Detections
Analytics

Item Search

NameAudit NamePluginCategory
DG0003-ORACLE11 - The latest security patches should be installed.DISA STIG Oracle 11 Installation v9r1 WindowsWindows
DG0066-ORACLE11 - Procedures for establishing temporary passwords that meet DoD password requirements for new accounts should be defined, documented and implemented.DISA STIG Oracle 11 Installation v9r1 LinuxUnix
DG0092-ORACLE11 - Database data files containing sensitive information should be encrypted.DISA STIG Oracle 11 Installation v9r1 LinuxUnix
DG0106-ORACLE11 - Database data encryption controls should be configured in accordance with application requirements.DISA STIG Oracle 11 Installation v9r1 LinuxUnix
DG0107-ORACLE11 - Sensitive data is stored in the database and should be identified in the System Security Plan and AIS Functional Architecture documentation.DISA STIG Oracle 11 Installation v9r1 LinuxUnix
DG0158-ORACLE11 - DBMS remote administration should be audited.DISA STIG Oracle 11 Installation v9r1 LinuxUnix
DG0161-ORACLE11 - An automated tool that monitors audit data and immediately reports suspicious activity should be employed for the DBMS.DISA STIG Oracle 11 Installation v9r1 LinuxUnix
DO6752-ORACLE11 - The Oracle SEC_PROTOCOL_ERROR_TRACE_ACTION parameter should not be set to NONE.DISA STIG Oracle 11 Installation v9r1 DatabaseOracleDB
WA060 A22 - A public web server, if hosted on the NIPRNet, must be isolated in an accredited DoD DMZ Extension.DISA STIG Apache Server 2.2 Unix v1r11Unix
WA060 A22 - A public web server, if hosted on the NIPRNet, must be isolated in an accredited DoD DMZ Extension.DISA STIG Apache Server 2.2 Unix v1r11 MiddlewareUnix
WA060 W22 - A public web server, if hosted on the NIPRNet, must be isolated in an accredited DoD DMZ Extension.DISA STIG Apache Server 2.2 Windows v1r13Windows
WA230 IIS6 - The site software used with the web server must have all applicable security patches applied and documented.DISA STIG IIS 6.0 Server v6r16Windows
WA230 W22 - The site software used with the web server must have all applicable security patches applied and documented.DISA STIG Apache Server 2.2 Windows v1r13Windows
WA00525 A22 - User specific directories must not be globally enabled.DISA STIG Apache Server 2.2 Unix v1r11 MiddlewareUnix
WA00530 A22 - The process ID (PID) file must be properly securedDISA STIG Apache Server 2.2 Unix v1r11 MiddlewareUnix
WA00530 A22 - The process ID (PID) file must be properly secured - permissionsDISA STIG Apache Server 2.2 Unix v1r11Unix
WA00530 W22 - The process ID (PID) file must be properly secured.DISA STIG Apache Server 2.2 Windows v1r13Windows
WA00535 W22 - The ScoreBoard file must be properly secured.DISA STIG Apache Server 2.2 Windows v1r13Windows
WA00540 A22 - The web server must be configured to explicitly deny access to the OS root - DenyDISA STIG Apache Server 2.2 Unix v1r11 MiddlewareUnix
WA00555 A22 - The web server must be configured to listen on a specific IP address and port - 0.0.0.0:80DISA STIG Apache Server 2.2 Unix v1r11 MiddlewareUnix
WA00555 A22 - The web server must be configured to listen on a specific IP address and port - listenDISA STIG Apache Server 2.2 Unix v1r11 MiddlewareUnix
WA00565 A22 - HTTP request methods must be limited - DenyDISA STIG Apache Server 2.2 Unix v1r11 MiddlewareUnix
WG040 W22 - Public web server resources must not be shared with private assets.DISA STIG Apache Server 2.2 Windows v1r13Windows
WG050 A22 - The web server password(s) must be entrusted to the SA or Web Manager.DISA STIG Apache Server 2.2 Unix v1r11Unix
