Sicura Enterprise Edition

1. Introduction
2. Licensing
3. Installing SIMP EE
4. Server install from RPM
5. Server install from ISO
6. Upgrade SIMP EE
7. Server Installation via Control Repo
8. Enable SIMP Compliance Engine
9. Configure SIMP Compliance Engine
10. Included Compliance Profiles
11. Console install via Puppet
12. Scanner Install via Puppet
13. Simp-downloader script Reference
14. Coverage - CIS, Windows
15. Coverage - CIS, Linux
16. Coverage - DISA, Windows
17. Coverage - DISA, Linux
18. Windows CIS module usage
19. Linux CIS Module Usage
20. Linux DISA Module Usage

Coverage - CIS, Linux

CIS CAT Assessor scan results

The following scans were performed on a default installation of the noted Operating System with the SIMP Enterprise profile enforced.

OS	EE Profile	Scan Type	Benchmark Version	Pass	Fail	Total %	Certification Status
Red Hat 7	cis:level:1:server	Level 1 - Server	3.0.1	263	10	96%	Pending
Red Hat 7	cis:level:2:server	Level 2 - Server	3.0.1	307	12	96%	Pending
CentOS 7	cis:level:1:server	Level 1 - Server	3.0.0	263	12	96%	Pending
CentOS 7	cis:level:2:server	Level 2 - Server	3.0.0	200	19	91%	Pending
Oracle Linux 7	cis:level:1:server	Level 1 - Server	3.0.0	273	12	96%	Pending
Oracle Linux 7	cis:level:2:server	Level 2 - Server	3.0.0	326	16	95%	Pending
Red Hat 8	cis:level:1:server	Level 1 - Server	1.0.0.1	275	13	95%	Pending
Red Hat 8	cis:level:2:server	Level 2 - Server	1.0.0.1	331	17	95%	Pending
CentOS 8	cis:level:1:server	Level 1 - Server	1.0.0.1	273	15	95%	Pending
CentOS 8	cis:level:2:server	Level 2 - Server	1.0.0.1	328	19	95%	Pending
Oracle Linux 8	cis:level:1:server	Level 1 - Server	1.0.0.1	276	15	95%	Pending
Oracle Linux 8	cis:level:2:server	Level 2 - Server	1.0.0.1	334	19	95%	Pending

Control Coverage

The following report details the status of each CIS recommendation in the SIMP EE compliance data.

• Paper policy controls refer to organizational policy requirements and cannot be reasonably enforced by SIMP at this time.
• Mapped controls have enforcement and reporting support.
• Unmapped controls are not supported at this time. A reason for the lack of support is provided for each unmapped control.

Summary

OS	Unmapped Controls	Paper Policy	Mapped	Total
Red Hat 7		16 (6%)	231 (93%)	247
CentOS 7		14 (5%)	231 (94%)	245
Oracle Linux 7		14 (5%)	231 (94%)	245
CentOS 8		12 (5%)	220 (94%)	232
Red Hat 8		14 (5%)	220 (94%)	234
Oracle Linux 8		12 (5%)	220 (94%)	232

---

Detail

Paper Policy

The following controls require administrative documentation:

Red Hat 7 (16/247 [6%])

• oval:simp.cis.el7.1.1.11_Ensure_separate_partition_exists_for_vartmp:def:1
  • Ensure separate partition exists for /var/tmp
  • There is no way to safely change this on a running system.
• oval:simp.cis.el7.1.1.15_Ensure_separate_partition_exists_for_varlog:def:1
  • Ensure separate partition exists for /var/log
  • There is no way to safely change this on a running system.
• oval:simp.cis.el7.1.1.16_Ensure_separate_partition_exists_for_varlogaudit:def:1
  • Ensure separate partition exists for /var/log/audit
  • There is no way to safely change this on a running system.
• oval:simp.cis.el7.1.1.17_Ensure_separate_partition_exists_for_home:def:1
  • Ensure separate partition exists for /home
  • There is no way to safely change this on a running system.
• oval:simp.cis.el7.1.2.2_Ensure_package_manager_repositories_are_configured:def:1
  • Ensure package manager repositories are configured
  • Package manager configuration is site-specific.
• oval:simp.cis.el7.1.2.4_Ensure_Red_Hat_Subscription_Manager_connection_is_configured:def:1
  • Ensure Red Hat Subscription Manager connection is configured
  • Package manager configuration is site-specific.
• oval:simp.cis.el7.1.2.5_Disable_the_rhnsd_Daemon:def:1
  • Disable the rhnsd Daemon
  • rhnsd should only be disabled if it is not in use.
• oval:simp.cis.el7.1.6.2_Ensure_XDNX_support_is_enabled:def:1
  • Ensure XD/NX support is enabled
  • We do not support 32-bit kernels. Any additional remediation is at the hardware/BIOS level.
• oval:simp.cis.el7.1.7.1.6_Ensure_no_unconfined_services_exist:def:1
  • Ensure no unconfined services exist
  • We have no viable method of remediation.
• oval:simp.cis.el7.2.2.1.2_Ensure_chrony_is_configured:def:1
  • Ensure chrony is configured
  • We are configuring the system to use ntpd instead of chrony.
• oval:simp.cis.el7.6.1.1_Audit_system_file_permissions:def:1
  • Audit system file permissions
  • We do not currently have a mechanism for scanning the filesystem for enforcement.
• oval:simp.cis.el7.6.1.10_Ensure_no_world_writable_files_exist:def:1
  • Ensure no world writable files exist
  • We do not currently have a mechanism for scanning the filesystem for enforcement.
• oval:simp.cis.el7.6.1.11_Ensure_no_unowned_files_or_directories_exist:def:1
  • Ensure no unowned files or directories exist
  • We do not currently have a mechanism for scanning the filesystem for enforcement.
• oval:simp.cis.el7.6.1.12_Ensure_no_ungrouped_files_or_directories_exist:def:1
  • Ensure no ungrouped files or directories exist
  • We do not currently have a mechanism for scanning the filesystem for enforcement.
• oval:simp.cis.el7.6.1.13_Audit_SUID_executables:def:1
  • Audit SUID executables
  • We do not currently have a mechanism for scanning the filesystem for enforcement.
• oval:simp.cis.el7.6.1.14_Audit_SGID_executables:def:1
  • Audit SGID executables
  • We do not currently have a mechanism for scanning the filesystem for enforcement.

CentOS 7 (14/245 [5%])

• oval:simp.cis.el7.1.1.11_Ensure_separate_partition_exists_for_vartmp:def:1
  • Ensure separate partition exists for /var/tmp
  • There is no way to safely change this on a running system.
• oval:simp.cis.el7.1.1.15_Ensure_separate_partition_exists_for_varlog:def:1
  • Ensure separate partition exists for /var/log
  • There is no way to safely change this on a running system.
• oval:simp.cis.el7.1.1.16_Ensure_separate_partition_exists_for_varlogaudit:def:1
  • Ensure separate partition exists for /var/log/audit
  • There is no way to safely change this on a running system.
• oval:simp.cis.el7.1.1.17_Ensure_separate_partition_exists_for_home:def:1
  • Ensure separate partition exists for /home
  • There is no way to safely change this on a running system.
• oval:simp.cis.el7.1.2.2_Ensure_package_manager_repositories_are_configured:def:1
  • Ensure package manager repositories are configured
  • Package manager configuration is site-specific.
• oval:simp.cis.el7.1.6.2_Ensure_XDNX_support_is_enabled:def:1
  • Ensure XD/NX support is enabled
  • We do not support 32-bit kernels. Any additional remediation is at the hardware/BIOS level.
• oval:simp.cis.el7.1.7.1.6_Ensure_no_unconfined_services_exist:def:1
  • Ensure no unconfined services exist
  • We have no viable method of remediation.
• oval:simp.cis.el7.2.2.1.2_Ensure_chrony_is_configured:def:1
  • Ensure chrony is configured
  • We are configuring the system to use ntpd instead of chrony.
• oval:simp.cis.el7.6.1.1_Audit_system_file_permissions:def:1
  • Audit system file permissions
  • We do not currently have a mechanism for scanning the filesystem for enforcement.
• oval:simp.cis.el7.6.1.10_Ensure_no_world_writable_files_exist:def:1
  • Ensure no world writable files exist
  • We do not currently have a mechanism for scanning the filesystem for enforcement.
• oval:simp.cis.el7.6.1.11_Ensure_no_unowned_files_or_directories_exist:def:1
  • Ensure no unowned files or directories exist
  • We do not currently have a mechanism for scanning the filesystem for enforcement.
• oval:simp.cis.el7.6.1.12_Ensure_no_ungrouped_files_or_directories_exist:def:1
  • Ensure no ungrouped files or directories exist
  • We do not currently have a mechanism for scanning the filesystem for enforcement.
• oval:simp.cis.el7.6.1.13_Audit_SUID_executables:def:1
  • Audit SUID executables
  • We do not currently have a mechanism for scanning the filesystem for enforcement.
• oval:simp.cis.el7.6.1.14_Audit_SGID_executables:def:1
  • Audit SGID executables
  • We do not currently have a mechanism for scanning the filesystem for enforcement.

Oracle Linux 7 (14/245 [5%])

• oval:simp.cis.el7.1.1.11_Ensure_separate_partition_exists_for_vartmp:def:1
  • Ensure separate partition exists for /var/tmp
  • There is no way to safely change this on a running system.
• oval:simp.cis.el7.1.1.15_Ensure_separate_partition_exists_for_varlog:def:1
  • Ensure separate partition exists for /var/log
  • There is no way to safely change this on a running system.
• oval:simp.cis.el7.1.1.16_Ensure_separate_partition_exists_for_varlogaudit:def:1
  • Ensure separate partition exists for /var/log/audit
  • There is no way to safely change this on a running system.
• oval:simp.cis.el7.1.1.17_Ensure_separate_partition_exists_for_home:def:1
  • Ensure separate partition exists for /home
  • There is no way to safely change this on a running system.
• oval:simp.cis.el7.1.2.2_Ensure_package_manager_repositories_are_configured:def:1
  • Ensure package manager repositories are configured
  • Package manager configuration is site-specific.
• oval:simp.cis.el7.1.6.2_Ensure_XDNX_support_is_enabled:def:1
  • Ensure XD/NX support is enabled
  • We do not support 32-bit kernels. Any additional remediation is at the hardware/BIOS level.
• oval:simp.cis.el7.1.7.1.6_Ensure_no_unconfined_services_exist:def:1
  • Ensure no unconfined services exist
  • We have no viable method of remediation.
• oval:simp.cis.el7.2.2.1.2_Ensure_chrony_is_configured:def:1
  • Ensure chrony is configured
  • We are configuring the system to use ntpd instead of chrony.
• oval:simp.cis.el7.6.1.1_Audit_system_file_permissions:def:1
  • Audit system file permissions
  • We do not currently have a mechanism for scanning the filesystem for enforcement.
• oval:simp.cis.el7.6.1.10_Ensure_no_world_writable_files_exist:def:1
  • Ensure no world writable files exist
  • We do not currently have a mechanism for scanning the filesystem for enforcement.
• oval:simp.cis.el7.6.1.11_Ensure_no_unowned_files_or_directories_exist:def:1
  • Ensure no unowned files or directories exist
  • We do not currently have a mechanism for scanning the filesystem for enforcement.
• oval:simp.cis.el7.6.1.12_Ensure_no_ungrouped_files_or_directories_exist:def:1
  • Ensure no ungrouped files or directories exist
  • We do not currently have a mechanism for scanning the filesystem for enforcement.
• oval:simp.cis.el7.6.1.13_Audit_SUID_executables:def:1
  • Audit SUID executables
  • We do not currently have a mechanism for scanning the filesystem for enforcement.
• oval:simp.cis.el7.6.1.14_Audit_SGID_executables:def:1
  • Audit SGID executables
  • We do not currently have a mechanism for scanning the filesystem for enforcement.

CentOS 8 (12/232 [5%])

• oval:simp.cis.el8.1.1.6_Ensure_separate_partition_exists_for_var:def:1
  • Ensure separate partition exists for /var
  • There is no way to safely change this on a running system.
• oval:simp.cis.el8.1.1.11_Ensure_separate_partition_exists_for_varlog:def:1
  • Ensure separate partition exists for /var/log
  • There is no way to safely change this on a running system.
• oval:simp.cis.el8.1.1.12_Ensure_separate_partition_exists_for_varlogaudit:def:1
  • Ensure separate partition exists for /var/log/audit
  • There is no way to safely change this on a running system.
• oval:simp.cis.el8.1.1.13_Ensure_separate_partition_exists_for_home:def:1
  • Ensure separate partition exists for /home
  • There is no way to safely change this on a running system.
• oval:simp.cis.el8.1.2.3_Ensure_package_manager_repositories_are_configured:def:1
  • Ensure package manager repositories are configured
  • Package manager configuration is site-specific.
• oval:simp.cis.el8.1.7.1.5_Ensure_no_unconfined_services_exist:def:1
  • Ensure no unconfined services exist
  • We have no viable method of remediation.
• oval:simp.cis.el8.6.1.1_Audit_system_file_permissions:def:1
  • Audit system file permissions
  • We do not currently have a mechanism for scanning the filesystem for enforcement.
• oval:simp.cis.el8.6.1.10_Ensure_no_world_writable_files_exist:def:1
  • Ensure no world writable files exist
  • We do not currently have a mechanism for scanning the filesystem for enforcement.
• oval:simp.cis.el8.6.1.11_Ensure_no_unowned_files_or_directories_exist:def:1
  • Ensure no unowned files or directories exist
  • We do not currently have a mechanism for scanning the filesystem for enforcement.
• oval:simp.cis.el8.6.1.12_Ensure_no_ungrouped_files_or_directories_exist:def:1
  • Ensure no ungrouped files or directories exist
  • We do not currently have a mechanism for scanning the filesystem for enforcement.
• oval:simp.cis.el8.6.1.13_Audit_SUID_executables:def:1
  • Audit SUID executables
  • We do not currently have a mechanism for scanning the filesystem for enforcement.
• oval:simp.cis.el8.6.1.14_Audit_SGID_executables:def:1
  • Audit SGID executables
  • We do not currently have a mechanism for scanning the filesystem for enforcement.

Red Hat 8 (14/234 [5%])

• oval:simp.cis.el8.1.1.6_Ensure_separate_partition_exists_for_var:def:1
  • Ensure separate partition exists for /var
  • There is no way to safely change this on a running system.
• oval:simp.cis.el8.1.1.11_Ensure_separate_partition_exists_for_varlog:def:1
  • Ensure separate partition exists for /var/log
  • There is no way to safely change this on a running system.
• oval:simp.cis.el8.1.1.12_Ensure_separate_partition_exists_for_varlogaudit:def:1
  • Ensure separate partition exists for /var/log/audit
  • There is no way to safely change this on a running system.
• oval:simp.cis.el8.1.1.13_Ensure_separate_partition_exists_for_home:def:1
  • Ensure separate partition exists for /home
  • There is no way to safely change this on a running system.
• oval:simp.cis.el8.1.7.1.5_Ensure_no_unconfined_services_exist:def:1
  • Ensure no unconfined services exist
  • We have no viable method of remediation.
• oval:simp.cis.el8.6.1.1_Audit_system_file_permissions:def:1
  • Audit system file permissions
  • We do not currently have a mechanism for scanning the filesystem for enforcement.
• oval:simp.cis.el8.6.1.10_Ensure_no_world_writable_files_exist:def:1
  • Ensure no world writable files exist
  • We do not currently have a mechanism for scanning the filesystem for enforcement.
• oval:simp.cis.el8.6.1.11_Ensure_no_unowned_files_or_directories_exist:def:1
  • Ensure no unowned files or directories exist
  • We do not currently have a mechanism for scanning the filesystem for enforcement.
• oval:simp.cis.el8.6.1.12_Ensure_no_ungrouped_files_or_directories_exist:def:1
  • Ensure no ungrouped files or directories exist
  • We do not currently have a mechanism for scanning the filesystem for enforcement.
• oval:simp.cis.el8.6.1.13_Audit_SUID_executables:def:1
  • Audit SUID executables
  • We do not currently have a mechanism for scanning the filesystem for enforcement.
• oval:simp.cis.el8.6.1.14_Audit_SGID_executables:def:1
  • Audit SGID executables
  • We do not currently have a mechanism for scanning the filesystem for enforcement.
• oval:simp.cis.el8.1.2.1_Ensure_Red_Hat_Subscription_Manager_connection_is_configured:def:1
  • Ensure Red Hat Subscription Manager connection is configured
  • Package manager configuration is site-specific.
• oval:simp.cis.el8.1.2.2_Disable_the_rhnsd_Daemon:def:1
  • Disable the rhnsd Daemon
  • rhnsd should only be disabled if it is not in use.
• oval:simp.cis.el8.1.2.5_Ensure_package_manager_repositories_are_configured:def:1
  • Ensure package manager repositories are configured
  • Package manager configuration is site-specific.

Oracle Linux 8 (12/232 [5%])

• oval:simp.cis.el8.1.1.6_Ensure_separate_partition_exists_for_var:def:1
  • Ensure separate partition exists for /var
  • There is no way to safely change this on a running system.
• oval:simp.cis.el8.1.1.11_Ensure_separate_partition_exists_for_varlog:def:1
  • Ensure separate partition exists for /var/log
  • There is no way to safely change this on a running system.
• oval:simp.cis.el8.1.1.12_Ensure_separate_partition_exists_for_varlogaudit:def:1
  • Ensure separate partition exists for /var/log/audit
  • There is no way to safely change this on a running system.
• oval:simp.cis.el8.1.1.13_Ensure_separate_partition_exists_for_home:def:1
  • Ensure separate partition exists for /home
  • There is no way to safely change this on a running system.
• oval:simp.cis.el8.1.2.3_Ensure_package_manager_repositories_are_configured:def:1
  • Ensure package manager repositories are configured
  • Package manager configuration is site-specific.
• oval:simp.cis.el8.1.7.1.5_Ensure_no_unconfined_services_exist:def:1
  • Ensure no unconfined services exist
  • We have no viable method of remediation.
• oval:simp.cis.el8.6.1.1_Audit_system_file_permissions:def:1
  • Audit system file permissions
  • We do not currently have a mechanism for scanning the filesystem for enforcement.
• oval:simp.cis.el8.6.1.10_Ensure_no_world_writable_files_exist:def:1
  • Ensure no world writable files exist
  • We do not currently have a mechanism for scanning the filesystem for enforcement.
• oval:simp.cis.el8.6.1.11_Ensure_no_unowned_files_or_directories_exist:def:1
  • Ensure no unowned files or directories exist
  • We do not currently have a mechanism for scanning the filesystem for enforcement.
• oval:simp.cis.el8.6.1.12_Ensure_no_ungrouped_files_or_directories_exist:def:1
  • Ensure no ungrouped files or directories exist
  • We do not currently have a mechanism for scanning the filesystem for enforcement.
• oval:simp.cis.el8.6.1.13_Audit_SUID_executables:def:1
  • Audit SUID executables
  • We do not currently have a mechanism for scanning the filesystem for enforcement.
• oval:simp.cis.el8.6.1.14_Audit_SGID_executables:def:1
  • Audit SGID executables
  • We do not currently have a mechanism for scanning the filesystem for enforcement.

