Summary

During OSCAP Scan Result (ID OSCAP-Test-F14-Desktop) processing which started 2011-06-28 00:21 and ended 2011-06-28 00:42, 395 rule results were recorded.

Result ID: OSCAP-Test-F14-Desktop

Start time: 2011-06-28 00:21

End time: 2011-06-28 00:42

Profile: F14-Desktop

Target: localhost.localdomain

Rule Results Summary

pass 68
fixed 0
fail 8
error 0
not selected 319
not checked 0
not applicable 0
informational 0
unknown 0
total 395

Target Information

Target

  • localhost.localdomain

Addresses

  • 127.0.0.1
  • 192.168.0.9
  • ::1
  • 2002:614c:a6cd:0:a00:27ff:fefc:6b6
  • fe80::a00:27ff:fefc:6b6%eth0

Benchmark Execution Information

Score

system score max bar
urn:xccdf:scoring:default 7.93 100.00
urn:xccdf:scoring:flat 680.00 760.00

Results

Title Result more
Ensure Fedora GPG Key is Installed pass
Ensure gpgcheck is Globally Activated pass
Ensure Package Signature Checking is Not Disabled For Any Repos pass
Ensure Repodata Signature Checking is Not Disabled For Any Repos pass
Verify user who owns 'shadow' file pass
Verify group who owns 'shadow' file pass
Verify user who owns 'group' file pass
Verify group who owns 'group' file pass
Verify user who owns 'gshadow' file pass
Verify group who owns 'gshadow' file pass
Verify user who owns 'passwd' file pass
Verify group who owns 'passwd' file pass
Verify permissions on 'shadow' file pass
Verify permissions on 'group' file pass
Verify permissions on 'gshadow' file pass
Verify permissions on 'passwd' file pass
Verify that All World-Writable Directories Have Sticky Bits Set pass
Find Unauthorized World-Writable Files pass
Find Unauthorized SGID System Executables fail
Find Unauthorized SUID System Executables fail
Find files unowned by a user fail
Find files unowned by a group fail
Find world writable directories not owned by a system account pass
Set Daemon umask pass
Disable Core Dumps for SUID programs pass
Enable ExecShield pass
Enable ExecShield randomized placement of virtual memory regions pass
Restrict serial port Root Logins pass
Verify that No Accounts Have Empty Password Fields pass
Verify that All Account Password Hashes are Shadowed pass
Verify that No Non-Root Accounts Have UID 0 pass
Set password minimum length pass
Set password warn age pass
Password hashing algorithm fail
Ensure that No Dangerous Directories Exist in Root's Path pass
Write permissions are disabled for group and other in all directories in Root's Path pass
Ensure that User Home Directories are not Group-Writable or World-Readable fail
Ensure that Users Have Sensible Umask Values in /etc/bashrc pass
Ensure that Users Have Sensible Umask Values in /etc/csh.cshrc pass
Set Boot Loader user owner pass
Set Boot Loader group owner fail
Set permission on /boot/grub/grub.conf pass
Enable SELinux in /etc/grub.conf pass
Set the SELinux state fail
Set the SELinux policy pass
Verify ip6tables is enabled pass
Verify iptables is enabled pass
Configure Rsyslog pass
Confirm user that owns System Log Files pass
Confirm group that owns System Log Files pass
Confirm Permissions of System Log Files pass
Enable the auditd Service pass
Set group owner on /etc/crontab pass
Set user owner on /etc/crontab pass
Set Permissions on /etc/crontab pass
Set group owner on /etc/anacrontab pass
Set user owner on /etc/anacrontab pass
Set Permissions on /etc/anacrontab pass
Set group owner on /etc/cron.hourly pass
Set group owner on /etc/cron.daily pass
Set group owner on /etc/cron.weekly pass
Set group owner on /etc/cron.monthly pass
Set group owner on /etc/cron.d pass
Set user owner on /etc/cron.hourly pass
Set user owner on /etc/cron.daily pass
Set user owner on /etc/cron.weekly pass
Set user owner on /etc/cron.monthly pass
Set user owner on /etc/cron.d pass
Set permissions on /etc/cron.hourly pass
Set permissions on /etc/cron.daily pass
Set permissions on /etc/cron.weekly pass
Set permissions on /etc/cron.monthly pass
Set permissions on /etc/cron.d pass
Restrict group owner on /var/spool/cron directory pass
Restrict user owner on /var/spool/cron directory pass
Restrict Permissions on /var/spool/cron directory pass

Result for Ensure Fedora GPG Key is Installed

Result: pass

Rule ID: rule-2.1.2.1.1.a

Time: 2011-06-28 00:21

The GPG key should be installed.

