| CIS | Level 1 benchmark for | Mapping to |
| 1.3.7 | Disable other standard boot services | MiscellaneousDaemons.disable_rbootd |
|
|
| MiscellaneousDaemons.nfs_server |
|
|
| MiscellaneousDaemons.nfs_client |
|
|
| MiscellaneousDaemons.disable_ptydaemon |
|
|
| Apache.deactivate_hpws_apache |
|
|
| MiscellaneousDaemons.snmpd |
|
|
| MiscellaneousDaemons.nfs_core |
|
|
| MiscellaneousDaemons.other_boot_serv |
|
|
| MiscellaneousDaemons.disable_smbclient |
|
|
| MiscellaneousDaemons.disable_smbserver |
|
|
| MiscellaneousDaemons.disable_bind |
| 1.3.8 | Only enable | Not Applicable |
| 1.3.9 | Only enable | Not Applicable |
| 1.3.10 | Only enable NFS server processes | Not Applicable |
| 1.3.11 | Only enable NFS client processes | Not Applicable |
| 1.3.12 | Only enable | Not Applicable |
| 1.3.13 | Only enable Web server | Not Applicable |
| 1.3.14 | Only enable BIND DNS server | Not Applicable |
| 1.4 | Kernel Tuning |
|
| 1.4.1 | Enable stack protection | HP_UX.stack_execute |
| 1.4.2 | Network parameter modifications | HP_UX.ndd |
| 1.4.3 | Use better TCP sequence numbers | HP_UX.tcp_isn |
| 1.4.4 | Additional network parameter modifications | HP_UX.ndd |
| 1.5 | File/Directory Permissions/Access |
|
| 1.5.1 | Set Sticky Bit on World Writable Directories | Not Scorable |
|
| Find unauthorized |
|
| 1.5.2 | executables | Not Scorable |
| 1.5.3 | Find 'unowned' files and directories | AccountSecurity.unowned_files |
| 1.6 | System Access, Authentication, and Authorization |
|
| 1.6.1 | Enable Hidden Passwords | AccountSecurity.hidepasswords |
| 1.6.2 | Restrict users who can access to FTP | FTP.ftpusers |
| 1.6.3 | Prevent Syslog from accepting messages from the network | MiscellaneousDaemons.syslog_localonly |
| 1.6.4 | Disable XDMCP port | MiscellaneousDaemons.xaccess |
| 1.6.5 | Set | HP_UX.screensaver_timeout |
| 1.6.6 | Configure IPFilter to allow only select communication | Not Scorable |
| 1.6.7 | Restrict at/cron to authorized users | AccountSecurity.cronuser |
|
|
| AccountSecurity.atuser |
| 1.6.8 | Restrict crontab file permissions | AccountSecurity.crontabs_file |
| 1.6.9 | Restrict root logins to system console | AccountSecurity.create_securetty |
| 1.6.10 | Set retry limit for account lockout | AccountSecurity.AUTH_MAXTRIES |
| 1.6.11 | Disable 'nobody' access for secure RPC | MiscellaneousDaemons.nobody_secure_rpc |
| 1.7 | Logging |
|
68 | CIS mapping to |
|