Amazon
CIS benchmarks:
https://benchmarks.cisecurity.org/downloads/multiform/index.cfm
# ./lunar.sh -a
Running: In audit mode (no changes will be made to system)
Filesystem checks will not be done
# SYSTEM INFORMATION:
Platform: x86_64
Vendor: Amazon
Name: Linux
Version: 2016
Update: 09
Checking: Security message in /etc/issue
Warning: No security message in /etc/issue [1 Warnings]
Checking: File permissions on /etc/ssh/sshd_config
Notice: File /etc/ssh/sshd_config does not exist
Checking: Value of "Protocol" is set to "2" in /etc/ssh/sshd_config
Warning: Parameter "Protocol" not set to "2" in /etc/ssh/sshd_config [2 Warnings]
Checking: Value of "X11Forwarding" is set to "no" in /etc/ssh/sshd_config
Warning: Parameter "X11Forwarding" not set to "no" in /etc/ssh/sshd_config [3 Warnings]
Checking: Value of "MaxAuthTries" is set to "3" in /etc/ssh/sshd_config
Warning: Parameter "MaxAuthTries" not set to "3" in /etc/ssh/sshd_config [4 Warnings]
Checking: Value of "MaxAuthTriesLog" is set to "0" in /etc/ssh/sshd_config
Warning: Parameter "MaxAuthTriesLog" not set to "0" in /etc/ssh/sshd_config [5 Warnings]
Checking: Value of "RhostsAuthentication" is set to "no" in /etc/ssh/sshd_config
Warning: Parameter "RhostsAuthentication" not set to "no" in /etc/ssh/sshd_config [6 Warnings]
Checking: Value of "IgnoreRhosts" is set to "yes" in /etc/ssh/sshd_config
Warning: Parameter "IgnoreRhosts" not set to "yes" in /etc/ssh/sshd_config [7 Warnings]
Checking: Value of "StrictModes" is set to "yes" in /etc/ssh/sshd_config
Warning: Parameter "StrictModes" not set to "yes" in /etc/ssh/sshd_config [8 Warnings]
Checking: Value of "AllowTcpForwarding" is set to "no" in /etc/ssh/sshd_config
Warning: Parameter "AllowTcpForwarding" not set to "no" in /etc/ssh/sshd_config [9 Warnings]
Checking: Value of "ServerKeyBits" is set to "1024" in /etc/ssh/sshd_config
Warning: Parameter "ServerKeyBits" not set to "1024" in /etc/ssh/sshd_config [10 Warnings]
Checking: Value of "GatewayPorts" is set to "no" in /etc/ssh/sshd_config
Warning: Parameter "GatewayPorts" not set to "no" in /etc/ssh/sshd_config [11 Warnings]
Checking: Value of "RhostsRSAAuthentication" is set to "no" in /etc/ssh/sshd_config
Warning: Parameter "RhostsRSAAuthentication" not set to "no" in /etc/ssh/sshd_config [12 Warnings]
Checking: Value of "PermitRootLogin" is set to "no" in /etc/ssh/sshd_config
Warning: Parameter "PermitRootLogin" not set to "no" in /etc/ssh/sshd_config [13 Warnings]
Checking: Value of "PermitEmptyPasswords" is set to "no" in /etc/ssh/sshd_config
Warning: Parameter "PermitEmptyPasswords" not set to "no" in /etc/ssh/sshd_config [14 Warnings]
Checking: Value of "PermitUserEnvironment" is set to "no" in /etc/ssh/sshd_config
Warning: Parameter "PermitUserEnvironment" not set to "no" in /etc/ssh/sshd_config [15 Warnings]
Checking: Value of "HostbasedAuthentication" is set to "no" in /etc/ssh/sshd_config
Warning: Parameter "HostbasedAuthentication" not set to "no" in /etc/ssh/sshd_config [16 Warnings]
Checking: Value of "Banner" is set to "/etc/issue" in /etc/ssh/sshd_config
Warning: Parameter "Banner" not set to "/etc/issue" in /etc/ssh/sshd_config [17 Warnings]
Checking: Value of "PrintMotd" is set to "no" in /etc/ssh/sshd_config
Warning: Parameter "PrintMotd" not set to "no" in /etc/ssh/sshd_config [18 Warnings]
Checking: Value of "ClientAliveInterval" is set to "300" in /etc/ssh/sshd_config
Warning: Parameter "ClientAliveInterval" not set to "300" in /etc/ssh/sshd_config [19 Warnings]
Checking: Value of "ClientAliveCountMax" is set to "0" in /etc/ssh/sshd_config
Warning: Parameter "ClientAliveCountMax" not set to "0" in /etc/ssh/sshd_config [20 Warnings]
Checking: Value of "LogLevel" is set to "VERBOSE" in /etc/ssh/sshd_config
Warning: Parameter "LogLevel" not set to "VERBOSE" in /etc/ssh/sshd_config [21 Warnings]
Checking: Value of "RSAAuthentication" is set to "no" in /etc/ssh/sshd_config
Warning: Parameter "RSAAuthentication" not set to "no" in /etc/ssh/sshd_config [22 Warnings]
Checking: Value of "UsePrivilegeSeparation" is set to "yes" in /etc/ssh/sshd_config
Warning: Parameter "UsePrivilegeSeparation" not set to "yes" in /etc/ssh/sshd_config [23 Warnings]
Checking: Value of "LoginGraceTime" is set to "120" in /etc/ssh/sshd_config
Warning: Parameter "LoginGraceTime" not set to "120" in /etc/ssh/sshd_config [24 Warnings]
Checking: Value of "AllowTcpForwarding" is set to "yes" in /etc/ssh/sshd_config
Warning: Parameter "AllowTcpForwarding" not set to "yes" in /etc/ssh/sshd_config [25 Warnings]
Checking: Service telnet at run level 3
Notice: Service telnet is not installed [2 Passes]
Checking: Service telnet at run level 5
Notice: Service telnet is not installed [3 Passes]
Checking: Service login at run level 3
Notice: Service login is not installed [4 Passes]
Checking: Service login at run level 5
Notice: Service login is not installed [5 Passes]
Checking: Service rlogin at run level 3
Notice: Service rlogin is not installed [6 Passes]
Checking: Service rlogin at run level 5
Notice: Service rlogin is not installed [7 Passes]
Checking: Service rsh at run level 3
Notice: Service rsh is not installed [8 Passes]
Checking: Service rsh at run level 5
Notice: Service rsh is not installed [9 Passes]
Checking: Service shell at run level 3
Notice: Service shell is not installed [10 Passes]
Checking: Service shell at run level 5
Notice: Service shell is not installed [11 Passes]
Checking: Remote consoles
Warning: Consoles enabled on tty1 tty2 tty3 tty4 tty5 tty6 tty7 tty8 tty9 tty10 tty11 [26 Warnings]
Checking: Security banners
Checking: File /etc/motd exists
Secure: File /etc/motd exists [11 Passes]
Checking: File permissions on /etc/motd
Secure: File /etc/motd has correct permissions [12 Passes]
Checking: File /etc/issue exists
Secure: File /etc/issue exists [12 Passes]
Checking: File permissions on /etc/issue
Secure: File /etc/issue has correct permissions [13 Passes]
Warning: Not uninstalling package as package uninstall has been set to no
Warning: Not uninstalling package as package uninstall has been set to no
Checking: Rhost authentication disabled in /etc/pam.d/chfn [13 Passes]
Secure: Rhost authentication disabled in /etc/pam.d/chfn [14 Passes]
Checking: Rhost authentication disabled in /etc/pam.d/chsh [14 Passes]
Secure: Rhost authentication disabled in /etc/pam.d/chsh [15 Passes]
Checking: Rhost authentication disabled in /etc/pam.d/config-util [15 Passes]
Secure: Rhost authentication disabled in /etc/pam.d/config-util [16 Passes]
Checking: Rhost authentication disabled in /etc/pam.d/fingerprint-auth [16 Passes]
Secure: Rhost authentication disabled in /etc/pam.d/fingerprint-auth [17 Passes]
Checking: Rhost authentication disabled in /etc/pam.d/login [17 Passes]
Secure: Rhost authentication disabled in /etc/pam.d/login [18 Passes]
Checking: Rhost authentication disabled in /etc/pam.d/other [18 Passes]
Secure: Rhost authentication disabled in /etc/pam.d/other [19 Passes]
Checking: Rhost authentication disabled in /etc/pam.d/password-auth [19 Passes]
Secure: Rhost authentication disabled in /etc/pam.d/password-auth [20 Passes]
Checking: Rhost authentication disabled in /etc/pam.d/postlogin [20 Passes]
Secure: Rhost authentication disabled in /etc/pam.d/postlogin [21 Passes]
Checking: Rhost authentication disabled in /etc/pam.d/remote [21 Passes]
Secure: Rhost authentication disabled in /etc/pam.d/remote [22 Passes]
Checking: Rhost authentication disabled in /etc/pam.d/runuser [22 Passes]
Secure: Rhost authentication disabled in /etc/pam.d/runuser [23 Passes]
Checking: Rhost authentication disabled in /etc/pam.d/runuser-l [23 Passes]
Secure: Rhost authentication disabled in /etc/pam.d/runuser-l [24 Passes]
Checking: Rhost authentication disabled in /etc/pam.d/smartcard-auth [24 Passes]
Secure: Rhost authentication disabled in /etc/pam.d/smartcard-auth [25 Passes]
Checking: Rhost authentication disabled in /etc/pam.d/su [25 Passes]
Secure: Rhost authentication disabled in /etc/pam.d/su [26 Passes]
Checking: Rhost authentication disabled in /etc/pam.d/su-l [26 Passes]
Secure: Rhost authentication disabled in /etc/pam.d/su-l [27 Passes]
Checking: Rhost authentication disabled in /etc/pam.d/system-auth [27 Passes]
Secure: Rhost authentication disabled in /etc/pam.d/system-auth [28 Passes]
Checking: User netrc file permissions
Secure: No user netrc files exist [29 Passes]
Checking: User rhosts files
Secure: No user rhosts files exist [30 Passes]
Checking: File /.rhosts does not exist
Secure: File /.rhosts does not exist [31 Passes]
Checking: File /.shosts does not exist
Secure: File /.shosts does not exist [32 Passes]
Checking: File /root/.rhosts does not exist
Secure: File /root/.rhosts does not exist [33 Passes]
Checking: File /root/.shosts does not exist
Secure: File /root/.shosts does not exist [34 Passes]
Checking: File /etc/hosts.equiv does not exist
Secure: File /etc/hosts.equiv does not exist [35 Passes]
Checking: For .netrc files
Secure: File /root/.netrc does not exist [36 Passes]
Secure: File /bin/.netrc does not exist [37 Passes]
Secure: File /sbin/.netrc does not exist [38 Passes]
Secure: File /var/adm/.netrc does not exist [39 Passes]
Secure: File /var/spool/lpd/.netrc does not exist [40 Passes]
Secure: File /sbin/.netrc does not exist [41 Passes]
Secure: File /sbin/.netrc does not exist [42 Passes]
Secure: File /sbin/.netrc does not exist [43 Passes]
Secure: File /var/spool/mail/.netrc does not exist [44 Passes]
Secure: File /var/spool/uucp/.netrc does not exist [45 Passes]
Secure: File /root/.netrc does not exist [46 Passes]
Secure: File /usr/games/.netrc does not exist [47 Passes]
Secure: File /var/gopher/.netrc does not exist [48 Passes]
Secure: File /var/ftp/.netrc does not exist [49 Passes]
Secure: File /.netrc does not exist [50 Passes]
Warning: No Authentication required for single usermode [29 Warnings]
Checking: Value of "SINGLE" is set to "/sbin/sulogin" in /etc/sysconfig/init
Warning: Parameter "SINGLE" not set to "/sbin/sulogin" in /etc/sysconfig/init [30 Warnings]
Checking: Value of "PROMPT" is set to "no" in /etc/sysconfig/init
Warning: Parameter "PROMPT" not set to "no" in /etc/sysconfig/init [31 Warnings]
Checking: File permissions on /etc/sysconfig/init
Warning: File /etc/sysconfig/init has incorrect permissions [32 Warnings]
Checking: Value of "PROMPT_FOR_CONFIRM" is set to "no" in /etc/sysconfig/boot
Warning: Parameter "PROMPT_FOR_CONFIRM" not set to "no" in /etc/sysconfig/boot [33 Warnings]
Checking: Parameter "-w /var/log/sudo.log -p wa -k actions" is set in /etc/audit/audit.rules
