BSI-100-2 Red Hat Linux 2005

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: BSI-100-2 Red Hat Linux 2005

Updated: 4/12/2023

Authority: BSI

Plugin: Unix

Revision: 1.8

Estimated Item Count: 91

Audit Items

DescriptionCategories
BSI_100_2_Redhat_v1.0.audit from BSI-100-2 Red Hat Linux 2005
BSI-100-2: S 2.33: Division of administrator roles under Unix: Password length >= 12

IDENTIFICATION AND AUTHENTICATION

BSI-100-2: S 4.13: Careful allocation of identifiers: /etc/group consistency

IDENTIFICATION AND AUTHENTICATION

BSI-100-2: S 4.13: Careful allocation of identifiers: /etc/password consistency

IDENTIFICATION AND AUTHENTICATION

BSI-100-2: S 4.13: Careful allocation of identifiers: Every GID must be unique

IDENTIFICATION AND AUTHENTICATION

BSI-100-2: S 4.13: Careful allocation of identifiers: Every GID must be valid

ACCESS CONTROL

BSI-100-2: S 4.13: Careful allocation of identifiers: Every group ID (GID) must be unique - Duplicate GID

IDENTIFICATION AND AUTHENTICATION

BSI-100-2: S 4.13: Careful allocation of identifiers: Every group ID (GID) must be unique - Zero GID

IDENTIFICATION AND AUTHENTICATION

BSI-100-2: S 4.13: Careful allocation of identifiers: Every group log-in name must be unique

IDENTIFICATION AND AUTHENTICATION

BSI-100-2: S 4.13: Careful allocation of identifiers: Every log-in name must be unique

IDENTIFICATION AND AUTHENTICATION

BSI-100-2: S 4.13: Careful allocation of identifiers: Every UID must be unique

IDENTIFICATION AND AUTHENTICATION

BSI-100-2: S 4.13: Careful allocation of identifiers: UID 0 - /etc/group

IDENTIFICATION AND AUTHENTICATION

BSI-100-2: S 4.13: Careful allocation of identifiers: UID 0 - /etc/passwd

IDENTIFICATION AND AUTHENTICATION

BSI-100-2: S 4.14: Mandatory password protection under Unix: Passwords should not be stored in the universally readable /etc/passwd file

IDENTIFICATION AND AUTHENTICATION

BSI-100-2: S 4.18: Administrative and technical means to control access to the system-monitor and single-user mode: console access password

ACCESS CONTROL

BSI-100-2: S 4.18: Administrative and technical means to control access to the system-monitor and single-user mode: sulogin

ACCESS CONTROL

BSI-100-2: S 4.21: Preventing unauthorised acquisition of administrator rights: Administrative tasks should only be performed from console

ACCESS CONTROL

BSI-100-2: S 4.21: Preventing unauthorised acquisition of administrator rights: Block ftp for administrative accesses.

ACCESS CONTROL

BSI-100-2: S 4.21: Preventing unauthorised acquisition of administrator rights: Limiting access to su

ACCESS CONTROL

BSI-100-2: S 4.22: Prevention of loss of confidentiality of sensitive data in the Unix system: Finger service

CONFIGURATION MANAGEMENT

BSI-100-2: S 4.22: Prevention of loss of confidentiality of sensitive data in the Unix system: FTP service

CONFIGURATION MANAGEMENT

BSI-100-2: S 4.22: Prevention of loss of confidentiality of sensitive data in the Unix system: Restrict access to commands

ACCESS CONTROL

BSI-100-2: S 4.22: Prevention of loss of confidentiality of sensitive data in the Unix system: SMB service

CONFIGURATION MANAGEMENT

BSI-100-2: S 4.22: Prevention of loss of confidentiality of sensitive data in the Unix system: Telnet service

CONFIGURATION MANAGEMENT

BSI-100-2: S 4.22: Prevention of loss of confidentiality of sensitive data in the Unix system: TFTP service

CONFIGURATION MANAGEMENT

BSI-100-2: S 4.25: Use of logging in Unix systems: Dedicated loghost

AUDIT AND ACCOUNTABILITY

BSI-100-2: S 4.96: Deactivating DNS

CONFIGURATION MANAGEMENT

BSI-100-2: S 4.105: Initial measures after a Unix standard installation: /etc/X11/xinit/xinitrc - 'xhost +' should never be used

CONFIGURATION MANAGEMENT

BSI-100-2: S 4.105: Initial measures after a Unix standard installation: /usr/X11R6/bin/startx - 'xhost +' should never be used.

