Summary
During OSCAP Scan Result (ID OSCAP-Test-F14-Desktop) processing which started 2011-06-28 00:21 and ended 2011-06-28 00:42, 395 rule results were recorded.
Result ID: OSCAP-Test-F14-Desktop
Start time: 2011-06-28 00:21
End time: 2011-06-28 00:42
Profile: F14-Desktop
Target: localhost.localdomain
Rule Results Summary
pass | 68 |
fixed | 0 |
fail | 8 |
error | 0 |
not selected | 319 |
not checked | 0 |
not applicable | 0 |
informational | 0 |
unknown | 0 |
total | 395 |
Target Information
Target
- localhost.localdomain
Addresses
- 127.0.0.1
- 192.168.0.9
- ::1
- 2002:614c:a6cd:0:a00:27ff:fefc:6b6
- fe80::a00:27ff:fefc:6b6%eth0
Benchmark Execution Information
Score
Security Score
system | score | max | bar |
urn:xccdf:scoring:default | 7.93 | 100.00 |
|
urn:xccdf:scoring:flat | 680.00 | 760.00 |
|
Results
Rule results summary
Title | Result | more |
Ensure Fedora GPG Key is Installed | pass | view |
Ensure gpgcheck is Globally Activated | pass | view |
Ensure Package Signature Checking is Not Disabled For Any Repos | pass | view |
Ensure Repodata Signature Checking is Not Disabled For Any Repos | pass | view |
Verify user who owns 'shadow' file | pass | view |
Verify group who owns 'shadow' file | pass | view |
Verify user who owns 'group' file | pass | view |
Verify group who owns 'group' file | pass | view |
Verify user who owns 'gshadow' file | pass | view |
Verify group who owns 'gshadow' file | pass | view |
Verify user who owns 'passwd' file | pass | view |
Verify group who owns 'passwd' file | pass | view |
Verify permissions on 'shadow' file | pass | view |
Verify permissions on 'group' file | pass | view |
Verify permissions on 'gshadow' file | pass | view |
Verify permissions on 'passwd' file | pass | view |
Verify that All World-Writable Directories Have Sticky Bits Set | pass | view |
Find Unauthorized World-Writable Files | pass | view |
Find Unauthorized SGID System Executables | fail | view |
Find Unauthorized SUID System Executables | fail | view |
Find files unowned by a user | fail | view |
Find files unowned by a group | fail | view |
Find world writable directories not owned by a system account | pass | view |
Set Daemon umask | pass | view |
Disable Core Dumps for SUID programs | pass | view |
Enable ExecShield | pass | view |
Enable ExecShield randomized placement of virtual memory regions | pass | view |
Restrict serial port Root Logins | pass | view |
Verify that No Accounts Have Empty Password Fields | pass | view |
Verify that All Account Password Hashes are Shadowed | pass | view |
Verify that No Non-Root Accounts Have UID 0 | pass | view |
Set password minimum length | pass | view |
Set password warn age | pass | view |
Password hashing algorithm | fail | view |
Ensure that No Dangerous Directories Exist in Root's Path | pass | view |
Write permissions are disabled for group and other in all directories in Root's Path | pass | view |
Ensure that User Home Directories are not Group-Writable or World-Readable | fail | view |
Ensure that Users Have Sensible Umask Values in /etc/bashrc | pass | view |
Ensure that Users Have Sensible Umask Values in /etc/csh.cshrc | pass | view |
Set Boot Loader user owner | pass | view |
Set Boot Loader group owner | fail | view |
Set permission on /boot/grub/grub.conf | pass | view |
Enable SELinux in /etc/grub.conf | pass | view |
Set the SELinux state | fail | view |
Set the SELinux policy | pass | view |
Verify ip6tables is enabled | pass | view |
Verify iptables is enabled | pass | view |
Configure Rsyslog | pass | view |
Confirm user that owns System Log Files | pass | view |