Result for Ensure gpgcheck is Globally Activated

Result: pass

Rule ID: rule-2.1.2.3.3.a

Time: 2011-06-28 00:21

The gpgcheck option should be used to ensure that checking of an RPM package’s signature always occurs prior to its installation.

To force yum to check package signatures before installing them, ensure that the following line appears in /etc/yum.conf in the [main] section:

gpgcheck=1

Result for Ensure Package Signature Checking is Not Disabled For Any Repos

Result: pass

Rule ID: rule-2.1.2.3.4.a

Time: 2011-06-28 00:21

To ensure that signature checking is not disabled for any repos, ensure that the following line DOES NOT appear in any repo configuration files in /etc/yum.repos.d or elsewhere:

gpgcheck=0

Result for Ensure Repodata Signature Checking is Not Disabled For Any Repos

Result: pass

Rule ID: rule-2.1.2.3.6.a

Time: 2011-06-28 00:21

To ensure that signature checking is not disabled for any repos, ensure that the following line DOES NOT appear in any repo configuration files in /etc/yum.repos.d or elsewhere:

gpgcheck=0

Result for Verify user who owns 'shadow' file

Result: pass

Rule ID: rule-2.2.3.1.a

Time: 2011-06-28 00:21

Severity: medium

The /etc/shadow file should be owned by root.

Security identifiers

  • CCE-3918-0

Result for Verify group who owns 'shadow' file

Result: pass

Rule ID: rule-2.2.3.1.b

Time: 2011-06-28 00:21

Severity: medium

The /etc/shadow file should be owned by root.

Security identifiers

  • CCE-3988-3

Result for Verify user who owns 'group' file

Result: pass

Rule ID: rule-2.2.3.1.c

Time: 2011-06-28 00:21

Severity: medium

The /etc/group file should be owned by root.

Security identifiers

  • CCE-3276-3

Result for Verify group who owns 'group' file

Result: pass

Rule ID: rule-2.2.3.1.d

Time: 2011-06-28 00:21

Severity: medium

The /etc/group file should be owned by root.

Security identifiers

  • CCE-3883-6

Result for Verify user who owns 'gshadow' file

Result: pass

Rule ID: rule-2.2.3.1.e

Time: 2011-06-28 00:21

Severity: medium

The /etc/gshadow file should be owned by root.

Security identifiers

  • CCE-4210-1

Result for Verify group who owns 'gshadow' file

Result: pass

Rule ID: rule-2.2.3.1.f

Time: 2011-06-28 00:21

Severity: medium

The /etc/gshadow file should be owned by root.

Security identifiers

  • CCE-4064-2

Result for Verify user who owns 'passwd' file

Result: pass

Rule ID: rule-2.2.3.1.g

Time: 2011-06-28 00:21

Severity: medium

The /etc/passwd file should be owned by root.

Security identifiers

  • CCE-3958-6

Result for Verify group who owns 'passwd' file

Result: pass

Rule ID: rule-2.2.3.1.h

Time: 2011-06-28 00:21

Severity: medium

The /etc/passwd file should be owned by root.

Security identifiers

  • CCE-3495-9

Result for Verify permissions on 'shadow' file

Result: pass

Rule ID: rule-2.2.3.1.i

Time: 2011-06-28 00:21

Severity: medium

File permissions for /etc/shadow should be set correctly.

Security identifiers

  • CCE-4130-1

Result for Verify permissions on 'group' file

Result: pass

Rule ID: rule-2.2.3.1.j

Time: 2011-06-28 00:21

Severity: medium

File permissions for /etc/group should be set correctly.

Security identifiers

  • CCE-3967-7

Result for Verify permissions on 'gshadow' file

Result: pass

Rule ID: rule-2.2.3.1.k

Time: 2011-06-28 00:21

Severity: medium

File permissions for /etc/gshadow should be set correctly.

Security identifiers

  • CCE-3932-1

Result for Verify permissions on 'passwd' file

Result: pass

Rule ID: rule-2.2.3.1.l

Time: 2011-06-28 00:21

Severity: medium

File permissions for /etc/passwd should be set correctly.

Security identifiers

  • CCE-3566-7

Result for Verify that All World-Writable Directories Have Sticky Bits Set

Result: pass

Rule ID: rule-2.2.3.2.a

Time: 2011-06-28 00:23

Severity: low

The sticky bit should be set for all world-writable directories.