---

Mapped

The following controls are mapped:

Red Hat 7 (231/247 [93%])

• oval:simp.cis.el7.1.1.1.1_Ensure_mounting_of_cramfs_filesystems_is_disabled:def:1
• oval:simp.cis.el7.1.1.1.2_Ensure_mounting_of_squashfs_filesystems_is_disabled:def:1
• oval:simp.cis.el7.1.1.1.3_Ensure_mounting_of_udf_filesystems_is_disabled:def:1
• oval:simp.cis.el7.1.1.1.4_Ensure_mounting_of_FAT_filesystems_is_limited:def:1
• oval:simp.cis.el7.1.1.2_Ensure_tmp_is_configured:def:1
• oval:simp.cis.el7.1.1.3_Ensure_noexec_option_set_on_tmp_partition:def:1
• oval:simp.cis.el7.1.1.4_Ensure_nodev_option_set_on_tmp_partition:def:1
• oval:simp.cis.el7.1.1.5_Ensure_nosuid_option_set_on_tmp_partition:def:1
• oval:simp.cis.el7.1.1.6_Ensure_devshm_is_configured:def:1
• oval:simp.cis.el7.1.1.7_Ensure_noexec_option_set_on_devshm_partition:def:1
• oval:simp.cis.el7.1.1.8_Ensure_nodev_option_set_on_devshm_partition:def:1
• oval:simp.cis.el7.1.1.9_Ensure_nosuid_option_set_on_devshm_partition:def:1
• oval:simp.cis.el7.1.1.10_Ensure_separate_partition_exists_for_var:def:1
• oval:simp.cis.el7.1.1.12_Ensure_noexec_option_set_on_vartmp_partition:def:1
• oval:simp.cis.el7.1.1.13_Ensure_nodev_option_set_on_vartmp_partition:def:1
• oval:simp.cis.el7.1.1.14_Ensure_nosuid_option_set_on_vartmp_partition:def:1
• oval:simp.cis.el7.1.1.18_Ensure_nodev_option_set_on_home_partition:def:1
• oval:simp.cis.el7.1.1.19_Ensure_noexec_option_set_on_removable_media_partitions:def:1
• oval:simp.cis.el7.1.1.20_Ensure_nodev_option_set_on_removable_media_partitions:def:1
• oval:simp.cis.el7.1.1.21_Ensure_nosuid_option_set_on_removable_media_partitions:def:1
• oval:simp.cis.el7.1.1.22_Ensure_sticky_bit_is_set_on_all_world-writable_directories:def:1
• oval:simp.cis.el7.1.1.23_Disable_Automounting:def:1
• oval:simp.cis.el7.1.1.24_Disable_USB_Storage:def:1
• oval:simp.cis.el7.1.2.1_Ensure_GPG_keys_are_configured:def:1
• oval:simp.cis.el7.1.2.3_Ensure_gpgcheck_is_globally_activated:def:1
• oval:simp.cis.el7.1.3.1_Ensure_sudo_is_installed:def:1
• oval:simp.cis.el7.1.3.2_Ensure_sudo_commands_use_pty:def:1
• oval:simp.cis.el7.1.3.3_Ensure_sudo_log_file_exists:def:1
• oval:simp.cis.el7.1.4.1_Ensure_AIDE_is_installed:def:1
• oval:simp.cis.el7.1.4.2_Ensure_filesystem_integrity_is_regularly_checked:def:1
• oval:simp.cis.el7.1.5.1_Ensure_bootloader_password_is_set:def:1
• oval:simp.cis.el7.1.5.2_Ensure_permissions_on_bootloader_config_are_configured:def:1
• oval:simp.cis.el7.1.5.3_Ensure_authentication_required_for_single_user_mode:def:1
• oval:simp.cis.el7.1.6.1_Ensure_core_dumps_are_restricted:def:1
• oval:simp.cis.el7.1.6.3_Ensure_address_space_layout_randomization_ASLR_is_enabled:def:1
• oval:simp.cis.el7.1.6.4_Ensure_prelink_is_disabled:def:1
• oval:simp.cis.el7.1.7.1.1_Ensure_SELinux_is_installed:def:1
• oval:simp.cis.el7.1.7.1.2_Ensure_SELinux_is_not_disabled_in_bootloader_configuration:def:1
• oval:simp.cis.el7.1.7.1.3_Ensure_SELinux_policy_is_configured:def:1
• oval:simp.cis.el7.1.7.1.4_Ensure_the_SELinux_mode_is_enforcing_or_permissive:def:1
• oval:simp.cis.el7.1.7.1.5_Ensure_the_SELinux_mode_is_enforcing:def:1
• oval:simp.cis.el7.1.7.1.7_Ensure_SETroubleshoot_is_not_installed:def:1
• oval:simp.cis.el7.1.7.1.8_Ensure_the_MCS_Translation_Service_mcstrans_is_not_installed:def:1
• oval:simp.cis.el7.1.8.1.1_Ensure_message_of_the_day_is_configured_properly:def:1
• oval:simp.cis.el7.1.8.1.2_Ensure_local_login_warning_banner_is_configured_properly:def:1
• oval:simp.cis.el7.1.8.1.3_Ensure_remote_login_warning_banner_is_configured_properly:def:1
• oval:simp.cis.el7.1.8.1.4_Ensure_permissions_on_etcmotd_are_configured:def:1
• oval:simp.cis.el7.1.8.1.5_Ensure_permissions_on_etcissue_are_configured:def:1
• oval:simp.cis.el7.1.8.1.6_Ensure_permissions_on_etcissue.net_are_configured:def:1
• oval:simp.cis.el7.1.9_Ensure_updates_patches_and_additional_security_software_are_installed:def:1
• oval:simp.cis.el7.1.10_Ensure_GDM_is_removed_or_login_is_configured:def:1
• oval:simp.cis.el7.2.1.2_Ensure_xinetd_is_not_installed:def:1
• oval:simp.cis.el7.2.2.1.1_Ensure_time_synchronization_is_in_use:def:1
• oval:simp.cis.el7.2.2.1.3_Ensure_ntp_is_configured:def:1
• oval:simp.cis.el7.2.2.2_Ensure_X11_Server_components_are_not_installed:def:1
• oval:simp.cis.el7.2.2.3_Ensure_Avahi_Server_is_not_installed:def:1
• oval:simp.cis.el7.2.2.4_Ensure_CUPS_is_not_installed:def:1
• oval:simp.cis.el7.2.2.5_Ensure_DHCP_Server_is_not_installed:def:1
• oval:simp.cis.el7.2.2.6_Ensure_LDAP_server_is_not_installed:def:1
• oval:simp.cis.el7.2.2.7_Ensure_nfs-utils_is_not_installed_or_the__nfs-server_service_is_masked:def:1
• oval:simp.cis.el7.2.2.8_Ensure_rpcbind_is_not_installed_or_the__rpcbind_services_are_masked:def:1
• oval:simp.cis.el7.2.2.9_Ensure_DNS_Server_is_not_installed:def:1
• oval:simp.cis.el7.2.2.10_Ensure_FTP_Server_is_not_installed:def:1
• oval:simp.cis.el7.2.2.11_Ensure_HTTP_server_is_not_installed:def:1
• oval:simp.cis.el7.2.2.12_Ensure_IMAP_and_POP3_server_is_not_installed:def:1
• oval:simp.cis.el7.2.2.13_Ensure_Samba_is_not_installed:def:1
• oval:simp.cis.el7.2.2.14_Ensure_HTTP_Proxy_Server_is_not_installed:def:1
• oval:simp.cis.el7.2.2.15_Ensure_net-snmp_is_not_installed:def:1
• oval:simp.cis.el7.2.2.16_Ensure_mail_transfer_agent_is_configured_for_local-only_mode:def:1
• oval:simp.cis.el7.2.2.17_Ensure_rsync_is_not_installed_or_the_rsyncd_service_is_masked:def:1
• oval:simp.cis.el7.2.2.18_Ensure_NIS_server_is_not_installed:def:1
• oval:simp.cis.el7.2.2.19_Ensure_telnet-server_is_not_installed:def:1
• oval:simp.cis.el7.2.3.1_Ensure_NIS_Client_is_not_installed:def:1
• oval:simp.cis.el7.2.3.2_Ensure_rsh_client_is_not_installed:def:1
• oval:simp.cis.el7.2.3.3_Ensure_talk_client_is_not_installed:def:1
• oval:simp.cis.el7.2.3.4_Ensure_telnet_client_is_not_installed:def:1
• oval:simp.cis.el7.2.3.5_Ensure_LDAP_client_is_not_installed:def:1
• oval:simp.cis.el7.2.5_Ensure_nonessential_services_are_removed_or_masked:def:1
  • Requires svckill::mode: enforcing for full compliance. This is not enabled globally for safety reasons.
• oval:simp.cis.el7.3.1.1_Disable_IPv6:def:1
  • Disabled via sysctl instead of kernel command line
• oval:simp.cis.el7.3.1.2_Ensure_wireless_interfaces_are_disabled:def:1
• oval:simp.cis.el7.3.2.1_Ensure_IP_forwarding_is_disabled:def:1
• oval:simp.cis.el7.3.2.2_Ensure_packet_redirect_sending_is_disabled:def:1
• oval:simp.cis.el7.3.3.1_Ensure_source_routed_packets_are_not_accepted:def:1
• oval:simp.cis.el7.3.3.2_Ensure_ICMP_redirects_are_not_accepted:def:1
• oval:simp.cis.el7.3.3.3_Ensure_secure_ICMP_redirects_are_not_accepted:def:1
• oval:simp.cis.el7.3.3.4_Ensure_suspicious_packets_are_logged:def:1
• oval:simp.cis.el7.3.3.5_Ensure_broadcast_ICMP_requests_are_ignored:def:1
• oval:simp.cis.el7.3.3.6_Ensure_bogus_ICMP_responses_are_ignored:def:1
• oval:simp.cis.el7.3.3.7_Ensure_Reverse_Path_Filtering_is_enabled:def:1
• oval:simp.cis.el7.3.3.8_Ensure_TCP_SYN_Cookies_is_enabled:def:1
• oval:simp.cis.el7.3.3.9_Ensure_IPv6_router_advertisements_are_not_accepted:def:1
• oval:simp.cis.el7.3.4.1_Ensure_DCCP_is_disabled:def:1
• oval:simp.cis.el7.3.4.2_Ensure_SCTP_is_disabled:def:1
• oval:simp.cis.el7.3.5.1.1_Ensure_FirewallD_is_installed:def:1
• oval:simp.cis.el7.3.5.1.2_Ensure_iptables-services_package_is_not_installed:def:1
• oval:simp.cis.el7.3.5.1.3_Ensure_nftables_is_not_installed_or_stopped_and_masked:def:1
• oval:simp.cis.el7.3.5.1.4_Ensure_firewalld_service_is_enabled_and_running:def:1
• oval:simp.cis.el7.3.5.1.5_Ensure_default_zone_is_set:def:1
• oval:simp.cis.el7.3.5.1.6_Ensure_network_interfaces_are_assigned_to_appropriate_zone:def:1
• oval:simp.cis.el7.3.5.1.7_Ensure_unnecessary_services_and_ports_are_not_accepted:def:1
• oval:simp.cis.el7.3.5.2.1_Ensure_nftables_is_installed:def:1
  • Only applies when nftables is used for firewall provider
• oval:simp.cis.el7.3.5.2.2_Ensure_firewalld_is_not_installed_or_stopped_and_masked:def:1
  • Only applies when nftables is used for firewall provider
• oval:simp.cis.el7.3.5.2.3_Ensure_iptables-services_package_is_not_installed:def:1
  • Only applies when nftables is used for firewall provider
• oval:simp.cis.el7.3.5.2.4_Ensure_iptables_are_flushed:def:1
  • Only applies when nftables is used for firewall provider
• oval:simp.cis.el7.3.5.2.5_Ensure_a_table_exists:def:1
  • Only applies when nftables is used for firewall provider
• oval:simp.cis.el7.3.5.2.6_Ensure_base_chains_exist:def:1
  • Only applies when nftables is used for firewall provider
• oval:simp.cis.el7.3.5.2.7_Ensure_loopback_traffic_is_configured:def:1
  • Only applies when nftables is used for firewall provider
• oval:simp.cis.el7.3.5.2.8_Ensure_outbound_and_established_connections_are_configured:def:1
  • Only applies when nftables is used for firewall provider
• oval:simp.cis.el7.3.5.2.9_Ensure_default_deny_firewall_policy:def:1
  • Only applies when nftables is used for firewall provider
• oval:simp.cis.el7.3.5.2.10_Ensure_nftables_service_is_enabled:def:1
  • Only applies when nftables is used for firewall provider
• oval:simp.cis.el7.3.5.2.11_Ensure_nftables_rules_are_permanent:def:1
  • Only applies when nftables is used for firewall provider
• oval:simp.cis.el7.3.5.3.1.1_Ensure_iptables_packages_are_installed:def:1
  • Only applies when iptables is used for firewall provider
• oval:simp.cis.el7.3.5.3.1.2_Ensure_nftables_is_not_installed:def:1
  • Only applies when iptables is used for firewall provider
• oval:simp.cis.el7.3.5.3.1.3_Ensure_firewalld_is_not_installed_or_stopped_and_masked:def:1
  • Only applies when iptables is used for firewall provider
• oval:simp.cis.el7.3.5.3.2.1_Ensure_default_deny_firewall_policy:def:1
  • Only applies when iptables is used for firewall provider
• oval:simp.cis.el7.3.5.3.2.2_Ensure_loopback_traffic_is_configured:def:1
  • Only applies when iptables is used for firewall provider
• oval:simp.cis.el7.3.5.3.2.3_Ensure_outbound_and_established_connections_are_configured:def:1
  • Only applies when iptables is used for firewall provider
• oval:simp.cis.el7.3.5.3.2.4_Ensure_firewall_rules_exist_for_all_open_ports:def:1
  • Only applies when iptables is used for firewall provider
• oval:simp.cis.el7.3.5.3.2.5_Ensure_iptables_rules_are_saved:def:1
  • Only applies when iptables is used for firewall provider
• oval:simp.cis.el7.3.5.3.2.6_Ensure_iptables_is_enabled_and_running:def:1
• oval:simp.cis.el7.3.5.3.3.1_Ensure_IPv6_default_deny_firewall_policy:def:1
  • Only applies when iptables is used for firewall provider
• oval:simp.cis.el7.3.5.3.3.2_Ensure_IPv6_loopback_traffic_is_configured:def:1
  • Only applies when iptables is used for firewall provider
• oval:simp.cis.el7.3.5.3.3.3_Ensure_IPv6_outbound_and_established_connections_are_configured:def:1
  • Only applies when iptables is used for firewall provider
• oval:simp.cis.el7.3.5.3.3.4_Ensure_IPv6_firewall_rules_exist_for_all_open_ports:def:1
  • Only applies when iptables is used for firewall provider
• oval:simp.cis.el7.3.5.3.3.5_Ensure_ip6tables_rules_are_saved:def:1
  • Only applies when iptables is used for firewall provider
• oval:simp.cis.el7.3.5.3.3.6_Ensure_ip6tables_is_enabled_and_running:def:1
• oval:simp.cis.el7.4.1.1.1_Ensure_auditd_is_installed:def:1
• oval:simp.cis.el7.4.1.1.2_Ensure_auditd_service_is_enabled_and_running:def:1
• oval:simp.cis.el7.4.1.1.3_Ensure_auditing_for_processes_that_start_prior_to_auditd_is_enabled:def:1
• oval:simp.cis.el7.4.1.2.1_Ensure_audit_log_storage_size_is_configured:def:1
• oval:simp.cis.el7.4.1.2.2_Ensure_audit_logs_are_not_automatically_deleted:def:1
• oval:simp.cis.el7.4.1.2.3_Ensure_system_is_disabled_when_audit_logs_are_full:def:1
• oval:simp.cis.el7.4.1.2.4_Ensure_audit_backlog_limit_is_sufficient:def:1
• oval:simp.cis.el7.4.1.3_Ensure_events_that_modify_date_and_time_information_are_collected:def:1
• oval:simp.cis.el7.4.1.4_Ensure_events_that_modify_usergroup_information_are_collected:def:1
• oval:simp.cis.el7.4.1.5_Ensure_events_that_modify_the_systems_network_environment_are_collected:def:1
• oval:simp.cis.el7.4.1.6_Ensure_events_that_modify_the_systems_Mandatory_Access_Controls_are_collected:def:1
• oval:simp.cis.el7.4.1.7_Ensure_login_and_logout_events_are_collected:def:1
• oval:simp.cis.el7.4.1.8_Ensure_session_initiation_information_is_collected:def:1
• oval:simp.cis.el7.4.1.9_Ensure_discretionary_access_control_permission_modification_events_are_collected:def:1
• oval:simp.cis.el7.4.1.10_Ensure_unsuccessful_unauthorized_file_access_attempts_are_collected:def:1
• oval:simp.cis.el7.4.1.11_Ensure_use_of_privileged_commands_is_collected:def:1
• oval:simp.cis.el7.4.1.12_Ensure_successful_file_system_mounts_are_collected:def:1
• oval:simp.cis.el7.4.1.13_Ensure_file_deletion_events_by_users_are_collected:def:1
• oval:simp.cis.el7.4.1.14_Ensure_changes_to_system_administration_scope_sudoers_is_collected:def:1
• oval:simp.cis.el7.4.1.15_Ensure_system_administrator_actions_sudolog_are_collected:def:1
• oval:simp.cis.el7.4.1.16_Ensure_kernel_module_loading_and_unloading_is_collected:def:1
• oval:simp.cis.el7.4.1.17_Ensure_the_audit_configuration_is_immutable:def:1
• oval:simp.cis.el7.4.2.1.1_Ensure_rsyslog_is_installed:def:1
• oval:simp.cis.el7.4.2.1.2_Ensure_rsyslog_Service_is_enabled_and_running:def:1
• oval:simp.cis.el7.4.2.1.3_Ensure_rsyslog_default_file_permissions_configured:def:1
• oval:simp.cis.el7.4.2.1.4_Ensure_logging_is_configured:def:1
• oval:simp.cis.el7.4.2.1.5_Ensure_rsyslog_is_configured_to_send_logs_to_a_remote_log_host:def:1
• oval:simp.cis.el7.4.2.1.6_Ensure_remote_rsyslog_messages_are_only_accepted_on_designated_log_hosts.:def:1
• oval:simp.cis.el7.4.2.2.1_Ensure_journald_is_configured_to_send_logs_to_rsyslog:def:1
• oval:simp.cis.el7.4.2.2.2_Ensure_journald_is_configured_to_compress_large_log_files:def:1
• oval:simp.cis.el7.4.2.2.3_Ensure_journald_is_configured_to_write_logfiles_to_persistent_disk:def:1
• oval:simp.cis.el7.4.2.3_Ensure_permissions_on_all_logfiles_are_configured:def:1
• oval:simp.cis.el7.4.2.4_Ensure_logrotate_is_configured:def:1
• oval:simp.cis.el7.5.1.1_Ensure_cron_daemon_is_enabled_and_running:def:1
• oval:simp.cis.el7.5.1.2_Ensure_permissions_on_etccrontab_are_configured:def:1
• oval:simp.cis.el7.5.1.3_Ensure_permissions_on_etccron.hourly_are_configured:def:1
• oval:simp.cis.el7.5.1.4_Ensure_permissions_on_etccron.daily_are_configured:def:1
• oval:simp.cis.el7.5.1.5_Ensure_permissions_on_etccron.weekly_are_configured:def:1
• oval:simp.cis.el7.5.1.6_Ensure_permissions_on_etccron.monthly_are_configured:def:1
• oval:simp.cis.el7.5.1.7_Ensure_permissions_on_etccron.d_are_configured:def:1
• oval:simp.cis.el7.5.1.8_Ensure_cron_is_restricted_to_authorized_users:def:1
• oval:simp.cis.el7.5.1.9_Ensure_at_is_restricted_to_authorized_users:def:1
• oval:simp.cis.el7.5.2.1_Ensure_permissions_on_etcsshsshd_config_are_configured:def:1
• oval:simp.cis.el7.5.2.2_Ensure_permissions_on_SSH_private_host_key_files_are_configured:def:1
• oval:simp.cis.el7.5.2.3_Ensure_permissions_on_SSH_public_host_key_files_are_configured:def:1
• oval:simp.cis.el7.5.2.4_Ensure_SSH_access_is_limited:def:1
• oval:simp.cis.el7.5.2.5_Ensure_SSH_LogLevel_is_appropriate:def:1
• oval:simp.cis.el7.5.2.6_Ensure_SSH_X11_forwarding_is_disabled:def:1
• oval:simp.cis.el7.5.2.7_Ensure_SSH_MaxAuthTries_is_set_to_4_or_less:def:1
• oval:simp.cis.el7.5.2.8_Ensure_SSH_IgnoreRhosts_is_enabled:def:1
• oval:simp.cis.el7.5.2.9_Ensure_SSH_HostbasedAuthentication_is_disabled:def:1
• oval:simp.cis.el7.5.2.10_Ensure_SSH_root_login_is_disabled:def:1
• oval:simp.cis.el7.5.2.11_Ensure_SSH_PermitEmptyPasswords_is_disabled:def:1
• oval:simp.cis.el7.5.2.12_Ensure_SSH_PermitUserEnvironment_is_disabled:def:1
• oval:simp.cis.el7.5.2.13_Ensure_only_strong_Ciphers_are_used:def:1
• oval:simp.cis.el7.5.2.14_Ensure_only_strong_MAC_algorithms_are_used:def:1
• oval:simp.cis.el7.5.2.15_Ensure_only_strong_Key_Exchange_algorithms_are_used:def:1
• oval:simp.cis.el7.5.2.16_Ensure_SSH_Idle_Timeout_Interval_is_configured:def:1
• oval:simp.cis.el7.5.2.17_Ensure_SSH_LoginGraceTime_is_set_to_one_minute_or_less:def:1
• oval:simp.cis.el7.5.2.18_Ensure_SSH_warning_banner_is_configured:def:1
• oval:simp.cis.el7.5.2.19_Ensure_SSH_PAM_is_enabled:def:1
• oval:simp.cis.el7.5.2.20_Ensure_SSH_AllowTcpForwarding_is_disabled:def:1
• oval:simp.cis.el7.5.2.21_Ensure_SSH_MaxStartups_is_configured:def:1
• oval:simp.cis.el7.5.2.22_Ensure_SSH_MaxSessions_is_limited:def:1
• oval:simp.cis.el7.5.3.1_Ensure_password_creation_requirements_are_configured:def:1
• oval:simp.cis.el7.5.3.2_Ensure_lockout_for_failed_password_attempts_is_configured:def:1
• oval:simp.cis.el7.5.3.3_Ensure_password_hashing_algorithm_is_SHA-512:def:1
• oval:simp.cis.el7.5.3.4_Ensure_password_reuse_is_limited:def:1
• oval:simp.cis.el7.5.4.1.1_Ensure_password_expiration_is_365_days_or_less:def:1
• oval:simp.cis.el7.5.4.1.2_Ensure_minimum_days_between_password_changes_is_configured:def:1
• oval:simp.cis.el7.5.4.1.3_Ensure_password_expiration_warning_days_is_7_or_more:def:1
• oval:simp.cis.el7.5.4.1.4_Ensure_inactive_password_lock_is_30_days_or_less:def:1
• oval:simp.cis.el7.5.4.1.5_Ensure_all_users_last_password_change_date_is_in_the_past:def:1
• oval:simp.cis.el7.5.4.2_Ensure_system_accounts_are_secured:def:1
• oval:simp.cis.el7.5.4.3_Ensure_default_group_for_the_root_account_is_GID_0:def:1
• oval:simp.cis.el7.5.4.4_Ensure_default_user_shell_timeout_is_configured:def:1
• oval:simp.cis.el7.5.4.5_Ensure_default_user_umask_is_configured:def:1
• oval:simp.cis.el7.5.5_Ensure_root_login_is_restricted_to_system_console:def:1
• oval:simp.cis.el7.5.6_Ensure_access_to_the_su_command_is_restricted:def:1
• oval:simp.cis.el7.6.1.2_Ensure_permissions_on_etcpasswd_are_configured:def:1
• oval:simp.cis.el7.6.1.3_Ensure_permissions_on_etcshadow_are_configured:def:1
• oval:simp.cis.el7.6.1.4_Ensure_permissions_on_etcgroup_are_configured:def:1
• oval:simp.cis.el7.6.1.5_Ensure_permissions_on_etcgshadow_are_configured:def:1
• oval:simp.cis.el7.6.1.6_Ensure_permissions_on_etcpasswd-_are_configured:def:1
• oval:simp.cis.el7.6.1.7_Ensure_permissions_on_etcshadow-_are_configured:def:1
• oval:simp.cis.el7.6.1.8_Ensure_permissions_on_etcgroup-_are_configured:def:1
• oval:simp.cis.el7.6.1.9_Ensure_permissions_on_etcgshadow-_are_configured:def:1
• oval:simp.cis.el7.6.2.1_Ensure_accounts_in_etcpasswd_use_shadowed_passwords:def:1
• oval:simp.cis.el7.6.2.2_Ensure_etcshadow_password_fields_are_not_empty:def:1
• oval:simp.cis.el7.6.2.3_Ensure_root_is_the_only_UID_0_account:def:1
• oval:simp.cis.el7.6.2.4_Ensure_root_PATH_Integrity:def:1
• oval:simp.cis.el7.6.2.5_Ensure_all_users_home_directories_exist:def:1
• oval:simp.cis.el7.6.2.6_Ensure_users_home_directories_permissions_are_750_or_more_restrictive:def:1
• oval:simp.cis.el7.6.2.7_Ensure_users_own_their_home_directories:def:1
• oval:simp.cis.el7.6.2.8_Ensure_users_dot_files_are_not_group_or_world_writable:def:1
• oval:simp.cis.el7.6.2.9Ensure_no_users_have.forward_files:def:1
• oval:simp.cis.el7.6.2.10Ensure_no_users_have.netrc_files:def:1
• oval:simp.cis.el7.6.2.11Ensure_users.netrc_Files_are_not_group_or_world_accessible:def:1
• oval:simp.cis.el7.6.2.12Ensure_no_users_have.rhosts_files:def:1
• oval:simp.cis.el7.6.2.13_Ensure_all_groups_in_etcpasswd_exist_in_etcgroup:def:1
• oval:simp.cis.el7.6.2.14_Ensure_no_duplicate_UIDs_exist:def:1
• oval:simp.cis.el7.6.2.15_Ensure_no_duplicate_GIDs_exist:def:1
• oval:simp.cis.el7.6.2.16_Ensure_no_duplicate_user_names_exist:def:1
• oval:simp.cis.el7.6.2.17_Ensure_no_duplicate_group_names_exist:def:1
• oval:simp.cis.el7.6.2.18_Ensure_shadow_group_is_empty:def:1

