| 1.3.0 - The system must display the Standard Mandatory DoD Notice and Consent Banner before granting local or remote access to the system via a graphical user logon. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | ACCESS CONTROL |
| 1.4.0 - The system must display the approved Standard Mandatory DoD Notice and Consent Banner before granting local or remote access to the system via a graphical user logon. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | ACCESS CONTROL |
| 1.6.0 - The system must enable a user session lock until that user re-establishes access using established identification and authentication procedures. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | ACCESS CONTROL |
| 1.7 - The system must initiate a screensaver after a 15-minute period of inactivity for graphical user interfaces. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | ACCESS CONTROL |
| 1.15 - Ensure IBM JRE 1.6 is configured correctly - 'policy.provider = sun.security.provider.PolicyFile' | Redhat JBoss EAP 5.x | Unix | CONFIGURATION MANAGEMENT |
| 1.19 - Remove, rename, or comment out the default user accounts from production servers - 'JBossWS password != empty' | Redhat JBoss EAP 5.x | Unix | IDENTIFICATION AND AUTHENTICATION |
| 1.19 - Remove, rename, or comment out the default user accounts from production servers - 'JBossWS principal != sa' | Redhat JBoss EAP 5.x | Unix | IDENTIFICATION AND AUTHENTICATION |
| 1.19 - Remove, rename, or comment out the default user accounts from production servers - 'JBossWS userName != sa' | Redhat JBoss EAP 5.x | Unix | IDENTIFICATION AND AUTHENTICATION |
| 1.19 - Remove, rename, or comment out the default user accounts from production servers - 'jbossws-users.properties - kermit' | Redhat JBoss EAP 5.x | Unix | IDENTIFICATION AND AUTHENTICATION |
| 1.19 - Remove, rename, or comment out the default user accounts from production servers - 'jmx-console password != empty' | Redhat JBoss EAP 5.x | Unix | IDENTIFICATION AND AUTHENTICATION |
| 1.19 - Remove, rename, or comment out the default user accounts from production servers - 'jmx-console principal != sa' | Redhat JBoss EAP 5.x | Unix | IDENTIFICATION AND AUTHENTICATION |
| 1.19 - Remove, rename, or comment out the default user accounts from production servers - 'jmx-console userName != sa' | Redhat JBoss EAP 5.x | Unix | IDENTIFICATION AND AUTHENTICATION |
| 1.19 - Remove, rename, or comment out the default user accounts from production servers - 'jmx-console-users.properties - admin' | Redhat JBoss EAP 5.x | Unix | IDENTIFICATION AND AUTHENTICATION |
| 1.19 - Remove, rename, or comment out the default user accounts from production servers - 'messaging-users.properties - guest' | Redhat JBoss EAP 5.x | Unix | IDENTIFICATION AND AUTHENTICATION |
| 1.20 - Remove default roles from production servers - 'admin-console default role != JBossAdmin|HttpInvoker|friend|guest' | Redhat JBoss EAP 5.x | Unix | IDENTIFICATION AND AUTHENTICATION |
| 1.20 - Remove default roles from production servers - 'console-mgr default role != JBossAdmin|HttpInvoker|friend|guest' | Redhat JBoss EAP 5.x | Unix | IDENTIFICATION AND AUTHENTICATION |
| 1.20 - Remove default roles from production servers - 'jmx-console default role != JBossAdmin|HttpInvoker|friend|guest' | Redhat JBoss EAP 5.x | Unix | IDENTIFICATION AND AUTHENTICATION |
| 1.100 - The system must initiate a session lock for the screensaver after a period of inactivity for graphical user interfaces. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | ACCESS CONTROL |
| 1.101 - The system must prevent a user from overriding the screensaver idle-activation-enabled setting for the graphical user interface. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | ACCESS CONTROL |
| 2.1 Configure Java Security Manager to use an environment specific policy - 'JAVA_OPTS -Djava.security.manager -Djava.security.policy' | Redhat JBoss EAP 5.x | Unix | SYSTEM AND SERVICES ACQUISITION |
| 2.23 Ensure Security Audit Appender is enabled - 'Audit Appender = true' | Redhat JBoss EAP 5.x | Unix | AUDIT AND ACCOUNTABILITY |
| 2.24 Ensure Security Audit Provider is enabled - 'Audit Provider = true' | Redhat JBoss EAP 5.x | Unix | AUDIT AND ACCOUNTABILITY |
| 2.25 Ensure Configure SecurityInterceptor logging level is set correctly - 'org.jboss.ejb.plugins.SecurityInterceptor = true' | Redhat JBoss EAP 5.x | Unix | AUDIT AND ACCOUNTABILITY |
| 2.31 - Deny the JBoss process owner console access | Redhat JBoss EAP 5.x | Unix | ACCESS CONTROL |
| 2.32/2.33 - Set JBoss file ownership/permissions | Redhat JBoss EAP 5.x | Unix | CONFIGURATION MANAGEMENT |
| 3.360 - The system must audit all executions of privileged functions - setgid 32 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.360 - The system must audit all executions of privileged functions - setgid 64 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.360 - The system must audit all executions of privileged functions - setuid 32 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.360 - The system must audit all executions of privileged functions - setuid 64 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.420 - The system must audit all uses of the fchmod syscall - 32 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.420 - The system must audit all uses of the fchmod syscall - 64 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.430 - The system must audit all uses of the fchmodat syscall - 32 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.430 - The system must audit all uses of the fchmodat syscall - 64 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.450 - The system must audit all uses of the fsetxattr syscall - 64 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.460 - The system must audit all uses of the lsetxattr syscall - 32 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.470 - The system must audit all uses of the removexattr syscall - 32 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.470 - The system must audit all uses of the removexattr syscall - 64 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.480 - The system must audit all uses of the fremovexattr syscall - 32 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.480 - The system must audit all uses of the fremovexattr syscall - 64 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.490 - The system must audit all uses of the lremovexattr syscall - 32 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.819 - The system must audit all uses of the create_module syscall - 32 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.819 - The system must audit all uses of the create_module syscall - 64 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.820 - The system must audit all uses of the init_module syscall - 64 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.821 - The system must audit all uses of the finit_module syscall - 32 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.821 - The system must audit all uses of the finit_module syscall - 64 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.830 - The system must audit all uses of the delete_module syscall - 32 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.190 - The system must implement cryptography to protect the integrity of Lightweight Directory Access Protocol (LDAP) communications. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.360 - The system must display the date and time of the last successful account logon upon an SSH logon. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | ACCESS CONTROL |
| 4.370 - The system must not permit direct logons to the root account using remote access via SSH. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | ACCESS CONTROL |
| 4.510 - The system must protect against or limit the effects of Denial of Service (DoS) attacks by validating the operating system is implementing rate-limiting measures on impacted network interfaces - sysctl | Tenable Fedora Linux Best Practices v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
