Revision 1.14Sep 19, 2023
Functional Update
- GEN001160/GEN001170 - All files and directories must have a valid owner and group owner.
- GEN001890 - Local initialization files must not have extended ACLs - '.bash_logout'
- GEN001890 - Local initialization files must not have extended ACLs - '.bash_profile'
- GEN001890 - Local initialization files must not have extended ACLs - '.bashrc'
- GEN001890 - Local initialization files must not have extended ACLs - '.cshrc'
- GEN001890 - Local initialization files must not have extended ACLs - '.dispatch'
- GEN001890 - Local initialization files must not have extended ACLs - '.dtprofile'
- GEN001890 - Local initialization files must not have extended ACLs - '.emacs'
- GEN001890 - Local initialization files must not have extended ACLs - '.env'
- GEN001890 - Local initialization files must not have extended ACLs - '.exrc'
- GEN001890 - Local initialization files must not have extended ACLs - '.login'
- GEN001890 - Local initialization files must not have extended ACLs - '.logout'
- GEN001890 - Local initialization files must not have extended ACLs - '.profile'
- GEN002000 - There must be no .netrc files on the system.
- GEN002040 - There must be no .rhosts, .shosts, hosts.equiv, or shosts.equiv files on the system - '.rhosts'
- GEN002040 - There must be no .rhosts, .shosts, hosts.equiv, or shosts.equiv files on the system - '.shosts'
- GEN002040 - There must be no .rhosts, .shosts, hosts.equiv, or shosts.equiv files on the system - 'hosts.equiv'
- GEN002040 - There must be no .rhosts, .shosts, hosts.equiv, or shosts.equiv files on the system - 'shosts.equiv'
- GEN002300 - Device files used for backup must only be readable and/or writable by root or the backup user - '/dev/cd*'
- GEN002300 - Device files used for backup must only be readable and/or writable by root or the backup user - '/dev/rmt*'
- GEN002330 - Audio devices must not have extended ACLs.
- GEN002380 - The owner, group, mode, ACL, and location of files with the setuid bit set must be documented using site-defined procedures
- GEN002440 - The owner, group, mode, ACL, and location of files with the setgid bit set must be documented using site-defined procedures
- GEN002480 - Public directories must be the only world-writable directories and world-writable files must be located only in public dirs
- GEN002500 - The sticky bit must be set on all public directories.
- GEN002520 - All public directories must be owned by root or an application account.
- GEN002540 - All public directories must be group-owned by system or an application group.
- GEN003865 - Network analysis tools must not be installed - 'ethereal'
- GEN003865 - Network analysis tools must not be installed - 'netcat'
- GEN003865 - Network analysis tools must not be installed - 'snoop'
- GEN003865 - Network analysis tools must not be installed - 'tcpdump'
- GEN003865 - Network analysis tools must not be installed - 'tshark'
- GEN003865 - Network analysis tools must not be installed - 'wireshark'
- GEN004580 - The system must not use .forward files.
- GEN005190 - The .Xauthority files must not have extended ACLs.
- GEN005340 - Management Information Base (MIB) files must have mode 0640 or less permissive.
- GEN005350 - Management Information Base (MIB) files must not have extended ACLs.
Miscellaneous
- References updated.
- Variables updated.