Security identifiers

  • CCE-3399-3

Remediation instructions

Locate any directories in local partitions which are world-writable and do not have their sticky bits set. The following command will discover and print these. Run it once for each local partition PART:

# find PART -xdev -type d \( -perm -0002 -a ! -perm -1000 \) -print

If this command produces any output, fix each reported directory /dir using the command:

# chmod +t /dir

Result for Find Unauthorized World-Writable Files

Result: pass

Rule ID: rule-2.2.3.3.a

Time: 2011-06-28 00:26

Severity: medium

The world-write permission should be disabled for all files.

Security identifiers

  • CCE-3795-2

Remediation instructions

The following command discovers and prints any world-writable files in local partitions. Run it once for each local partition PART:

find PART -xdev -type f -perm -0002 -print | xargs chmod o-w

Result for Find Unauthorized SGID System Executables

Result: fail

Rule ID: rule-2.2.3.4.a

Time: 2011-06-28 00:29

Severity: medium

The sgid bit should not be set for all files.

Security identifiers

  • CCE-4178-0

Result for Find Unauthorized SUID System Executables

Result: fail

Rule ID: rule-2.2.3.4.b

Time: 2011-06-28 00:32

Severity: high

The suid bit should not be set for all files.

Security identifiers

  • CCE-3324-1

Result for Find files unowned by a user

Result: fail

Rule ID: rule-2.2.3.5.a

Time: 2011-06-28 00:36

Severity: medium

All files should be owned by a user

Security identifiers

  • CCE-4223-4

Result for Find files unowned by a group

Result: fail

Rule ID: rule-2.2.3.5.b

Time: 2011-06-28 00:40

Severity: medium

All files should be owned by a group

Security identifiers

  • CCE-3573-3

Result for Find world writable directories not owned by a system account

Result: pass

Rule ID: rule-2.2.3.6.a

Time: 2011-06-28 00:42

Severity: medium

All world writable directories should be owned by a system user

Result for Set Daemon umask

Result: pass

Rule ID: rule-2.2.4.1.a

Time: 2011-06-28 00:42

Severity: medium

The daemon umask should be set to profile value

Security identifiers

  • CCE-4220-0

Remediation instructions

Edit the file /etc/rc.d/init.d/functions, and add or correct the following line: umask 022

Result for Disable Core Dumps for SUID programs

Result: pass

Rule ID: rule-2.2.4.2.b

Time: 2011-06-28 00:42

Severity: low

Core dumps for setuid programs should be disabled

Security identifiers

  • CCE-4247-3

Remediation instructions

To ensure that core dumps can never be made by setuid programs, edit /etc/sysctl.conf and add or correct the line: fs.suid_dumpable = 0

Result for Enable ExecShield

Result: pass

Rule ID: rule-2.2.4.3.a

Time: 2011-06-28 00:42

ExecShield should be enabled

Security identifiers

  • CCE-4168-1

Remediation instructions

To ensure ExecShield (including random placement of virtual memory regions) is activated at boot, add or correct the following settings in /etc/sysctl.conf: kernel.exec-shield = 1

Result for Enable ExecShield randomized placement of virtual memory regions

Result: pass

Rule ID: rule-2.2.4.3.b

Time: 2011-06-28 00:42

ExecShield randomized placement of virtual memory regions should be enabled

Security identifiers

  • CCE-4146-7

Remediation instructions

To ensure ExecShield (including random placement of virtual memory regions) is activated at boot, add or correct the following settings in /etc/sysctl.conf: kernel.randomize_va_space = 2

Result for Restrict serial port Root Logins

Result: pass

Rule ID: rule-2.3.1.1.d

Time: 2011-06-28 00:42

Severity: medium

Login prompts on serial ports should be disabled.

