| 1.7 - The system must initiate a screensaver after a 15-minute period of inactivity for graphical user interfaces. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | ACCESS CONTROL |
| 1.7 Declare an EJB authorization policy for deployed applications | Redhat JBoss EAP 5.x | Unix | ACCESS CONTROL |
| 1.9.0 - The system must have the screen package installed. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.17 The allRolesMode must be configured to 'strict' - 'allRolesMode = strict' | Redhat JBoss EAP 5.x | Unix | ACCESS CONTROL |
| 1.101 - The system must prevent a user from overriding the screensaver idle-activation-enabled setting for the graphical user interface. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | ACCESS CONTROL |
| 1.481 - The system must require authentication upon booting into single-user and maintenance modes. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.500 - The system must uniquely identify and must authenticate organizational users (or processes acting on behalf of organizational users) using multifactor authentication - module | Tenable Fedora Linux Best Practices v2.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 1.500 - The system must uniquely identify and must authenticate organizational users (or processes acting on behalf of organizational users) using multifactor authentication - pam_pkcs11 | Tenable Fedora Linux Best Practices v2.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 1.500 - The system must uniquely identify and must authenticate organizational users (or processes acting on behalf of organizational users) using multifactor authentication - removal | Tenable Fedora Linux Best Practices v2.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 2.019 - The system must have a host-based intrusion detection tool installed. - MFEhiplsm process | Tenable Fedora Linux Best Practices v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.26 Ensure logging is enabled for Microcontainer bootstrap operations - 'SecurityInterceptor logging level = true' | Redhat JBoss EAP 5.x | Unix | AUDIT AND ACCOUNTABILITY |
| 2.27 - Ensure logging is enabled for web-based requests if required by deployed applications - 'AccessLogValve = true' | Redhat JBoss EAP 5.x | Unix | AUDIT AND ACCOUNTABILITY |
| 3.200 - The system must be configured to use the au-remote plugin. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.201 - The system must configure the au-remote plugin to off-load audit logs using the audisp-remote daemon - direction | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.201 - The system must configure the au-remote plugin to off-load audit logs using the audisp-remote daemon - path | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.201 - The system must configure the au-remote plugin to off-load audit logs using the audisp-remote daemon - type | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.0211 - The system must label all off-loaded audit logs before sending them to the central log server. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.360 - The system must audit all executions of privileged functions - setgid 32 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.370 - The system must audit all uses of the chown syscall - 64 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.380 - The system must audit all uses of the fchown syscall - 32 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.390 - The system must audit all uses of the lchown syscall - 32 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.420 - The system must audit all uses of the fchmod syscall - 32 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.420 - The system must audit all uses of the fchmod syscall - 64 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.450 - The system must audit all uses of the fsetxattr syscall - 64 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.460 - The system must audit all uses of the lsetxattr syscall - 32 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.480 - The system must audit all uses of the fremovexattr syscall - 64 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.500 - The system must audit all uses of the creat syscall - EACCES 32 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.500 - The system must audit all uses of the creat syscall - EACCES 64 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.510 - The system must audit all uses of the open syscall - EACCES 32 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.510 - The system must audit all uses of the open syscall - EPERM 64 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.550 - The system must audit all uses of the ftruncate syscall - EPERM 32 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.590 - The system must audit all uses of the setfiles command. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.819 - The system must audit all uses of the create_module syscall - 64 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.821 - The system must audit all uses of the finit_module syscall - 32 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.821 - The system must audit all uses of the finit_module syscall - 64 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.830 - The system must audit all uses of the delete_module syscall - 32 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.880 - The system must audit all uses of the rename syscall - 32 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.900 - The system must audit all uses of the rmdir syscall - 32 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.900 - The system must audit all uses of the rmdir syscall - 64 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.190 - The system must implement cryptography to protect the integrity of Lightweight Directory Access Protocol (LDAP) communications. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.200 - The system must implement cryptography to protect the integrity of Lightweight Directory Access Protocol (LDAP) communications - file | Tenable Fedora Linux Best Practices v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.201 - The system must implement virtual address space randomization - sysctl | Tenable Fedora Linux Best Practices v2.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 4.360 - The system must display the date and time of the last successful account logon upon an SSH logon. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | ACCESS CONTROL |
| 4.370 - The system must not permit direct logons to the root account using remote access via SSH. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | ACCESS CONTROL |
| 4.410 - The SSH public host key files must have mode 0644 or less permissive. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.510 - The system must protect against or limit the effects of Denial of Service (DoS) attacks by validating the operating system is implementing rate-limiting measures on impacted network interfaces - sysctl | Tenable Fedora Linux Best Practices v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.520 - The system must enable an application firewall, if available - state | Tenable Fedora Linux Best Practices v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.520 - The system must enable an application firewall, if available - status | Tenable Fedora Linux Best Practices v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.810 - The system access control program must be configured to grant or deny system access to specific hosts and services. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.820 - The system must not have unauthorized IP tunnels configured. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