Warning: Parameter "-w /var/log/sudo.log -p wa -k actions" does not exist in /etc/audit/audit.rules [34 Warnings]
Checking: System accounting is enabled
Warning: System accounting not enabled [35 Warnings]
Checking: Parameter "-f 1" is set in /etc/audit/audit.rules
Warning: Parameter "-f 1" does not exist in /etc/audit/audit.rules [36 Warnings]
Checking: Parameter "-a always,exit -F arch=b32 -S adjtimex -S settimeofday -S stime -k time-change" is set in /etc/audit/audit.rules
Warning: Parameter "-a always,exit -F arch=b32 -S adjtimex -S settimeofday -S stime -k time-change" does not exist in /etc/audit/audit.rules [37 Warnings]
Checking: Parameter "-a always,exit -F arch=b64 -S adjtimex -S settimeofday -k time-change" is set in /etc/audit/audit.rules
Warning: Parameter "-a always,exit -F arch=b64 -S adjtimex -S settimeofday -k time-change" does not exist in /etc/audit/audit.rules [38 Warnings]
Checking: Parameter "-a always,exit -F arch=b32 -S clock_settime -k time-change" is set in /etc/audit/audit.rules
Warning: Parameter "-a always,exit -F arch=b32 -S clock_settime -k time-change" does not exist in /etc/audit/audit.rules [39 Warnings]
Checking: Parameter "-a always,exit -F arch=b64 -S clock_settime -k time-change" is set in /etc/audit/audit.rules
Warning: Parameter "-a always,exit -F arch=b64 -S clock_settime -k time-change" does not exist in /etc/audit/audit.rules [40 Warnings]
Checking: Parameter "-w /etc/localtime -p wa -k time-change" is set in /etc/audit/audit.rules
Warning: Parameter "-w /etc/localtime -p wa -k time-change" does not exist in /etc/audit/audit.rules [41 Warnings]
Checking: Parameter "-w /etc/group -p wa -k identity" is set in /etc/audit/audit.rules
Warning: Parameter "-w /etc/group -p wa -k identity" does not exist in /etc/audit/audit.rules [42 Warnings]
Checking: Parameter "-w /etc/passwd -p wa -k identity" is set in /etc/audit/audit.rules
Warning: Parameter "-w /etc/passwd -p wa -k identity" does not exist in /etc/audit/audit.rules [43 Warnings]
Checking: Parameter "-w /etc/gshadow -p wa -k identity" is set in /etc/audit/audit.rules
Warning: Parameter "-w /etc/gshadow -p wa -k identity" does not exist in /etc/audit/audit.rules [44 Warnings]
Checking: Parameter "-w /etc/shadow -p wa -k identity" is set in /etc/audit/audit.rules
Warning: Parameter "-w /etc/shadow -p wa -k identity" does not exist in /etc/audit/audit.rules [45 Warnings]
Checking: Parameter "-w /etc/security/opasswd -p wa -k identity" is set in /etc/audit/audit.rules
Warning: Parameter "-w /etc/security/opasswd -p wa -k identity" does not exist in /etc/audit/audit.rules [46 Warnings]
Checking: Parameter "-a exit,always -F arch=b32 -S sethostname -S setdomainname -k system-locale" is set in /etc/audit/audit.rules
Warning: Parameter "-a exit,always -F arch=b32 -S sethostname -S setdomainname -k system-locale" does not exist in /etc/audit/audit.rules [47 Warnings]
Checking: Parameter "-a exit,always -F arch=b64 -S sethostname -S setdomainname -k system-locale" is set in /etc/audit/audit.rules
Warning: Parameter "-a exit,always -F arch=b64 -S sethostname -S setdomainname -k system-locale" does not exist in /etc/audit/audit.rules [48 Warnings]
Checking: Parameter "-w /etc/issue -p wa -k system-locale" is set in /etc/audit/audit.rules
Warning: Parameter "-w /etc/issue -p wa -k system-locale" does not exist in /etc/audit/audit.rules [49 Warnings]
Checking: Parameter "-w /etc/issue.net -p wa -k system-locale" is set in /etc/audit/audit.rules
Warning: Parameter "-w /etc/issue.net -p wa -k system-locale" does not exist in /etc/audit/audit.rules [50 Warnings]
Checking: Parameter "-w /etc/hosts -p wa -k system-locale" is set in /etc/audit/audit.rules
Warning: Parameter "-w /etc/hosts -p wa -k system-locale" does not exist in /etc/audit/audit.rules [51 Warnings]
Checking: Parameter "-w /etc/sysconfig/network -p wa -k system-locale" is set in /etc/audit/audit.rules
Warning: Parameter "-w /etc/sysconfig/network -p wa -k system-locale" does not exist in /etc/audit/audit.rules [52 Warnings]
Checking: Parameter "-w /etc/selinux/ -p wa -k MAC-policy" is set in /etc/audit/audit.rules
Warning: Parameter "-w /etc/selinux/ -p wa -k MAC-policy" does not exist in /etc/audit/audit.rules [53 Warnings]
Checking: Parameter "-w /var/log/faillog -p wa -k logins" is set in /etc/audit/audit.rules
Warning: Parameter "-w /var/log/faillog -p wa -k logins" does not exist in /etc/audit/audit.rules [54 Warnings]
Checking: Parameter "-w /var/log/lastlog -p wa -k logins" is set in /etc/audit/audit.rules
Warning: Parameter "-w /var/log/lastlog -p wa -k logins" does not exist in /etc/audit/audit.rules [55 Warnings]
Checking: Parameter "-w /var/run/utmp -p wa -k session" is set in /etc/audit/audit.rules
Warning: Parameter "-w /var/run/utmp -p wa -k session" does not exist in /etc/audit/audit.rules [56 Warnings]
Checking: Parameter "-w /var/log/btmp -p wa -k session" is set in /etc/audit/audit.rules
Warning: Parameter "-w /var/log/btmp -p wa -k session" does not exist in /etc/audit/audit.rules [57 Warnings]
Checking: Parameter "-w /var/log/wtmp -p wa -k session" is set in /etc/audit/audit.rules
Warning: Parameter "-w /var/log/wtmp -p wa -k session" does not exist in /etc/audit/audit.rules [58 Warnings]
Checking: Parameter "-a always,exit -F arch=b32 -S chmod -S fchmod -S fchmodat -F auid>=500 -F auid!=4294967295 -k perm_mod" is set in /etc/audit/audit.rules
Warning: Parameter "-a always,exit -F arch=b32 -S chmod -S fchmod -S fchmodat -F auid>=500 -F auid!=4294967295 -k perm_mod" does not exist in /etc/audit/audit.rules [59 Warnings]
Checking: Parameter "-a always,exit -F arch=b64 -S chmod -S fchmod -S fchmodat -F auid>=500 -F auid!=4294967295 -k perm_mod" is set in /etc/audit/audit.rules
Warning: Parameter "-a always,exit -F arch=b64 -S chmod -S fchmod -S fchmodat -F auid>=500 -F auid!=4294967295 -k perm_mod" does not exist in /etc/audit/audit.rules [60 Warnings]
Checking: Parameter "-a always,exit -F arch=b32 -S chown -S fchown -S fchownat -S lchown -F auid>=500 - F auid!=4294967295 -k perm_mod" is set in /etc/audit/audit.rules
Warning: Parameter "-a always,exit -F arch=b32 -S chown -S fchown -S fchownat -S lchown -F auid>=500 - F auid!=4294967295 -k perm_mod" does not exist in /etc/audit/audit.rules [61 Warnings]
Checking: Parameter "-a always,exit -F arch=b64 -S chown -S fchown -S fchownat -S lchown -F auid>=500 - F auid!=4294967295 -k perm_mod" is set in /etc/audit/audit.rules
Warning: Parameter "-a always,exit -F arch=b64 -S chown -S fchown -S fchownat -S lchown -F auid>=500 - F auid!=4294967295 -k perm_mod" does not exist in /etc/audit/audit.rules [62 Warnings]
Checking: Parameter "-a always,exit -F arch=b32 -S setxattr -S lsetxattr -S fsetxattr -S removexattr -S lremovexattr -S fremovexattr -F auid>=500 -F auid!=4294967295 -k perm_mod" is set in /etc/audit/audit.rules
Warning: Parameter "-a always,exit -F arch=b32 -S setxattr -S lsetxattr -S fsetxattr -S removexattr -S lremovexattr -S fremovexattr -F auid>=500 -F auid!=4294967295 -k perm_mod" does not exist in /etc/audit/audit.rules [63 Warnings]
Checking: Parameter "-a always,exit -F arch=b64 -S setxattr -S lsetxattr -S fsetxattr -S removexattr -S lremovexattr -S fremovexattr -F auid>=500 -F auid!=4294967295 -k perm_mod" is set in /etc/audit/audit.rules
Warning: Parameter "-a always,exit -F arch=b64 -S setxattr -S lsetxattr -S fsetxattr -S removexattr -S lremovexattr -S fremovexattr -F auid>=500 -F auid!=4294967295 -k perm_mod" does not exist in /etc/audit/audit.rules [64 Warnings]
Checking: Parameter "-a always,exit -F arch=b32 -S creat -S open -S openat -S truncate -S ftruncate -F exit=-EACCES -F auid>=500 -F auid!=4294967295 -k access" is set in /etc/audit/audit.rules
Warning: Parameter "-a always,exit -F arch=b32 -S creat -S open -S openat -S truncate -S ftruncate -F exit=-EACCES -F auid>=500 -F auid!=4294967295 -k access" does not exist in /etc/audit/audit.rules [65 Warnings]
Checking: Parameter "-a always,exit -F arch=b32 -S creat -S open -S openat -S truncate -S ftruncate -F exit=-EPERM -F auid>=500 -F auid!=4294967295 -k access" is set in /etc/audit/audit.rules
Warning: Parameter "-a always,exit -F arch=b32 -S creat -S open -S openat -S truncate -S ftruncate -F exit=-EPERM -F auid>=500 -F auid!=4294967295 -k access" does not exist in /etc/audit/audit.rules [66 Warnings]
Checking: Parameter "-a always,exit -F arch=b64 -S creat -S open -S openat -S truncate -S ftruncate -F exit=-EACCES -F auid>=500 -F auid!=4294967295 -k access" is set in /etc/audit/audit.rules
Warning: Parameter "-a always,exit -F arch=b64 -S creat -S open -S openat -S truncate -S ftruncate -F exit=-EACCES -F auid>=500 -F auid!=4294967295 -k access" does not exist in /etc/audit/audit.rules [67 Warnings]
Checking: Parameter "-a always,exit -F arch=b64 -S creat -S open -S openat -S truncate -S ftruncate -F exit=-EPERM -F auid>=500 -F auid!=4294967295 -k access" is set in /etc/audit/audit.rules
Warning: Parameter "-a always,exit -F arch=b64 -S creat -S open -S openat -S truncate -S ftruncate -F exit=-EPERM -F auid>=500 -F auid!=4294967295 -k access" does not exist in /etc/audit/audit.rules [68 Warnings]
Checking: Parameter "-a always,exit -F arch=b32 -S mount -F auid>=500 -F auid!=4294967295 -k export" is set in /etc/audit/audit.rules
Warning: Parameter "-a always,exit -F arch=b32 -S mount -F auid>=500 -F auid!=4294967295 -k export" does not exist in /etc/audit/audit.rules [69 Warnings]
Checking: Parameter "-a always,exit -F arch=b64 -S mount -F auid>=500 -F auid!=4294967295 -k export" is set in /etc/audit/audit.rules
Warning: Parameter "-a always,exit -F arch=b64 -S mount -F auid>=500 -F auid!=4294967295 -k export" does not exist in /etc/audit/audit.rules [70 Warnings]
Checking: Parameter "-a always,exit -F arch=b32 -S unlink -S unlinkat -S rename -S renameat -F auid>=500 -F auid!=4294967295 -k delete" is set in /etc/audit/audit.rules
Warning: Parameter "-a always,exit -F arch=b32 -S unlink -S unlinkat -S rename -S renameat -F auid>=500 -F auid!=4294967295 -k delete" does not exist in /etc/audit/audit.rules [71 Warnings]
Checking: Parameter "-a always,exit -F arch=b64 -S unlink -S unlinkat -S rename -S renameat -F auid>=500 -F auid!=4294967295 -k delete" is set in /etc/audit/audit.rules
Warning: Parameter "-a always,exit -F arch=b64 -S unlink -S unlinkat -S rename -S renameat -F auid>=500 -F auid!=4294967295 -k delete" does not exist in /etc/audit/audit.rules [72 Warnings]
Checking: Parameter "-w /etc/sudoers -p wa -k scope" is set in /etc/audit/audit.rules