Security identifiers

  • CCE-4256-4

Remediation instructions

Edit /etc/securetty

Result for Verify that No Accounts Have Empty Password Fields

Result: pass

Rule ID: rule-2.3.1.5.1.a

Time: 2011-06-28 00:42

Severity: medium

Login access to accounts without passwords should be disabled

Security identifiers

  • CCE-4238-2

Result for Verify that All Account Password Hashes are Shadowed

Result: pass

Rule ID: rule-2.3.1.5.2.a

Time: 2011-06-28 00:42

Severity: medium

Check that passwords are shadowed

Result for Verify that No Non-Root Accounts Have UID 0

Result: pass

Rule ID: rule-2.3.1.6.a

Time: 2011-06-28 00:42

Severity: medium

Anonymous root logins should be disabled

Security identifiers

  • CCE-4009-7

Result for Set password minimum length

Result: pass

Rule ID: rule-2.3.1.7.a

Time: 2011-06-28 00:42

Severity: medium

The password minimum length should be set to: 5

Security identifiers

  • CCE-4154-1

Result for Set password warn age

Result: pass

Rule ID: rule-2.3.1.7.d

Time: 2011-06-28 00:42

Severity: medium

The password warn age should be set to: 7

Security identifiers

  • CCE-4097-2

Result for Password hashing algorithm

Result: fail

Rule ID: rule-2.3.3.5.a

Time: 2011-06-28 00:42

Severity: medium

The password hashing algorithm should be set to SHA-512

Remediation script

                /usr/sbin/authconfig --passalgo=sha512 --update
              

Result for Ensure that No Dangerous Directories Exist in Root's Path

Result: pass

Rule ID: rule-2.3.4.1.a

Time: 2011-06-28 00:42

Severity: medium

The PATH variable should be set correctly for user root

Security identifiers

  • CCE-3301-9

Result for Write permissions are disabled for group and other in all directories in Root's Path

Result: pass

Rule ID: rule-2.3.4.1.b

Time: 2011-06-28 00:42

Severity: medium

Check each directory in root's path and make use it does not grant write permission to group and other

Result for Ensure that User Home Directories are not Group-Writable or World-Readable

Result: fail

Rule ID: rule-2.3.4.2.a

Time: 2011-06-28 00:42

Severity: medium

File permissions should be set correctly for the home directories for all user accounts.

Security identifiers

  • CCE-4090-7

Result for Ensure that Users Have Sensible Umask Values in /etc/bashrc

Result: pass

Rule ID: rule-2.3.4.4.a

Time: 2011-06-28 00:42

Severity: medium

The default umask for all users for the bash shell should be set to: 002

Security identifiers

  • CCE-3844-8

Result for Ensure that Users Have Sensible Umask Values in /etc/csh.cshrc

Result: pass

Rule ID: rule-2.3.4.4.b

Time: 2011-06-28 00:42

Severity: medium

The default umask for all users for the csh shell should be set to: 002

Security identifiers

  • CCE-4227-5

Result for Set Boot Loader user owner

Result: pass

Rule ID: rule-2.3.5.2.a

Time: 2011-06-28 00:42

Severity: medium

The /boot/grub/grub.conf file should be owned by root.

Security identifiers

  • CCE-4144-2

Remediation script

                chown root /boot/grub/grub.conf
              

Result for Set Boot Loader group owner

Result: fail

Rule ID: rule-2.3.5.2.b

Time: 2011-06-28 00:42

Severity: medium

The /boot/grub/grub.conf file should be owned by group root.

Security identifiers

  • CCE-4197-0

Remediation script

                chown :root /boot/grub/grub.conf
              

Result for Set permission on /boot/grub/grub.conf

Result: pass

Rule ID: rule-2.3.5.2.c

Time: 2011-06-28 00:42

Severity: medium

File permissions for /boot/grub/grub.conf should be set correctly.

Security identifiers

  • CCE-3923-0

Remediation script

                chmod 600 /boot/grub/grub.conf
              

Result for Enable SELinux in /etc/grub.conf

Result: pass

Rule ID: rule-2.4.2.a

Time: 2011-06-28 00:42

Severity: medium

SELinux should NOT be disabled in /etc/grub.conf. Check that selinux=0 is not found

Security identifiers

  • CCE-3977-6

Remediation instructions

Remove offending line from /etc/grub.conf

Result for Set the SELinux state

Result: fail

Rule ID: rule-2.4.2.c

Time: 2011-06-28 00:42

Severity: medium

The SELinux state should be: enforcing

Remediation instructions

Edit /etc/selinux/config

Result for Set the SELinux policy

Result: pass

Rule ID: rule-2.4.2.d

Time: 2011-06-28 00:42

Severity: medium

The SELinux policy should be set appropriately.

Security identifiers

  • CCE-3624-4

Remediation instructions

Edit /etc/selinux/config

Result for Verify ip6tables is enabled

Result: pass

Rule ID: rule-2.5.5.1.a

Time: 2011-06-28 00:42

Severity: high

The ip6tables service should be enabled.