Confirm group that owns System Log Files | pass | view |
Confirm Permissions of System Log Files | pass | view |
Enable the auditd Service | pass | view |
Set group owner on /etc/crontab | pass | view |
Set user owner on /etc/crontab | pass | view |
Set Permissions on /etc/crontab | pass | view |
Set group owner on /etc/anacrontab | pass | view |
Set user owner on /etc/anacrontab | pass | view |
Set Permissions on /etc/anacrontab | pass | view |
Set group owner on /etc/cron.hourly | pass | view |
Set group owner on /etc/cron.daily | pass | view |
Set group owner on /etc/cron.weekly | pass | view |
Set group owner on /etc/cron.monthly | pass | view |
Set group owner on /etc/cron.d | pass | view |
Set user owner on /etc/cron.hourly | pass | view |
Set user owner on /etc/cron.daily | pass | view |
Set user owner on /etc/cron.weekly | pass | view |
Set user owner on /etc/cron.monthly | pass | view |
Set user owner on /etc/cron.d | pass | view |
Set permissions on /etc/cron.hourly | pass | view |
Set permissions on /etc/cron.daily | pass | view |
Set permissions on /etc/cron.weekly | pass | view |
Set permissions on /etc/cron.monthly | pass | view |
Set permissions on /etc/cron.d | pass | view |
Restrict group owner on /var/spool/cron directory | pass | view |
Restrict user owner on /var/spool/cron directory | pass | view |
Restrict Permissions on /var/spool/cron directory | pass | view |
Result for Ensure Fedora GPG Key is Installed
Result: pass
Rule ID: rule-2.1.2.1.1.a
Time: 2011-06-28 00:21
The GPG key should be installed.
Result for Ensure gpgcheck is Globally Activated
Result: pass
Rule ID: rule-2.1.2.3.3.a
Time: 2011-06-28 00:21
The gpgcheck option should be used to ensure that checking of an RPM package’s signature always occurs prior to its installation.
To force yum to check package signatures before installing them, ensure that the following line appears in /etc/yum.conf in the [main] section:
gpgcheck=1
Result for Ensure Package Signature Checking is Not Disabled For Any Repos
Result: pass
Rule ID: rule-2.1.2.3.4.a
Time: 2011-06-28 00:21
To ensure that signature checking is not disabled for any repos, ensure that the following line DOES NOT appear in any repo configuration files in /etc/yum.repos.d or elsewhere:
gpgcheck=0
Result for Ensure Repodata Signature Checking is Not Disabled For Any Repos
Result: pass
Rule ID: rule-2.1.2.3.6.a
Time: 2011-06-28 00:21
To ensure that signature checking is not disabled for any repos, ensure that the following line DOES NOT appear in any repo configuration files in /etc/yum.repos.d or elsewhere:
gpgcheck=0
Result for Verify user who owns 'shadow' file
Result: pass
Rule ID: rule-2.2.3.1.a
Time: 2011-06-28 00:21
Severity: medium
The /etc/shadow file should be owned by root.
Security identifiers
- CCE-3918-0
Result for Verify group who owns 'shadow' file
Result: pass
Rule ID: rule-2.2.3.1.b
Time: 2011-06-28 00:21
Severity: medium
The /etc/shadow file should be owned by root.
Security identifiers
- CCE-3988-3
Result for Verify user who owns 'group' file
Result: pass
Rule ID: rule-2.2.3.1.c
Time: 2011-06-28 00:21
Severity: medium
The /etc/group file should be owned by root.
Security identifiers
- CCE-3276-3
Result for Verify group who owns 'group' file
Result: pass
Rule ID: rule-2.2.3.1.d
Time: 2011-06-28 00:21
Severity: medium
The /etc/group file should be owned by root.
Security identifiers
- CCE-3883-6
Result for Verify user who owns 'gshadow' file
Result: pass
Rule ID: rule-2.2.3.1.e
Time: 2011-06-28 00:21
Severity: medium
The /etc/gshadow file should be owned by root.
