| ACLs: Filter for RFC 1918 addresses (10.0.0.0/8) | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | SYSTEM AND COMMUNICATIONS PROTECTION |
| ACLs: Filter for RFC 3330 addresses (0.0.0.0/8) | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | SYSTEM AND COMMUNICATIONS PROTECTION |
| ACLs: Filter for RFC 3330 addresses (169.254.0.0/16) | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | SYSTEM AND COMMUNICATIONS PROTECTION |
| ACLs: Filter for RFC 3330 addresses (224.0.0.0/4) | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | SYSTEM AND COMMUNICATIONS PROTECTION |
| Authentication: enable remote authentication | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | IDENTIFICATION AND AUTHENTICATION |
| Authentication: local authentication is available as a last resort | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | IDENTIFICATION AND AUTHENTICATION |
| BGP: Authenticate peers | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | ACCESS CONTROL |
| chrony is not installed - NTP server | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure mounting of FAT filesystems is disabled - modprobe | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure no duplicate GIDs exist | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | IDENTIFICATION AND AUTHENTICATION |
| Ensure no duplicate UIDs exist | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | IDENTIFICATION AND AUTHENTICATION |
| Ensure no duplicate user names exist | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | IDENTIFICATION AND AUTHENTICATION |
| Ensure no legacy '+' entries exist in /etc/group | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | IDENTIFICATION AND AUTHENTICATION |
| Ensure no users have .forward files | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure nodev option set on /tmp partition | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | ACCESS CONTROL |
| Ensure noexec option set on removable media partitions | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure nosuid option set on /dev/shm partition | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | ACCESS CONTROL |
| Ensure package manager repositories are configured - yum | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND INFORMATION INTEGRITY |
| Ensure packet redirect sending is disabled - /etc/sysctl ipv4 all send | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure packet redirect sending is disabled - sysctl ipv4 default send | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure password creation requirements are configured - /etc/pam.d/* dcredit | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | IDENTIFICATION AND AUTHENTICATION |
| Ensure password creation requirements are configured - /etc/pam.d/* minlen | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | IDENTIFICATION AND AUTHENTICATION |
| Ensure password creation requirements are configured - /etc/pam.d/* retry=3 | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | IDENTIFICATION AND AUTHENTICATION |
| Ensure permissions on /etc/hosts.allow are configured | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure permissions on /etc/issue are configured | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure permissions on /etc/passwd are configured | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | IDENTIFICATION AND AUTHENTICATION |
| Ensure prelink is disabled - zypper | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure remote login warning banner is configured properly | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure root is the only UID 0 account | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | ACCESS CONTROL |
| Ensure root PATH Integrity | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure secure ICMP redirects are not accepted - sysctl ipv4 default secure | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure separate partition exists for /var | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure session initiation information is collected - auditctl utmp | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure session initiation information is collected - utmp | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure source routed packets are not accepted - sysctl ipv4 all acccept | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure successful file system mounts are collected - auditctl b64 | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure syslog-ng is configured to send logs to a remote log host - log src | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure syslog-ng service is enabled | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure system is disabled when audit logs are full - 'space_left_action = email' | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure talk client is not installed - rpm | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure talk client is not installed - zypper | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure talk server is not enabled - talk | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure the MCS Translation Service (mcstrans) is not installed - zypper | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure unsuccessful unauthorized file access attempts are collected - auditctl b64 EPERM | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure unsuccessful unauthorized file access attempts are collected - b64 EACCES | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Login: FTP is disabled | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | CONFIGURATION MANAGEMENT |
| Login: Telnet is disabled (IPv6) | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | CONFIGURATION MANAGEMENT |
| Password Complexity: Require at least one uppercase and one lowercase letter | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | IDENTIFICATION AND AUTHENTICATION |
| Spanning Tree: enable edge-port | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | SYSTEM AND COMMUNICATIONS PROTECTION |
| Time: System has a secondary NTP server set | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | AUDIT AND ACCOUNTABILITY |
