| 1.2 Enable SSH (/etc/ssh/sshd_config) | CONFIGURATION MANAGEMENT |
| 1.2 Enable SSH (Banner) | ACCESS CONTROL |
| 1.2 Enable SSH (PermitRootLogin) | ACCESS CONTROL |
| 1.2 Enable SSH (Protocol 2) | |
| 1.2 Enable SSH (sshd_enable) | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.3 Enable TCP Wrappers and a host based firewall (/etc/hosts.allow) | CONFIGURATION MANAGEMENT |
| 1.3 Enable TCP Wrappers and a host based firewall (firewall_enable) | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.3 Enable TCP Wrappers and a host based firewall (inetd_enable) | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.3 Enable TCP Wrappers and a host based firewall (inetd_flags) | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.3 Enable TCP Wrappers and a host based firewall (ipfw_load) | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1 Disable all inetd daemons | CONFIGURATION MANAGEMENT |
| 2.2 Only enable telnetd if absolutely necessary | CONFIGURATION MANAGEMENT |
| 2.3 Only enable ftpd if absolutely necessary | CONFIGURATION MANAGEMENT |
| 2.4 Only enable rlogin/rsh/rcp if absolutely necessary (login) | CONFIGURATION MANAGEMENT |
| 2.4 Only enable rlogin/rsh/rcp if absolutely necessary (shell) | CONFIGURATION MANAGEMENT |
| 2.5 Only enable TFTP if absolutely necessary | CONFIGURATION MANAGEMENT |
| 2.6 Only enable finger if absolutely necessary | CONFIGURATION MANAGEMENT |
| 2.7 Only enable Kerberos-related daemons if absolutely necessary (kadmind5_server_enable) | CONFIGURATION MANAGEMENT |
| 2.7 Only enable Kerberos-related daemons if absolutely necessary (kerberos5_enable) | CONFIGURATION MANAGEMENT |
| 2.7 Only enable Kerberos-related daemons if absolutely necessary (kpasswdd_server_enable) | CONFIGURATION MANAGEMENT |
| 2.8 Minimize the inetd.conf file | |
| 3.1 Disable login prompts on serial ports (ttyd0) | CONFIGURATION MANAGEMENT |
| 3.1 Disable login prompts on serial ports (ttyd1) | CONFIGURATION MANAGEMENT |
| 3.1 Disable login prompts on serial ports (ttyd2) | CONFIGURATION MANAGEMENT |
| 3.1 Disable login prompts on serial ports (ttyd3) | CONFIGURATION MANAGEMENT |
| 3.2 Set password on single user console | ACCESS CONTROL |
| 3.3 Set daemon umask (/etc/* umask) | ACCESS CONTROL |
| 3.3 Set daemon umask (/etc/periodic/* umask) | ACCESS CONTROL |
| 3.3 Set daemon umask (/usr/local/etc/rc.d umask) | ACCESS CONTROL |
| 3.3 Set daemon umask (/usr/local/etc/rc.d/* umask) | ACCESS CONTROL |
| 3.4 Prevent syslogd from accepting messages from the network | CONFIGURATION MANAGEMENT |
| 3.5 Disable the email server if possible (sendmail_enable) | CONFIGURATION MANAGEMENT |
| 3.5 Disable the email server if possible (sendmail_msp_queue_enable) | CONFIGURATION MANAGEMENT |
| 3.5 Disable the email server if possible (sendmail_outbound_enable) | CONFIGURATION MANAGEMENT |
| 3.5 Disable the email server if possible (sendmail_submit_enable) | CONFIGURATION MANAGEMENT |
| 3.6 Only enable BIND if absolutely necessary | CONFIGURATION MANAGEMENT |
| 3.7 Only enable other RPC-based services if absolutely necessary (rpc_lockd_enable) | CONFIGURATION MANAGEMENT |
| 3.7 Only enable other RPC-based services if absolutely necessary (rpc_statd_enable) | CONFIGURATION MANAGEMENT |
| 3.7 Only enable other RPC-based services if absolutely necessary (rpcbind_enable) | CONFIGURATION MANAGEMENT |
| 3.8 Only enable the NFS server if absolutely necessary (mountd_enable) | CONFIGURATION MANAGEMENT |
| 3.8 Only enable the NFS server if absolutely necessary (nfs_server_enable) | CONFIGURATION MANAGEMENT |
| 3.9 Only enable NFS client processes if absolutely necessary | CONFIGURATION MANAGEMENT |
| 3.10 Block NFS connections to non-privileged ports | CONFIGURATION MANAGEMENT |
| 3.11 Block non-privileged mountd requests | ACCESS CONTROL |
| 3.12 Only enable NIS if absolutely necessary (nis_server_enable) | CONFIGURATION MANAGEMENT |
| 3.12 Only enable NIS if absolutely necessary (nis_yppasswdd_enable) | CONFIGURATION MANAGEMENT |
| 3.12 Only enable NIS if absolutely necessary (nis_ypxfrd_enable) | CONFIGURATION MANAGEMENT |
| 3.12 Only enable NIS if absolutely necessary (rpc_ypupdated_enable) | CONFIGURATION MANAGEMENT |
| 3.13 Only enable NIS client daemons if absolutely necessary (nis_client_enable) | CONFIGURATION MANAGEMENT |
| 3.13 Only enable NIS client daemons if absolutely necessary (nis_ypset_enable) | CONFIGURATION MANAGEMENT |