Security identifiers
- CCE-4210-1
Result for Verify group who owns 'gshadow' file
Result: pass
Rule ID: rule-2.2.3.1.f
Time: 2011-06-28 00:21
Severity: medium
The /etc/gshadow file should be owned by root.
Security identifiers
- CCE-4064-2
Result for Verify user who owns 'passwd' file
Result: pass
Rule ID: rule-2.2.3.1.g
Time: 2011-06-28 00:21
Severity: medium
The /etc/passwd file should be owned by root.
Security identifiers
- CCE-3958-6
Result for Verify group who owns 'passwd' file
Result: pass
Rule ID: rule-2.2.3.1.h
Time: 2011-06-28 00:21
Severity: medium
The /etc/passwd file should be owned by root.
Security identifiers
- CCE-3495-9
Result for Verify permissions on 'shadow' file
Result: pass
Rule ID: rule-2.2.3.1.i
Time: 2011-06-28 00:21
Severity: medium
File permissions for /etc/shadow should be set correctly.
Security identifiers
- CCE-4130-1
Result for Verify permissions on 'group' file
Result: pass
Rule ID: rule-2.2.3.1.j
Time: 2011-06-28 00:21
Severity: medium
File permissions for /etc/group should be set correctly.
Security identifiers
- CCE-3967-7
Result for Verify permissions on 'gshadow' file
Result: pass
Rule ID: rule-2.2.3.1.k
Time: 2011-06-28 00:21
Severity: medium
File permissions for /etc/gshadow should be set correctly.
Security identifiers
- CCE-3932-1
Result for Verify permissions on 'passwd' file
Result: pass
Rule ID: rule-2.2.3.1.l
Time: 2011-06-28 00:21
Severity: medium
File permissions for /etc/passwd should be set correctly.
Security identifiers
- CCE-3566-7
Result for Verify that All World-Writable Directories Have Sticky Bits Set
Result: pass
Rule ID: rule-2.2.3.2.a
Time: 2011-06-28 00:23
Severity: low
The sticky bit should be set for all world-writable directories.
Security identifiers
- CCE-3399-3
Remediation instructions
Locate any directories in local partitions which are world-writable and do not have
their sticky bits set. The following command will discover and print these. Run it
once for each local partition PART: # find PART -xdev -type d \( -perm -0002 -a !
-perm -1000 \) -print
If this command produces any output, fix each reported directory
/dir using the command: # chmod +t /dir
Result for Find Unauthorized World-Writable Files
Result: pass
Rule ID: rule-2.2.3.3.a
Time: 2011-06-28 00:26
Severity: medium
The world-write permission should be disabled for all files.
Security identifiers
- CCE-3795-2
Remediation instructions
The following command discovers and prints any world-writable files in local
partitions. Run it once for each local partition PART: find PART -xdev -type f -perm -0002 -print | xargs chmod o-w
Result for Find Unauthorized SGID System Executables
Result: fail
Rule ID: rule-2.2.3.4.a
Time: 2011-06-28 00:29
Severity: medium
The sgid bit should not be set for all files.
Security identifiers
- CCE-4178-0
Result for Find Unauthorized SUID System Executables
Result: fail
Rule ID: rule-2.2.3.4.b
Time: 2011-06-28 00:32
Severity: high
The suid bit should not be set for all files.