Warning: Parameter "-w /etc/sudoers -p wa -k scope" does not exist in /etc/audit/audit.rules [73 Warnings]
Checking: Parameter "-w /etc/sudoers -p wa -k actions" is set in /etc/audit/audit.rules
Warning: Parameter "-w /etc/sudoers -p wa -k actions" does not exist in /etc/audit/audit.rules [74 Warnings]
Checking: Parameter "-w /sbin/insmod -p x -k modules" is set in /etc/audit/audit.rules
Warning: Parameter "-w /sbin/insmod -p x -k modules" does not exist in /etc/audit/audit.rules [75 Warnings]
Checking: Parameter "-w /sbin/rmmod -p x -k modules" is set in /etc/audit/audit.rules
Warning: Parameter "-w /sbin/rmmod -p x -k modules" does not exist in /etc/audit/audit.rules [76 Warnings]
Checking: Parameter "-w /sbin/modprobe -p x -k modules" is set in /etc/audit/audit.rules
Warning: Parameter "-w /sbin/modprobe -p x -k modules" does not exist in /etc/audit/audit.rules [77 Warnings]
Checking: Parameter "-a always,exit -S init_module -S delete_module -k modules" is set in /etc/audit/audit.rules
Warning: Parameter "-a always,exit -S init_module -S delete_module -k modules" does not exist in /etc/audit/audit.rules [78 Warnings]
Checking: Parameter "-a always,exit -F arch=b64 -S mount -F auid>=500 -F auid!=4294967295 -k mounts" is set in /etc/audit/audit.rules
Warning: Parameter "-a always,exit -F arch=b64 -S mount -F auid>=500 -F auid!=4294967295 -k mounts" does not exist in /etc/audit/audit.rules [79 Warnings]
Checking: Parameter "-a always,exit -F arch=b32 -S mount -F auid>=500 -F auid!=4294967295 -k mounts" is set in /etc/audit/audit.rules
Warning: Parameter "-a always,exit -F arch=b32 -S mount -F auid>=500 -F auid!=4294967295 -k mounts" does not exist in /etc/audit/audit.rules [80 Warnings]
Checking: Parameter "" is set in /etc/audit/audit.rules
Warning: Parameter "" does not exist in /etc/audit/audit.rules [81 Warnings]
Checking: Parameter "space_left_action = email" is set in /etc/audit/audit.rules
Warning: Parameter "space_left_action = email" does not exist in /etc/audit/audit.rules [82 Warnings]
Checking: Parameter "action_mail_acct = email" is set in /etc/audit/audit.rules
Warning: Parameter "action_mail_acct = email" does not exist in /etc/audit/audit.rules [83 Warnings]
Checking: Parameter "admin_space_left_action = email" is set in /etc/audit/audit.rules
Warning: Parameter "admin_space_left_action = email" does not exist in /etc/audit/audit.rules [84 Warnings]
Checking: Parameter "max_log_file = MB" is set in /etc/audit/audit.rules
Warning: Parameter "max_log_file = MB" does not exist in /etc/audit/audit.rules [85 Warnings]
Checking: Parameter "max_log_file_action = keep_logs" is set in /etc/audit/audit.rules
Warning: Parameter "max_log_file_action = keep_logs" does not exist in /etc/audit/audit.rules [86 Warnings]
Checking: Parameter "-e 2" is set in /etc/audit/audit.rules
Warning: Parameter "-e 2" does not exist in /etc/audit/audit.rules [87 Warnings]
Checking: Service sysstat at run level 3
Notice: Service sysstat is not installed [51 Passes]
Checking: Service sysstat at run level 5
Notice: Service sysstat is not installed [52 Passes]
Checking: Service sysstat at run level 3
Notice: Service sysstat is not installed [53 Passes]
Checking: Service sysstat at run level 5
Notice: Service sysstat is not installed [54 Passes]
Checking: Value of "ALL" is set to " ALL" in /etc/hosts.deny
Warning: Parameter "ALL" not set to " ALL" in /etc/hosts.deny [88 Warnings]
Checking: Value of "ALL" is set to " localhost" in /etc/hosts.allow
Warning: Parameter "ALL" not set to " localhost" in /etc/hosts.allow [89 Warnings]
Checking: Value of "ALL" is set to " 127.0.0.1" in /etc/hosts.allow
Warning: Parameter "ALL" not set to " 127.0.0.1" in /etc/hosts.allow [90 Warnings]
Checking: File permissions on /etc/hosts.deny
Secure: File /etc/hosts.deny has correct permissions [55 Passes]
Checking: File permissions on /etc/hosts.allow
Secure: File /etc/hosts.allow has correct permissions [56 Passes]
Checking: TCP Wrappers is installed
Warning: TCP Wrappers is not installed [91 Warnings]
Checking: Service iptables at run level 3
Notice: Service iptables is not installed [57 Passes]
Checking: Service iptables at run level 5
Notice: Service iptables is not installed [58 Passes]
Checking: Service ip6tables at run level 3
Notice: Service ip6tables is not installed [59 Passes]
Checking: Service ip6tables at run level 5
Notice: Service ip6tables is not installed [60 Passes]
Checking: Value of "minlen" is set to "14" in /etc/security/pwquality.conf
Warning: Parameter "minlen" not set to "14" in /etc/security/pwquality.conf [92 Warnings]
Checking: Value of "dcredit" is set to "-1" in /etc/security/pwquality.conf
Warning: Parameter "dcredit" not set to "-1" in /etc/security/pwquality.conf [93 Warnings]
Checking: Value of "ocredit" is set to "-1" in /etc/security/pwquality.conf
Warning: Parameter "ocredit" not set to "-1" in /etc/security/pwquality.conf [94 Warnings]
Checking: Value of "ucredit" is set to "-1" in /etc/security/pwquality.conf
Warning: Parameter "ucredit" not set to "-1" in /etc/security/pwquality.conf [95 Warnings]
Checking: Value of "lcredit" is set to "-1" in /etc/security/pwquality.conf
Warning: Parameter "lcredit" not set to "-1" in /etc/security/pwquality.conf [96 Warnings]
Checking: For nullok entry in /etc/pam.d/system-auth
Warning: Found nullok entry in /etc/pam.d/system-auth [97 Warnings]
Checking: Lockout time for failed password attempts enabled in /etc/pam.d/system-auth
Warning: Lockout time for failed password attempts not enabled in /etc/pam.d/system-auth [98 Warnings]
Checking: File /etc/security/opasswd exists
Secure: File /etc/security/opasswd exists [60 Passes]
Checking: File permissions on /etc/security/opasswd
Secure: File /etc/security/opasswd has correct permissions [61 Passes]
Checking: Password entry remember set to 5 in /etc/pam.d/system-auth
Warning: Password entry remember is not set to 5 in /etc/pam.d/system-auth [100 Warnings]
Checking: Password minimum strength enabled in /etc/pam.d/system-auth
Warning: Password strength settings not enabled in /etc/pam.d/system-auth [101 Warnings]
Checking: The use of su is restricted by sudo
Warning: The use of su is not restricted by sudo in /etc/pam.d/su [102 Warnings]
Checking: Value of "PASS_MAX_DAYS" is set to "90" in /etc/login.defs
Warning: Parameter "PASS_MAX_DAYS" not set to "90" in /etc/login.defs [103 Warnings]
Checking: Value of "PASS_MIN_DAYS" is set to "7" in /etc/login.defs
Warning: Parameter "PASS_MIN_DAYS" not set to "7" in /etc/login.defs [104 Warnings]
Checking: Value of "PASS_WARN_AGE" is set to "14" in /etc/login.defs
Warning: Parameter "PASS_WARN_AGE" not set to "14" in /etc/login.defs [105 Warnings]
Checking: Value of "PASS_MIN_LEN" is set to "9" in /etc/login.defs
Warning: Parameter "PASS_MIN_LEN" not set to "9" in /etc/login.defs [106 Warnings]
Checking: File permissions on /etc/login.defs
Warning: File /etc/login.defs has incorrect permissions [107 Warnings]
Checking: File permissions on /etc/passwd
Secure: File /etc/passwd has correct permissions [62 Passes]
Checking: File permissions on /etc/group
Secure: File /etc/group has correct permissions [63 Passes]
Checking: File permissions on /etc/shadow
Warning: File /etc/shadow has incorrect permissions [108 Warnings]
Checking: File permissions on /etc/gshadow
Warning: File /etc/gshadow has incorrect permissions [109 Warnings]
Checking: File permissions on /etc/group-
Secure: File /etc/group- has correct permissions [64 Passes]
Checking: File permissions on /etc/passwd-
Notice: File /etc/passwd- does not exist
Checking: File permissions on /etc/shadow-
Notice: File /etc/shadow- does not exist
Checking: File permissions on /etc/gshadow-
Secure: File /etc/gshadow- has correct permissions [67 Passes]
Checking: Wheel group membership required for su in /etc/pam.d/su
Warning: Wheel group membership not required for su in /etc/pam.d/su [110 Warnings]
Checking: Parameter "auth\trequisite\tpam_deny.so" is set in /etc/pam.d/sshd
Warning: Parameter "auth\trequisite\tpam_deny.so" does not exist in /etc/pam.d/sshd [111 Warnings]
Checking: Value of "Defaults timestamp_timeout" is set to "0" in /etc/sudoers
Warning: Parameter "Defaults timestamp_timeout" not set to "0" in /etc/sudoers [112 Warnings]
Checking: Value of "net.ipv4.conf.default.secure_redirects" is set to "0" in /etc/sysctl.conf
Warning: Parameter "net.ipv4.conf.default.secure_redirects" not set to "0" in /etc/sysctl.conf [113 Warnings]
Checking: Value of "net.ipv4.conf.all.secure_redirects" is set to "0" in /etc/sysctl.conf
Warning: Parameter "net.ipv4.conf.all.secure_redirects" not set to "0" in /etc/sysctl.conf [114 Warnings]
Checking: Value of "net.ipv4.icmp_echo_ignore_broadcasts" is set to "1" in /etc/sysctl.conf
Warning: Parameter "net.ipv4.icmp_echo_ignore_broadcasts" not set to "1" in /etc/sysctl.conf [115 Warnings]
Checking: Value of "net.ipv4.conf.all.accept_redirects" is set to "0" in /etc/sysctl.conf
Warning: Parameter "net.ipv4.conf.all.accept_redirects" not set to "0" in /etc/sysctl.conf [116 Warnings]
Checking: Value of "net.ipv4.conf.default.accept_redirects" is set to "0" in /etc/sysctl.conf
Warning: Parameter "net.ipv4.conf.default.accept_redirects" not set to "0" in /etc/sysctl.conf [117 Warnings]
Checking: Value of "net.ipv4.tcp_syncookies" is set to "1" in /etc/sysctl.conf
Secure: Parameter "net.ipv4.tcp_syncookies" already set to "1" in /etc/sysctl.conf [68 Passes]
Checking: Value of "net.ipv4.tcp_max_syn_backlog" is set to "4096" in /etc/sysctl.conf
Warning: Parameter "net.ipv4.tcp_max_syn_backlog" not set to "4096" in /etc/sysctl.conf [118 Warnings]
Checking: Value of "net.ipv4.conf.all.rp_filter" is set to "1" in /etc/sysctl.conf
Warning: Parameter "net.ipv4.conf.all.rp_filter" not set to "1" in /etc/sysctl.conf [119 Warnings]
Checking: Value of "net.ipv4.conf.default.rp_filter" is set to "1" in /etc/sysctl.conf
Secure: Parameter "net.ipv4.conf.default.rp_filter" already set to "1" in /etc/sysctl.conf [69 Passes]
Checking: Value of "net.ipv4.conf.all.accept_source_route" is set to "0" in /etc/sysctl.conf
Warning: Parameter "net.ipv4.conf.all.accept_source_route" not set to "0" in /etc/sysctl.conf [120 Warnings]
Checking: Value of "net.ipv4.conf.default.accept_source_route" is set to "0" in /etc/sysctl.conf
Secure: Parameter "net.ipv4.conf.default.accept_source_route" already set to "0" in /etc/sysctl.conf [70 Passes]
Checking: Value of "net.ipv4.tcp_max_orphans" is set to "256" in /etc/sysctl.conf
Warning: Parameter "net.ipv4.tcp_max_orphans" not set to "256" in /etc/sysctl.conf [121 Warnings]
Checking: Value of "net.ipv4.conf.all.log_martians" is set to "1" in /etc/sysctl.conf
Warning: Parameter "net.ipv4.conf.all.log_martians" not set to "1" in /etc/sysctl.conf [122 Warnings]
Checking: Value of "net.ipv4.ip_forward" is set to "0" in /etc/sysctl.conf
Secure: Parameter "net.ipv4.ip_forward" already set to "0" in /etc/sysctl.conf [71 Passes]
Checking: Value of "net.ipv4.conf.all.send_redirects" is set to "0" in /etc/sysctl.conf
Warning: Parameter "net.ipv4.conf.all.send_redirects" not set to "0" in /etc/sysctl.conf [123 Warnings]
Checking: Value of "net.ipv4.conf.default.send_redirects" is set to "0" in /etc/sysctl.conf
Warning: Parameter "net.ipv4.conf.default.send_redirects" not set to "0" in /etc/sysctl.conf [124 Warnings]
Checking: Value of "net.ipv4.icmp_ignore_bogus_error_responses" is set to "1" in /etc/sysctl.conf
Warning: Parameter "net.ipv4.icmp_ignore_bogus_error_responses" not set to "1" in /etc/sysctl.conf [125 Warnings]
Checking: Value of "net.ipv6.conf.default.accept_redirects" is set to "0" in /etc/sysctl.conf
Warning: Parameter "net.ipv6.conf.default.accept_redirects" not set to "0" in /etc/sysctl.conf [126 Warnings]
Checking: Value of "net.ipv6.conf.all.accept_ra" is set to "0" in /etc/sysctl.conf
Warning: Parameter "net.ipv6.conf.all.accept_ra" not set to "0" in /etc/sysctl.conf [127 Warnings]
Checking: Value of "net.ipv6.conf.default.accept_ra" is set to "0" in /etc/sysctl.conf
Warning: Parameter "net.ipv6.conf.default.accept_ra" not set to "0" in /etc/sysctl.conf [128 Warnings]
Checking: Value of "net.ipv6.route.flush" is set to "1" in /etc/sysctl.conf
Warning: Parameter "net.ipv6.route.flush" not set to "1" in /etc/sysctl.conf [129 Warnings]
Checking: Value of "kernel.randomize_va_space" is set to "2" in /etc/sysctl.conf
Warning: Parameter "kernel.randomize_va_space" not set to "2" in /etc/sysctl.conf [130 Warnings]
Checking: Value of "kernel.exec-shield" is set to "1" in /etc/sysctl.conf
Warning: Parameter "kernel.exec-shield" not set to "1" in /etc/sysctl.conf [131 Warnings]
Checking: Value of "fs.suid.dumpable" is set to "0" in /etc/sysctl.conf
Warning: Parameter "fs.suid.dumpable" not set to "0" in /etc/sysctl.conf [132 Warnings]
Checking: Parameter "* hard core 0" is set in /etc/security/limits.conf
Warning: Parameter "* hard core 0" does not exist in /etc/security/limits.conf [133 Warnings]
Checking: File permissions on /etc/security/limits.conf
Warning: File /etc/security/limits.conf has incorrect permissions [134 Warnings]
Checking: Parameter "echo 1 > /proc/sys/net/ipv4/tcp_syncookies" is set in /etc/rc.d/local
Warning: Parameter "echo 1 > /proc/sys/net/ipv4/tcp_syncookies" does not exist in /etc/rc.d/local [135 Warnings]
Checking: File permissions on /etc/rc.d/local
Notice: File /etc/rc.d/local does not exist
Checking: Parameter "install tipc /bin/true" is set in /etc/modprobe.conf
Warning: Parameter "install tipc /bin/true" does not exist in /etc/modprobe.conf [136 Warnings]
Checking: Parameter "install rds /bin/true" is set in /etc/modprobe.conf
Warning: Parameter "install rds /bin/true" does not exist in /etc/modprobe.conf [137 Warnings]
Checking: Parameter "install sctp /bin/true" is set in /etc/modprobe.conf
Warning: Parameter "install sctp /bin/true" does not exist in /etc/modprobe.conf [138 Warnings]
Checking: Parameter "install dccp /bin/true" is set in /etc/modprobe.conf
Warning: Parameter "install dccp /bin/true" does not exist in /etc/modprobe.conf [139 Warnings]
Checking: Parameter "install udf /bin/true" is set in /etc/modprobe.conf
Warning: Parameter "install udf /bin/true" does not exist in /etc/modprobe.conf [140 Warnings]
Checking: Parameter "install squashfs /bin/true" is set in /etc/modprobe.conf
Warning: Parameter "install squashfs /bin/true" does not exist in /etc/modprobe.conf [141 Warnings]
Checking: Parameter "install hfs /bin/true" is set in /etc/modprobe.conf
Warning: Parameter "install hfs /bin/true" does not exist in /etc/modprobe.conf [142 Warnings]
Checking: Parameter "install hfsplus /bin/true" is set in /etc/modprobe.conf
Warning: Parameter "install hfsplus /bin/true" does not exist in /etc/modprobe.conf [143 Warnings]
Checking: Parameter "install jffs2 /bin/true" is set in /etc/modprobe.conf
Warning: Parameter "install jffs2 /bin/true" does not exist in /etc/modprobe.conf [144 Warnings]
Checking: Parameter "install freevxfs /bin/true" is set in /etc/modprobe.conf
Warning: Parameter "install freevxfs /bin/true" does not exist in /etc/modprobe.conf [145 Warnings]
Checking: Parameter "install cramfs /bin/true" is set in /etc/modprobe.conf
Warning: Parameter "install cramfs /bin/true" does not exist in /etc/modprobe.conf [146 Warnings]
Checking: Parameter "install vfat /bin/true" is set in /etc/modprobe.conf
Warning: Parameter "install vfat /bin/true" does not exist in /etc/modprobe.conf [147 Warnings]
Warning: Unconfined daemons [148 Warnings]
Checking: Value of "SELINUX" is set to "enforcing" in /etc/selinux/config
Warning: Parameter "SELINUX" not set to "enforcing" in /etc/selinux/config [149 Warnings]
Checking: Value of "SELINUXTYPE" is set to "targeted" in /etc/selinux/config
Warning: Parameter "SELINUXTYPE" not set to "targeted" in /etc/selinux/config [150 Warnings]
Checking: File permissions on /etc/selinux/config
Notice: File /etc/selinux/config does not exist
Checking: File permissions on /etc/grub.conf
Notice: File /etc/grub.conf does not exist
Checking: Value of "selinux" is set to "1" in /etc/grub.conf
Warning: Parameter "selinux" not set to "1" in /etc/grub.conf [151 Warnings]
Checking: Value of "enforcing" is set to "1" in /etc/grub.conf
Warning: Parameter "enforcing" not set to "1" in /etc/grub.conf [152 Warnings]
Checking: Service sendmail at run level 3
Notice: Service sendmail is not installed [75 Passes]
Checking: Service sendmail at run level 5
Notice: Service sendmail is not installed [76 Passes]
Checking: Value of "DAEMON" is set to "no" in /etc/sysconfig/sendmail
Warning: Parameter "DAEMON" not set to "no" in /etc/sysconfig/sendmail [153 Warnings]
Checking: Value of "QUEUE" is set to "1h" in /etc/sysconfig/sendmail
Warning: Parameter "QUEUE" not set to "1h" in /etc/sysconfig/sendmail [154 Warnings]
Checking: Parameter "decode" in /etc/aliases is disabled
Checking: File permissions on /etc/aliases
Secure: File /etc/aliases has correct permissions [77 Passes]
Checking: Service cyrus at run level 3
Notice: Service cyrus is not installed [78 Passes]
Checking: Service cyrus at run level 3
Notice: Service cyrus is not installed [79 Passes]
Checking: Service imapd at run level 3
Notice: Service imapd is not installed [80 Passes]
Checking: Service imapd at run level 3
Notice: Service imapd is not installed [81 Passes]
Checking: Service qpopper at run level 3
Notice: Service qpopper is not installed [82 Passes]
Checking: Service qpopper at run level 3
Notice: Service qpopper is not installed [83 Passes]
Checking: Service dovecot at run level 3
Notice: Service dovecot is not installed [84 Passes]
Checking: Service dovecot at run level 3
Notice: Service dovecot is not installed [85 Passes]
Checking: Value of "inet_interfaces" is set to "localhost" in /etc/postfix/main.cf
Warning: Parameter "inet_interfaces" not set to "localhost" in /etc/postfix/main.cf [155 Warnings]
Checking: File permissions on /root
Warning: File /root has incorrect permissions [156 Warnings]
Checking: Primary group for root is root
Secure: Primary group for root is root [86 Passes]
Checking: Root SSH keys
Secure: Keys file /root/.ssh/authorized_keys does not exist [87 Passes]
Secure: Keys file /root/.ssh/authorized_keys2 does not exist [88 Passes]
Checking: Value of "mesg" is set to "n" in /etc/.login
Warning: Parameter "mesg" not set to "n" in /etc/.login [157 Warnings]
Checking: Value of "mesg" is set to "n" in /etc/profile
Warning: Parameter "mesg" not set to "n" in /etc/profile [158 Warnings]
Checking: Value of "mesg" is set to "n" in /etc/skel/.bash_profile
Warning: Parameter "mesg" not set to "n" in /etc/skel/.bash_profile [159 Warnings]
Checking: Value of "mesg" is set to "n" in /etc/skel/.bashrc
Warning: Parameter "mesg" not set to "n" in /etc/skel/.bashrc [160 Warnings]
Checking: Value of "mesg" is set to "n" in /etc/csh.login
Warning: Parameter "mesg" not set to "n" in /etc/csh.login [161 Warnings]
Checking: Value of "mesg" is set to "n" in /etc/csh.cshrc
Warning: Parameter "mesg" not set to "n" in /etc/csh.cshrc [162 Warnings]
Checking: Value of "mesg" is set to "n" in /etc/zprofile
Warning: Parameter "mesg" not set to "n" in /etc/zprofile [163 Warnings]
Checking: Value of "mesg" is set to "n" in /etc/skel/.zshrc
Warning: Parameter "mesg" not set to "n" in /etc/skel/.zshrc [164 Warnings]
Checking: Value of "mesg" is set to "n" in /etc/skel/.bashrc
Warning: Parameter "mesg" not set to "n" in /etc/skel/.bashrc [165 Warnings]
Checking: Groups in passwd file exist in group file
Secure: No non existant group issues [89 Passes]
Checking: User home directory permissions
Checking: Ownership of home directories
Secure: No ownership issues with home directories [90 Passes]
Checking: For users with duplicate name
Secure: No users with duplicate name [91 Passes]
Checking: For users with duplicate id
Secure: No users with duplicate id [92 Passes]
Checking: For groups with duplicate name
Secure: No groups with duplicate name [93 Passes]
Checking: For groups with duplicate id
Secure: No groups with duplicate id [94 Passes]
Checking: User dot file permissions
Checking: File permissions on /root/.viminfo
Secure: File /root/.viminfo has correct permissions [95 Passes]
Checking: File permissions on /root/.viminfo
Secure: File /root/.viminfo has correct permissions [96 Passes]
Checking: For .forward files
Secure: File /root/.forward does not exist [97 Passes]
Secure: File /bin/.forward does not exist [98 Passes]
Secure: File /sbin/.forward does not exist [99 Passes]
Secure: File /var/adm/.forward does not exist [100 Passes]
Secure: File /var/spool/lpd/.forward does not exist [101 Passes]
Secure: File /sbin/.forward does not exist [102 Passes]
Secure: File /sbin/.forward does not exist [103 Passes]
Secure: File /sbin/.forward does not exist [104 Passes]
Secure: File /var/spool/mail/.forward does not exist [105 Passes]
Secure: File /var/spool/uucp/.forward does not exist [106 Passes]
Secure: File /root/.forward does not exist [107 Passes]
Secure: File /usr/games/.forward does not exist [108 Passes]
Secure: File /var/gopher/.forward does not exist [109 Passes]
Secure: File /var/ftp/.forward does not exist [110 Passes]
Secure: File /.forward does not exist [111 Passes]
Checking: Root PATH
Secure: No empty directory in PATH [112 Passes]
Secure: No trailing : in PATH [113 Passes]
Secure: Group write permission not set on directory /usr/local/sbin [114 Passes]
Secure: Other write permission not set on directory /usr/local/sbin [115 Passes]
Secure: Group write permission not set on directory /usr/local/bin [116 Passes]
Secure: Other write permission not set on directory /usr/local/bin [117 Passes]
Secure: Group write permission not set on directory /usr/sbin [118 Passes]
Secure: Other write permission not set on directory /usr/sbin [119 Passes]
Secure: Group write permission not set on directory /usr/bin [120 Passes]
Secure: Other write permission not set on directory /usr/bin [121 Passes]
Secure: Group write permission not set on directory /sbin [122 Passes]
Secure: Other write permission not set on directory /sbin [123 Passes]
Secure: Group write permission not set on directory /bin [124 Passes]
Secure: Other write permission not set on directory /bin [125 Passes]
Checking: Value of "umask" is set to "077" in /etc/.login
Warning: Parameter "umask" not set to "077" in /etc/.login [166 Warnings]
Checking: Value of "umask" is set to "077" in /etc/profile
Warning: Parameter "umask" not set to "077" in /etc/profile [167 Warnings]
Checking: Value of "umask" is set to "077" in /etc/skel/.bash_profile
Warning: Parameter "umask" not set to "077" in /etc/skel/.bash_profile [168 Warnings]
Checking: Value of "umask" is set to "077" in /etc/csh.login
Warning: Parameter "umask" not set to "077" in /etc/csh.login [169 Warnings]
Checking: Value of "umask" is set to "077" in /etc/csh.cshrc
Warning: Parameter "umask" not set to "077" in /etc/csh.cshrc [170 Warnings]
Checking: Value of "umask" is set to "077" in /etc/zprofile
Warning: Parameter "umask" not set to "077" in /etc/zprofile [171 Warnings]
Checking: Value of "umask" is set to "077" in /etc/skel/.zshrc
Warning: Parameter "umask" not set to "077" in /etc/skel/.zshrc [172 Warnings]
Checking: Value of "umask" is set to "077" in /etc/skel/.bashrc
Warning: Parameter "umask" not set to "077" in /etc/skel/.bashrc [173 Warnings]
Checking: Value of "UMASK" is set to "077" in /etc/bashrc
Warning: Parameter "UMASK" not set to "077" in /etc/bashrc [174 Warnings]
Checking: Value of "UMASK" is set to "077" in /etc/skel/.bashrc
Warning: Parameter "UMASK" not set to "077" in /etc/skel/.bashrc [175 Warnings]
Checking: Value of "UMASK" is set to "077" in /etc/login.defs
Warning: Parameter "UMASK" not set to "077" in /etc/login.defs [176 Warnings]
Checking: Password fields
cat: invalid option -- 'F'
Try 'cat --help' for more information.
Secure: No empty password entries
Secure: No legacy entries in /etc/passwd
Secure: No legacy entries in /etc/shadow
Checking: Whether reserved UUIDs are assigned to system accounts
Checking: Super users other than root
Checking: Value of "umask" is set to "027" in /etc/sysconfig/init
Warning: Parameter "umask" not set to "027" in /etc/sysconfig/init [177 Warnings]
Checking: File permissions on /etc/crontab
Notice: File /etc/crontab does not exist
Checking: File permissions on /var/spool/cron
Notice: File /var/spool/cron does not exist
Checking: File permissions on /etc/cron.daily
Notice: File /etc/cron.daily does not exist
Checking: File permissions on /etc/cron.d
Notice: File /etc/cron.d does not exist
Checking: File permissions on /etc/cron.weekly
Notice: File /etc/cron.weekly does not exist
Checking: File permissions on /etc/cron.mounthly
Notice: File /etc/cron.mounthly does not exist
Checking: File permissions on /etc/cron.hourly
Notice: File /etc/cron.hourly does not exist
Checking: File permissions on /etc/anacrontab
Notice: File /etc/anacrontab does not exist
Checking: Wheel group exists in /etc/group
Warning: Wheel group does not exist in /etc/group [178 Warnings]
Checking: File permissions on /bin/su
Warning: File /bin/su has incorrect permissions [179 Warnings]
Secure: There are no users who have never logged that do not have their account locked [137 Passes]
Checking: File /cron.deny does not exist
Secure: File /cron.deny does not exist [138 Passes]
Checking: File /at.deny does not exist
Secure: File /at.deny does not exist [139 Passes]
Checking: File /etc/cron.d/cron.allow exists
Warning: File /etc/cron.d/cron.allow does not exist [180 Warnings]
Checking: File permissions on /etc/cron.d/cron.allow
Notice: File /etc/cron.d/cron.allow does not exist
Checking: File /at.allow exists
Warning: File /at.allow does not exist [181 Warnings]
Checking: File permissions on /at.allow
Notice: File /at.allow does not exist
Checking: File permissions on /at.allow
Notice: File /at.allow does not exist
Checking: File /etc/at.allow exists
Warning: File /etc/at.allow does not exist [182 Warnings]
Checking: File permissions on /etc/at.allow
Notice: File /etc/at.allow does not exist
Checking: File permissions on /etc/cron.d
Notice: File /etc/cron.d does not exist
Checking: File permissions on /etc/cron.hourly
Notice: File /etc/cron.hourly does not exist
Checking: File permissions on /etc/cron.daily
Notice: File /etc/cron.daily does not exist
Checking: File permissions on /etc/cron.yearly
Notice: File /etc/cron.yearly does not exist
Checking: File permissions on /etc/cron.yearly
Notice: File /etc/cron.yearly does not exist
Checking: File permissions on /etc/cron.yearly
Notice: File /etc/cron.yearly does not exist
Checking: File permissions on /etc/cron.yearly
Notice: File /etc/cron.yearly does not exist
Checking: File permissions on /etc/cron.yearly
Notice: File /etc/cron.yearly does not exist
Checking: Service crond at run level 3
Notice: Service crond is not installed [152 Passes]
Checking: Service crond at run level 5
Notice: Service crond is not installed [153 Passes]
Checking: System accounts have valid shells
Checking: Shadow group does not contain users
Secure: No members in shadow group [154 Passes]
Checking: Service iscsi at run level 3
Notice: Service iscsi is not installed [155 Passes]
Checking: Service iscsi at run level 5
Notice: Service iscsi is not installed [156 Passes]
Checking: Service iscsd at run level 3
Notice: Service iscsd is not installed [157 Passes]
Checking: Service iscsd at run level 5
Notice: Service iscsd is not installed [158 Passes]
Checking: Service pcscd at run level 3
Notice: Service pcscd is not installed [159 Passes]
Checking: Service pcscd at run level 5
Notice: Service pcscd is not installed [160 Passes]
Checking: Service haldaemon at run level 3
Notice: Service haldaemon is not installed [161 Passes]
Checking: Service haldaemon at run level 5
Notice: Service haldaemon is not installed [162 Passes]
Checking: Service kudzu at run level 3
Notice: Service kudzu is not installed [163 Passes]
Checking: Service kudzu at run level 5
Notice: Service kudzu is not installed [164 Passes]
Checking: Service apmd at run level 3
Notice: Service apmd is not installed [165 Passes]
Checking: Service apmd at run level 5
Notice: Service apmd is not installed [166 Passes]
Checking: Service xend at run level 3
Notice: Service xend is not installed [167 Passes]
Checking: Service xend at run level 5
Notice: Service xend is not installed [168 Passes]
Checking: Service xendomains at run level 3
Notice: Service xendomains is not installed [169 Passes]
Checking: Service xendomains at run level 5
Notice: Service xendomains is not installed [170 Passes]
Checking: Service xfs at run level 3
Notice: Service xfs is not installed [171 Passes]
Checking: Service xfs at run level 5
Notice: Service xfs is not installed [172 Passes]
Checking: Service vncserver at run level 3
Notice: Service vncserver is not installed [173 Passes]
Checking: Service vncserver at run level 5
Notice: Service vncserver is not installed [174 Passes]
Checking: Service yppasswdd at run level 3
Notice: Service yppasswdd is not installed [175 Passes]
Checking: Service yppasswdd at run level 5
Notice: Service yppasswdd is not installed [176 Passes]
Warning: Not uninstalling package as package uninstall has been set to no
Checking: Service ypserv at run level 3
Notice: Service ypserv is not installed [177 Passes]
Checking: Service ypserv at run level 5
Notice: Service ypserv is not installed [178 Passes]
Warning: Not uninstalling package as package uninstall has been set to no
Checking: Service ypxfrd at run level 3
Notice: Service ypxfrd is not installed [179 Passes]
Checking: Service ypxfrd at run level 5
Notice: Service ypxfrd is not installed [180 Passes]
Warning: Not uninstalling package as package uninstall has been set to no
Checking: Service ypbind at run level 3
Notice: Service ypbind is not installed [181 Passes]
Checking: Service ypbind at run level 5
Notice: Service ypbind is not installed [182 Passes]
Warning: Not uninstalling package as package uninstall has been set to no
Checking: Service ldap at run level 3
Notice: Service ldap is not installed [183 Passes]
Checking: Service ldap at run level 5
Notice: Service ldap is not installed [184 Passes]
Checking: Service nscd at run level 3
Notice: Service nscd is not installed [185 Passes]
Checking: Service nscd at run level 5
Notice: Service nscd is not installed [186 Passes]
Checking: Service dnsmasq at run level 3
Notice: Service dnsmasq is not installed [187 Passes]
Checking: Service dnsmasq at run level 5
Notice: Service dnsmasq is not installed [188 Passes]
Checking: Service named at run level 3
Notice: Service named is not installed [189 Passes]
Checking: Service named at run level 5
Notice: Service named is not installed [190 Passes]
Checking: Service bind9 at run level 3
Notice: Service bind9 is not installed [191 Passes]
Checking: Service bind9 at run level 5
Notice: Service bind9 is not installed [192 Passes]
Warning: Not uninstalling package as package uninstall has been set to no
Checking: Service kadmin at run level 3
Notice: Service kadmin is not installed [193 Passes]
Checking: Service kadmin at run level 5
Notice: Service kadmin is not installed [194 Passes]
Checking: Service kprop at run level 3
Notice: Service kprop is not installed [195 Passes]
Checking: Service kprop at run level 5
Notice: Service kprop is not installed [196 Passes]
Checking: Service krb524 at run level 3
Notice: Service krb524 is not installed [197 Passes]
Checking: Service krb524 at run level 5
Notice: Service krb524 is not installed [198 Passes]
Checking: Service krb5kdc at run level 3
Notice: Service krb5kdc is not installed [199 Passes]
Checking: Service krb5kdc at run level 5
Notice: Service krb5kdc is not installed [200 Passes]
Checking: Legacy NIS '+' entries
Secure: No NIS entries in /etc/passwd [201 Passes]
Secure: No NIS entries in /etc/shadow [202 Passes]
Secure: No NIS entries in /etc/group [203 Passes]
Checking: Service avahi at run level 3
Notice: Service avahi is not installed [204 Passes]
Checking: Service avahi at run level 5
Notice: Service avahi is not installed [205 Passes]
Checking: Service avahi-autoipd at run level 3
Notice: Service avahi-autoipd is not installed [206 Passes]
Checking: Service avahi-autoipd at run level 5
Notice: Service avahi-autoipd is not installed [207 Passes]
Checking: Service avahi-daemon at run level 3
Notice: Service avahi-daemon is not installed [208 Passes]
Checking: Service avahi-daemon at run level 5
Notice: Service avahi-daemon is not installed [209 Passes]
Checking: Service avahi-dnsconfd at run level 3
Notice: Service avahi-dnsconfd is not installed [210 Passes]
Checking: Service avahi-dnsconfd at run level 5
Notice: Service avahi-dnsconfd is not installed [211 Passes]
Checking: Value of "disable-user-service-publishing" is set to "yes" in /etc/avahi/avahi-daemon.conf
Warning: Parameter "disable-user-service-publishing" not set to "yes" in /etc/avahi/avahi-daemon.conf [183 Warnings]
Checking: Value of "disable-publishing" is set to "yes" in /etc/avahi/avahi-daemon.conf
Warning: Parameter "disable-publishing" not set to "yes" in /etc/avahi/avahi-daemon.conf [184 Warnings]
Checking: Value of "publish-address" is set to "no" in /etc/avahi/avahi-daemon.conf
Warning: Parameter "publish-address" not set to "no" in /etc/avahi/avahi-daemon.conf [185 Warnings]
Checking: Value of "publish-binfo" is set to "no" in /etc/avahi/avahi-daemon.conf
Warning: Parameter "publish-binfo" not set to "no" in /etc/avahi/avahi-daemon.conf [186 Warnings]
Checking: Value of "publish-workstation" is set to "no" in /etc/avahi/avahi-daemon.conf
Warning: Parameter "publish-workstation" not set to "no" in /etc/avahi/avahi-daemon.conf [187 Warnings]
Checking: Value of "publish-domain" is set to "no" in /etc/avahi/avahi-daemon.conf
Warning: Parameter "publish-domain" not set to "no" in /etc/avahi/avahi-daemon.conf [188 Warnings]
Checking: Value of "disallow-other-stacks" is set to "yes" in /etc/avahi/avahi-daemon.conf
Warning: Parameter "disallow-other-stacks" not set to "yes" in /etc/avahi/avahi-daemon.conf [189 Warnings]
Checking: Value of "check-response-ttl" is set to "yes" in /etc/avahi/avahi-daemon.conf
Warning: Parameter "check-response-ttl" not set to "yes" in /etc/avahi/avahi-daemon.conf [190 Warnings]
Checking: File permissions on /var/log/secure
Notice: File /var/log/secure does not exist
Checking: File permissions on /var/log/messages
Notice: File /var/log/messages does not exist
Checking: File permissions on /var/log/daemon.log
Notice: File /var/log/daemon.log does not exist
Checking: File permissions on /var/log/unused.log
Notice: File /var/log/unused.log does not exist
Checking: Service autofs at run level 3
Notice: Service autofs is not installed [216 Passes]
Checking: Service autofs at run level 5
Notice: Service autofs is not installed [217 Passes]
Warning: Found filesystems that should be mounted nodev [191 Warnings]
Checking: File permissions on /etc/fstab
Secure: File /etc/fstab has correct permissions [218 Passes]
Warning: Found filesystems that should be mounted nodev [192 Warnings]
Checking: File permissions on /etc/fstab
Secure: File /etc/fstab has correct permissions [219 Passes]
Warning: Found tmpfs filesystems that should be mounted noexec [193 Warnings]
Checking: File permissions on /etc/fstab
Secure: File /etc/fstab has correct permissions [220 Passes]
Checking: File permissions on /usr/share/hal/fdi/policy/20thirdparty/floppycdrom.fdi
Notice: File /usr/share/hal/fdi/policy/20thirdparty/floppycdrom.fdi does not exist
Checking: Service nfs at run level 3
Notice: Service nfs is not installed [222 Passes]
Checking: Service nfs at run level 5
Notice: Service nfs is not installed [223 Passes]
Checking: Service nfslock at run level 3
Notice: Service nfslock is not installed [224 Passes]
Checking: Service nfslock at run level 5
Notice: Service nfslock is not installed [225 Passes]
Checking: Service portmap at run level 3
Notice: Service portmap is not installed [226 Passes]
Checking: Service portmap at run level 5
Notice: Service portmap is not installed [227 Passes]
Checking: Service rpc at run level 3
Notice: Service rpc is not installed [228 Passes]
Checking: Service rpc at run level 5
Notice: Service rpc is not installed [229 Passes]
Warning: Filesystem /tmp is not a separate partition [194 Warnings]
Warning: Filesystem /var is not a separate partition [195 Warnings]
Warning: Filesystem /var/log is not a separate partition [196 Warnings]
Warning: Filesystem /var/log/audit is not a separate partition [197 Warnings]
Warning: Filesystem /home is not a separate partition [198 Warnings]
Checking: Service httpd at run level 3
Notice: Service httpd is not installed [230 Passes]
Checking: Service httpd at run level 5
Notice: Service httpd is not installed [231 Passes]
Checking: Service apache at run level 3
Notice: Service apache is not installed [232 Passes]
Checking: Service apache at run level 5
Notice: Service apache is not installed [233 Passes]
Checking: Service apache2 at run level 3
Notice: Service apache2 is not installed [234 Passes]
Checking: Service apache2 at run level 5
Notice: Service apache2 is not installed [235 Passes]
Checking: Service tomcat5 at run level 3
Notice: Service tomcat5 is not installed [236 Passes]
Checking: Service tomcat5 at run level 5
Notice: Service tomcat5 is not installed [237 Passes]
Checking: Service squid at run level 3
Notice: Service squid is not installed [238 Passes]
Checking: Service squid at run level 5
Notice: Service squid is not installed [239 Passes]
Checking: Service prixovy at run level 3
Notice: Service prixovy is not installed [240 Passes]
Checking: Service prixovy at run level 5
Notice: Service prixovy is not installed [241 Passes]
Warning: Not uninstalling package as package uninstall has been set to no
Warning: Not uninstalling package as package uninstall has been set to no
Checking: Service bgpd at run level 3
Notice: Service bgpd is not installed [242 Passes]
Checking: Service bgpd at run level 5
Notice: Service bgpd is not installed [243 Passes]
Checking: Service ospf6d at run level 3
Notice: Service ospf6d is not installed [244 Passes]
Checking: Service ospf6d at run level 5
Notice: Service ospf6d is not installed [245 Passes]
Checking: Service ospfd at run level 3
Notice: Service ospfd is not installed [246 Passes]
Checking: Service ospfd at run level 5
Notice: Service ospfd is not installed [247 Passes]
Checking: Service ripd at run level 3
Notice: Service ripd is not installed [248 Passes]
Checking: Service ripd at run level 5
Notice: Service ripd is not installed [249 Passes]
Checking: Service ripngd at run level 3
Notice: Service ripngd is not installed [250 Passes]
Checking: Service ripngd at run level 5
Notice: Service ripngd is not installed [251 Passes]
Checking: Service smb at run level 3
Notice: Service smb is not installed [252 Passes]
Checking: Service smb at run level 5
Notice: Service smb is not installed [253 Passes]
Checking: Service winbind at run level 3
Notice: Service winbind is not installed [254 Passes]
Checking: Service winbind at run level 5
Notice: Service winbind is not installed [255 Passes]
Checking: Service xinetd at run level 3
Notice: Service xinetd is not installed [256 Passes]
Checking: Service xinetd at run level 5
Notice: Service xinetd is not installed [257 Passes]
Checking: Service wu-ftpd at run level 3
Notice: Service wu-ftpd is not installed [258 Passes]
Checking: Service wu-ftpd at run level 5
Notice: Service wu-ftpd is not installed [259 Passes]
Checking: Service ftp at run level 3
Notice: Service ftp is not installed [260 Passes]
Checking: Service ftp at run level 5
Notice: Service ftp is not installed [261 Passes]
Checking: Service vsftpd at run level 3
Notice: Service vsftpd is not installed [262 Passes]
Checking: Service vsftpd at run level 5
Notice: Service vsftpd is not installed [263 Passes]
Checking: Service aaeventd at run level 3
Notice: Service aaeventd is not installed [264 Passes]
Checking: Service aaeventd at run level 5
Notice: Service aaeventd is not installed [265 Passes]
Checking: Service tftp at run level 3
Notice: Service tftp is not installed [266 Passes]
Checking: Service tftp at run level 5
Notice: Service tftp is not installed [267 Passes]
Checking: Service acpid at run level 3
Notice: Service acpid is not installed [268 Passes]
Checking: Service acpid at run level 5
Notice: Service acpid is not installed [269 Passes]
Checking: Service amd at run level 3
Notice: Service amd is not installed [270 Passes]
Checking: Service amd at run level 5
Notice: Service amd is not installed [271 Passes]
Checking: Service arptables_jg at run level 3
Notice: Service arptables_jg is not installed [272 Passes]
Checking: Service arptables_jg at run level 5
Notice: Service arptables_jg is not installed [273 Passes]
Checking: Service arpwatch at run level 3
Notice: Service arpwatch is not installed [274 Passes]
Checking: Service arpwatch at run level 5
Notice: Service arpwatch is not installed [275 Passes]
Checking: Service atd at run level 3
Notice: Service atd is not installed [276 Passes]
Checking: Service atd at run level 5
Notice: Service atd is not installed [277 Passes]
Checking: Service netfs at run level 3
Notice: Service netfs is not installed [278 Passes]
Checking: Service netfs at run level 5
Notice: Service netfs is not installed [279 Passes]
Checking: Service irda at run level 3
Notice: Service irda is not installed [280 Passes]
Checking: Service irda at run level 5
Notice: Service irda is not installed [281 Passes]
Checking: Service isdn at run level 3
Notice: Service isdn is not installed [282 Passes]
Checking: Service isdn at run level 5
Notice: Service isdn is not installed [283 Passes]
Checking: Service bluetooth at run level 3
Notice: Service bluetooth is not installed [284 Passes]
Checking: Service bluetooth at run level 5
Notice: Service bluetooth is not installed [285 Passes]
Checking: Service capi at run level 3
Notice: Service capi is not installed [286 Passes]
Checking: Service capi at run level 5
Notice: Service capi is not installed [287 Passes]
Checking: Service conman at run level 3
Notice: Service conman is not installed [288 Passes]
Checking: Service conman at run level 5
Notice: Service conman is not installed [289 Passes]
Checking: Service cpuspeed at run level 3
Notice: Service cpuspeed is not installed [290 Passes]
Checking: Service cpuspeed at run level 5
Notice: Service cpuspeed is not installed [291 Passes]
Checking: Service cryrus-imapd at run level 3
Notice: Service cryrus-imapd is not installed [292 Passes]
Checking: Service cryrus-imapd at run level 5
Notice: Service cryrus-imapd is not installed [293 Passes]
Checking: Service dc_client at run level 3
Notice: Service dc_client is not installed [294 Passes]
Checking: Service dc_client at run level 5
Notice: Service dc_client is not installed [295 Passes]
Checking: Service dc_server at run level 3
Notice: Service dc_server is not installed [296 Passes]
Checking: Service dc_server at run level 5
Notice: Service dc_server is not installed [297 Passes]
Checking: Service dhcdbd at run level 3
Notice: Service dhcdbd is not installed [298 Passes]
Checking: Service dhcdbd at run level 5
Notice: Service dhcdbd is not installed [299 Passes]
Checking: Service dhcp6s at run level 3
Notice: Service dhcp6s is not installed [300 Passes]
Checking: Service dhcp6s at run level 5
Notice: Service dhcp6s is not installed [301 Passes]
Checking: Service dhcrelay at run level 3
Notice: Service dhcrelay is not installed [302 Passes]
Checking: Service dhcrelay at run level 5
Notice: Service dhcrelay is not installed [303 Passes]
Checking: Service chargen at run level 3
Notice: Service chargen is not installed [304 Passes]
Checking: Service chargen at run level 5
Notice: Service chargen is not installed [305 Passes]
Checking: Service chargen-udp at run level 3
Notice: Service chargen-udp is not installed [306 Passes]
Checking: Service chargen-udp at run level 5
Notice: Service chargen-udp is not installed [307 Passes]
Checking: Service dovecot at run level 3
Notice: Service dovecot is not installed [308 Passes]
Checking: Service dovecot at run level 5
Notice: Service dovecot is not installed [309 Passes]
Checking: Service dund at run level 3
Notice: Service dund is not installed [310 Passes]
Checking: Service dund at run level 5
Notice: Service dund is not installed [311 Passes]
Checking: Service gpm at run level 3
Notice: Service gpm is not installed [312 Passes]
Checking: Service gpm at run level 5
Notice: Service gpm is not installed [313 Passes]
Checking: Service hidd at run level 3
Notice: Service hidd is not installed [314 Passes]
Checking: Service hidd at run level 5
Notice: Service hidd is not installed [315 Passes]
Checking: Service hplip at run level 3
Notice: Service hplip is not installed [316 Passes]
Checking: Service hplip at run level 5
Notice: Service hplip is not installed [317 Passes]
Checking: Service ibmasm at run level 3
Notice: Service ibmasm is not installed [318 Passes]
Checking: Service ibmasm at run level 5
Notice: Service ibmasm is not installed [319 Passes]
Checking: Service innd at run level 3
Notice: Service innd is not installed [320 Passes]
Checking: Service innd at run level 5
Notice: Service innd is not installed [321 Passes]
Checking: Service ip6tables at run level 3
Notice: Service ip6tables is not installed [322 Passes]
Checking: Service ip6tables at run level 5
Notice: Service ip6tables is not installed [323 Passes]
Checking: Service lisa at run level 3
Notice: Service lisa is not installed [324 Passes]
Checking: Service lisa at run level 5
Notice: Service lisa is not installed [325 Passes]
Checking: Service lm_sensors at run level 3
Notice: Service lm_sensors is not installed [326 Passes]
Checking: Service lm_sensors at run level 5
Notice: Service lm_sensors is not installed [327 Passes]
Checking: Service mailman at run level 3
Notice: Service mailman is not installed [328 Passes]
Checking: Service mailman at run level 5
Notice: Service mailman is not installed [329 Passes]
Checking: Service mctrans at run level 3
Notice: Service mctrans is not installed [330 Passes]
Checking: Service mctrans at run level 5
Notice: Service mctrans is not installed [331 Passes]
Checking: Service mdmonitor at run level 3
Notice: Service mdmonitor is not installed [332 Passes]
Checking: Service mdmonitor at run level 5
Notice: Service mdmonitor is not installed [333 Passes]
Checking: Service mdmpd at run level 3
Notice: Service mdmpd is not installed [334 Passes]
Checking: Service mdmpd at run level 5
Notice: Service mdmpd is not installed [335 Passes]
Checking: Service microcode_ctl at run level 3
Notice: Service microcode_ctl is not installed [336 Passes]
Checking: Service microcode_ctl at run level 5
Notice: Service microcode_ctl is not installed [337 Passes]
Checking: Service mysqld at run level 3
Notice: Service mysqld is not installed [338 Passes]
Checking: Service mysqld at run level 5
Notice: Service mysqld is not installed [339 Passes]
Checking: Service netplugd at run level 3
Notice: Service netplugd is not installed [340 Passes]
Checking: Service netplugd at run level 5
Notice: Service netplugd is not installed [341 Passes]
Checking: Service network at run level 3
Notice: Service network is not installed [342 Passes]
Checking: Service network at run level 5
Notice: Service network is not installed [343 Passes]
Checking: Service NetworkManager at run level 3
Notice: Service NetworkManager is not installed [344 Passes]
Checking: Service NetworkManager at run level 5
Notice: Service NetworkManager is not installed [345 Passes]
Checking: Service openibd at run level 3
Notice: Service openibd is not installed [346 Passes]
Checking: Service openibd at run level 5
Notice: Service openibd is not installed [347 Passes]
Checking: Service yum-updatesd at run level 3
Notice: Service yum-updatesd is not installed [348 Passes]
Checking: Service yum-updatesd at run level 5
Notice: Service yum-updatesd is not installed [349 Passes]
Checking: Service pand at run level 3
Notice: Service pand is not installed [350 Passes]
Checking: Service pand at run level 5
Notice: Service pand is not installed [351 Passes]
Checking: Service postfix at run level 3
Notice: Service postfix is not installed [352 Passes]
Checking: Service postfix at run level 5
Notice: Service postfix is not installed [353 Passes]
Checking: Service psacct at run level 3
Notice: Service psacct is not installed [354 Passes]
Checking: Service psacct at run level 5
Notice: Service psacct is not installed [355 Passes]
Checking: Service mutipathd at run level 3
Notice: Service mutipathd is not installed [356 Passes]
Checking: Service mutipathd at run level 5
Notice: Service mutipathd is not installed [357 Passes]
Checking: Service daytime at run level 3
Notice: Service daytime is not installed [358 Passes]
Checking: Service daytime at run level 5
Notice: Service daytime is not installed [359 Passes]
Checking: Service daytime-udp at run level 3
Notice: Service daytime-udp is not installed [360 Passes]
Checking: Service daytime-udp at run level 5
Notice: Service daytime-udp is not installed [361 Passes]
Checking: Service radiusd at run level 3
Notice: Service radiusd is not installed [362 Passes]
Checking: Service radiusd at run level 5
Notice: Service radiusd is not installed [363 Passes]
Checking: Service radvd at run level 3
Notice: Service radvd is not installed [364 Passes]
Checking: Service radvd at run level 5
Notice: Service radvd is not installed [365 Passes]
Checking: Service rdisc at run level 3
Notice: Service rdisc is not installed [366 Passes]
Checking: Service rdisc at run level 5
Notice: Service rdisc is not installed [367 Passes]
Checking: Service readahead_early at run level 3
Notice: Service readahead_early is not installed [368 Passes]
Checking: Service readahead_early at run level 5
Notice: Service readahead_early is not installed [369 Passes]
Checking: Service readahead_later at run level 3
Notice: Service readahead_later is not installed [370 Passes]
Checking: Service readahead_later at run level 5
Notice: Service readahead_later is not installed [371 Passes]
Checking: Service rhnsd at run level 3
Notice: Service rhnsd is not installed [372 Passes]
Checking: Service rhnsd at run level 5
Notice: Service rhnsd is not installed [373 Passes]
Checking: Service rpcgssd at run level 3
Notice: Service rpcgssd is not installed [374 Passes]
Checking: Service rpcgssd at run level 5
Notice: Service rpcgssd is not installed [375 Passes]
Checking: Service rpcimapd at run level 3
Notice: Service rpcimapd is not installed [376 Passes]
Checking: Service rpcimapd at run level 5
Notice: Service rpcimapd is not installed [377 Passes]
Checking: Service rpcsvcgssd at run level 3
Notice: Service rpcsvcgssd is not installed [378 Passes]
Checking: Service rpcsvcgssd at run level 5
Notice: Service rpcsvcgssd is not installed [379 Passes]
Checking: Service rstatd at run level 3
Notice: Service rstatd is not installed [380 Passes]
Checking: Service rstatd at run level 5
Notice: Service rstatd is not installed [381 Passes]
Checking: Service rusersd at run level 3
Notice: Service rusersd is not installed [382 Passes]
Checking: Service rusersd at run level 5
Notice: Service rusersd is not installed [383 Passes]
Checking: Service rwhod at run level 3
Notice: Service rwhod is not installed [384 Passes]
Checking: Service rwhod at run level 5
Notice: Service rwhod is not installed [385 Passes]
Checking: Service saslauthd at run level 3
Notice: Service saslauthd is not installed [386 Passes]
Checking: Service saslauthd at run level 5
Notice: Service saslauthd is not installed [387 Passes]
Checking: Service settroubleshoot at run level 3
Notice: Service settroubleshoot is not installed [388 Passes]
Checking: Service settroubleshoot at run level 5
Notice: Service settroubleshoot is not installed [389 Passes]
Checking: Service smartd at run level 3
Notice: Service smartd is not installed [390 Passes]
Checking: Service smartd at run level 5
Notice: Service smartd is not installed [391 Passes]
Checking: Service spamassasin at run level 3
Notice: Service spamassasin is not installed [392 Passes]
Checking: Service spamassasin at run level 5
Notice: Service spamassasin is not installed [393 Passes]
Checking: Service echo at run level 3
Notice: Service echo is not installed [394 Passes]
Checking: Service echo at run level 5
Notice: Service echo is not installed [395 Passes]
Checking: Service echo-udp at run level 3
Notice: Service echo-udp is not installed [396 Passes]
Checking: Service echo-udp at run level 5
Notice: Service echo-udp is not installed [397 Passes]
Checking: Service time at run level 3
Notice: Service time is not installed [398 Passes]
Checking: Service time at run level 5
Notice: Service time is not installed [399 Passes]
Checking: Service time-udp at run level 3
Notice: Service time-udp is not installed [400 Passes]
Checking: Service time-udp at run level 5
Notice: Service time-udp is not installed [401 Passes]
Checking: Service vnc at run level 3
Notice: Service vnc is not installed [402 Passes]
Checking: Service vnc at run level 5
Notice: Service vnc is not installed [403 Passes]
Checking: Service svcgssd at run level 3
Notice: Service svcgssd is not installed [404 Passes]
Checking: Service svcgssd at run level 5
Notice: Service svcgssd is not installed [405 Passes]
Checking: Service rpmconfigcheck at run level 3
Notice: Service rpmconfigcheck is not installed [406 Passes]
Checking: Service rpmconfigcheck at run level 5
Notice: Service rpmconfigcheck is not installed [407 Passes]
Checking: Service rsh at run level 3
Notice: Service rsh is not installed [408 Passes]
Checking: Service rsh at run level 5
Notice: Service rsh is not installed [409 Passes]
Checking: Service rsync at run level 3
Notice: Service rsync is not installed [410 Passes]
Checking: Service rsync at run level 5
Notice: Service rsync is not installed [411 Passes]
Checking: Service rsyncd at run level 3
Notice: Service rsyncd is not installed [412 Passes]
Checking: Service rsyncd at run level 5
Notice: Service rsyncd is not installed [413 Passes]
Checking: Service saslauthd at run level 3
Notice: Service saslauthd is not installed [414 Passes]
Checking: Service saslauthd at run level 5
Notice: Service saslauthd is not installed [415 Passes]
Checking: Service powerd at run level 3
Notice: Service powerd is not installed [416 Passes]
Checking: Service powerd at run level 5
Notice: Service powerd is not installed [417 Passes]
Checking: Service raw at run level 3
Notice: Service raw is not installed [418 Passes]
Checking: Service raw at run level 5
Notice: Service raw is not installed [419 Passes]
Checking: Service rexec at run level 3
Notice: Service rexec is not installed [420 Passes]
Checking: Service rexec at run level 5
Notice: Service rexec is not installed [421 Passes]
Checking: Service rlogin at run level 3
Notice: Service rlogin is not installed [422 Passes]
Checking: Service rlogin at run level 5
Notice: Service rlogin is not installed [423 Passes]
Checking: Service rpasswdd at run level 3
Notice: Service rpasswdd is not installed [424 Passes]
Checking: Service rpasswdd at run level 5
Notice: Service rpasswdd is not installed [425 Passes]
Checking: Service openct at run level 3
Notice: Service openct is not installed [426 Passes]
Checking: Service openct at run level 5
Notice: Service openct is not installed [427 Passes]
Checking: Service ipxmount at run level 3
Notice: Service ipxmount is not installed [428 Passes]
Checking: Service ipxmount at run level 5
Notice: Service ipxmount is not installed [429 Passes]
Checking: Service joystick at run level 3
Notice: Service joystick is not installed [430 Passes]
Checking: Service joystick at run level 5
Notice: Service joystick is not installed [431 Passes]
Checking: Service esound at run level 3
Notice: Service esound is not installed [432 Passes]
Checking: Service esound at run level 5
Notice: Service esound is not installed [433 Passes]
Checking: Service evms at run level 3
Notice: Service evms is not installed [434 Passes]
Checking: Service evms at run level 5
Notice: Service evms is not installed [435 Passes]
Checking: Service fam at run level 3
Notice: Service fam is not installed [436 Passes]
Checking: Service fam at run level 5
Notice: Service fam is not installed [437 Passes]
Checking: Service gpm at run level 3
Notice: Service gpm is not installed [438 Passes]
Checking: Service gpm at run level 5
Notice: Service gpm is not installed [439 Passes]
Checking: Service gssd at run level 3
Notice: Service gssd is not installed [440 Passes]
Checking: Service gssd at run level 5
Notice: Service gssd is not installed [441 Passes]
Checking: Service pcscd at run level 3
Notice: Service pcscd is not installed [442 Passes]
Checking: Service pcscd at run level 5
Notice: Service pcscd is not installed [443 Passes]
Checking: Service tog-pegasus at run level 3
Notice: Service tog-pegasus is not installed [444 Passes]
Checking: Service tog-pegasus at run level 5
Notice: Service tog-pegasus is not installed [445 Passes]
Checking: Service tux at run level 3
Notice: Service tux is not installed [446 Passes]
Checking: Service tux at run level 5
Notice: Service tux is not installed [447 Passes]
Checking: Service wpa_supplicant at run level 3
Notice: Service wpa_supplicant is not installed [448 Passes]
Checking: Service wpa_supplicant at run level 5
Notice: Service wpa_supplicant is not installed [449 Passes]
Checking: Service zebra at run level 3
Notice: Service zebra is not installed [450 Passes]
Checking: Service zebra at run level 5
Notice: Service zebra is not installed [451 Passes]
Checking: Service ncpfs at run level 3
Notice: Service ncpfs is not installed [452 Passes]
Checking: Service ncpfs at run level 5
Notice: Service ncpfs is not installed [453 Passes]
Checking: File permissions on /var/log/lastlog
Warning: File /var/log/lastlog has incorrect permissions [199 Warnings]
Checking: File permissions on /var/log/wtmp
Warning: File /var/log/wtmp has incorrect permissions [200 Warnings]
Checking: Value of "authpriv.*" is set to "/var/log/secure" in /etc/syslog.conf
Warning: Parameter "authpriv.*" not set to "/var/log/secure" in /etc/syslog.conf [201 Warnings]
Checking: Value of "auth.*" is set to "/var/log/messages" in /etc/syslog.conf
Warning: Parameter "auth.*" not set to "/var/log/messages" in /etc/syslog.conf [202 Warnings]
Checking: Value of "daemon.*" is set to "/var/log/daemon.log" in /etc/syslog.conf
Warning: Parameter "daemon.*" not set to "/var/log/daemon.log" in /etc/syslog.conf [203 Warnings]
Checking: Value of "syslog.*" is set to "/var/log/syslog" in /etc/syslog.conf
Warning: Parameter "syslog.*" not set to "/var/log/syslog" in /etc/syslog.conf [204 Warnings]
Checking: Value of "lpr,news,uucp,local0,local1,local2,local3,local4,local5,local6.*" is set to "/var/log/unused.log" in /etc/syslog.conf
Warning: Parameter "lpr,news,uucp,local0,local1,local2,local3,local4,local5,local6.*" not set to "/var/log/unused.log" in /etc/syslog.conf [205 Warnings]
Checking: Service kdump at run level 3
Notice: Service kdump is not installed [454 Passes]
Checking: Service kdump at run level 5
Notice: Service kdump is not installed [455 Passes]
Checking: Parameter "* hard core 0" is set in /etc/security/limits.conf
Warning: Parameter "* hard core 0" does not exist in /etc/security/limits.conf [206 Warnings]
Checking: Value of "fs.suid_dumpable" is set to "0" in /etc/sysctl.conf
Warning: Parameter "fs.suid_dumpable" not set to "0" in /etc/sysctl.conf [207 Warnings]
Checking: Value of "OPTIONS" is set to ""-u chrony"" in /etc/sysconfig/chronyd
Warning: Parameter "OPTIONS" not set to ""-u chrony"" in /etc/sysconfig/chronyd [208 Warnings]
Checking: Value of "ExecStart" is set to "/usr/sbin/ntpd -u ntp:ntp " in /usr/lib/systemd/system/ntpd.service
Warning: Parameter "ExecStart" not set to "/usr/sbin/ntpd -u ntp:ntp " in /usr/lib/systemd/system/ntpd.service [209 Warnings]
Checking: NTP is enabled
Warning: NTP not enabled [210 Warnings]
Checking: Service ntp at run level 3
Notice: Service ntp is not installed [456 Passes]
Checking: Service ntp at run level 5
Notice: Service ntp is not installed [457 Passes]
Checking: Parameter "restrict default kod nomodify nopeer notrap noquery" is set in /usr/lib/systemd/system/ntpd.service
Warning: Parameter "restrict default kod nomodify nopeer notrap noquery" does not exist in /usr/lib/systemd/system/ntpd.service [211 Warnings]
Checking: Parameter "restrict -6 default kod nomodify nopeer notrap noquery" is set in /usr/lib/systemd/system/ntpd.service
Warning: Parameter "restrict -6 default kod nomodify nopeer notrap noquery" does not exist in /usr/lib/systemd/system/ntpd.service [212 Warnings]
Checking: Value of "OPTIONS" is set to ""-u ntp:ntp -p /var/run/ntpd.pid"" in /usr/lib/systemd/system/ntpd.service
Warning: Parameter "OPTIONS" not set to ""-u ntp:ntp -p /var/run/ntpd.pid"" in /usr/lib/systemd/system/ntpd.service [213 Warnings]
Checking: Value of "server" is set to "0.au.pool.ntp.org" in /usr/lib/systemd/system/ntpd.service
Warning: Parameter "server" not set to "0.au.pool.ntp.org" in /usr/lib/systemd/system/ntpd.service [214 Warnings]
Checking: Value of "server" is set to "1.au.pool.ntp.org" in /usr/lib/systemd/system/ntpd.service
Warning: Parameter "server" not set to "1.au.pool.ntp.org" in /usr/lib/systemd/system/ntpd.service [215 Warnings]
Checking: Value of "server" is set to "2.au.pool.ntp.org" in /usr/lib/systemd/system/ntpd.service
Warning: Parameter "server" not set to "2.au.pool.ntp.org" in /usr/lib/systemd/system/ntpd.service [216 Warnings]
Checking: Value of "server" is set to "3.au.pool.ntp.org" in /usr/lib/systemd/system/ntpd.service
Warning: Parameter "server" not set to "3.au.pool.ntp.org" in /usr/lib/systemd/system/ntpd.service [217 Warnings]
Checking: Service ipmi at run level 3
Notice: Service ipmi is not installed [458 Passes]
Checking: Service ipmi at run level 5
Notice: Service ipmi is not installed [459 Passes]
Checking: Service rarpd at run level 3
Notice: Service rarpd is not installed [460 Passes]
Checking: Service rarpd at run level 5
Notice: Service rarpd is not installed [461 Passes]
Checking: Service bootparamd at run level 3
Notice: Service bootparamd is not installed [462 Passes]
Checking: Service bootparamd at run level 5
Notice: Service bootparamd is not installed [463 Passes]
Checking: Service tftp at run level 3
Notice: Service tftp is not installed [464 Passes]
Checking: Service tftp at run level 5
Notice: Service tftp is not installed [465 Passes]
Checking: File permissions on /tftpboot
Notice: File /tftpboot does not exist
Checking: File permissions on /var/tftpboot
Notice: File /var/tftpboot does not exist
Warning: Not uninstalling package as package uninstall has been set to no
Warning: Not uninstalling package as package uninstall has been set to no
Checking: Service postgresql at run level 3
Notice: Service postgresql is not installed [468 Passes]
Checking: Service postgresql at run level 5
Notice: Service postgresql is not installed [469 Passes]
Tests: 682
Secure: 469
Warnings: 217