CONFIGURATION MANAGEMENT

BSI-100-2: S 4.105: Initial measures after a Unix standard installation: /usr/X11R6/lib/X11/xdm/Xsession - 'xhost +' should never be used.

CONFIGURATION MANAGEMENT

BSI-100-2: S 4.105: Initial measures after a Unix standard installation: ~/.Xclients - 'xhost +' should never be used.

CONFIGURATION MANAGEMENT

BSI-100-2: S 4.105: Initial measures after a Unix standard installation: ~/.Xclients.gnome - 'xhost +' should never be used.

CONFIGURATION MANAGEMENT

BSI-100-2: S 4.105: Initial measures after a Unix standard installation: ~/.Xclients.kde - 'xhost +' should never be used.

CONFIGURATION MANAGEMENT

BSI-100-2: S 4.105: Initial measures after a Unix standard installation: ~/.xinitrc - 'xhost +' should never be used.

CONFIGURATION MANAGEMENT

BSI-100-2: S 4.105: Initial measures after a Unix standard installation: ~/.xsession - 'xhost +' should never be used.

CONFIGURATION MANAGEMENT

BSI-100-2: S 4.105: Initial measures after a Unix standard installation: FTP - Remove non-required services from /etc/inetd.conf

CONFIGURATION MANAGEMENT

BSI-100-2: S 4.105: Initial measures after a Unix standard installation: HTTP - Remove non-required services from /etc/inetd.conf

CONFIGURATION MANAGEMENT

BSI-100-2: S 4.105: Initial measures after a Unix standard installation: INND - Remove non-required services from /etc/inetd.conf

CONFIGURATION MANAGEMENT

BSI-100-2: S 4.105: Initial measures after a Unix standard installation: No world writeable directories

ACCESS CONTROL

BSI-100-2: S 4.105: Initial measures after a Unix standard installation: No world writeable files

ACCESS CONTROL

BSI-100-2: S 4.105: Initial measures after a Unix standard installation: POP3 - Remove non-required services from /etc/inetd.conf

CONFIGURATION MANAGEMENT

BSI-100-2: S 4.105: Initial measures after a Unix standard installation: Portmap - Remove non-required services from /etc/inetd.conf

CONFIGURATION MANAGEMENT

BSI-100-2: S 4.105: Initial measures after a Unix standard installation: REXECD - Remove non-required services from /etc/inetd.conf

CONFIGURATION MANAGEMENT

BSI-100-2: S 4.105: Initial measures after a Unix standard installation: Rexecd must be deactivated

CONFIGURATION MANAGEMENT

BSI-100-2: S 4.105: Initial measures after a Unix standard installation: RLOGIND - Remove non-required services from /etc/inetd.conf

CONFIGURATION MANAGEMENT

BSI-100-2: S 4.105: Initial measures after a Unix standard installation: Rlogind must be deactivated

CONFIGURATION MANAGEMENT

BSI-100-2: S 4.105: Initial measures after a Unix standard installation: RSHD - Remove non-required services from /etc/inetd.conf

CONFIGURATION MANAGEMENT

BSI-100-2: S 4.105: Initial measures after a Unix standard installation: Rshd must be deactivated

CONFIGURATION MANAGEMENT

BSI-100-2: S 4.105: Initial measures after a Unix standard installation: Sendmail - Remove non-required services from /etc/inetd.conf

CONFIGURATION MANAGEMENT

BSI-100-2: S 4.105: Initial measures after a Unix standard installation: SMBD - Remove non-required services from /etc/inetd.conf

CONFIGURATION MANAGEMENT