Security identifiers
- CCE-3324-1
Result for Find files unowned by a user
Result: fail
Rule ID: rule-2.2.3.5.a
Time: 2011-06-28 00:36
Severity: medium
All files should be owned by a user
Security identifiers
- CCE-4223-4
Result for Find files unowned by a group
Result: fail
Rule ID: rule-2.2.3.5.b
Time: 2011-06-28 00:40
Severity: medium
All files should be owned by a group
Security identifiers
- CCE-3573-3
Result for Find world writable directories not owned by a system account
Result: pass
Rule ID: rule-2.2.3.6.a
Time: 2011-06-28 00:42
Severity: medium
All world writable directories should be owned by a system user
Result for Set Daemon umask
Result: pass
Rule ID: rule-2.2.4.1.a
Time: 2011-06-28 00:42
Severity: medium
The daemon umask should be set to profile value
Security identifiers
- CCE-4220-0
Remediation instructions
Edit the file /etc/rc.d/init.d/functions, and add or correct the following line: umask 022
Result for Disable Core Dumps for SUID programs
Result: pass
Rule ID: rule-2.2.4.2.b
Time: 2011-06-28 00:42
Severity: low
Core dumps for setuid programs should be disabled
Security identifiers
- CCE-4247-3
Remediation instructions
To ensure that core dumps can never be made by setuid programs, edit /etc/sysctl.conf and add or correct the line: fs.suid_dumpable = 0
Result for Enable ExecShield
Result: pass
Rule ID: rule-2.2.4.3.a
Time: 2011-06-28 00:42
ExecShield should be enabled
Security identifiers
- CCE-4168-1
Remediation instructions
To ensure ExecShield (including random placement of virtual memory regions) is activated at boot, add or correct the following settings in /etc/sysctl.conf: kernel.exec-shield = 1
Result for Enable ExecShield randomized placement of virtual memory regions
Result: pass
Rule ID: rule-2.2.4.3.b
Time: 2011-06-28 00:42
ExecShield randomized placement of virtual memory regions should be enabled
Security identifiers
- CCE-4146-7
Remediation instructions
To ensure ExecShield (including random placement of virtual memory regions) is activated at boot, add or correct the following settings in /etc/sysctl.conf: kernel.randomize_va_space = 2
Result for Restrict serial port Root Logins
Result: pass
Rule ID: rule-2.3.1.1.d
Time: 2011-06-28 00:42
Severity: medium
Login prompts on serial ports should be disabled.
Security identifiers
- CCE-4256-4
Remediation instructions
Edit /etc/securetty
Result for Verify that No Accounts Have Empty Password Fields
Result: pass
Rule ID: rule-2.3.1.5.1.a
Time: 2011-06-28 00:42
Severity: medium
Login access to accounts without passwords should be disabled
Security identifiers
- CCE-4238-2
Result for Verify that All Account Password Hashes are Shadowed
Result: pass
Rule ID: rule-2.3.1.5.2.a
Time: 2011-06-28 00:42
Severity: medium
Check that passwords are shadowed
Result for Verify that No Non-Root Accounts Have UID 0
Result: pass
Rule ID: rule-2.3.1.6.a
Time: 2011-06-28 00:42
Severity: medium
Anonymous root logins should be disabled
Security identifiers
- CCE-4009-7
Result for Set password minimum length
Result: pass
Rule ID: rule-2.3.1.7.a
Time: 2011-06-28 00:42
Severity: medium
The password minimum length should be set to: 5
Security identifiers
- CCE-4154-1
Result for Set password warn age
Result: pass
Rule ID: rule-2.3.1.7.d
Time: 2011-06-28 00:42
Severity: medium
The password warn age should be set to: 7
Security identifiers
- CCE-4097-2
Result for Password hashing algorithm
Result: fail
Rule ID: rule-2.3.3.5.a
Time: 2011-06-28 00:42
Severity: medium
The password hashing algorithm should be set to SHA-512
Remediation script
/usr/sbin/authconfig --passalgo=sha512 --update
Result for Ensure that No Dangerous Directories Exist in Root's Path
Result: pass
Rule ID: rule-2.3.4.1.a
Time: 2011-06-28 00:42
Severity: medium
The PATH variable should be set correctly for user root
Security identifiers
- CCE-3301-9
Result for Write permissions are disabled for group and other in all directories in Root's Path
Result: pass
Rule ID: rule-2.3.4.1.b
Time: 2011-06-28 00:42
Severity: medium
Check each directory in root's path and make use it does not grant write permission to group and other
Result for Ensure that User Home Directories are not Group-Writable or World-Readable
Result: fail
Rule ID: rule-2.3.4.2.a
Time: 2011-06-28 00:42
Severity: medium
File permissions should be set correctly for the home directories for all user accounts.