Security identifiers

  • CCE-4167-3

Remediation script

                chkconfig ip6tables on
              

Result for Verify iptables is enabled

Result: pass

Rule ID: rule-2.5.5.1.b

Time: 2011-06-28 00:42

Severity: high

The iptables service should be enabled.

Security identifiers

  • CCE-4189-7

Remediation script

                chkconfig iptables on
              

Result for Configure Rsyslog

Result: pass

Rule ID: rule-2.6.1.a

Time: 2011-06-28 00:42

Severity: medium

The rsyslog service should be enabled.

Security identifiers

  • CCE-3679-8

Remediation script

                chkconfig rsyslog on
              

Result for Confirm user that owns System Log Files

Result: pass

Rule ID: rule-2.6.1.2.a

Time: 2011-06-28 00:42

Severity: medium

All syslog log files should be owned by root.

Security identifiers

  • CCE-4366-1

Remediation instructions

(1) via chown

Result for Confirm group that owns System Log Files

Result: pass

Rule ID: rule-2.6.1.2.b

Time: 2011-06-28 00:42

Severity: medium

All syslog log files should be group owned by root.

Security identifiers

  • CCE-3701-0

Remediation instructions

(1) via chown

Result for Confirm Permissions of System Log Files

Result: pass

Rule ID: rule-2.6.1.2.c

Time: 2011-06-28 00:42

Severity: medium

File permissions for all syslog log files should be set correctly.

Security identifiers

  • CCE-4233-3

Remediation instructions

(1) via chmod

Result for Enable the auditd Service

Result: pass

Rule ID: rule-2.6.2.1.a

Time: 2011-06-28 00:42

Severity: medium

The auditd service should be enabled.

Security identifiers

  • CCE-4292-9

Remediation instructions

(1) via chkconfig

Result for Set group owner on /etc/crontab

Result: pass

Rule ID: rule-3.4.2.1.a

Time: 2011-06-28 00:42

Severity: medium

The /etc/crontab file should be owned by the appropriate group.

Security identifiers

  • CCE-3626-9

Remediation instructions

(1) via chown

Result for Set user owner on /etc/crontab

Result: pass

Rule ID: rule-3.4.2.1.b

Time: 2011-06-28 00:42

Severity: medium

The /etc/crontab file should be owned by the appropriate user.

Security identifiers

  • CCE-3851-3

Remediation instructions

(1) via chown

Result for Set Permissions on /etc/crontab

Result: pass

Rule ID: rule-3.4.2.1.c

Time: 2011-06-28 00:42

Severity: medium

File permissions for /etc/crontab should be set correctly.

Security identifiers

  • CCE-4388-5

Remediation instructions

(1) via chmod

Result for Set group owner on /etc/anacrontab

Result: pass

Rule ID: rule-3.4.2.2.a

Time: 2011-06-28 00:42

Severity: medium

The /etc/anacrontab file should be owned by the appropriate group.

Security identifiers

  • CCE-3604-6

Remediation instructions

(1) via chown

Result for Set user owner on /etc/anacrontab

Result: pass

Rule ID: rule-3.4.2.2.b

Time: 2011-06-28 00:42

Severity: medium

The /etc/anacrontab file should be owned by the appropriate user.

Security identifiers

  • CCE-4379-4

Remediation instructions

(1) via chown

Result for Set Permissions on /etc/anacrontab

Result: pass

Rule ID: rule-3.4.2.2.c

Time: 2011-06-28 00:42

Severity: medium

File permissions for /etc/anacrontab should be set correctly.

Security identifiers

  • CCE-4304-2

Remediation instructions

(1) via chmod

Result for Set group owner on /etc/cron.hourly

Result: pass

Rule ID: rule-3.4.2.3.a

Time: 2011-06-28 00:42

Severity: medium

The /etc/cron.hourly file should be owned by the appropriate group.

Security identifiers

  • CCE-4054-3

Remediation instructions

(1) via chown

Result for Set group owner on /etc/cron.daily

Result: pass

Rule ID: rule-3.4.2.3.b

Time: 2011-06-28 00:42

Severity: medium

The /etc/cron.daily file should be owned by the appropriate group.

Security identifiers

  • CCE-3481-9

Remediation instructions

(1) via chown

Result for Set group owner on /etc/cron.weekly

Result: pass

Rule ID: rule-3.4.2.3.c

Time: 2011-06-28 00:42

Severity: medium

The /etc/cron.weekly file should be owned by the appropriate group.

