Detections
Analytics

Revision 1.32

Oct 5, 2020
Functional Update
  • GEN000800 M6 - The system must prohibit the reuse of passwords to 15 iterations - 'Local usingHistory = 15'
  • GEN000800 M6 - The system must prohibit the reuse of passwords to 15 iterations - 'Managed usingHistory = 15'
  • GEN001375 M6 - For systems using DNS resolution, at least two name servers must be configured - 'first name server is configured'
  • GEN001375 M6 - For systems using DNS resolution, at least two name servers must be configured - 'second name server is configured'
  • GEN005505 M6 - The SSH daemon must be configured to only use FIPS 140-2 approved ciphers - 'CIPHERS configured'
  • GEN005505 M6 - The SSH daemon must be configured to only use FIPS 140-2 approved ciphers - 'CIPHERS does not include ARCFOUR/BLOWFISH/CAST'
  • GEN005506 M6 - The SSH daemon must be configured to not use CBC ciphers - 'CIPHERS configured'
  • GEN005506 M6 - The SSH daemon must be configured to not use CBC ciphers - 'CIPHERS does not include -CBC'
  • GEN005507 M6 - SSH MACs must use FIPS 140-2 approved algorithms - 'MACS doesn't include HMAC-MD5/HMAC-RIPEMD160/HMAC-SHA1-96/HMAC-MD5-96'
  • GEN005507 M6 - SSH Server MACs use FIPS 140-2 approved algorithms - 'MACS doesn't include HMAC-MD5/HMAC-RIPEMD160/HMAC-SHA1-96/HMAC-MD5-96'
  • GEN005510 M6 - The SSH client must be configured to only use FIPS 140-2 approved ciphers - 'CIPHERS configured'
  • GEN005510 M6 - The SSH client must be configured to only use FIPS 140-2 approved ciphers - 'CIPHERS does not include ARCFOUR/BLOWFISH/CAST'
  • GEN005511 M6 - The SSH client must be configured to not use CBC-based ciphers - 'CIPHERS configured'
  • GEN005511 M6 - The SSH client must be configured to not use CBC-based ciphers - 'CIPHERS does not include -CBC'
  • GEN005512 M6 - SSH client MACs use FIPS 140-2 approved algorithms - 'MACS configured'
  • GEN005512 M6 - SSH client MACs use FIPS 140-2 approved algorithms - 'MACS doesn't include HMAC-MD5/HMAC-RIPEMD160/HMAC-SHA1-96/HMAC-MD5-96'
  • OSX00020 M6 - A maximum password age must be set - 'Local maxMinutesUntilChangePassword >= 86400 or 0'
  • OSX00020 M6 - A maximum password age must be set - 'Managed maxMinutesUntilChangePassword >= 86400 or 0'
  • OSX00030 M6 - A minimum password length must be set - 'Local minChars >= 15'
  • OSX00030 M6 - A minimum password length must be set - 'Managed minChars >= 15'
  • OSX00036 M6 - Complex passwords must contain Alphabetic Character - 'Local requiresAlpha = 1'
  • OSX00036 M6 - Complex passwords must contain Alphabetic Character - 'Managed requiresAlpha = 1'
  • OSX00038 M6 - Complex passwords must contain a Symbolic Character - 'Local requiresSymbol = 1'
  • OSX00038 M6 - Complex passwords must contain a Symbolic Character - 'Managed requiresSymbol = 1'
  • OSX00040 M6 - Newly created password content must be checked - 'Local passwordCannotBeName = 1'
  • OSX00040 M6 - Newly created password content must be checked - 'Managed passwordCannotBeName = 1'
  • OSX00045 M6 - Account lockout duration must be properly configured - 'Local minutesUntilFailedLoginReset = 0'
  • OSX00045 M6 - Account lockout duration must be properly configured - 'Managed minutesUntilFailedLoginReset = 0'
  • OSX00050 M6 - Account lockout threshold must be properly configured - 'Local maxFailedLoginAttempts <= 3'
  • OSX00050 M6 - Account lockout threshold must be properly configured - 'Managed maxFailedLoginAttempts <= 3'
  • OSX00115 M6 - LDAPv3 access must be securely configured (if it is used)
  • OSX00120 M6 - Clear text passwords for all LDAPv3 directories must be disabled
  • OSX00120 M6 - LDAP Authentication must use authentication when connecting to LDAPv3
  • OSX00120 M6 - LDAPv3 access must be securely configured (if it is used)
  • OSX00121 M6 - Clear text passwords for all LDAPv3 directories must be disabled
  • OSX00121 M6 - Clear text passwords for all LDAPv3 directories must be disabled - No ClearText Authentications = 1
  • OSX00122 M6 - All LDAPv3 packets must be digitally signed
  • OSX00122 M6 - All LDAPv3 packets must be digitally signed - Packet Signing = 1
  • OSX00123 M6 - All LDAPv3 packets must be encrypted
  • OSX00123 M6 - All LDAPv3 packets must be encrypted - Packet Encryption = 1
  • OSX00124 M6 - LDAPv3 must block man-in-the-middle attacks
  • OSX00124 M6 - LDAPv3 must block man-in-the-middle attacks - Man in the Middle = 1
  • OSX00475 M6 - Screen Sharing must be disabled - 'OSX <= 10.6.2 /Library/Preferences/com.apple.ScreenSharing.launchd does not exist'
  • OSX00475 M6 - Screen Sharing must be disabled - 'OSX >= 10.6.3 /private/etc/ScreenSharing.launchd does not exist'
  • OSX00530 M6 - iTunes Store must be disabled - 'Ping is disabled'
Miscellaneous
  • Platform check updated.