Security identifiers
- CCE-4090-7
Result for Ensure that Users Have Sensible Umask Values in /etc/bashrc
Result: pass
Rule ID: rule-2.3.4.4.a
Time: 2011-06-28 00:42
Severity: medium
The default umask for all users for the bash shell should be set to: 002
Security identifiers
- CCE-3844-8
Result for Ensure that Users Have Sensible Umask Values in /etc/csh.cshrc
Result: pass
Rule ID: rule-2.3.4.4.b
Time: 2011-06-28 00:42
Severity: medium
The default umask for all users for the csh shell should be set to: 002
Security identifiers
- CCE-4227-5
Result for Set Boot Loader user owner
Result: pass
Rule ID: rule-2.3.5.2.a
Time: 2011-06-28 00:42
Severity: medium
The /boot/grub/grub.conf file should be owned by root.
Security identifiers
- CCE-4144-2
Remediation script
chown root /boot/grub/grub.conf
Result for Set Boot Loader group owner
Result: fail
Rule ID: rule-2.3.5.2.b
Time: 2011-06-28 00:42
Severity: medium
The /boot/grub/grub.conf file should be owned by group root.
Security identifiers
- CCE-4197-0
Remediation script
chown :root /boot/grub/grub.conf
Result for Set permission on /boot/grub/grub.conf
Result: pass
Rule ID: rule-2.3.5.2.c
Time: 2011-06-28 00:42
Severity: medium
File permissions for /boot/grub/grub.conf should be set correctly.
Security identifiers
- CCE-3923-0
Remediation script
chmod 600 /boot/grub/grub.conf
Result for Enable SELinux in /etc/grub.conf
Result: pass
Rule ID: rule-2.4.2.a
Time: 2011-06-28 00:42
Severity: medium
SELinux should NOT be disabled in /etc/grub.conf. Check that selinux=0 is not found
Security identifiers
- CCE-3977-6
Remediation instructions
Remove offending line from /etc/grub.conf
Result for Set the SELinux state
Result: fail
Rule ID: rule-2.4.2.c
Time: 2011-06-28 00:42
Severity: medium
The SELinux state should be: enforcing
Remediation instructions
Edit /etc/selinux/config
Result for Set the SELinux policy
Result: pass
Rule ID: rule-2.4.2.d
Time: 2011-06-28 00:42
Severity: medium
The SELinux policy should be set appropriately.
Security identifiers
- CCE-3624-4
Remediation instructions
Edit /etc/selinux/config
Result for Verify ip6tables is enabled
Result: pass
Rule ID: rule-2.5.5.1.a
Time: 2011-06-28 00:42
Severity: high
The ip6tables service should be enabled.
Security identifiers
- CCE-4167-3
Remediation script
chkconfig ip6tables on
Result for Verify iptables is enabled
Result: pass
Rule ID: rule-2.5.5.1.b
Time: 2011-06-28 00:42
Severity: high
The iptables service should be enabled.
Security identifiers
- CCE-4189-7
Remediation script
chkconfig iptables on
Result for Configure Rsyslog
Result: pass
Rule ID: rule-2.6.1.a
Time: 2011-06-28 00:42
Severity: medium
The rsyslog service should be enabled.
Security identifiers
- CCE-3679-8
Remediation script
chkconfig rsyslog on
Result for Confirm user that owns System Log Files
Result: pass
Rule ID: rule-2.6.1.2.a
Time: 2011-06-28 00:42
Severity: medium
All syslog log files should be owned by root.
Security identifiers
- CCE-4366-1
Remediation instructions
(1) via chown
Result for Confirm group that owns System Log Files
Result: pass
Rule ID: rule-2.6.1.2.b
Time: 2011-06-28 00:42
Severity: medium
All syslog log files should be group owned by root.
