DISA STIG HP-UX 11.31 v1r19

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA STIG HP-UX 11.31 v1r19

Updated: 4/10/2019

Authority: DISA STIG

Plugin: Unix

Revision: 1.0

Estimated Item Count: 845

Audit Items

Description	Categories
GEN002000 - There must be no .netrc files on the system	CONFIGURATION MANAGEMENT
DISA HP-UX 11.31 STIG v1r19
GEN000000-HPUX0020 - The system must be configured to operate in a security mode - '/etc/shadow directory exists'	IDENTIFICATION AND AUTHENTICATION
GEN000000-HPUX0020 - The system must be configured to operate in a security mode - '/tcb directory exists'	CONFIGURATION MANAGEMENT
GEN000000-HPUX0020 - The system must be configured to operate in a security mode - '/var/adm/userdb directory exists'	CONFIGURATION MANAGEMENT
GEN000000-HPUX0040 - The HP-UX AUDOMON_ARGS attribute must be explicitly initialized - '-p 20'	AUDIT AND ACCOUNTABILITY
GEN000000-HPUX0040 - The HP-UX AUDOMON_ARGS attribute must be explicitly initialized - '-t 1'	AUDIT AND ACCOUNTABILITY
GEN000000-HPUX0040 - The HP-UX AUDOMON_ARGS attribute must be explicitly initialized - '-w 90'	AUDIT AND ACCOUNTABILITY
GEN000000-HPUX0060 - The /etc/securetty file must be owned by root	CONFIGURATION MANAGEMENT
GEN000000-HPUX0080 - The HP-UX /etc/securetty must be group-owned by root, sys, or bin	CONFIGURATION MANAGEMENT
GEN000000-HPUX0100 - The /etc/securetty file must have mode 0640 or less permissive	CONFIGURATION MANAGEMENT
GEN000000-HPUX0110 - The HP-UX /etc/securetty file must not have an extended ACL	CONFIGURATION MANAGEMENT
GEN000000-HPUX0200 - userdb database must not be used to override the system-wide variables in the security file, unless required	ACCESS CONTROL
GEN000000-HPUX0210 - The system must disable accounts after three consecutive unsuccessful SSH login attempts	ACCESS CONTROL
GEN000000-HPUX0220 - The system must impose the same restrictions on root logins that are already applied to non-root users	IDENTIFICATION AND AUTHENTICATION
GEN000000-HPUX0225 - The system must impose the same restrictions on root passwords that are already applied to non-root users	IDENTIFICATION AND AUTHENTICATION
GEN000000-HPUX0230 - The ability to boot the system into single user mode must be restricted to root	SYSTEM AND INFORMATION INTEGRITY
GEN000000-HPUX0240 - The /var/adm/userdb directory must be owned by root	CONFIGURATION MANAGEMENT
GEN000000-HPUX0250 - The /var/adm/userdb directory must be group-owned by sys	CONFIGURATION MANAGEMENT
GEN000000-HPUX0260 - The /var/adm/userdb directory must have mode 0700 or less permissive	CONFIGURATION MANAGEMENT
GEN000000-HPUX0270 - The /var/adm/userdb directory must not have an extended ACL	CONFIGURATION MANAGEMENT
GEN000000-HPUX0280 - The /var/adm/userdb/USERDB.DISABLED file must be owned by root	CONFIGURATION MANAGEMENT
GEN000000-HPUX0290 - The /var/adm/userdb/USERDB.DISABLED file must be group-owned by sys	CONFIGURATION MANAGEMENT
GEN000000-HPUX0300 - The /var/adm/userdb/USERDB.DISABLED file must have mode 0444 or less permissive	CONFIGURATION MANAGEMENT
GEN000000-HPUX0310 - The /var/adm/userdb/USERDB.DISABLED file must not have an extended ACL	CONFIGURATION MANAGEMENT
GEN000000-HPUX0320 - The /etc/security.dsc file must be owned by root	CONFIGURATION MANAGEMENT
GEN000000-HPUX0330 - The /etc/security.dsc file must be group-owned by sys	CONFIGURATION MANAGEMENT
GEN000000-HPUX0340 - The /etc/security.dsc file must have mode 0444 or less permissive	CONFIGURATION MANAGEMENT
GEN000000-HPUX0350 - The /etc/security.dsc file must not have an extended ACL	CONFIGURATION MANAGEMENT
GEN000000-HPUX0360 - The /etc/pam.conf file must be owned by root	CONFIGURATION MANAGEMENT
GEN000000-HPUX0370 - The /etc/pam.conf file must be group-owned by sys	CONFIGURATION MANAGEMENT
GEN000000-HPUX0380 - The /etc/pam.conf file must have mode 0444 or less permissive	CONFIGURATION MANAGEMENT
GEN000000-HPUX0390 - The /etc/pam.conf file must not have an extended ACL	CONFIGURATION MANAGEMENT
GEN000000-HPUX0400 - The per user PAM config file must not override the system-wide PAM config file	CONFIGURATION MANAGEMENT
GEN000000-HPUX0410 - The /etc/pam_user.conf file must be owned by root	CONFIGURATION MANAGEMENT
GEN000000-HPUX0420 - The /etc/pam_user.conf file must be group-owned by sys	CONFIGURATION MANAGEMENT
GEN000000-HPUX0430 - The /etc/pam_user.conf file must have mode 0444 or less permissive	CONFIGURATION MANAGEMENT
GEN000000-HPUX0440 - /etc/pam_user.conf file must not have an extended ACL	CONFIGURATION MANAGEMENT
GEN000000-HPUX0450 - System must determine if password aging is inherited from /etc/default/security when not specified in shadow file	IDENTIFICATION AND AUTHENTICATION
GEN000000-HPUX0460 - The system must display the date and time of the last successful account login upon login by means other than SSH	ACCESS CONTROL
GEN000000-HPUX0470 - The system and user default umask must be 0077 for all sessions initiated via PAM	ACCESS CONTROL
GEN000020 - The system must require authentication upon booting into single-user and maintenance modes - 'BOOT_AUTH = 1'	SYSTEM AND INFORMATION INTEGRITY
GEN000120 - System security patches and updates must be installed and up-to-date
GEN000140 - A file integrity baseline including cryptographic hashes must be created and maintained
GEN000220 - A file integrity tool must be used at least weekly to check for unauthorized file changes.
GEN000240 - The system clock must be synchronized to an authoritative DoD time source - 'NTP drift file is configured'	CONFIGURATION MANAGEMENT
GEN000240 - The system clock must be synchronized to an authoritative DoD time source - 'NTP peer is configured'	CONFIGURATION MANAGEMENT
GEN000240 - The system clock must be synchronized to an authoritative DoD time source - 'NTP server is configured'	AUDIT AND ACCOUNTABILITY
GEN000240 - The system clock must be synchronized to an authoritative DoD time source - 'xntpd\|ntpd is running'	AUDIT AND ACCOUNTABILITY
GEN000241 - The system clock must be synchronized continuously or at least daily - 'NTP cron job'	AUDIT AND ACCOUNTABILITY

Detections

Analytics

DISA STIG HP-UX 11.31 v1r19

Warning! Audit Deprecated

Audit Details

Audit Items