CentOS 7 (231/245 [94%])

• oval:simp.cis.el7.1.1.1.1_Ensure_mounting_of_cramfs_filesystems_is_disabled:def:1
• oval:simp.cis.el7.1.1.1.2_Ensure_mounting_of_squashfs_filesystems_is_disabled:def:1
• oval:simp.cis.el7.1.1.1.3_Ensure_mounting_of_udf_filesystems_is_disabled:def:1
• oval:simp.cis.el7.1.1.1.4_Ensure_mounting_of_FAT_filesystems_is_limited:def:1
• oval:simp.cis.el7.1.1.2_Ensure_tmp_is_configured:def:1
• oval:simp.cis.el7.1.1.3_Ensure_noexec_option_set_on_tmp_partition:def:1
• oval:simp.cis.el7.1.1.4_Ensure_nodev_option_set_on_tmp_partition:def:1
• oval:simp.cis.el7.1.1.5_Ensure_nosuid_option_set_on_tmp_partition:def:1
• oval:simp.cis.el7.1.1.6_Ensure_devshm_is_configured:def:1
• oval:simp.cis.el7.1.1.7_Ensure_noexec_option_set_on_devshm_partition:def:1
• oval:simp.cis.el7.1.1.8_Ensure_nodev_option_set_on_devshm_partition:def:1
• oval:simp.cis.el7.1.1.9_Ensure_nosuid_option_set_on_devshm_partition:def:1
• oval:simp.cis.el7.1.1.10_Ensure_separate_partition_exists_for_var:def:1
• oval:simp.cis.el7.1.1.12_Ensure_noexec_option_set_on_vartmp_partition:def:1
• oval:simp.cis.el7.1.1.13_Ensure_nodev_option_set_on_vartmp_partition:def:1
• oval:simp.cis.el7.1.1.14_Ensure_nosuid_option_set_on_vartmp_partition:def:1
• oval:simp.cis.el7.1.1.18_Ensure_nodev_option_set_on_home_partition:def:1
• oval:simp.cis.el7.1.1.19_Ensure_noexec_option_set_on_removable_media_partitions:def:1
• oval:simp.cis.el7.1.1.20_Ensure_nodev_option_set_on_removable_media_partitions:def:1
• oval:simp.cis.el7.1.1.21_Ensure_nosuid_option_set_on_removable_media_partitions:def:1
• oval:simp.cis.el7.1.1.22_Ensure_sticky_bit_is_set_on_all_world-writable_directories:def:1
• oval:simp.cis.el7.1.1.23_Disable_Automounting:def:1
• oval:simp.cis.el7.1.1.24_Disable_USB_Storage:def:1
• oval:simp.cis.el7.1.2.1_Ensure_GPG_keys_are_configured:def:1
• oval:simp.cis.el7.1.2.3_Ensure_gpgcheck_is_globally_activated:def:1
• oval:simp.cis.el7.1.3.1_Ensure_sudo_is_installed:def:1
• oval:simp.cis.el7.1.3.2_Ensure_sudo_commands_use_pty:def:1
• oval:simp.cis.el7.1.3.3_Ensure_sudo_log_file_exists:def:1
• oval:simp.cis.el7.1.4.1_Ensure_AIDE_is_installed:def:1
• oval:simp.cis.el7.1.4.2_Ensure_filesystem_integrity_is_regularly_checked:def:1
• oval:simp.cis.el7.1.5.1_Ensure_bootloader_password_is_set:def:1
• oval:simp.cis.el7.1.5.2_Ensure_permissions_on_bootloader_config_are_configured:def:1
• oval:simp.cis.el7.1.5.3_Ensure_authentication_required_for_single_user_mode:def:1
• oval:simp.cis.el7.1.6.1_Ensure_core_dumps_are_restricted:def:1
• oval:simp.cis.el7.1.6.3_Ensure_address_space_layout_randomization_ASLR_is_enabled:def:1
• oval:simp.cis.el7.1.6.4_Ensure_prelink_is_disabled:def:1
• oval:simp.cis.el7.1.7.1.1_Ensure_SELinux_is_installed:def:1
• oval:simp.cis.el7.1.7.1.2_Ensure_SELinux_is_not_disabled_in_bootloader_configuration:def:1
• oval:simp.cis.el7.1.7.1.3_Ensure_SELinux_policy_is_configured:def:1
• oval:simp.cis.el7.1.7.1.4_Ensure_the_SELinux_mode_is_enforcing_or_permissive:def:1
• oval:simp.cis.el7.1.7.1.5_Ensure_the_SELinux_mode_is_enforcing:def:1
• oval:simp.cis.el7.1.7.1.7_Ensure_SETroubleshoot_is_not_installed:def:1
• oval:simp.cis.el7.1.7.1.8_Ensure_the_MCS_Translation_Service_mcstrans_is_not_installed:def:1
• oval:simp.cis.el7.1.8.1.1_Ensure_message_of_the_day_is_configured_properly:def:1
• oval:simp.cis.el7.1.8.1.2_Ensure_local_login_warning_banner_is_configured_properly:def:1
• oval:simp.cis.el7.1.8.1.3_Ensure_remote_login_warning_banner_is_configured_properly:def:1
• oval:simp.cis.el7.1.8.1.4_Ensure_permissions_on_etcmotd_are_configured:def:1
• oval:simp.cis.el7.1.8.1.5_Ensure_permissions_on_etcissue_are_configured:def:1
• oval:simp.cis.el7.1.8.1.6_Ensure_permissions_on_etcissue.net_are_configured:def:1
• oval:simp.cis.el7.1.9_Ensure_updates_patches_and_additional_security_software_are_installed:def:1
• oval:simp.cis.el7.1.10_Ensure_GDM_is_removed_or_login_is_configured:def:1
• oval:simp.cis.el7.2.2.1.1_Ensure_time_synchronization_is_in_use:def:1
• oval:simp.cis.el7.2.2.1.3_Ensure_ntp_is_configured:def:1
• oval:simp.cis.el7.2.2.2_Ensure_X11_Server_components_are_not_installed:def:1
• oval:simp.cis.el7.2.2.3_Ensure_Avahi_Server_is_not_installed:def:1
• oval:simp.cis.el7.2.2.4_Ensure_CUPS_is_not_installed:def:1
• oval:simp.cis.el7.2.2.5_Ensure_DHCP_Server_is_not_installed:def:1
• oval:simp.cis.el7.2.2.6_Ensure_LDAP_server_is_not_installed:def:1
• oval:simp.cis.el7.2.2.7_Ensure_nfs-utils_is_not_installed_or_the__nfs-server_service_is_masked:def:1
• oval:simp.cis.el7.2.2.8_Ensure_rpcbind_is_not_installed_or_the__rpcbind_services_are_masked:def:1
• oval:simp.cis.el7.2.2.9_Ensure_DNS_Server_is_not_installed:def:1
• oval:simp.cis.el7.2.2.10_Ensure_FTP_Server_is_not_installed:def:1
• oval:simp.cis.el7.2.2.11_Ensure_HTTP_server_is_not_installed:def:1
• oval:simp.cis.el7.2.2.12_Ensure_IMAP_and_POP3_server_is_not_installed:def:1
• oval:simp.cis.el7.2.2.13_Ensure_Samba_is_not_installed:def:1
• oval:simp.cis.el7.2.2.14_Ensure_HTTP_Proxy_Server_is_not_installed:def:1
• oval:simp.cis.el7.2.2.15_Ensure_net-snmp_is_not_installed:def:1
• oval:simp.cis.el7.2.2.16_Ensure_mail_transfer_agent_is_configured_for_local-only_mode:def:1
• oval:simp.cis.el7.2.2.17_Ensure_rsync_is_not_installed_or_the_rsyncd_service_is_masked:def:1
• oval:simp.cis.el7.2.2.18_Ensure_NIS_server_is_not_installed:def:1
• oval:simp.cis.el7.2.2.19_Ensure_telnet-server_is_not_installed:def:1
• oval:simp.cis.el7.2.3.1_Ensure_NIS_Client_is_not_installed:def:1
• oval:simp.cis.el7.2.3.2_Ensure_rsh_client_is_not_installed:def:1
• oval:simp.cis.el7.2.3.3_Ensure_talk_client_is_not_installed:def:1
• oval:simp.cis.el7.2.3.4_Ensure_telnet_client_is_not_installed:def:1
• oval:simp.cis.el7.2.3.5_Ensure_LDAP_client_is_not_installed:def:1
• oval:simp.cis.el7.3.1.1_Disable_IPv6:def:1
  • Disabled via sysctl instead of kernel command line
• oval:simp.cis.el7.3.1.2_Ensure_wireless_interfaces_are_disabled:def:1
• oval:simp.cis.el7.3.2.1_Ensure_IP_forwarding_is_disabled:def:1
• oval:simp.cis.el7.3.2.2_Ensure_packet_redirect_sending_is_disabled:def:1
• oval:simp.cis.el7.3.3.1_Ensure_source_routed_packets_are_not_accepted:def:1
• oval:simp.cis.el7.3.3.2_Ensure_ICMP_redirects_are_not_accepted:def:1
• oval:simp.cis.el7.3.3.3_Ensure_secure_ICMP_redirects_are_not_accepted:def:1
• oval:simp.cis.el7.3.3.4_Ensure_suspicious_packets_are_logged:def:1
• oval:simp.cis.el7.3.3.5_Ensure_broadcast_ICMP_requests_are_ignored:def:1
• oval:simp.cis.el7.3.3.6_Ensure_bogus_ICMP_responses_are_ignored:def:1
• oval:simp.cis.el7.3.3.7_Ensure_Reverse_Path_Filtering_is_enabled:def:1
• oval:simp.cis.el7.3.3.8_Ensure_TCP_SYN_Cookies_is_enabled:def:1
• oval:simp.cis.el7.3.3.9_Ensure_IPv6_router_advertisements_are_not_accepted:def:1
• oval:simp.cis.el7.3.4.1_Ensure_DCCP_is_disabled:def:1
• oval:simp.cis.el7.3.4.2_Ensure_SCTP_is_disabled:def:1
• oval:simp.cis.el7.3.5.1.1_Ensure_FirewallD_is_installed:def:1
• oval:simp.cis.el7.3.5.1.2_Ensure_iptables-services_package_is_not_installed:def:1
• oval:simp.cis.el7.3.5.1.3_Ensure_nftables_is_not_installed_or_stopped_and_masked:def:1
• oval:simp.cis.el7.3.5.1.4_Ensure_firewalld_service_is_enabled_and_running:def:1
• oval:simp.cis.el7.3.5.1.5_Ensure_default_zone_is_set:def:1
• oval:simp.cis.el7.3.5.1.6_Ensure_network_interfaces_are_assigned_to_appropriate_zone:def:1
• oval:simp.cis.el7.3.5.1.7_Ensure_unnecessary_services_and_ports_are_not_accepted:def:1
• oval:simp.cis.el7.3.5.2.1_Ensure_nftables_is_installed:def:1
  • Only applies when nftables is used for firewall provider
• oval:simp.cis.el7.3.5.2.2_Ensure_firewalld_is_not_installed_or_stopped_and_masked:def:1
  • Only applies when nftables is used for firewall provider
• oval:simp.cis.el7.3.5.2.3_Ensure_iptables-services_package_is_not_installed:def:1
  • Only applies when nftables is used for firewall provider
• oval:simp.cis.el7.3.5.2.4_Ensure_iptables_are_flushed:def:1
  • Only applies when nftables is used for firewall provider
• oval:simp.cis.el7.3.5.2.5_Ensure_a_table_exists:def:1
  • Only applies when nftables is used for firewall provider
• oval:simp.cis.el7.3.5.2.6_Ensure_base_chains_exist:def:1
  • Only applies when nftables is used for firewall provider
• oval:simp.cis.el7.3.5.2.7_Ensure_loopback_traffic_is_configured:def:1
  • Only applies when nftables is used for firewall provider
• oval:simp.cis.el7.3.5.2.8_Ensure_outbound_and_established_connections_are_configured:def:1
  • Only applies when nftables is used for firewall provider
• oval:simp.cis.el7.3.5.2.9_Ensure_default_deny_firewall_policy:def:1
  • Only applies when nftables is used for firewall provider
• oval:simp.cis.el7.3.5.2.10_Ensure_nftables_service_is_enabled:def:1
  • Only applies when nftables is used for firewall provider
• oval:simp.cis.el7.3.5.2.11_Ensure_nftables_rules_are_permanent:def:1
  • Only applies when nftables is used for firewall provider
• oval:simp.cis.el7.3.5.3.1.1_Ensure_iptables_packages_are_installed:def:1
  • Only applies when iptables is used for firewall provider
• oval:simp.cis.el7.3.5.3.1.2_Ensure_nftables_is_not_installed:def:1
  • Only applies when iptables is used for firewall provider
• oval:simp.cis.el7.3.5.3.1.3_Ensure_firewalld_is_not_installed_or_stopped_and_masked:def:1
  • Only applies when iptables is used for firewall provider
• oval:simp.cis.el7.3.5.3.2.1_Ensure_default_deny_firewall_policy:def:1
  • Only applies when iptables is used for firewall provider
• oval:simp.cis.el7.3.5.3.2.2_Ensure_loopback_traffic_is_configured:def:1
  • Only applies when iptables is used for firewall provider
• oval:simp.cis.el7.3.5.3.2.3_Ensure_outbound_and_established_connections_are_configured:def:1
  • Only applies when iptables is used for firewall provider
• oval:simp.cis.el7.3.5.3.2.4_Ensure_firewall_rules_exist_for_all_open_ports:def:1
  • Only applies when iptables is used for firewall provider