Security identifiers

  • CCE-4331-5

Remediation instructions

(1) via chown

Result for Set group owner on /etc/cron.monthly

Result: pass

Rule ID: rule-3.4.2.3.d

Time: 2011-06-28 00:42

Severity: medium

The /etc/cron.monthly file should be owned by the appropriate group.

Security identifiers

  • CCE-4322-4

Remediation instructions

(1) via chown

Result for Set group owner on /etc/cron.d

Result: pass

Rule ID: rule-3.4.2.3.e

Time: 2011-06-28 00:42

Severity: medium

The /etc/cron.d file should be owned by the appropriate group.

Security identifiers

  • CCE-4212-7

Remediation instructions

(1) via chown

Result for Set user owner on /etc/cron.hourly

Result: pass

Rule ID: rule-3.4.2.3.f

Time: 2011-06-28 00:42

Severity: medium

The /etc/cron.hourly file should be owned by the appropriate user.

Security identifiers

  • CCE-3983-4

Remediation instructions

(1) via chown

Result for Set user owner on /etc/cron.daily

Result: pass

Rule ID: rule-3.4.2.3.g

Time: 2011-06-28 00:42

Severity: medium

The /etc/cron.daily file should be owned by the appropriate user.

Security identifiers

  • CCE-4022-0

Remediation instructions

(1) via chown

Result for Set user owner on /etc/cron.weekly

Result: pass

Rule ID: rule-3.4.2.3.h

Time: 2011-06-28 00:42

Severity: medium

The /etc/cron.weekly file should be owned by the appropriate user.

Security identifiers

  • CCE-3833-1

Remediation instructions

(1) via chown

Result for Set user owner on /etc/cron.monthly

Result: pass

Rule ID: rule-3.4.2.3.i

Time: 2011-06-28 00:42

Severity: medium

The /etc/cron.monthly file should be owned by the appropriate user.

Security identifiers

  • CCE-4441-2

Remediation instructions

(1) via chown

Result for Set user owner on /etc/cron.d

Result: pass

Rule ID: rule-3.4.2.3.j

Time: 2011-06-28 00:42

Severity: medium

The /etc/cron.d file should be owned by the appropriate user.

Security identifiers

  • CCE-4380-2

Remediation instructions

(1) via chown

Result for Set permissions on /etc/cron.hourly

Result: pass

Rule ID: rule-3.4.2.3.k

Time: 2011-06-28 00:42

Severity: medium

File permissions for /etc/cron.hourly should be set correctly.

Security identifiers

  • CCE-4106-1

Remediation instructions

(1) via chmod

Result for Set permissions on /etc/cron.daily

Result: pass

Rule ID: rule-3.4.2.3.l

Time: 2011-06-28 00:42

Severity: medium

File permissions for /etc/cron.daily should be set correctly.

Security identifiers

  • CCE-4450-3

Remediation instructions

(1) via chmod

Result for Set permissions on /etc/cron.weekly

Result: pass

Rule ID: rule-3.4.2.3.m

Time: 2011-06-28 00:42

Severity: medium

File permissions for /etc/cron.weekly should be set correctly.

Security identifiers

  • CCE-4203-6

Remediation instructions

(1) via chmod

Result for Set permissions on /etc/cron.monthly

Result: pass

Rule ID: rule-3.4.2.3.n

Time: 2011-06-28 00:42

Severity: medium

File permissions for /etc/cron.monthly should be set correctly.

Security identifiers

  • CCE-4251-5

Remediation instructions

(1) via chmod

Result for Set permissions on /etc/cron.d

Result: pass

Rule ID: rule-3.4.2.3.o

Time: 2011-06-28 00:42

Severity: medium

File permissions for /etc/cron.d should be set correctly.

Security identifiers

  • CCE-4250-7

Remediation instructions

(1) via chmod

Result for Restrict group owner on /var/spool/cron directory

Result: pass

Rule ID: rule-3.4.2.4.a

Time: 2011-06-28 00:42

Severity: medium

The /var/spool/cron directory should be owned by the appropriate group.

Remediation instructions

(1) via chown

Result for Restrict user owner on /var/spool/cron directory

Result: pass

Rule ID: rule-3.4.2.4.b

Time: 2011-06-28 00:42

Severity: medium

The /var/spool/cron directory should be owned by the appropriate user.

Remediation instructions

(1) via chown

Result for Restrict Permissions on /var/spool/cron directory

Result: pass

Rule ID: rule-3.4.2.4.c

Time: 2011-06-28 00:42

Severity: medium

Directory permissions for /var/spool/cron should be set correctly.

Remediation instructions

(1) via chmod