WG050 W22 - The web server service password(s) must be entrusted to the SA or Web Manager.DISA STIG Apache Server 2.2 Windows v1r13Windows
WG080 A22 - Installation of a compiler on production web server is prohibited.DISA STIG Apache Server 2.2 Unix v1r11Unix
WG080 W22 - Installation of a compiler on production web server must be prohibited.DISA STIG Apache Server 2.2 Windows v1r13Windows
WG220 A22 - Web administration tools must be restricted to the web manager and the web manager's designees - AccessConfigDISA STIG Apache Server 2.2 Unix v1r11 MiddlewareUnix
WG240 IIS6 - Logs of web server access and errors must be established and maintained.DISA STIG IIS 6.0 Site Checklist v6r16Windows
WG250 A22 - Log file access must be restricted to System Administrators, Web Administrators or Auditors.DISA STIG Apache Site 2.2 Unix v1r11Unix
WG260 IIS6 - Only fully reviewed and tested web sites must exist on a production web server.DISA STIG IIS 6.0 Site Checklist v6r16Windows
WG270 A22 - The web server's htpasswd files (if present) must reflect proper ownership and permissionsDISA STIG Apache Server 2.2 Unix v1r11Unix
WG270 A22 - The web server's htpasswd files (if present) must reflect proper ownership and permissionsDISA STIG Apache Server 2.2 Unix v1r11 MiddlewareUnix
WG280 - The access control files are owned by a privileged web server account - APP_Config_filesDISA STIG Apache Server 2.2 Unix v1r11 MiddlewareUnix
WG280 - The access control files are owned by a privileged web server account - HTACCESS_DIRDISA STIG Apache Server 2.2 Unix v1r11Unix
WG280 - The access control files are owned by a privileged web server account - HTTPD_CONFIG_DIRECTORY/httpd.confDISA STIG Apache Server 2.2 Unix v1r11Unix
WG350 IIS6 - A private web server must have a valid server certificate.DISA STIG IIS 6.0 Site Checklist v6r16Windows
WG350 W22 - A private web server must have a valid DoD server certificate.DISA STIG Apache Site 2.2 Windows v1r13Windows
WG355 A22 - A private web server's list of CAs in a trust hierarchy must lead to an authorized DoD PKI Root CA.DISA STIG Apache Server 2.2 Unix v1r11 MiddlewareUnix
WG355 W22 - A private web server's list of CAs in a trust hierarchy must lead to an authorized DoD PKI Root CA.DISA STIG Apache Server 2.2 Windows v1r13Windows
WG410 IIS6 - Interactive scripts must have proper access controls. - 'CGI Directory Permissions'DISA STIG IIS 6.0 Site Checklist v6r16Windows
WG410 IIS6 - Interactive scripts must have proper access controls. - 'Execute Permissions set 'Script only'DISA STIG IIS 6.0 Site Checklist v6r16Windows
WG410 W22 - Interactive scripts used on a web server must have proper access controls.DISA STIG Apache Site 2.2 Windows v1r13Windows
WG430 A22 - Anonymous FTP user access to interactive scripts is prohibited.DISA STIG Apache Site 2.2 Unix v1r11 MiddlewareUnix
WG430 IIS6 - Anonymous FTP users must not have access to interactive scripts.DISA STIG IIS 6.0 Site Checklist v6r16Windows
WG430 W22 - Anonymous FTP user access to interactive scripts must be prohibited.DISA STIG Apache Site 2.2 Windows v1r13Windows
WG440 A22 - Monitoring software must include CGI or equivalent programs in its scope.DISA STIG Apache Server 2.2 Unix v1r11Unix
WG440 A22 - Monitoring software must include CGI or equivalent programs in its scope.DISA STIG Apache Server 2.2 Unix v1r11 MiddlewareUnix
WG460 W22 - PERL scripts must use the TAINT option.DISA STIG Apache Site 2.2 Windows v1r13Windows
WG470 W22 - Wscript.exe and Cscript.exe must only be accessible by the SA and/or the web administrator. - 'Wscript.exe'DISA STIG Apache Server 2.2 Windows v1r13Windows