• oval:simp.cis.el7.3.5.3.2.5_Ensure_iptables_rules_are_saved:def:1
  • Only applies when iptables is used for firewall provider
• oval:simp.cis.el7.3.5.3.3.1_Ensure_IPv6_default_deny_firewall_policy:def:1
  • Only applies when iptables is used for firewall provider
• oval:simp.cis.el7.3.5.3.3.2_Ensure_IPv6_loopback_traffic_is_configured:def:1
  • Only applies when iptables is used for firewall provider
• oval:simp.cis.el7.3.5.3.3.3_Ensure_IPv6_outbound_and_established_connections_are_configured:def:1
  • Only applies when iptables is used for firewall provider
• oval:simp.cis.el7.3.5.3.3.4_Ensure_IPv6_firewall_rules_exist_for_all_open_ports:def:1
  • Only applies when iptables is used for firewall provider
• oval:simp.cis.el7.3.5.3.3.5_Ensure_ip6tables_rules_are_saved:def:1
  • Only applies when iptables is used for firewall provider
• oval:simp.cis.el7.4.1.1.1_Ensure_auditd_is_installed:def:1
• oval:simp.cis.el7.4.1.1.2_Ensure_auditd_service_is_enabled_and_running:def:1
• oval:simp.cis.el7.4.1.1.3_Ensure_auditing_for_processes_that_start_prior_to_auditd_is_enabled:def:1
• oval:simp.cis.el7.4.1.2.1_Ensure_audit_log_storage_size_is_configured:def:1
• oval:simp.cis.el7.4.1.2.2_Ensure_audit_logs_are_not_automatically_deleted:def:1
• oval:simp.cis.el7.4.1.2.3_Ensure_system_is_disabled_when_audit_logs_are_full:def:1
• oval:simp.cis.el7.4.1.2.4_Ensure_audit_backlog_limit_is_sufficient:def:1
• oval:simp.cis.el7.4.1.3_Ensure_events_that_modify_date_and_time_information_are_collected:def:1
• oval:simp.cis.el7.4.1.4_Ensure_events_that_modify_usergroup_information_are_collected:def:1
• oval:simp.cis.el7.4.1.5_Ensure_events_that_modify_the_systems_network_environment_are_collected:def:1
• oval:simp.cis.el7.4.1.6_Ensure_events_that_modify_the_systems_Mandatory_Access_Controls_are_collected:def:1
• oval:simp.cis.el7.4.1.7_Ensure_login_and_logout_events_are_collected:def:1
• oval:simp.cis.el7.4.1.8_Ensure_session_initiation_information_is_collected:def:1
• oval:simp.cis.el7.4.1.9_Ensure_discretionary_access_control_permission_modification_events_are_collected:def:1
• oval:simp.cis.el7.4.1.10_Ensure_unsuccessful_unauthorized_file_access_attempts_are_collected:def:1
• oval:simp.cis.el7.4.1.11_Ensure_use_of_privileged_commands_is_collected:def:1
• oval:simp.cis.el7.4.1.12_Ensure_successful_file_system_mounts_are_collected:def:1
• oval:simp.cis.el7.4.1.13_Ensure_file_deletion_events_by_users_are_collected:def:1
• oval:simp.cis.el7.4.1.14_Ensure_changes_to_system_administration_scope_sudoers_is_collected:def:1
• oval:simp.cis.el7.4.1.15_Ensure_system_administrator_actions_sudolog_are_collected:def:1
• oval:simp.cis.el7.4.1.16_Ensure_kernel_module_loading_and_unloading_is_collected:def:1
• oval:simp.cis.el7.4.1.17_Ensure_the_audit_configuration_is_immutable:def:1
• oval:simp.cis.el7.4.2.1.1_Ensure_rsyslog_is_installed:def:1
• oval:simp.cis.el7.4.2.1.2_Ensure_rsyslog_Service_is_enabled_and_running:def:1
• oval:simp.cis.el7.4.2.1.3_Ensure_rsyslog_default_file_permissions_configured:def:1
• oval:simp.cis.el7.4.2.1.4_Ensure_logging_is_configured:def:1
• oval:simp.cis.el7.4.2.1.5_Ensure_rsyslog_is_configured_to_send_logs_to_a_remote_log_host:def:1
• oval:simp.cis.el7.4.2.1.6_Ensure_remote_rsyslog_messages_are_only_accepted_on_designated_log_hosts.:def:1
• oval:simp.cis.el7.4.2.2.1_Ensure_journald_is_configured_to_send_logs_to_rsyslog:def:1
• oval:simp.cis.el7.4.2.2.2_Ensure_journald_is_configured_to_compress_large_log_files:def:1
• oval:simp.cis.el7.4.2.2.3_Ensure_journald_is_configured_to_write_logfiles_to_persistent_disk:def:1
• oval:simp.cis.el7.4.2.3_Ensure_permissions_on_all_logfiles_are_configured:def:1
• oval:simp.cis.el7.4.2.4_Ensure_logrotate_is_configured:def:1
• oval:simp.cis.el7.5.1.1_Ensure_cron_daemon_is_enabled_and_running:def:1
• oval:simp.cis.el7.5.1.2_Ensure_permissions_on_etccrontab_are_configured:def:1
• oval:simp.cis.el7.5.1.3_Ensure_permissions_on_etccron.hourly_are_configured:def:1
• oval:simp.cis.el7.5.1.4_Ensure_permissions_on_etccron.daily_are_configured:def:1
• oval:simp.cis.el7.5.1.5_Ensure_permissions_on_etccron.weekly_are_configured:def:1
• oval:simp.cis.el7.5.1.6_Ensure_permissions_on_etccron.monthly_are_configured:def:1
• oval:simp.cis.el7.5.1.7_Ensure_permissions_on_etccron.d_are_configured:def:1
• oval:simp.cis.el7.5.1.8_Ensure_cron_is_restricted_to_authorized_users:def:1
• oval:simp.cis.el7.5.1.9_Ensure_at_is_restricted_to_authorized_users:def:1
• oval:simp.cis.el7.5.2.1_Ensure_permissions_on_etcsshsshd_config_are_configured:def:1
• oval:simp.cis.el7.5.2.2_Ensure_permissions_on_SSH_private_host_key_files_are_configured:def:1
• oval:simp.cis.el7.5.2.3_Ensure_permissions_on_SSH_public_host_key_files_are_configured:def:1
• oval:simp.cis.el7.5.2.4_Ensure_SSH_access_is_limited:def:1
• oval:simp.cis.el7.5.2.5_Ensure_SSH_LogLevel_is_appropriate:def:1
• oval:simp.cis.el7.5.2.6_Ensure_SSH_X11_forwarding_is_disabled:def:1
• oval:simp.cis.el7.5.2.7_Ensure_SSH_MaxAuthTries_is_set_to_4_or_less:def:1
• oval:simp.cis.el7.5.2.8_Ensure_SSH_IgnoreRhosts_is_enabled:def:1
• oval:simp.cis.el7.5.2.9_Ensure_SSH_HostbasedAuthentication_is_disabled:def:1
• oval:simp.cis.el7.5.2.10_Ensure_SSH_root_login_is_disabled:def:1
• oval:simp.cis.el7.5.2.11_Ensure_SSH_PermitEmptyPasswords_is_disabled:def:1
• oval:simp.cis.el7.5.2.12_Ensure_SSH_PermitUserEnvironment_is_disabled:def:1
• oval:simp.cis.el7.5.2.13_Ensure_only_strong_Ciphers_are_used:def:1
• oval:simp.cis.el7.5.2.14_Ensure_only_strong_MAC_algorithms_are_used:def:1
• oval:simp.cis.el7.5.2.15_Ensure_only_strong_Key_Exchange_algorithms_are_used:def:1
• oval:simp.cis.el7.5.2.16_Ensure_SSH_Idle_Timeout_Interval_is_configured:def:1
• oval:simp.cis.el7.5.2.17_Ensure_SSH_LoginGraceTime_is_set_to_one_minute_or_less:def:1
• oval:simp.cis.el7.5.2.18_Ensure_SSH_warning_banner_is_configured:def:1
• oval:simp.cis.el7.5.2.19_Ensure_SSH_PAM_is_enabled:def:1
• oval:simp.cis.el7.5.2.20_Ensure_SSH_AllowTcpForwarding_is_disabled:def:1
• oval:simp.cis.el7.5.2.21_Ensure_SSH_MaxStartups_is_configured:def:1
• oval:simp.cis.el7.5.2.22_Ensure_SSH_MaxSessions_is_limited:def:1
• oval:simp.cis.el7.5.3.1_Ensure_password_creation_requirements_are_configured:def:1
• oval:simp.cis.el7.5.3.2_Ensure_lockout_for_failed_password_attempts_is_configured:def:1
• oval:simp.cis.el7.5.3.3_Ensure_password_hashing_algorithm_is_SHA-512:def:1
• oval:simp.cis.el7.5.3.4_Ensure_password_reuse_is_limited:def:1
• oval:simp.cis.el7.5.4.1.1_Ensure_password_expiration_is_365_days_or_less:def:1
• oval:simp.cis.el7.5.4.1.2_Ensure_minimum_days_between_password_changes_is_configured:def:1
• oval:simp.cis.el7.5.4.1.3_Ensure_password_expiration_warning_days_is_7_or_more:def:1
• oval:simp.cis.el7.5.4.1.4_Ensure_inactive_password_lock_is_30_days_or_less:def:1
• oval:simp.cis.el7.5.4.1.5_Ensure_all_users_last_password_change_date_is_in_the_past:def:1
• oval:simp.cis.el7.5.4.2_Ensure_system_accounts_are_secured:def:1
• oval:simp.cis.el7.5.4.3_Ensure_default_group_for_the_root_account_is_GID_0:def:1
• oval:simp.cis.el7.5.4.4_Ensure_default_user_shell_timeout_is_configured:def:1
• oval:simp.cis.el7.5.4.5_Ensure_default_user_umask_is_configured:def:1
• oval:simp.cis.el7.5.5_Ensure_root_login_is_restricted_to_system_console:def:1
• oval:simp.cis.el7.5.6_Ensure_access_to_the_su_command_is_restricted:def:1
• oval:simp.cis.el7.6.1.2_Ensure_permissions_on_etcpasswd_are_configured:def:1
• oval:simp.cis.el7.6.1.3_Ensure_permissions_on_etcshadow_are_configured:def:1
• oval:simp.cis.el7.6.1.4_Ensure_permissions_on_etcgroup_are_configured:def:1
• oval:simp.cis.el7.6.1.5_Ensure_permissions_on_etcgshadow_are_configured:def:1
• oval:simp.cis.el7.6.1.6_Ensure_permissions_on_etcpasswd-_are_configured:def:1
• oval:simp.cis.el7.6.1.7_Ensure_permissions_on_etcshadow-_are_configured:def:1
• oval:simp.cis.el7.6.1.8_Ensure_permissions_on_etcgroup-_are_configured:def:1
• oval:simp.cis.el7.6.1.9_Ensure_permissions_on_etcgshadow-_are_configured:def:1
• oval:simp.cis.el7.6.2.1_Ensure_accounts_in_etcpasswd_use_shadowed_passwords:def:1
• oval:simp.cis.el7.6.2.2_Ensure_etcshadow_password_fields_are_not_empty:def:1
• oval:simp.cis.el7.6.2.3_Ensure_root_is_the_only_UID_0_account:def:1
• oval:simp.cis.el7.6.2.4_Ensure_root_PATH_Integrity:def:1
• oval:simp.cis.el7.6.2.5_Ensure_all_users_home_directories_exist:def:1
• oval:simp.cis.el7.6.2.6_Ensure_users_home_directories_permissions_are_750_or_more_restrictive:def:1
• oval:simp.cis.el7.6.2.7_Ensure_users_own_their_home_directories:def:1
• oval:simp.cis.el7.6.2.8_Ensure_users_dot_files_are_not_group_or_world_writable:def:1
• oval:simp.cis.el7.6.2.9Ensure_no_users_have.forward_files:def:1
• oval:simp.cis.el7.6.2.10Ensure_no_users_have.netrc_files:def:1
• oval:simp.cis.el7.6.2.11Ensure_users.netrc_Files_are_not_group_or_world_accessible:def:1
• oval:simp.cis.el7.6.2.12Ensure_no_users_have.rhosts_files:def:1
• oval:simp.cis.el7.6.2.13_Ensure_all_groups_in_etcpasswd_exist_in_etcgroup:def:1
• oval:simp.cis.el7.6.2.14_Ensure_no_duplicate_UIDs_exist:def:1
• oval:simp.cis.el7.6.2.15_Ensure_no_duplicate_GIDs_exist:def:1
• oval:simp.cis.el7.6.2.16_Ensure_no_duplicate_user_names_exist:def:1
• oval:simp.cis.el7.6.2.17_Ensure_no_duplicate_group_names_exist:def:1
• oval:simp.cis.el7.6.2.18_Ensure_shadow_group_is_empty:def:1
• oval:simp.cis.el7.2.1.1_Ensure_xinetd_is_not_installed:def:1
• oval:simp.cis.el7.2.4_Ensure_nonessential_services_are_removed_or_masked:def:1
  • Requires svckill::mode: enforcing for full compliance. This is not enabled globally for safety reasons.
• oval:simp.cis.el7.3.5.3.2.6_Ensure_iptables_in_enabled_and_running:def:1
  • Only applies when iptables is used for firewall provider
• oval:simp.cis.el7.3.5.3.3.6_Ensure_ip6tables_in_enabled_and_running:def:1
  • Only applies when iptables is used for firewall provider

Oracle Linux 7 (231/245 [94%])

• oval:simp.cis.el7.1.1.1.1_Ensure_mounting_of_cramfs_filesystems_is_disabled:def:1
• oval:simp.cis.el7.1.1.1.2_Ensure_mounting_of_squashfs_filesystems_is_disabled:def:1
• oval:simp.cis.el7.1.1.1.3_Ensure_mounting_of_udf_filesystems_is_disabled:def:1
• oval:simp.cis.el7.1.1.1.4_Ensure_mounting_of_FAT_filesystems_is_limited:def:1
• oval:simp.cis.el7.1.1.2_Ensure_tmp_is_configured:def:1
• oval:simp.cis.el7.1.1.3_Ensure_noexec_option_set_on_tmp_partition:def:1
• oval:simp.cis.el7.1.1.4_Ensure_nodev_option_set_on_tmp_partition:def:1
• oval:simp.cis.el7.1.1.5_Ensure_nosuid_option_set_on_tmp_partition:def:1
• oval:simp.cis.el7.1.1.6_Ensure_devshm_is_configured:def:1
• oval:simp.cis.el7.1.1.7_Ensure_noexec_option_set_on_devshm_partition:def:1
• oval:simp.cis.el7.1.1.8_Ensure_nodev_option_set_on_devshm_partition:def:1
• oval:simp.cis.el7.1.1.9_Ensure_nosuid_option_set_on_devshm_partition:def:1
• oval:simp.cis.el7.1.1.10_Ensure_separate_partition_exists_for_var:def:1
• oval:simp.cis.el7.1.1.12_Ensure_noexec_option_set_on_vartmp_partition:def:1
• oval:simp.cis.el7.1.1.13_Ensure_nodev_option_set_on_vartmp_partition:def:1
• oval:simp.cis.el7.1.1.14_Ensure_nosuid_option_set_on_vartmp_partition:def:1
• oval:simp.cis.el7.1.1.18_Ensure_nodev_option_set_on_home_partition:def:1
• oval:simp.cis.el7.1.1.19_Ensure_noexec_option_set_on_removable_media_partitions:def:1
• oval:simp.cis.el7.1.1.20_Ensure_nodev_option_set_on_removable_media_partitions:def:1
• oval:simp.cis.el7.1.1.21_Ensure_nosuid_option_set_on_removable_media_partitions:def:1
• oval:simp.cis.el7.1.1.22_Ensure_sticky_bit_is_set_on_all_world-writable_directories:def:1
• oval:simp.cis.el7.1.1.23_Disable_Automounting:def:1
• oval:simp.cis.el7.1.1.24_Disable_USB_Storage:def:1
• oval:simp.cis.el7.1.2.1_Ensure_GPG_keys_are_configured:def:1
• oval:simp.cis.el7.1.2.3_Ensure_gpgcheck_is_globally_activated:def:1
• oval:simp.cis.el7.1.3.1_Ensure_sudo_is_installed:def:1
• oval:simp.cis.el7.1.3.2_Ensure_sudo_commands_use_pty:def:1
• oval:simp.cis.el7.1.3.3_Ensure_sudo_log_file_exists:def:1
• oval:simp.cis.el7.1.4.1_Ensure_AIDE_is_installed:def:1
• oval:simp.cis.el7.1.4.2_Ensure_filesystem_integrity_is_regularly_checked:def:1
• oval:simp.cis.el7.1.5.1_Ensure_bootloader_password_is_set:def:1
• oval:simp.cis.el7.1.5.2_Ensure_permissions_on_bootloader_config_are_configured:def:1
• oval:simp.cis.el7.1.5.3_Ensure_authentication_required_for_single_user_mode:def:1
• oval:simp.cis.el7.1.6.1_Ensure_core_dumps_are_restricted:def:1
• oval:simp.cis.el7.1.6.3_Ensure_address_space_layout_randomization_ASLR_is_enabled:def:1
• oval:simp.cis.el7.1.6.4_Ensure_prelink_is_disabled:def:1
• oval:simp.cis.el7.1.7.1.1_Ensure_SELinux_is_installed:def:1
• oval:simp.cis.el7.1.7.1.2_Ensure_SELinux_is_not_disabled_in_bootloader_configuration:def:1
• oval:simp.cis.el7.1.7.1.3_Ensure_SELinux_policy_is_configured:def:1
• oval:simp.cis.el7.1.7.1.4_Ensure_the_SELinux_mode_is_enforcing_or_permissive:def:1
• oval:simp.cis.el7.1.7.1.5_Ensure_the_SELinux_mode_is_enforcing:def:1
• oval:simp.cis.el7.1.7.1.7_Ensure_SETroubleshoot_is_not_installed:def:1
• oval:simp.cis.el7.1.7.1.8_Ensure_the_MCS_Translation_Service_mcstrans_is_not_installed:def:1
• oval:simp.cis.el7.1.8.1.1_Ensure_message_of_the_day_is_configured_properly:def:1
• oval:simp.cis.el7.1.8.1.2_Ensure_local_login_warning_banner_is_configured_properly:def:1
• oval:simp.cis.el7.1.8.1.3_Ensure_remote_login_warning_banner_is_configured_properly:def:1
• oval:simp.cis.el7.1.8.1.4_Ensure_permissions_on_etcmotd_are_configured:def:1
• oval:simp.cis.el7.1.8.1.5_Ensure_permissions_on_etcissue_are_configured:def:1
• oval:simp.cis.el7.1.8.1.6_Ensure_permissions_on_etcissue.net_are_configured:def:1
• oval:simp.cis.el7.1.9_Ensure_updates_patches_and_additional_security_software_are_installed:def:1
• oval:simp.cis.el7.1.10_Ensure_GDM_is_removed_or_login_is_configured:def:1
• oval:simp.cis.el7.2.2.1.1_Ensure_time_synchronization_is_in_use:def:1
• oval:simp.cis.el7.2.2.1.3_Ensure_ntp_is_configured:def:1
• oval:simp.cis.el7.2.2.2_Ensure_X11_Server_components_are_not_installed:def:1
• oval:simp.cis.el7.2.2.3_Ensure_Avahi_Server_is_not_installed:def:1
• oval:simp.cis.el7.2.2.4_Ensure_CUPS_is_not_installed:def:1
• oval:simp.cis.el7.2.2.5_Ensure_DHCP_Server_is_not_installed:def:1
• oval:simp.cis.el7.2.2.6_Ensure_LDAP_server_is_not_installed:def:1
• oval:simp.cis.el7.2.2.7_Ensure_nfs-utils_is_not_installed_or_the__nfs-server_service_is_masked:def:1
• oval:simp.cis.el7.2.2.8_Ensure_rpcbind_is_not_installed_or_the__rpcbind_services_are_masked:def:1
• oval:simp.cis.el7.2.2.9_Ensure_DNS_Server_is_not_installed:def:1
• oval:simp.cis.el7.2.2.10_Ensure_FTP_Server_is_not_installed:def:1
• oval:simp.cis.el7.2.2.11_Ensure_HTTP_server_is_not_installed:def:1
• oval:simp.cis.el7.2.2.12_Ensure_IMAP_and_POP3_server_is_not_installed:def:1
• oval:simp.cis.el7.2.2.13_Ensure_Samba_is_not_installed:def:1
• oval:simp.cis.el7.2.2.14_Ensure_HTTP_Proxy_Server_is_not_installed:def:1
• oval:simp.cis.el7.2.2.15_Ensure_net-snmp_is_not_installed:def:1
• oval:simp.cis.el7.2.2.16_Ensure_mail_transfer_agent_is_configured_for_local-only_mode:def:1
• oval:simp.cis.el7.2.2.17_Ensure_rsync_is_not_installed_or_the_rsyncd_service_is_masked:def:1
• oval:simp.cis.el7.2.2.18_Ensure_NIS_server_is_not_installed:def:1
• oval:simp.cis.el7.2.2.19_Ensure_telnet-server_is_not_installed:def:1
• oval:simp.cis.el7.2.3.1_Ensure_NIS_Client_is_not_installed:def:1
• oval:simp.cis.el7.2.3.2_Ensure_rsh_client_is_not_installed:def:1
• oval:simp.cis.el7.2.3.3_Ensure_talk_client_is_not_installed:def:1
• oval:simp.cis.el7.2.3.4_Ensure_telnet_client_is_not_installed:def:1
• oval:simp.cis.el7.2.3.5_Ensure_LDAP_client_is_not_installed:def:1
• oval:simp.cis.el7.3.1.1_Disable_IPv6:def:1
  • Disabled via sysctl instead of kernel command line
• oval:simp.cis.el7.3.1.2_Ensure_wireless_interfaces_are_disabled:def:1
• oval:simp.cis.el7.3.2.1_Ensure_IP_forwarding_is_disabled:def:1
• oval:simp.cis.el7.3.2.2_Ensure_packet_redirect_sending_is_disabled:def:1
• oval:simp.cis.el7.3.3.1_Ensure_source_routed_packets_are_not_accepted:def:1
• oval:simp.cis.el7.3.3.2_Ensure_ICMP_redirects_are_not_accepted:def:1
• oval:simp.cis.el7.3.3.3_Ensure_secure_ICMP_redirects_are_not_accepted:def:1
• oval:simp.cis.el7.3.3.4_Ensure_suspicious_packets_are_logged:def:1
• oval:simp.cis.el7.3.3.5_Ensure_broadcast_ICMP_requests_are_ignored:def:1
• oval:simp.cis.el7.3.3.6_Ensure_bogus_ICMP_responses_are_ignored:def:1
• oval:simp.cis.el7.3.3.7_Ensure_Reverse_Path_Filtering_is_enabled:def:1
• oval:simp.cis.el7.3.3.8_Ensure_TCP_SYN_Cookies_is_enabled:def:1
• oval:simp.cis.el7.3.3.9_Ensure_IPv6_router_advertisements_are_not_accepted:def:1
• oval:simp.cis.el7.3.4.1_Ensure_DCCP_is_disabled:def:1
• oval:simp.cis.el7.3.4.2_Ensure_SCTP_is_disabled:def:1
• oval:simp.cis.el7.3.5.1.1_Ensure_FirewallD_is_installed:def:1
• oval:simp.cis.el7.3.5.1.2_Ensure_iptables-services_package_is_not_installed:def:1
• oval:simp.cis.el7.3.5.1.3_Ensure_nftables_is_not_installed_or_stopped_and_masked:def:1
• oval:simp.cis.el7.3.5.1.4_Ensure_firewalld_service_is_enabled_and_running:def:1
• oval:simp.cis.el7.3.5.1.5_Ensure_default_zone_is_set:def:1
• oval:simp.cis.el7.3.5.1.6_Ensure_network_interfaces_are_assigned_to_appropriate_zone:def:1
• oval:simp.cis.el7.3.5.1.7_Ensure_unnecessary_services_and_ports_are_not_accepted:def:1
• oval:simp.cis.el7.3.5.2.1_Ensure_nftables_is_installed:def:1
  • Only applies when nftables is used for firewall provider
• oval:simp.cis.el7.3.5.2.2_Ensure_firewalld_is_not_installed_or_stopped_and_masked:def:1
  • Only applies when nftables is used for firewall provider
• oval:simp.cis.el7.3.5.2.3_Ensure_iptables-services_package_is_not_installed:def:1
  • Only applies when nftables is used for firewall provider
• oval:simp.cis.el7.3.5.2.4_Ensure_iptables_are_flushed:def:1
  • Only applies when nftables is used for firewall provider
• oval:simp.cis.el7.3.5.2.5_Ensure_a_table_exists:def:1
  • Only applies when nftables is used for firewall provider
• oval:simp.cis.el7.3.5.2.6_Ensure_base_chains_exist:def:1
  • Only applies when nftables is used for firewall provider
• oval:simp.cis.el7.3.5.2.7_Ensure_loopback_traffic_is_configured:def:1
  • Only applies when nftables is used for firewall provider
• oval:simp.cis.el7.3.5.2.8_Ensure_outbound_and_established_connections_are_configured:def:1
  • Only applies when nftables is used for firewall provider
• oval:simp.cis.el7.3.5.2.9_Ensure_default_deny_firewall_policy:def:1
  • Only applies when nftables is used for firewall provider
• oval:simp.cis.el7.3.5.2.10_Ensure_nftables_service_is_enabled:def:1
  • Only applies when nftables is used for firewall provider
• oval:simp.cis.el7.3.5.2.11_Ensure_nftables_rules_are_permanent:def:1
  • Only applies when nftables is used for firewall provider
• oval:simp.cis.el7.3.5.3.1.1_Ensure_iptables_packages_are_installed:def:1
  • Only applies when iptables is used for firewall provider
• oval:simp.cis.el7.3.5.3.1.2_Ensure_nftables_is_not_installed:def:1
  • Only applies when iptables is used for firewall provider
• oval:simp.cis.el7.3.5.3.1.3_Ensure_firewalld_is_not_installed_or_stopped_and_masked:def:1
  • Only applies when iptables is used for firewall provider
• oval:simp.cis.el7.3.5.3.2.1_Ensure_default_deny_firewall_policy:def:1
  • Only applies when iptables is used for firewall provider
• oval:simp.cis.el7.3.5.3.2.2_Ensure_loopback_traffic_is_configured:def:1
  • Only applies when iptables is used for firewall provider
• oval:simp.cis.el7.3.5.3.2.3_Ensure_outbound_and_established_connections_are_configured:def:1
  • Only applies when iptables is used for firewall provider
• oval:simp.cis.el7.3.5.3.2.4_Ensure_firewall_rules_exist_for_all_open_ports:def:1
  • Only applies when iptables is used for firewall provider
• oval:simp.cis.el7.3.5.3.2.5_Ensure_iptables_rules_are_saved:def:1
  • Only applies when iptables is used for firewall provider
• oval:simp.cis.el7.3.5.3.3.1_Ensure_IPv6_default_deny_firewall_policy:def:1
  • Only applies when iptables is used for firewall provider
• oval:simp.cis.el7.3.5.3.3.2_Ensure_IPv6_loopback_traffic_is_configured:def:1
  • Only applies when iptables is used for firewall provider
• oval:simp.cis.el7.3.5.3.3.3_Ensure_IPv6_outbound_and_established_connections_are_configured:def:1
  • Only applies when iptables is used for firewall provider
• oval:simp.cis.el7.3.5.3.3.4_Ensure_IPv6_firewall_rules_exist_for_all_open_ports:def:1
  • Only applies when iptables is used for firewall provider
• oval:simp.cis.el7.3.5.3.3.5_Ensure_ip6tables_rules_are_saved:def:1
  • Only applies when iptables is used for firewall provider
• oval:simp.cis.el7.4.1.1.1_Ensure_auditd_is_installed:def:1
• oval:simp.cis.el7.4.1.1.2_Ensure_auditd_service_is_enabled_and_running:def:1
• oval:simp.cis.el7.4.1.1.3_Ensure_auditing_for_processes_that_start_prior_to_auditd_is_enabled:def:1
• oval:simp.cis.el7.4.1.2.1_Ensure_audit_log_storage_size_is_configured:def:1
• oval:simp.cis.el7.4.1.2.2_Ensure_audit_logs_are_not_automatically_deleted:def:1
• oval:simp.cis.el7.4.1.2.3_Ensure_system_is_disabled_when_audit_logs_are_full:def:1
• oval:simp.cis.el7.4.1.2.4_Ensure_audit_backlog_limit_is_sufficient:def:1
• oval:simp.cis.el7.4.1.3_Ensure_events_that_modify_date_and_time_information_are_collected:def:1
• oval:simp.cis.el7.4.1.4_Ensure_events_that_modify_usergroup_information_are_collected:def:1
• oval:simp.cis.el7.4.1.5_Ensure_events_that_modify_the_systems_network_environment_are_collected:def:1
• oval:simp.cis.el7.4.1.6_Ensure_events_that_modify_the_systems_Mandatory_Access_Controls_are_collected:def:1
• oval:simp.cis.el7.4.1.7_Ensure_login_and_logout_events_are_collected:def:1
• oval:simp.cis.el7.4.1.8_Ensure_session_initiation_information_is_collected:def:1
• oval:simp.cis.el7.4.1.9_Ensure_discretionary_access_control_permission_modification_events_are_collected:def:1
• oval:simp.cis.el7.4.1.10_Ensure_unsuccessful_unauthorized_file_access_attempts_are_collected:def:1
• oval:simp.cis.el7.4.1.11_Ensure_use_of_privileged_commands_is_collected:def:1
• oval:simp.cis.el7.4.1.12_Ensure_successful_file_system_mounts_are_collected:def:1
• oval:simp.cis.el7.4.1.13_Ensure_file_deletion_events_by_users_are_collected:def:1
• oval:simp.cis.el7.4.1.14_Ensure_changes_to_system_administration_scope_sudoers_is_collected:def:1
• oval:simp.cis.el7.4.1.15_Ensure_system_administrator_actions_sudolog_are_collected:def:1
• oval:simp.cis.el7.4.1.16_Ensure_kernel_module_loading_and_unloading_is_collected:def:1
• oval:simp.cis.el7.4.1.17_Ensure_the_audit_configuration_is_immutable:def:1
• oval:simp.cis.el7.4.2.1.1_Ensure_rsyslog_is_installed:def:1
• oval:simp.cis.el7.4.2.1.2_Ensure_rsyslog_Service_is_enabled_and_running:def:1
• oval:simp.cis.el7.4.2.1.3_Ensure_rsyslog_default_file_permissions_configured:def:1
• oval:simp.cis.el7.4.2.1.4_Ensure_logging_is_configured:def:1
• oval:simp.cis.el7.4.2.1.5_Ensure_rsyslog_is_configured_to_send_logs_to_a_remote_log_host:def:1
• oval:simp.cis.el7.4.2.1.6_Ensure_remote_rsyslog_messages_are_only_accepted_on_designated_log_hosts.:def:1
• oval:simp.cis.el7.4.2.2.1_Ensure_journald_is_configured_to_send_logs_to_rsyslog:def:1
• oval:simp.cis.el7.4.2.2.2_Ensure_journald_is_configured_to_compress_large_log_files:def:1
• oval:simp.cis.el7.4.2.2.3_Ensure_journald_is_configured_to_write_logfiles_to_persistent_disk:def:1
• oval:simp.cis.el7.4.2.3_Ensure_permissions_on_all_logfiles_are_configured:def:1
• oval:simp.cis.el7.4.2.4_Ensure_logrotate_is_configured:def:1
• oval:simp.cis.el7.5.1.1_Ensure_cron_daemon_is_enabled_and_running:def:1
• oval:simp.cis.el7.5.1.2_Ensure_permissions_on_etccrontab_are_configured:def:1
• oval:simp.cis.el7.5.1.3_Ensure_permissions_on_etccron.hourly_are_configured:def:1
• oval:simp.cis.el7.5.1.4_Ensure_permissions_on_etccron.daily_are_configured:def:1
• oval:simp.cis.el7.5.1.5_Ensure_permissions_on_etccron.weekly_are_configured:def:1
• oval:simp.cis.el7.5.1.6_Ensure_permissions_on_etccron.monthly_are_configured:def:1
• oval:simp.cis.el7.5.1.7_Ensure_permissions_on_etccron.d_are_configured:def:1
• oval:simp.cis.el7.5.1.8_Ensure_cron_is_restricted_to_authorized_users:def:1
• oval:simp.cis.el7.5.1.9_Ensure_at_is_restricted_to_authorized_users:def:1
• oval:simp.cis.el7.5.2.1_Ensure_permissions_on_etcsshsshd_config_are_configured:def:1
• oval:simp.cis.el7.5.2.2_Ensure_permissions_on_SSH_private_host_key_files_are_configured:def:1
• oval:simp.cis.el7.5.2.3_Ensure_permissions_on_SSH_public_host_key_files_are_configured:def:1
• oval:simp.cis.el7.5.2.4_Ensure_SSH_access_is_limited:def:1
• oval:simp.cis.el7.5.2.5_Ensure_SSH_LogLevel_is_appropriate:def:1
• oval:simp.cis.el7.5.2.6_Ensure_SSH_X11_forwarding_is_disabled:def:1
• oval:simp.cis.el7.5.2.7_Ensure_SSH_MaxAuthTries_is_set_to_4_or_less:def:1
• oval:simp.cis.el7.5.2.8_Ensure_SSH_IgnoreRhosts_is_enabled:def:1
• oval:simp.cis.el7.5.2.9_Ensure_SSH_HostbasedAuthentication_is_disabled:def:1
• oval:simp.cis.el7.5.2.10_Ensure_SSH_root_login_is_disabled:def:1
• oval:simp.cis.el7.5.2.11_Ensure_SSH_PermitEmptyPasswords_is_disabled:def:1
• oval:simp.cis.el7.5.2.12_Ensure_SSH_PermitUserEnvironment_is_disabled:def:1
• oval:simp.cis.el7.5.2.13_Ensure_only_strong_Ciphers_are_used:def:1
• oval:simp.cis.el7.5.2.14_Ensure_only_strong_MAC_algorithms_are_used:def:1
• oval:simp.cis.el7.5.2.15_Ensure_only_strong_Key_Exchange_algorithms_are_used:def:1
• oval:simp.cis.el7.5.2.16_Ensure_SSH_Idle_Timeout_Interval_is_configured:def:1
• oval:simp.cis.el7.5.2.17_Ensure_SSH_LoginGraceTime_is_set_to_one_minute_or_less:def:1
• oval:simp.cis.el7.5.2.18_Ensure_SSH_warning_banner_is_configured:def:1
• oval:simp.cis.el7.5.2.19_Ensure_SSH_PAM_is_enabled:def:1
• oval:simp.cis.el7.5.2.20_Ensure_SSH_AllowTcpForwarding_is_disabled:def:1
• oval:simp.cis.el7.5.2.21_Ensure_SSH_MaxStartups_is_configured:def:1
• oval:simp.cis.el7.5.2.22_Ensure_SSH_MaxSessions_is_limited:def:1
• oval:simp.cis.el7.5.3.1_Ensure_password_creation_requirements_are_configured:def:1
• oval:simp.cis.el7.5.3.2_Ensure_lockout_for_failed_password_attempts_is_configured:def:1
• oval:simp.cis.el7.5.3.3_Ensure_password_hashing_algorithm_is_SHA-512:def:1
• oval:simp.cis.el7.5.3.4_Ensure_password_reuse_is_limited:def:1
• oval:simp.cis.el7.5.4.1.1_Ensure_password_expiration_is_365_days_or_less:def:1
• oval:simp.cis.el7.5.4.1.2_Ensure_minimum_days_between_password_changes_is_configured:def:1
• oval:simp.cis.el7.5.4.1.3_Ensure_password_expiration_warning_days_is_7_or_more:def:1
• oval:simp.cis.el7.5.4.1.4_Ensure_inactive_password_lock_is_30_days_or_less:def:1
• oval:simp.cis.el7.5.4.1.5_Ensure_all_users_last_password_change_date_is_in_the_past:def:1
• oval:simp.cis.el7.5.4.2_Ensure_system_accounts_are_secured:def:1
• oval:simp.cis.el7.5.4.3_Ensure_default_group_for_the_root_account_is_GID_0:def:1
• oval:simp.cis.el7.5.4.4_Ensure_default_user_shell_timeout_is_configured:def:1
• oval:simp.cis.el7.5.4.5_Ensure_default_user_umask_is_configured:def:1
• oval:simp.cis.el7.5.5_Ensure_root_login_is_restricted_to_system_console:def:1
• oval:simp.cis.el7.5.6_Ensure_access_to_the_su_command_is_restricted:def:1
• oval:simp.cis.el7.6.1.2_Ensure_permissions_on_etcpasswd_are_configured:def:1
• oval:simp.cis.el7.6.1.3_Ensure_permissions_on_etcshadow_are_configured:def:1
• oval:simp.cis.el7.6.1.4_Ensure_permissions_on_etcgroup_are_configured:def:1
• oval:simp.cis.el7.6.1.5_Ensure_permissions_on_etcgshadow_are_configured:def:1
• oval:simp.cis.el7.6.1.6_Ensure_permissions_on_etcpasswd-_are_configured:def:1
• oval:simp.cis.el7.6.1.7_Ensure_permissions_on_etcshadow-_are_configured:def:1
• oval:simp.cis.el7.6.1.8_Ensure_permissions_on_etcgroup-_are_configured:def:1
• oval:simp.cis.el7.6.1.9_Ensure_permissions_on_etcgshadow-_are_configured:def:1
• oval:simp.cis.el7.6.2.1_Ensure_accounts_in_etcpasswd_use_shadowed_passwords:def:1
• oval:simp.cis.el7.6.2.2_Ensure_etcshadow_password_fields_are_not_empty:def:1
• oval:simp.cis.el7.6.2.3_Ensure_root_is_the_only_UID_0_account:def:1
• oval:simp.cis.el7.6.2.4_Ensure_root_PATH_Integrity:def:1
• oval:simp.cis.el7.6.2.5_Ensure_all_users_home_directories_exist:def:1
• oval:simp.cis.el7.6.2.6_Ensure_users_home_directories_permissions_are_750_or_more_restrictive:def:1
• oval:simp.cis.el7.6.2.7_Ensure_users_own_their_home_directories:def:1
• oval:simp.cis.el7.6.2.8_Ensure_users_dot_files_are_not_group_or_world_writable:def:1
• oval:simp.cis.el7.6.2.9Ensure_no_users_have.forward_files:def:1
• oval:simp.cis.el7.6.2.10Ensure_no_users_have.netrc_files:def:1
• oval:simp.cis.el7.6.2.11Ensure_users.netrc_Files_are_not_group_or_world_accessible:def:1
• oval:simp.cis.el7.6.2.12Ensure_no_users_have.rhosts_files:def:1
• oval:simp.cis.el7.6.2.13_Ensure_all_groups_in_etcpasswd_exist_in_etcgroup:def:1
• oval:simp.cis.el7.6.2.14_Ensure_no_duplicate_UIDs_exist:def:1
• oval:simp.cis.el7.6.2.15_Ensure_no_duplicate_GIDs_exist:def:1
• oval:simp.cis.el7.6.2.16_Ensure_no_duplicate_user_names_exist:def:1
• oval:simp.cis.el7.6.2.17_Ensure_no_duplicate_group_names_exist:def:1
• oval:simp.cis.el7.6.2.18_Ensure_shadow_group_is_empty:def:1
• oval:simp.cis.el7.2.1.1_Ensure_xinetd_is_not_installed:def:1
• oval:simp.cis.el7.2.4_Ensure_nonessential_services_are_removed_or_masked:def:1
  • Requires svckill::mode: enforcing for full compliance. This is not enabled globally for safety reasons.
• oval:simp.cis.el7.3.5.3.2.6_Ensure_iptables_in_enabled_and_running:def:1
  • Only applies when iptables is used for firewall provider
• oval:simp.cis.el7.3.5.3.3.6_Ensure_ip6tables_in_enabled_and_running:def:1
  • Only applies when iptables is used for firewall provider

