1.3.0 - The system must display the Standard Mandatory DoD Notice and Consent Banner before granting local or remote access to the system via a graphical user logon. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | ACCESS CONTROL |
1.4.0 - The system must display the approved Standard Mandatory DoD Notice and Consent Banner before granting local or remote access to the system via a graphical user logon. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | ACCESS CONTROL |
1.5.0 - The system must display the Standard Mandatory DoD Notice and Consent Banner before granting local or remote access to the system via a command line user logon. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | ACCESS CONTROL |
1.6.0 - The system must enable a user session lock until that user re-establishes access using established identification and authentication procedures. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | ACCESS CONTROL |
1.15 - Ensure IBM JRE 1.6 is configured correctly - 'policy.provider = sun.security.provider.PolicyFile' | Redhat JBoss EAP 5.x | Unix | CONFIGURATION MANAGEMENT |
1.19 - Remove, rename, or comment out the default user accounts from production servers - 'JBossWS password != empty' | Redhat JBoss EAP 5.x | Unix | IDENTIFICATION AND AUTHENTICATION |
1.19 - Remove, rename, or comment out the default user accounts from production servers - 'JBossWS principal != sa' | Redhat JBoss EAP 5.x | Unix | IDENTIFICATION AND AUTHENTICATION |
1.19 - Remove, rename, or comment out the default user accounts from production servers - 'JBossWS userName != sa' | Redhat JBoss EAP 5.x | Unix | IDENTIFICATION AND AUTHENTICATION |
1.19 - Remove, rename, or comment out the default user accounts from production servers - 'jbossws-users.properties - kermit' | Redhat JBoss EAP 5.x | Unix | IDENTIFICATION AND AUTHENTICATION |
1.19 - Remove, rename, or comment out the default user accounts from production servers - 'jmx-console password != empty' | Redhat JBoss EAP 5.x | Unix | IDENTIFICATION AND AUTHENTICATION |
1.19 - Remove, rename, or comment out the default user accounts from production servers - 'jmx-console principal != sa' | Redhat JBoss EAP 5.x | Unix | IDENTIFICATION AND AUTHENTICATION |
1.19 - Remove, rename, or comment out the default user accounts from production servers - 'jmx-console userName != sa' | Redhat JBoss EAP 5.x | Unix | IDENTIFICATION AND AUTHENTICATION |
1.19 - Remove, rename, or comment out the default user accounts from production servers - 'jmx-console-users.properties - admin' | Redhat JBoss EAP 5.x | Unix | IDENTIFICATION AND AUTHENTICATION |
1.19 - Remove, rename, or comment out the default user accounts from production servers - 'messaging-users.properties - guest' | Redhat JBoss EAP 5.x | Unix | IDENTIFICATION AND AUTHENTICATION |
1.20 - Remove default roles from production servers - 'admin-console default role != JBossAdmin|HttpInvoker|friend|guest' | Redhat JBoss EAP 5.x | Unix | IDENTIFICATION AND AUTHENTICATION |
1.20 - Remove default roles from production servers - 'console-mgr default role != JBossAdmin|HttpInvoker|friend|guest' | Redhat JBoss EAP 5.x | Unix | IDENTIFICATION AND AUTHENTICATION |
1.20 - Remove default roles from production servers - 'jmx-console default role != JBossAdmin|HttpInvoker|friend|guest' | Redhat JBoss EAP 5.x | Unix | IDENTIFICATION AND AUTHENTICATION |
1.100 - The system must initiate a session lock for the screensaver after a period of inactivity for graphical user interfaces. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | ACCESS CONTROL |
1.110 - The system must initiate a session lock for graphical user interfaces when the screensaver is activated. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | ACCESS CONTROL |
1.118 - The system must be configured so that /etc/pam.d/passwd implements /etc/pam.d/system-auth when changing passwords. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
2.1 Configure Java Security Manager to use an environment specific policy - 'JAVA_OPTS -Djava.security.manager -Djava.security.policy' | Redhat JBoss EAP 5.x | Unix | SYSTEM AND SERVICES ACQUISITION |
2.23 Ensure Security Audit Appender is enabled - 'Audit Appender = true' | Redhat JBoss EAP 5.x | Unix | AUDIT AND ACCOUNTABILITY |
2.24 Ensure Security Audit Provider is enabled - 'Audit Provider = true' | Redhat JBoss EAP 5.x | Unix | AUDIT AND ACCOUNTABILITY |
2.25 Ensure Configure SecurityInterceptor logging level is set correctly - 'org.jboss.ejb.plugins.SecurityInterceptor = true' | Redhat JBoss EAP 5.x | Unix | AUDIT AND ACCOUNTABILITY |
2.31 - Deny the JBoss process owner console access | Redhat JBoss EAP 5.x | Unix | ACCESS CONTROL |
2.32/2.33 - Set JBoss file ownership/permissions | Redhat JBoss EAP 5.x | Unix | CONFIGURATION MANAGEMENT |
3.0210 - The system must take appropriate action when the audisp-remote buffer is full. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
3.360 - The system must audit all executions of privileged functions - setgid 64 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
3.360 - The system must audit all executions of privileged functions - setuid 32 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
3.360 - The system must audit all executions of privileged functions - setuid 64 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
3.410 - The system must audit all uses of the chmod syscall - 32 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
3.410 - The system must audit all uses of the chmod syscall - 64 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
3.430 - The system must audit all uses of the fchmodat syscall - 32 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
3.430 - The system must audit all uses of the fchmodat syscall - 64 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
3.440 - The system must audit all uses of the setxattr syscall - 32 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
3.440 - The system must audit all uses of the setxattr syscall - 64 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
3.450 - The system must audit all uses of the fsetxattr syscall - 32 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
3.460 - The system must audit all uses of the lsetxattr syscall - 64 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
3.470 - The system must audit all uses of the removexattr syscall - 32 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
3.470 - The system must audit all uses of the removexattr syscall - 64 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
3.480 - The system must audit all uses of the fremovexattr syscall - 32 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
3.490 - The system must audit all uses of the lremovexattr syscall - 32 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
3.490 - The system must audit all uses of the lremovexattr syscall - 64 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
3.819 - The system must audit all uses of the create_module syscall - 32 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
3.820 - The system must audit all uses of the init_module syscall - 32 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
3.820 - The system must audit all uses of the init_module syscall - 64 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
3.830 - The system must audit all uses of the delete_module syscall - 64 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
4.180 - The system must implement cryptography to protect the integrity of Lightweight Directory Access Protocol (LDAP) authentication communications. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
4.180- The system must implement cryptography to protect the integrity of Lightweight Directory Access Protocol (LDAP) authentication communications. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
4.200 - The system must implement cryptography to protect the integrity of Lightweight Directory Access Protocol (LDAP) communications - config | Tenable Fedora Linux Best Practices v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |