CIS | Level 1 benchmark for | Mapping to |
1.7.1 | Enable | AccountSecurity.system_auditing |
1.7.2 | Enable logging from inetd | SecureInetd.log_inetd |
1.7.3 | Turn on additional logging for FTP daemon | SecureInetd.ftp_logging |
1.8 | User Accounts and Environment |
|
1.8.1 | Block system accounts | AccountSecurity.block_system_accounts |
1.8.2 | Verify that there are no accounts with empty password fields | AccountSecurity.lock_account_nopasswd |
1.8.3 | Set account expiration parameters on active accounts | AccountSecurity.PASSWORD_MAXDAYS |
|
| AccountSecurity.PASSWORD_MINDAYS |
|
| AccountSecurity.PASSWORD_WARNDAYS |
1.8.4 | Set strong password enforcement policies | AccountSecurity.PASSWORD_HISTORY_DEPTH |
|
| AccountSecurity.MIN_PASSWORD_LENGTH |
1.8.5 | Verify no legacy '+' entries exist in passwd and group files | MiscellaneousDaemons.nis_client |
1.8.6 | No '.' or | AccountSecurity.root_path |
| User home directories should be mode 750 or more |
|
1.8.7 | restrictive | AccountSecurity.restrict_home |
1.8.8 | No user | AccountSecurity.user_dot_files |
1.8.9 | Remove user .netrc, .rhosts and .shosts files | AccountSecurity.user_rc_files |
1.8.10 | Set default umask for users | AccountSecurity.umask |
1.8.11 | Set "mesg n" as default for all users | AccountSecurity.mesgn |
1.9 | Warning Banners |
|
1.9.1 | Create warning banners for | SecureInetd.banners |
1.9.2 | Create warning banners for GUI logins | HP_UX.gui_banner |
1.9.3 | Create warning banners for FTP daemon | FTP.ftpbanner |
69