CentOS 8 (220/232 [94%])

• oval:simp.cis.el8.1.1.1.1_Ensure_mounting_of_cramfs_filesystems_is_disabled:def:1
• oval:simp.cis.el8.1.1.1.2_Ensure_mounting_of_vFAT_filesystems_is_limited:def:1
• oval:simp.cis.el8.1.1.1.3_Ensure_mounting_of_squashfs_filesystems_is_disabled:def:1
• oval:simp.cis.el8.1.1.1.4_Ensure_mounting_of_udf_filesystems_is_disabled:def:1
• oval:simp.cis.el8.1.1.2_Ensure_tmp_is_configured:def:1
• oval:simp.cis.el8.1.1.3_Ensure_nodev_option_set_on_tmp_partition:def:1
• oval:simp.cis.el8.1.1.4_Ensure_nosuid_option_set_on_tmp_partition:def:1
• oval:simp.cis.el8.1.1.5_Ensure_noexec_option_set_on_tmp_partition:def:1
• oval:simp.cis.el8.1.1.7_Ensure_separate_partition_exists_for_vartmp:def:1
• oval:simp.cis.el8.1.1.8_Ensure_nodev_option_set_on_vartmp_partition:def:1
• oval:simp.cis.el8.1.1.9_Ensure_nosuid_option_set_on_vartmp_partition:def:1
• oval:simp.cis.el8.1.1.10_Ensure_noexec_option_set_on_vartmp_partition:def:1
• oval:simp.cis.el8.1.1.14_Ensure_nodev_option_set_on_home_partition:def:1
• oval:simp.cis.el8.1.1.15_Ensure_nodev_option_set_on_devshm_partition:def:1
• oval:simp.cis.el8.1.1.16_Ensure_nosuid_option_set_on_devshm_partition:def:1
• oval:simp.cis.el8.1.1.17_Ensure_noexec_option_set_on_devshm_partition:def:1
• oval:simp.cis.el8.1.1.18_Ensure_nodev_option_set_on_removable_media_partitions:def:1
• oval:simp.cis.el8.1.1.19_Ensure_nosuid_option_set_on_removable_media_partitions:def:1
• oval:simp.cis.el8.1.1.20_Ensure_noexec_option_set_on_removable_media_partitions:def:1
• oval:simp.cis.el8.1.1.21_Ensure_sticky_bit_is_set_on_all_world-writable_directories:def:1
• oval:simp.cis.el8.1.1.22_Disable_Automounting:def:1
• oval:simp.cis.el8.1.1.23_Disable_USB_Storage:def:1
• oval:simp.cis.el8.1.2.1_Ensure_GPG_keys_are_configured:def:1
• oval:simp.cis.el8.1.2.2_Ensure_gpgcheck_is_globally_activated:def:1
• oval:simp.cis.el8.1.3.1_Ensure_sudo_is_installed:def:1
• oval:simp.cis.el8.1.3.2_Ensure_sudo_commands_use_pty:def:1
• oval:simp.cis.el8.1.3.3_Ensure_sudo_log_file_exists:def:1
• oval:simp.cis.el8.1.4.1_Ensure_AIDE_is_installed:def:1
• oval:simp.cis.el8.1.4.2_Ensure_filesystem_integrity_is_regularly_checked:def:1
• oval:simp.cis.el8.1.5.1_Ensure_permissions_on_bootloader_config_are_configured:def:1
• oval:simp.cis.el8.1.5.2_Ensure_bootloader_password_is_set:def:1
• oval:simp.cis.el8.1.5.3_Ensure_authentication_required_for_single_user_mode:def:1
• oval:simp.cis.el8.1.6.1_Ensure_core_dumps_are_restricted:def:1
• oval:simp.cis.el8.1.6.2_Ensure_address_space_layout_randomization_ASLR_is_enabled:def:1
• oval:simp.cis.el8.1.7.1.1_Ensure_SELinux_is_installed:def:1
• oval:simp.cis.el8.1.7.1.2_Ensure_SELinux_is_not_disabled_in_bootloader_configuration:def:1
• oval:simp.cis.el8.1.7.1.3_Ensure_SELinux_policy_is_configured:def:1
• oval:simp.cis.el8.1.7.1.4_Ensure_the_SELinux_state_is_enforcing:def:1
• oval:simp.cis.el8.1.7.1.6_Ensure_SETroubleshoot_is_not_installed:def:1
• oval:simp.cis.el8.1.7.1.7_Ensure_the_MCS_Translation_Service_mcstrans_is_not_installed:def:1
• oval:simp.cis.el8.1.8.1.1_Ensure_message_of_the_day_is_configured_properly:def:1
• oval:simp.cis.el8.1.8.1.2_Ensure_local_login_warning_banner_is_configured_properly:def:1
• oval:simp.cis.el8.1.8.1.3_Ensure_remote_login_warning_banner_is_configured_properly:def:1
• oval:simp.cis.el8.1.8.1.4_Ensure_permissions_on_etcmotd_are_configured:def:1
• oval:simp.cis.el8.1.8.1.5_Ensure_permissions_on_etcissue_are_configured:def:1
• oval:simp.cis.el8.1.8.1.6_Ensure_permissions_on_etcissue.net_are_configured:def:1
• oval:simp.cis.el8.1.8.2_Ensure_GDM_login_banner_is_configured:def:1
• oval:simp.cis.el8.1.9_Ensure_updates_patches_and_additional_security_software_are_installed:def:1
• oval:simp.cis.el8.1.10_Ensure_system-wide_crypto_policy_is_not_legacy:def:1
• oval:simp.cis.el8.1.11_Ensure_system-wide_crypto_policy_is_FUTURE_or_FIPS:def:1
• oval:simp.cis.el8.2.1.1_Ensure_xinetd_is_not_installed:def:1
• oval:simp.cis.el8.2.2.1.1_Ensure_time_synchronization_is_in_use:def:1
• oval:simp.cis.el8.2.2.1.2_Ensure_chrony_is_configured:def:1
• oval:simp.cis.el8.2.2.2_Ensure_X_Window_System_is_not_installed:def:1
• oval:simp.cis.el8.2.2.3_Ensure_rsync_service_is_not_enabled:def:1
• oval:simp.cis.el8.2.2.4_Ensure_Avahi_Server_is_not_enabled:def:1
• oval:simp.cis.el8.2.2.5_Ensure_SNMP_Server_is_not_enabled:def:1
• oval:simp.cis.el8.2.2.6_Ensure_HTTP_Proxy_Server_is_not_enabled:def:1
• oval:simp.cis.el8.2.2.7_Ensure_Samba_is_not_enabled:def:1
• oval:simp.cis.el8.2.2.8_Ensure_IMAP_and_POP3_server_is_not_enabled:def:1
• oval:simp.cis.el8.2.2.9_Ensure_HTTP_server_is_not_enabled:def:1
• oval:simp.cis.el8.2.2.10_Ensure_FTP_Server_is_not_enabled:def:1
• oval:simp.cis.el8.2.2.11_Ensure_DNS_Server_is_not_enabled:def:1
• oval:simp.cis.el8.2.2.12_Ensure_NFS_is_not_enabled:def:1
• oval:simp.cis.el8.2.2.13_Ensure__RPC_is_not_enabled:def:1
• oval:simp.cis.el8.2.2.14_Ensure_LDAP_server_is_not_enabled:def:1
• oval:simp.cis.el8.2.2.15_Ensure_DHCP_Server_is_not_enabled:def:1
• oval:simp.cis.el8.2.2.16_Ensure_CUPS_is_not_enabled:def:1
• oval:simp.cis.el8.2.2.17_Ensure_NIS_Server_is_not_enabled:def:1
• oval:simp.cis.el8.2.2.18_Ensure_mail_transfer_agent_is_configured_for_local-only_mode:def:1
• oval:simp.cis.el8.2.3.1_Ensure_NIS_Client_is_not_installed:def:1
• oval:simp.cis.el8.2.3.2_Ensure_telnet_client_is_not_installed:def:1
• oval:simp.cis.el8.2.3.3_Ensure_LDAP_client_is_not_installed:def:1
• oval:simp.cis.el8.3.1.1_Ensure_IP_forwarding_is_disabled:def:1
• oval:simp.cis.el8.3.1.2_Ensure_packet_redirect_sending_is_disabled:def:1
• oval:simp.cis.el8.3.2.1_Ensure_source_routed_packets_are_not_accepted:def:1
• oval:simp.cis.el8.3.2.2_Ensure_ICMP_redirects_are_not_accepted:def:1
• oval:simp.cis.el8.3.2.3_Ensure_secure_ICMP_redirects_are_not_accepted:def:1
• oval:simp.cis.el8.3.2.4_Ensure_suspicious_packets_are_logged:def:1
• oval:simp.cis.el8.3.2.5_Ensure_broadcast_ICMP_requests_are_ignored:def:1
• oval:simp.cis.el8.3.2.6_Ensure_bogus_ICMP_responses_are_ignored:def:1
• oval:simp.cis.el8.3.2.7_Ensure_Reverse_Path_Filtering_is_enabled:def:1
• oval:simp.cis.el8.3.2.8_Ensure_TCP_SYN_Cookies_is_enabled:def:1
• oval:simp.cis.el8.3.2.9_Ensure_IPv6_router_advertisements_are_not_accepted:def:1
• oval:simp.cis.el8.3.3.1_Ensure_DCCP_is_disabled:def:1
• oval:simp.cis.el8.3.3.2_Ensure_SCTP_is_disabled:def:1
• oval:simp.cis.el8.3.3.3_Ensure_RDS_is_disabled:def:1
• oval:simp.cis.el8.3.3.4_Ensure_TIPC_is_disabled:def:1
• oval:simp.cis.el8.3.4.1.1_Ensure_a_Firewall_package_is_installed:def:1
• oval:simp.cis.el8.3.4.2.1_Ensure_firewalld_service_is_enabled_and_running:def:1
• oval:simp.cis.el8.3.4.2.2_Ensure_iptables_is_not_enabled:def:1
• oval:simp.cis.el8.3.4.2.3_Ensure_nftables_is_not_enabled:def:1
• oval:simp.cis.el8.3.4.2.4_Ensure_default_zone_is_set:def:1
• oval:simp.cis.el8.3.4.2.5_Ensure_network_interfaces_are_assigned_to_appropriate_zone:def:1
• oval:simp.cis.el8.3.4.2.6_Ensure_unnecessary_services_and_ports_are_not_accepted:def:1
• oval:simp.cis.el8.3.4.3.1_Ensure_iptables_are_flushed:def:1
  • Only applies when nftables is used for firewall provider
• oval:simp.cis.el8.3.4.3.2_Ensure_a_table_exists:def:1
  • Only applies when nftables is used for firewall provider
• oval:simp.cis.el8.3.4.3.3_Ensure_base_chains_exist:def:1
  • Only applies when nftables is used for firewall provider
• oval:simp.cis.el8.3.4.3.4_Ensure_loopback_traffic_is_configured:def:1
  • Only applies when nftables is used for firewall provider
• oval:simp.cis.el8.3.4.3.5_Ensure_outbound_and_established_connections_are_configured:def:1
  • Only applies when nftables is used for firewall provider
• oval:simp.cis.el8.3.4.3.6_Ensure_default_deny_firewall_policy:def:1
  • Only applies when nftables is used for firewall provider
• oval:simp.cis.el8.3.4.3.7_Ensure_nftables_service_is_enabled:def:1
  • Only applies when nftables is used for firewall provider
• oval:simp.cis.el8.3.4.3.8_Ensure_nftables_rules_are_permanent:def:1
  • Only applies when nftables is used for firewall provider
• oval:simp.cis.el8.3.4.4.1.1_Ensure_default_deny_firewall_policy:def:1
  • Only applies when iptables is used for firewall provider
• oval:simp.cis.el8.3.4.4.1.2_Ensure_loopback_traffic_is_configured:def:1
  • Only applies when iptables is used for firewall provider
• oval:simp.cis.el8.3.4.4.1.3_Ensure_outbound_and_established_connections_are_configured:def:1
  • Only applies when iptables is used for firewall provider
• oval:simp.cis.el8.3.4.4.1.4_Ensure_firewall_rules_exist_for_all_open_ports:def:1
  • Only applies when iptables is used for firewall provider
• oval:simp.cis.el8.3.4.4.2.1_Ensure_IPv6_default_deny_firewall_policy:def:1
  • Only applies when iptables is used for firewall provider
• oval:simp.cis.el8.3.4.4.2.2_Ensure_IPv6_loopback_traffic_is_configured:def:1
  • Only applies when iptables is used for firewall provider
• oval:simp.cis.el8.3.4.4.2.3_Ensure_IPv6_outbound_and_established_connections_are_configured:def:1
  • Only applies when iptables is used for firewall provider
• oval:simp.cis.el8.3.4.4.2.4_Ensure_IPv6_firewall_rules_exist_for_all_open_ports:def:1
  • Only applies when iptables is used for firewall provider
• oval:simp.cis.el8.3.5_Ensure_wireless_interfaces_are_disabled:def:1
• oval:simp.cis.el8.3.6_Disable_IPv6:def:1
  • Disabled via sysctl instead of kernel command line
• oval:simp.cis.el8.4.1.1.1_Ensure_auditd_is_installed:def:1
• oval:simp.cis.el8.4.1.1.2_Ensure_auditd_service_is_enabled:def:1
• oval:simp.cis.el8.4.1.1.3_Ensure_auditing_for_processes_that_start_prior_to_auditd_is_enabled:def:1
• oval:simp.cis.el8.4.1.1.4_Ensure_audit_backlog_limit_is_sufficient:def:1
• oval:simp.cis.el8.4.1.2.1_Ensure_audit_log_storage_size_is_configured:def:1
• oval:simp.cis.el8.4.1.2.2_Ensure_audit_logs_are_not_automatically_deleted:def:1
• oval:simp.cis.el8.4.1.2.3_Ensure_system_is_disabled_when_audit_logs_are_full:def:1
• oval:simp.cis.el8.4.1.3_Ensure_changes_to_system_administration_scope_sudoers_is_collected:def:1
• oval:simp.cis.el8.4.1.4_Ensure_login_and_logout_events_are_collected:def:1
• oval:simp.cis.el8.4.1.5_Ensure_session_initiation_information_is_collected:def:1
• oval:simp.cis.el8.4.1.6_Ensure_events_that_modify_date_and_time_information_are_collected:def:1
• oval:simp.cis.el8.4.1.7_Ensure_events_that_modify_the_systems_Mandatory_Access_Controls_are_collected:def:1
• oval:simp.cis.el8.4.1.8_Ensure_events_that_modify_the_systems_network_environment_are_collected:def:1
• oval:simp.cis.el8.4.1.9_Ensure_discretionary_access_control_permission_modification_events_are_collected:def:1
• oval:simp.cis.el8.4.1.10_Ensure_unsuccessful_unauthorized_file_access_attempts_are_collected:def:1
• oval:simp.cis.el8.4.1.11_Ensure_events_that_modify_usergroup_information_are_collected:def:1
• oval:simp.cis.el8.4.1.12_Ensure_successful_file_system_mounts_are_collected:def:1
• oval:simp.cis.el8.4.1.13_Ensure_use_of_privileged_commands_is_collected:def:1
• oval:simp.cis.el8.4.1.14_Ensure_file_deletion_events_by_users_are_collected:def:1
• oval:simp.cis.el8.4.1.15_Ensure_kernel_module_loading_and_unloading_is_collected:def:1
• oval:simp.cis.el8.4.1.16_Ensure_system_administrator_actions_sudolog_are_collected:def:1
• oval:simp.cis.el8.4.1.17_Ensure_the_audit_configuration_is_immutable:def:1
• oval:simp.cis.el8.4.2.1.1_Ensure_rsyslog_is_installed:def:1
• oval:simp.cis.el8.4.2.1.2_Ensure_rsyslog_Service_is_enabled:def:1
• oval:simp.cis.el8.4.2.1.3_Ensure_rsyslog_default_file_permissions_configured:def:1
• oval:simp.cis.el8.4.2.1.4_Ensure_logging_is_configured:def:1
• oval:simp.cis.el8.4.2.1.5_Ensure_rsyslog_is_configured_to_send_logs_to_a_remote_log_host:def:1
• oval:simp.cis.el8.4.2.1.6_Ensure_remote_rsyslog_messages_are_only_accepted_on_designated_log_hosts.:def:1
• oval:simp.cis.el8.4.2.2.1_Ensure_journald_is_configured_to_send_logs_to_rsyslog:def:1
• oval:simp.cis.el8.4.2.2.2_Ensure_journald_is_configured_to_compress_large_log_files:def:1
• oval:simp.cis.el8.4.2.2.3_Ensure_journald_is_configured_to_write_logfiles_to_persistent_disk:def:1
• oval:simp.cis.el8.4.2.3_Ensure_permissions_on_all_logfiles_are_configured:def:1
• oval:simp.cis.el8.4.3_Ensure_logrotate_is_configured:def:1
• oval:simp.cis.el8.5.1.1_Ensure_cron_daemon_is_enabled:def:1
• oval:simp.cis.el8.5.1.2_Ensure_permissions_on_etccrontab_are_configured:def:1
• oval:simp.cis.el8.5.1.3_Ensure_permissions_on_etccron.hourly_are_configured:def:1
• oval:simp.cis.el8.5.1.4_Ensure_permissions_on_etccron.daily_are_configured:def:1
• oval:simp.cis.el8.5.1.5_Ensure_permissions_on_etccron.weekly_are_configured:def:1
• oval:simp.cis.el8.5.1.6_Ensure_permissions_on_etccron.monthly_are_configured:def:1
• oval:simp.cis.el8.5.1.7_Ensure_permissions_on_etccron.d_are_configured:def:1
• oval:simp.cis.el8.5.1.8_Ensure_atcron_is_restricted_to_authorized_users:def:1
• oval:simp.cis.el8.5.2.1_Ensure_permissions_on_etcsshsshd_config_are_configured:def:1
• oval:simp.cis.el8.5.2.2_Ensure_SSH_access_is_limited:def:1
• oval:simp.cis.el8.5.2.3_Ensure_permissions_on_SSH_private_host_key_files_are_configured:def:1
• oval:simp.cis.el8.5.2.4_Ensure_permissions_on_SSH_public_host_key_files_are_configured:def:1
• oval:simp.cis.el8.5.2.5_Ensure_SSH_LogLevel_is_appropriate:def:1
• oval:simp.cis.el8.5.2.6_Ensure_SSH_X11_forwarding_is_disabled:def:1
• oval:simp.cis.el8.5.2.7_Ensure_SSH_MaxAuthTries_is_set_to_4_or_less:def:1
• oval:simp.cis.el8.5.2.8_Ensure_SSH_IgnoreRhosts_is_enabled:def:1
• oval:simp.cis.el8.5.2.9_Ensure_SSH_HostbasedAuthentication_is_disabled:def:1
• oval:simp.cis.el8.5.2.10_Ensure_SSH_root_login_is_disabled:def:1
• oval:simp.cis.el8.5.2.11_Ensure_SSH_PermitEmptyPasswords_is_disabled:def:1
• oval:simp.cis.el8.5.2.12_Ensure_SSH_PermitUserEnvironment_is_disabled:def:1
• oval:simp.cis.el8.5.2.13_Ensure_SSH_Idle_Timeout_Interval_is_configured:def:1
• oval:simp.cis.el8.5.2.14_Ensure_SSH_LoginGraceTime_is_set_to_one_minute_or_less:def:1
• oval:simp.cis.el8.5.2.15_Ensure_SSH_warning_banner_is_configured:def:1
• oval:simp.cis.el8.5.2.16_Ensure_SSH_PAM_is_enabled:def:1
• oval:simp.cis.el8.5.2.17_Ensure_SSH_AllowTcpForwarding_is_disabled:def:1
• oval:simp.cis.el8.5.2.18_Ensure_SSH_MaxStartups_is_configured:def:1
• oval:simp.cis.el8.5.2.19_Ensure_SSH_MaxSessions_is_set_to_4_or_less:def:1
• oval:simp.cis.el8.5.2.20_Ensure_system-wide_crypto_policy_is_not_over-ridden:def:1
• oval:simp.cis.el8.5.3.1_Create_custom_authselect_profile:def:1
  • SIMP manages nsswitch and pam directly instead of using authselect.
• oval:simp.cis.el8.5.3.2_Select_authselect_profile:def:1
  • SIMP manages nsswitch and pam directly instead of using authselect.
• oval:simp.cis.el8.5.3.3_Ensure_authselect_includes_with-faillock:def:1
  • SIMP manages nsswitch and pam directly instead of using authselect.
• oval:simp.cis.el8.5.4.1_Ensure_password_creation_requirements_are_configured:def:1
• oval:simp.cis.el8.5.4.2_Ensure_lockout_for_failed_password_attempts_is_configured:def:1
• oval:simp.cis.el8.5.4.3_Ensure_password_reuse_is_limited:def:1
• oval:simp.cis.el8.5.4.4_Ensure_password_hashing_algorithm_is_SHA-512:def:1
• oval:simp.cis.el8.5.5.1.1_Ensure_password_expiration_is_365_days_or_less:def:1
• oval:simp.cis.el8.5.5.1.2_Ensure_minimum_days_between_password_changes_is_7_or_more:def:1
• oval:simp.cis.el8.5.5.1.3_Ensure_password_expiration_warning_days_is_7_or_more:def:1
• oval:simp.cis.el8.5.5.1.4_Ensure_inactive_password_lock_is_30_days_or_less:def:1
• oval:simp.cis.el8.5.5.1.5_Ensure_all_users_last_password_change_date_is_in_the_past:def:1
• oval:simp.cis.el8.5.5.2_Ensure_system_accounts_are_secured:def:1
• oval:simp.cis.el8.5.5.3_Ensure_default_user_shell_timeout_is_900_seconds_or_less:def:1
• oval:simp.cis.el8.5.5.4_Ensure_default_group_for_the_root_account_is_GID_0:def:1
• oval:simp.cis.el8.5.5.5_Ensure_default_user_umask_is_027_or_more_restrictive:def:1
• oval:simp.cis.el8.5.6_Ensure_root_login_is_restricted_to_system_console:def:1
• oval:simp.cis.el8.5.7_Ensure_access_to_the_su_command_is_restricted:def:1
• oval:simp.cis.el8.6.1.2_Ensure_permissions_on_etcpasswd_are_configured:def:1
• oval:simp.cis.el8.6.1.3_Ensure_permissions_on_etcshadow_are_configured:def:1
• oval:simp.cis.el8.6.1.4_Ensure_permissions_on_etcgroup_are_configured:def:1
• oval:simp.cis.el8.6.1.5_Ensure_permissions_on_etcgshadow_are_configured:def:1
• oval:simp.cis.el8.6.1.6_Ensure_permissions_on_etcpasswd-_are_configured:def:1
• oval:simp.cis.el8.6.1.7_Ensure_permissions_on_etcshadow-_are_configured:def:1
• oval:simp.cis.el8.6.1.8_Ensure_permissions_on_etcgroup-_are_configured:def:1
• oval:simp.cis.el8.6.1.9_Ensure_permissions_on_etcgshadow-_are_configured:def:1
• oval:simp.cis.el8.6.2.1_Ensure_password_fields_are_not_empty:def:1
• oval:simp.cis.el8.6.2.2_Ensure_no_legacy__entries_exist_in_etcpasswd:def:1
• oval:simp.cis.el8.6.2.3_Ensure_root_PATH_Integrity:def:1
• oval:simp.cis.el8.6.2.4_Ensure_no_legacy__entries_exist_in_etcshadow:def:1
• oval:simp.cis.el8.6.2.5_Ensure_no_legacy__entries_exist_in_etcgroup:def:1
• oval:simp.cis.el8.6.2.6_Ensure_root_is_the_only_UID_0_account:def:1
• oval:simp.cis.el8.6.2.7_Ensure_users_home_directories_permissions_are_750_or_more_restrictive:def:1
• oval:simp.cis.el8.6.2.8_Ensure_users_own_their_home_directories:def:1
• oval:simp.cis.el8.6.2.9_Ensure_users_dot_files_are_not_group_or_world_writable:def:1
• oval:simp.cis.el8.6.2.10Ensure_no_users_have.forward_files:def:1
• oval:simp.cis.el8.6.2.11Ensure_no_users_have.netrc_files:def:1
• oval:simp.cis.el8.6.2.12Ensure_users.netrc_Files_are_not_group_or_world_accessible:def:1
• oval:simp.cis.el8.6.2.13Ensure_no_users_have.rhosts_files:def:1
• oval:simp.cis.el8.6.2.14_Ensure_all_groups_in_etcpasswd_exist_in_etcgroup:def:1
• oval:simp.cis.el8.6.2.15_Ensure_no_duplicate_UIDs_exist:def:1
• oval:simp.cis.el8.6.2.16_Ensure_no_duplicate_GIDs_exist:def:1
• oval:simp.cis.el8.6.2.17_Ensure_no_duplicate_user_names_exist:def:1
• oval:simp.cis.el8.6.2.18_Ensure_no_duplicate_group_names_exist:def:1
• oval:simp.cis.el8.6.2.19_Ensure_shadow_group_is_empty:def:1
• oval:simp.cis.el8.6.2.20_Ensure_all_users_home_directories_exist:def:1

Red Hat 8 (220/234 [94%])

