| 1.6.0 - The system must enable a user session lock until that user re-establishes access using established identification and authentication procedures. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | ACCESS CONTROL |
| 1.7 Declare an EJB authorization policy for deployed applications | Redhat JBoss EAP 5.x | Unix | ACCESS CONTROL |
| 1.9.0 - The system must have the screen package installed. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.17 The allRolesMode must be configured to 'strict' - 'allRolesMode = strict' | Redhat JBoss EAP 5.x | Unix | ACCESS CONTROL |
| 1.101 - The system must prevent a user from overriding the screensaver idle-activation-enabled setting for the graphical user interface. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | ACCESS CONTROL |
| 1.481 - The system must require authentication upon booting into single-user and maintenance modes. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.500 - The system must uniquely identify and must authenticate organizational users (or processes acting on behalf of organizational users) using multifactor authentication - module | Tenable Fedora Linux Best Practices v2.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 1.500 - The system must uniquely identify and must authenticate organizational users (or processes acting on behalf of organizational users) using multifactor authentication - pam_pkcs11 | Tenable Fedora Linux Best Practices v2.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 1.500 - The system must uniquely identify and must authenticate organizational users (or processes acting on behalf of organizational users) using multifactor authentication - removal | Tenable Fedora Linux Best Practices v2.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 2.019 - The system must have a host-based intrusion detection tool installed. - MFEhiplsm package | Tenable Fedora Linux Best Practices v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.019 - The system must have a host-based intrusion detection tool installed. - MFEhiplsm process | Tenable Fedora Linux Best Practices v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.26 Ensure logging is enabled for Microcontainer bootstrap operations - 'SecurityInterceptor logging level = true' | Redhat JBoss EAP 5.x | Unix | AUDIT AND ACCOUNTABILITY |
| 2.27 - Ensure logging is enabled for web-based requests if required by deployed applications - 'AccessLogValve = true' | Redhat JBoss EAP 5.x | Unix | AUDIT AND ACCOUNTABILITY |
| 3.200 - The system must be configured to use the au-remote plugin. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.201 - The system must configure the au-remote plugin to off-load audit logs using the audisp-remote daemon - direction | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.201 - The system must configure the au-remote plugin to off-load audit logs using the audisp-remote daemon - path | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.201 - The system must configure the au-remote plugin to off-load audit logs using the audisp-remote daemon - type | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.0211 - The system must label all off-loaded audit logs before sending them to the central log server. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.360 - The system must audit all executions of privileged functions - setgid 32 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.360 - The system must audit all executions of privileged functions - setgid 64 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.360 - The system must audit all executions of privileged functions - setuid 64 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.390 - The system must audit all uses of the lchown syscall - 64 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.400 - The system must audit all uses of the fchownat syscall - 32 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.420 - The system must audit all uses of the fchmod syscall - 32 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.420 - The system must audit all uses of the fchmod syscall - 64 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.430 - The system must audit all uses of the fchmodat syscall - 64 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.490 - The system must audit all uses of the lremovexattr syscall - 64 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.520 - The system must audit all uses of the openat syscall - EPERM 32 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.520 - The system must audit all uses of the openat syscall - EPERM 64 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.530 - The system must audit all uses of the open_by_handle_at syscall - EACCES 32 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.530 - The system must audit all uses of the open_by_handle_at syscall - EACCES 64 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.540 - The system must audit all uses of the truncate syscall - EACCES 32 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.540 - The system must audit all uses of the truncate syscall - EPERM 32 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.550 - The system must audit all uses of the ftruncate syscall - EPERM 64 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.820 - The system must audit all uses of the init_module syscall - 32 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.830 - The system must audit all uses of the delete_module syscall - 32 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.830 - The system must audit all uses of the delete_module syscall - 64 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.880 - The system must audit all uses of the rename syscall - 64 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.910 - The system must audit all uses of the unlink syscall - 32 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.180 - The system must implement cryptography to protect the integrity of Lightweight Directory Access Protocol (LDAP) authentication communications. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.180- The system must implement cryptography to protect the integrity of Lightweight Directory Access Protocol (LDAP) authentication communications. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.190 - The system must implement cryptography to protect the integrity of Lightweight Directory Access Protocol (LDAP) communications. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.200 - The system must implement cryptography to protect the integrity of Lightweight Directory Access Protocol (LDAP) communications - file | Tenable Fedora Linux Best Practices v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.201 - The system must implement virtual address space randomization - sysctl | Tenable Fedora Linux Best Practices v2.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 4.360 - The system must display the date and time of the last successful account logon upon an SSH logon. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | ACCESS CONTROL |
| 4.410 - The SSH public host key files must have mode 0644 or less permissive. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.520 - The system must enable an application firewall, if available - state | Tenable Fedora Linux Best Practices v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.520 - The system must enable an application firewall, if available - status | Tenable Fedora Linux Best Practices v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.810 - The system access control program must be configured to grant or deny system access to specific hosts and services. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.820 - The system must not have unauthorized IP tunnels configured. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