Security identifiers
- CCE-3701-0
Remediation instructions
(1) via chown
Result for Confirm Permissions of System Log Files
Result: pass
Rule ID: rule-2.6.1.2.c
Time: 2011-06-28 00:42
Severity: medium
File permissions for all syslog log files should be set correctly.
Security identifiers
- CCE-4233-3
Remediation instructions
(1) via chmod
Result for Enable the auditd Service
Result: pass
Rule ID: rule-2.6.2.1.a
Time: 2011-06-28 00:42
Severity: medium
The auditd service should be enabled.
Security identifiers
- CCE-4292-9
Remediation instructions
(1) via chkconfig
Result for Set group owner on /etc/crontab
Result: pass
Rule ID: rule-3.4.2.1.a
Time: 2011-06-28 00:42
Severity: medium
The /etc/crontab file should be owned by the appropriate group.
Security identifiers
- CCE-3626-9
Remediation instructions
(1) via chown
Result for Set user owner on /etc/crontab
Result: pass
Rule ID: rule-3.4.2.1.b
Time: 2011-06-28 00:42
Severity: medium
The /etc/crontab file should be owned by the appropriate user.
Security identifiers
- CCE-3851-3
Remediation instructions
(1) via chown
Result for Set Permissions on /etc/crontab
Result: pass
Rule ID: rule-3.4.2.1.c
Time: 2011-06-28 00:42
Severity: medium
File permissions for /etc/crontab should be set correctly.
Security identifiers
- CCE-4388-5
Remediation instructions
(1) via chmod
Result for Set group owner on /etc/anacrontab
Result: pass
Rule ID: rule-3.4.2.2.a
Time: 2011-06-28 00:42
Severity: medium
The /etc/anacrontab file should be owned by the appropriate group.
Security identifiers
- CCE-3604-6
Remediation instructions
(1) via chown
Result for Set user owner on /etc/anacrontab
Result: pass
Rule ID: rule-3.4.2.2.b
Time: 2011-06-28 00:42
Severity: medium
The /etc/anacrontab file should be owned by the appropriate user.
Security identifiers
- CCE-4379-4
Remediation instructions
(1) via chown
Result for Set Permissions on /etc/anacrontab
Result: pass
Rule ID: rule-3.4.2.2.c
Time: 2011-06-28 00:42
Severity: medium
File permissions for /etc/anacrontab should be set correctly.
Security identifiers
- CCE-4304-2
Remediation instructions
(1) via chmod
Result for Set group owner on /etc/cron.hourly
Result: pass
Rule ID: rule-3.4.2.3.a
Time: 2011-06-28 00:42
Severity: medium
The /etc/cron.hourly file should be owned by the appropriate group.
Security identifiers
- CCE-4054-3
Remediation instructions
(1) via chown
Result for Set group owner on /etc/cron.daily
Result: pass
Rule ID: rule-3.4.2.3.b
Time: 2011-06-28 00:42
Severity: medium
The /etc/cron.daily file should be owned by the appropriate group.
Security identifiers
- CCE-3481-9
Remediation instructions
(1) via chown
Result for Set group owner on /etc/cron.weekly
Result: pass
Rule ID: rule-3.4.2.3.c
Time: 2011-06-28 00:42
Severity: medium
The /etc/cron.weekly file should be owned by the appropriate group.
Security identifiers
- CCE-4331-5
Remediation instructions
(1) via chown
Result for Set group owner on /etc/cron.monthly
Result: pass
Rule ID: rule-3.4.2.3.d
Time: 2011-06-28 00:42
Severity: medium
The /etc/cron.monthly file should be owned by the appropriate group.
Security identifiers
- CCE-4322-4
Remediation instructions
(1) via chown
Result for Set group owner on /etc/cron.d
Result: pass
Rule ID: rule-3.4.2.3.e
Time: 2011-06-28 00:42
Severity: medium
The /etc/cron.d file should be owned by the appropriate group.
