures after a Unix standard installation: HTTP - Remove non-required services from /etc/inetd.conf | CONFIGURATION MANAGEMENT |
| BSI-100-2: S 4.105: Initial measures after a Unix standard installation: INND - Remove non-required services from /etc/inetd.conf | CONFIGURATION MANAGEMENT |
| BSI-100-2: S 4.105: Initial measures after a Unix standard installation: No world writeable directories | ACCESS CONTROL |
| BSI-100-2: S 4.105: Initial measures after a Unix standard installation: No world writeable files | ACCESS CONTROL |
| BSI-100-2: S 4.105: Initial measures after a Unix standard installation: POP3 - Remove non-required services from /etc/inetd.conf | CONFIGURATION MANAGEMENT |
| BSI-100-2: S 4.105: Initial measures after a Unix standard installation: Portmap - Remove non-required services from /etc/inetd.conf | CONFIGURATION MANAGEMENT |
| BSI-100-2: S 4.105: Initial measures after a Unix standard installation: REXECD - Remove non-required services from /etc/inetd.conf | CONFIGURATION MANAGEMENT |
| BSI-100-2: S 4.105: Initial measures after a Unix standard installation: Rexecd must be deactivated | CONFIGURATION MANAGEMENT |
| BSI-100-2: S 4.105: Initial measures after a Unix standard installation: RLOGIND - Remove non-required services from /etc/inetd.conf | CONFIGURATION MANAGEMENT |
| BSI-100-2: S 4.105: Initial measures after a Unix standard installation: Rlogind must be deactivated | CONFIGURATION MANAGEMENT |
| BSI-100-2: S 4.105: Initial measures after a Unix standard installation: RSHD - Remove non-required services from /etc/inetd.conf | CONFIGURATION MANAGEMENT |
| BSI-100-2: S 4.105: Initial measures after a Unix standard installation: Rshd must be deactivated | CONFIGURATION MANAGEMENT |
| BSI-100-2: S 4.105: Initial measures after a Unix standard installation: Sendmail - Remove non-required services from /etc/inetd.conf | CONFIGURATION MANAGEMENT |
| BSI-100-2: S 4.105: Initial measures after a Unix standard installation: SMBD - Remove non-required services from /etc/inetd.conf | CONFIGURATION MANAGEMENT |
| BSI-100-2: S 4.105: Initial measures after a Unix standard installation: Telnet - Remove non-required services from /etc/inetd.conf | CONFIGURATION MANAGEMENT |
