Revision 1.22Sep 19, 2023
Functional Update
- GEN001160 - All files and directories must have a valid owner.
- GEN001170 - All files and directories must have a valid group-owner.
- GEN001660 - All system start-up files must be owned by root.
- GEN001680 - All system start-up files must be group-owned by root, sys, bin, other, or system.
- GEN002000 - There must be no .netrc files on the system.
- GEN002040 - There must be no .rhosts, .shosts, hosts.equiv, or shosts.equiv files on the system - '.rhosts'
- GEN002040 - There must be no .rhosts, .shosts, hosts.equiv, or shosts.equiv files on the system - '.shosts'
- GEN002040 - There must be no .rhosts, .shosts, hosts.equiv, or shosts.equiv files on the system - 'hosts.equiv'
- GEN002040 - There must be no .rhosts, .shosts, hosts.equiv, or shosts.equiv files on the system - 'shosts.equiv'
- GEN002380 - The owner, group, mode, ACL, and location of files with the setuid bit set must be documented using site-defined procedures.
- GEN002440 - The owner, group-owner, mode, ACL and location of files with the 'sgid' bit set must be documented.
- GEN002480 - Public directories must be the only world-writable directories and must be located only in public directories - 'directories'
- GEN002480 - Public directories must be the only world-writable directories and must be located only in public directories - 'files'
- GEN002500 - The sticky bit must be set on all public directories.
- GEN002520 - All public directories must be owned by root or an application account.
- GEN002540 - All public directories must be group-owned by root, sys, bin, or an application group.
- GEN003865 - Network analysis tools must not be installed - 'ethereal'
- GEN003865 - Network analysis tools must not be installed - 'nc'
- GEN003865 - Network analysis tools must not be installed - 'snoop'
- GEN003865 - Network analysis tools must not be installed - 'tcpdump'
- GEN003865 - Network analysis tools must not be installed - 'tshark'
- GEN003865 - Network analysis tools must not be installed - 'wireshark'
- GEN004580 - The system must not use .forward files - 'find .forward'
Miscellaneous
- References updated.
- Variables updated.