Security identifiers
- CCE-4212-7
Remediation instructions
(1) via chown
Result for Set user owner on /etc/cron.hourly
Result: pass
Rule ID: rule-3.4.2.3.f
Time: 2011-06-28 00:42
Severity: medium
The /etc/cron.hourly file should be owned by the appropriate user.
Security identifiers
- CCE-3983-4
Remediation instructions
(1) via chown
Result for Set user owner on /etc/cron.daily
Result: pass
Rule ID: rule-3.4.2.3.g
Time: 2011-06-28 00:42
Severity: medium
The /etc/cron.daily file should be owned by the appropriate user.
Security identifiers
- CCE-4022-0
Remediation instructions
(1) via chown
Result for Set user owner on /etc/cron.weekly
Result: pass
Rule ID: rule-3.4.2.3.h
Time: 2011-06-28 00:42
Severity: medium
The /etc/cron.weekly file should be owned by the appropriate user.
Security identifiers
- CCE-3833-1
Remediation instructions
(1) via chown
Result for Set user owner on /etc/cron.monthly
Result: pass
Rule ID: rule-3.4.2.3.i
Time: 2011-06-28 00:42
Severity: medium
The /etc/cron.monthly file should be owned by the appropriate user.
Security identifiers
- CCE-4441-2
Remediation instructions
(1) via chown
Result for Set user owner on /etc/cron.d
Result: pass
Rule ID: rule-3.4.2.3.j
Time: 2011-06-28 00:42
Severity: medium
The /etc/cron.d file should be owned by the appropriate user.
Security identifiers
- CCE-4380-2
Remediation instructions
(1) via chown
Result for Set permissions on /etc/cron.hourly
Result: pass
Rule ID: rule-3.4.2.3.k
Time: 2011-06-28 00:42
Severity: medium
File permissions for /etc/cron.hourly should be set correctly.
Security identifiers
- CCE-4106-1
Remediation instructions
(1) via chmod
Result for Set permissions on /etc/cron.daily
Result: pass
Rule ID: rule-3.4.2.3.l
Time: 2011-06-28 00:42
Severity: medium
File permissions for /etc/cron.daily should be set correctly.
Security identifiers
- CCE-4450-3
Remediation instructions
(1) via chmod
Result for Set permissions on /etc/cron.weekly
Result: pass
Rule ID: rule-3.4.2.3.m
Time: 2011-06-28 00:42
Severity: medium
File permissions for /etc/cron.weekly should be set correctly.
Security identifiers
- CCE-4203-6
Remediation instructions
(1) via chmod
Result for Set permissions on /etc/cron.monthly
Result: pass
Rule ID: rule-3.4.2.3.n
Time: 2011-06-28 00:42
Severity: medium
File permissions for /etc/cron.monthly should be set correctly.
Security identifiers
- CCE-4251-5
Remediation instructions
(1) via chmod
Result for Set permissions on /etc/cron.d
Result: pass
Rule ID: rule-3.4.2.3.o
Time: 2011-06-28 00:42
Severity: medium
File permissions for /etc/cron.d should be set correctly.
Security identifiers
- CCE-4250-7
Remediation instructions
(1) via chmod
Result for Restrict group owner on /var/spool/cron directory
Result: pass
Rule ID: rule-3.4.2.4.a
Time: 2011-06-28 00:42
Severity: medium
The /var/spool/cron directory should be owned by the appropriate group.
Remediation instructions
(1) via chown
Result for Restrict user owner on /var/spool/cron directory
Result: pass
Rule ID: rule-3.4.2.4.b
Time: 2011-06-28 00:42
Severity: medium
The /var/spool/cron directory should be owned by the appropriate user.
Remediation instructions
(1) via chown
Result for Restrict Permissions on /var/spool/cron directory
Result: pass
Rule ID: rule-3.4.2.4.c
Time: 2011-06-28 00:42
Severity: medium
Directory permissions for /var/spool/cron should be set correctly.
Remediation instructions
(1) via chmod