• oval:simp.cis.el8.1.1.1.1_Ensure_mounting_of_cramfs_filesystems_is_disabled:def:1
• oval:simp.cis.el8.1.1.1.2_Ensure_mounting_of_vFAT_filesystems_is_limited:def:1
• oval:simp.cis.el8.1.1.1.3_Ensure_mounting_of_squashfs_filesystems_is_disabled:def:1
• oval:simp.cis.el8.1.1.1.4_Ensure_mounting_of_udf_filesystems_is_disabled:def:1
• oval:simp.cis.el8.1.1.2_Ensure_tmp_is_configured:def:1
• oval:simp.cis.el8.1.1.3_Ensure_nodev_option_set_on_tmp_partition:def:1
• oval:simp.cis.el8.1.1.4_Ensure_nosuid_option_set_on_tmp_partition:def:1
• oval:simp.cis.el8.1.1.5_Ensure_noexec_option_set_on_tmp_partition:def:1
• oval:simp.cis.el8.1.1.7_Ensure_separate_partition_exists_for_vartmp:def:1
• oval:simp.cis.el8.1.1.8_Ensure_nodev_option_set_on_vartmp_partition:def:1
• oval:simp.cis.el8.1.1.9_Ensure_nosuid_option_set_on_vartmp_partition:def:1
• oval:simp.cis.el8.1.1.10_Ensure_noexec_option_set_on_vartmp_partition:def:1
• oval:simp.cis.el8.1.1.14_Ensure_nodev_option_set_on_home_partition:def:1
• oval:simp.cis.el8.1.1.15_Ensure_nodev_option_set_on_devshm_partition:def:1
• oval:simp.cis.el8.1.1.16_Ensure_nosuid_option_set_on_devshm_partition:def:1
• oval:simp.cis.el8.1.1.17_Ensure_noexec_option_set_on_devshm_partition:def:1
• oval:simp.cis.el8.1.1.18_Ensure_nodev_option_set_on_removable_media_partitions:def:1
• oval:simp.cis.el8.1.1.19_Ensure_nosuid_option_set_on_removable_media_partitions:def:1
• oval:simp.cis.el8.1.1.20_Ensure_noexec_option_set_on_removable_media_partitions:def:1
• oval:simp.cis.el8.1.1.21_Ensure_sticky_bit_is_set_on_all_world-writable_directories:def:1
• oval:simp.cis.el8.1.1.22_Disable_Automounting:def:1
• oval:simp.cis.el8.1.1.23_Disable_USB_Storage:def:1
• oval:simp.cis.el8.1.3.1_Ensure_sudo_is_installed:def:1
• oval:simp.cis.el8.1.3.2_Ensure_sudo_commands_use_pty:def:1
• oval:simp.cis.el8.1.3.3_Ensure_sudo_log_file_exists:def:1
• oval:simp.cis.el8.1.4.1_Ensure_AIDE_is_installed:def:1
• oval:simp.cis.el8.1.4.2_Ensure_filesystem_integrity_is_regularly_checked:def:1
• oval:simp.cis.el8.1.5.1_Ensure_permissions_on_bootloader_config_are_configured:def:1
• oval:simp.cis.el8.1.5.2_Ensure_bootloader_password_is_set:def:1
• oval:simp.cis.el8.1.5.3_Ensure_authentication_required_for_single_user_mode:def:1
• oval:simp.cis.el8.1.6.1_Ensure_core_dumps_are_restricted:def:1
• oval:simp.cis.el8.1.6.2_Ensure_address_space_layout_randomization_ASLR_is_enabled:def:1
• oval:simp.cis.el8.1.7.1.1_Ensure_SELinux_is_installed:def:1
• oval:simp.cis.el8.1.7.1.2_Ensure_SELinux_is_not_disabled_in_bootloader_configuration:def:1
• oval:simp.cis.el8.1.7.1.3_Ensure_SELinux_policy_is_configured:def:1
• oval:simp.cis.el8.1.7.1.4_Ensure_the_SELinux_state_is_enforcing:def:1
• oval:simp.cis.el8.1.7.1.6_Ensure_SETroubleshoot_is_not_installed:def:1
• oval:simp.cis.el8.1.7.1.7_Ensure_the_MCS_Translation_Service_mcstrans_is_not_installed:def:1
• oval:simp.cis.el8.1.8.1.1_Ensure_message_of_the_day_is_configured_properly:def:1
• oval:simp.cis.el8.1.8.1.2_Ensure_local_login_warning_banner_is_configured_properly:def:1
• oval:simp.cis.el8.1.8.1.3_Ensure_remote_login_warning_banner_is_configured_properly:def:1
• oval:simp.cis.el8.1.8.1.4_Ensure_permissions_on_etcmotd_are_configured:def:1
• oval:simp.cis.el8.1.8.1.5_Ensure_permissions_on_etcissue_are_configured:def:1
• oval:simp.cis.el8.1.8.1.6_Ensure_permissions_on_etcissue.net_are_configured:def:1
• oval:simp.cis.el8.1.8.2_Ensure_GDM_login_banner_is_configured:def:1
• oval:simp.cis.el8.1.9_Ensure_updates_patches_and_additional_security_software_are_installed:def:1
• oval:simp.cis.el8.1.10_Ensure_system-wide_crypto_policy_is_not_legacy:def:1
• oval:simp.cis.el8.1.11_Ensure_system-wide_crypto_policy_is_FUTURE_or_FIPS:def:1
• oval:simp.cis.el8.2.1.1_Ensure_xinetd_is_not_installed:def:1
• oval:simp.cis.el8.2.2.1.1_Ensure_time_synchronization_is_in_use:def:1
• oval:simp.cis.el8.2.2.1.2_Ensure_chrony_is_configured:def:1
• oval:simp.cis.el8.2.2.2_Ensure_X_Window_System_is_not_installed:def:1
• oval:simp.cis.el8.2.2.3_Ensure_rsync_service_is_not_enabled:def:1
• oval:simp.cis.el8.2.2.4_Ensure_Avahi_Server_is_not_enabled:def:1
• oval:simp.cis.el8.2.2.5_Ensure_SNMP_Server_is_not_enabled:def:1
• oval:simp.cis.el8.2.2.6_Ensure_HTTP_Proxy_Server_is_not_enabled:def:1
• oval:simp.cis.el8.2.2.7_Ensure_Samba_is_not_enabled:def:1
• oval:simp.cis.el8.2.2.8_Ensure_IMAP_and_POP3_server_is_not_enabled:def:1
• oval:simp.cis.el8.2.2.9_Ensure_HTTP_server_is_not_enabled:def:1
• oval:simp.cis.el8.2.2.10_Ensure_FTP_Server_is_not_enabled:def:1
• oval:simp.cis.el8.2.2.11_Ensure_DNS_Server_is_not_enabled:def:1
• oval:simp.cis.el8.2.2.12_Ensure_NFS_is_not_enabled:def:1
• oval:simp.cis.el8.2.2.13_Ensure__RPC_is_not_enabled:def:1
• oval:simp.cis.el8.2.2.14_Ensure_LDAP_server_is_not_enabled:def:1
• oval:simp.cis.el8.2.2.15_Ensure_DHCP_Server_is_not_enabled:def:1
• oval:simp.cis.el8.2.2.16_Ensure_CUPS_is_not_enabled:def:1
• oval:simp.cis.el8.2.2.17_Ensure_NIS_Server_is_not_enabled:def:1
• oval:simp.cis.el8.2.2.18_Ensure_mail_transfer_agent_is_configured_for_local-only_mode:def:1
• oval:simp.cis.el8.2.3.1_Ensure_NIS_Client_is_not_installed:def:1
• oval:simp.cis.el8.2.3.2_Ensure_telnet_client_is_not_installed:def:1
• oval:simp.cis.el8.2.3.3_Ensure_LDAP_client_is_not_installed:def:1
• oval:simp.cis.el8.3.1.1_Ensure_IP_forwarding_is_disabled:def:1
• oval:simp.cis.el8.3.1.2_Ensure_packet_redirect_sending_is_disabled:def:1
• oval:simp.cis.el8.3.2.1_Ensure_source_routed_packets_are_not_accepted:def:1
• oval:simp.cis.el8.3.2.2_Ensure_ICMP_redirects_are_not_accepted:def:1
• oval:simp.cis.el8.3.2.3_Ensure_secure_ICMP_redirects_are_not_accepted:def:1
• oval:simp.cis.el8.3.2.4_Ensure_suspicious_packets_are_logged:def:1
• oval:simp.cis.el8.3.2.5_Ensure_broadcast_ICMP_requests_are_ignored:def:1
• oval:simp.cis.el8.3.2.6_Ensure_bogus_ICMP_responses_are_ignored:def:1
• oval:simp.cis.el8.3.2.7_Ensure_Reverse_Path_Filtering_is_enabled:def:1
• oval:simp.cis.el8.3.2.8_Ensure_TCP_SYN_Cookies_is_enabled:def:1
• oval:simp.cis.el8.3.2.9_Ensure_IPv6_router_advertisements_are_not_accepted:def:1
• oval:simp.cis.el8.3.3.1_Ensure_DCCP_is_disabled:def:1
• oval:simp.cis.el8.3.3.2_Ensure_SCTP_is_disabled:def:1
• oval:simp.cis.el8.3.3.3_Ensure_RDS_is_disabled:def:1
• oval:simp.cis.el8.3.3.4_Ensure_TIPC_is_disabled:def:1
• oval:simp.cis.el8.3.4.1.1_Ensure_a_Firewall_package_is_installed:def:1
• oval:simp.cis.el8.3.4.2.1_Ensure_firewalld_service_is_enabled_and_running:def:1
• oval:simp.cis.el8.3.4.2.2_Ensure_iptables_is_not_enabled:def:1
• oval:simp.cis.el8.3.4.2.3_Ensure_nftables_is_not_enabled:def:1
• oval:simp.cis.el8.3.4.2.4_Ensure_default_zone_is_set:def:1
• oval:simp.cis.el8.3.4.2.5_Ensure_network_interfaces_are_assigned_to_appropriate_zone:def:1
• oval:simp.cis.el8.3.4.2.6_Ensure_unnecessary_services_and_ports_are_not_accepted:def:1
• oval:simp.cis.el8.3.4.3.1_Ensure_iptables_are_flushed:def:1
  • Only applies when nftables is used for firewall provider
• oval:simp.cis.el8.3.4.3.2_Ensure_a_table_exists:def:1
  • Only applies when nftables is used for firewall provider
• oval:simp.cis.el8.3.4.3.3_Ensure_base_chains_exist:def:1
  • Only applies when nftables is used for firewall provider
• oval:simp.cis.el8.3.4.3.4_Ensure_loopback_traffic_is_configured:def:1
  • Only applies when nftables is used for firewall provider
• oval:simp.cis.el8.3.4.3.5_Ensure_outbound_and_established_connections_are_configured:def:1
  • Only applies when nftables is used for firewall provider
• oval:simp.cis.el8.3.4.3.6_Ensure_default_deny_firewall_policy:def:1
  • Only applies when nftables is used for firewall provider
• oval:simp.cis.el8.3.4.3.7_Ensure_nftables_service_is_enabled:def:1
  • Only applies when nftables is used for firewall provider
• oval:simp.cis.el8.3.4.3.8_Ensure_nftables_rules_are_permanent:def:1
  • Only applies when nftables is used for firewall provider
• oval:simp.cis.el8.3.4.4.1.1_Ensure_default_deny_firewall_policy:def:1
  • Only applies when iptables is used for firewall provider
• oval:simp.cis.el8.3.4.4.1.2_Ensure_loopback_traffic_is_configured:def:1
  • Only applies when iptables is used for firewall provider
• oval:simp.cis.el8.3.4.4.1.3_Ensure_outbound_and_established_connections_are_configured:def:1
  • Only applies when iptables is used for firewall provider
• oval:simp.cis.el8.3.4.4.1.4_Ensure_firewall_rules_exist_for_all_open_ports:def:1
  • Only applies when iptables is used for firewall provider
• oval:simp.cis.el8.3.4.4.2.1_Ensure_IPv6_default_deny_firewall_policy:def:1
  • Only applies when iptables is used for firewall provider
• oval:simp.cis.el8.3.4.4.2.2_Ensure_IPv6_loopback_traffic_is_configured:def:1
  • Only applies when iptables is used for firewall provider
• oval:simp.cis.el8.3.4.4.2.3_Ensure_IPv6_outbound_and_established_connections_are_configured:def:1
  • Only applies when iptables is used for firewall provider
• oval:simp.cis.el8.3.4.4.2.4_Ensure_IPv6_firewall_rules_exist_for_all_open_ports:def:1
  • Only applies when iptables is used for firewall provider
• oval:simp.cis.el8.3.5_Ensure_wireless_interfaces_are_disabled:def:1
• oval:simp.cis.el8.3.6_Disable_IPv6:def:1
  • Disabled via sysctl instead of kernel command line
• oval:simp.cis.el8.4.1.1.1_Ensure_auditd_is_installed:def:1
• oval:simp.cis.el8.4.1.1.2_Ensure_auditd_service_is_enabled:def:1
• oval:simp.cis.el8.4.1.1.3_Ensure_auditing_for_processes_that_start_prior_to_auditd_is_enabled:def:1
• oval:simp.cis.el8.4.1.1.4_Ensure_audit_backlog_limit_is_sufficient:def:1
• oval:simp.cis.el8.4.1.2.1_Ensure_audit_log_storage_size_is_configured:def:1
• oval:simp.cis.el8.4.1.2.2_Ensure_audit_logs_are_not_automatically_deleted:def:1
• oval:simp.cis.el8.4.1.2.3_Ensure_system_is_disabled_when_audit_logs_are_full:def:1
• oval:simp.cis.el8.4.1.3_Ensure_changes_to_system_administration_scope_sudoers_is_collected:def:1
• oval:simp.cis.el8.4.1.4_Ensure_login_and_logout_events_are_collected:def:1
• oval:simp.cis.el8.4.1.5_Ensure_session_initiation_information_is_collected:def:1
• oval:simp.cis.el8.4.1.6_Ensure_events_that_modify_date_and_time_information_are_collected:def:1
• oval:simp.cis.el8.4.1.7_Ensure_events_that_modify_the_systems_Mandatory_Access_Controls_are_collected:def:1
• oval:simp.cis.el8.4.1.8_Ensure_events_that_modify_the_systems_network_environment_are_collected:def:1
• oval:simp.cis.el8.4.1.9_Ensure_discretionary_access_control_permission_modification_events_are_collected:def:1
• oval:simp.cis.el8.4.1.10_Ensure_unsuccessful_unauthorized_file_access_attempts_are_collected:def:1
• oval:simp.cis.el8.4.1.11_Ensure_events_that_modify_usergroup_information_are_collected:def:1
• oval:simp.cis.el8.4.1.12_Ensure_successful_file_system_mounts_are_collected:def:1
• oval:simp.cis.el8.4.1.13_Ensure_use_of_privileged_commands_is_collected:def:1
• oval:simp.cis.el8.4.1.14_Ensure_file_deletion_events_by_users_are_collected:def:1
• oval:simp.cis.el8.4.1.15_Ensure_kernel_module_loading_and_unloading_is_collected:def:1
• oval:simp.cis.el8.4.1.16_Ensure_system_administrator_actions_sudolog_are_collected:def:1
• oval:simp.cis.el8.4.1.17_Ensure_the_audit_configuration_is_immutable:def:1
• oval:simp.cis.el8.4.2.1.1_Ensure_rsyslog_is_installed:def:1
• oval:simp.cis.el8.4.2.1.2_Ensure_rsyslog_Service_is_enabled:def:1
• oval:simp.cis.el8.4.2.1.3_Ensure_rsyslog_default_file_permissions_configured:def:1
• oval:simp.cis.el8.4.2.1.4_Ensure_logging_is_configured:def:1
• oval:simp.cis.el8.4.2.1.5_Ensure_rsyslog_is_configured_to_send_logs_to_a_remote_log_host:def:1
• oval:simp.cis.el8.4.2.1.6_Ensure_remote_rsyslog_messages_are_only_accepted_on_designated_log_hosts.:def:1
• oval:simp.cis.el8.4.2.2.1_Ensure_journald_is_configured_to_send_logs_to_rsyslog:def:1
• oval:simp.cis.el8.4.2.2.2_Ensure_journald_is_configured_to_compress_large_log_files:def:1
• oval:simp.cis.el8.4.2.2.3_Ensure_journald_is_configured_to_write_logfiles_to_persistent_disk:def:1
• oval:simp.cis.el8.4.2.3_Ensure_permissions_on_all_logfiles_are_configured:def:1
• oval:simp.cis.el8.4.3_Ensure_logrotate_is_configured:def:1
• oval:simp.cis.el8.5.1.1_Ensure_cron_daemon_is_enabled:def:1
• oval:simp.cis.el8.5.1.2_Ensure_permissions_on_etccrontab_are_configured:def:1
• oval:simp.cis.el8.5.1.3_Ensure_permissions_on_etccron.hourly_are_configured:def:1
• oval:simp.cis.el8.5.1.4_Ensure_permissions_on_etccron.daily_are_configured:def:1
• oval:simp.cis.el8.5.1.5_Ensure_permissions_on_etccron.weekly_are_configured:def:1
• oval:simp.cis.el8.5.1.6_Ensure_permissions_on_etccron.monthly_are_configured:def:1
• oval:simp.cis.el8.5.1.7_Ensure_permissions_on_etccron.d_are_configured:def:1
• oval:simp.cis.el8.5.1.8_Ensure_atcron_is_restricted_to_authorized_users:def:1
• oval:simp.cis.el8.5.2.1_Ensure_permissions_on_etcsshsshd_config_are_configured:def:1
• oval:simp.cis.el8.5.2.2_Ensure_SSH_access_is_limited:def:1
• oval:simp.cis.el8.5.2.3_Ensure_permissions_on_SSH_private_host_key_files_are_configured:def:1
• oval:simp.cis.el8.5.2.4_Ensure_permissions_on_SSH_public_host_key_files_are_configured:def:1
• oval:simp.cis.el8.5.2.5_Ensure_SSH_LogLevel_is_appropriate:def:1
• oval:simp.cis.el8.5.2.6_Ensure_SSH_X11_forwarding_is_disabled:def:1
• oval:simp.cis.el8.5.2.7_Ensure_SSH_MaxAuthTries_is_set_to_4_or_less:def:1
• oval:simp.cis.el8.5.2.8_Ensure_SSH_IgnoreRhosts_is_enabled:def:1
• oval:simp.cis.el8.5.2.9_Ensure_SSH_HostbasedAuthentication_is_disabled:def:1
• oval:simp.cis.el8.5.2.10_Ensure_SSH_root_login_is_disabled:def:1
• oval:simp.cis.el8.5.2.11_Ensure_SSH_PermitEmptyPasswords_is_disabled:def:1
• oval:simp.cis.el8.5.2.12_Ensure_SSH_PermitUserEnvironment_is_disabled:def:1
• oval:simp.cis.el8.5.2.13_Ensure_SSH_Idle_Timeout_Interval_is_configured:def:1
• oval:simp.cis.el8.5.2.14_Ensure_SSH_LoginGraceTime_is_set_to_one_minute_or_less:def:1
• oval:simp.cis.el8.5.2.15_Ensure_SSH_warning_banner_is_configured:def:1
• oval:simp.cis.el8.5.2.16_Ensure_SSH_PAM_is_enabled:def:1
• oval:simp.cis.el8.5.2.17_Ensure_SSH_AllowTcpForwarding_is_disabled:def:1
• oval:simp.cis.el8.5.2.18_Ensure_SSH_MaxStartups_is_configured:def:1
• oval:simp.cis.el8.5.2.19_Ensure_SSH_MaxSessions_is_set_to_4_or_less:def:1
• oval:simp.cis.el8.5.2.20_Ensure_system-wide_crypto_policy_is_not_over-ridden:def:1
• oval:simp.cis.el8.5.3.1_Create_custom_authselect_profile:def:1
  • SIMP manages nsswitch and pam directly instead of using authselect.
• oval:simp.cis.el8.5.3.2_Select_authselect_profile:def:1
  • SIMP manages nsswitch and pam directly instead of using authselect.
• oval:simp.cis.el8.5.3.3_Ensure_authselect_includes_with-faillock:def:1
  • SIMP manages nsswitch and pam directly instead of using authselect.
• oval:simp.cis.el8.5.4.1_Ensure_password_creation_requirements_are_configured:def:1
• oval:simp.cis.el8.5.4.2_Ensure_lockout_for_failed_password_attempts_is_configured:def:1
• oval:simp.cis.el8.5.4.3_Ensure_password_reuse_is_limited:def:1
• oval:simp.cis.el8.5.4.4_Ensure_password_hashing_algorithm_is_SHA-512:def:1
• oval:simp.cis.el8.5.5.1.1_Ensure_password_expiration_is_365_days_or_less:def:1
• oval:simp.cis.el8.5.5.1.2_Ensure_minimum_days_between_password_changes_is_7_or_more:def:1
• oval:simp.cis.el8.5.5.1.3_Ensure_password_expiration_warning_days_is_7_or_more:def:1
• oval:simp.cis.el8.5.5.1.4_Ensure_inactive_password_lock_is_30_days_or_less:def:1
• oval:simp.cis.el8.5.5.1.5_Ensure_all_users_last_password_change_date_is_in_the_past:def:1
• oval:simp.cis.el8.5.5.2_Ensure_system_accounts_are_secured:def:1
• oval:simp.cis.el8.5.5.3_Ensure_default_user_shell_timeout_is_900_seconds_or_less:def:1
• oval:simp.cis.el8.5.5.4_Ensure_default_group_for_the_root_account_is_GID_0:def:1
• oval:simp.cis.el8.5.5.5_Ensure_default_user_umask_is_027_or_more_restrictive:def:1
• oval:simp.cis.el8.5.6_Ensure_root_login_is_restricted_to_system_console:def:1
• oval:simp.cis.el8.5.7_Ensure_access_to_the_su_command_is_restricted:def:1
• oval:simp.cis.el8.6.1.2_Ensure_permissions_on_etcpasswd_are_configured:def:1
• oval:simp.cis.el8.6.1.3_Ensure_permissions_on_etcshadow_are_configured:def:1
• oval:simp.cis.el8.6.1.4_Ensure_permissions_on_etcgroup_are_configured:def:1
• oval:simp.cis.el8.6.1.5_Ensure_permissions_on_etcgshadow_are_configured:def:1
• oval:simp.cis.el8.6.1.6_Ensure_permissions_on_etcpasswd-_are_configured:def:1
• oval:simp.cis.el8.6.1.7_Ensure_permissions_on_etcshadow-_are_configured:def:1
• oval:simp.cis.el8.6.1.8_Ensure_permissions_on_etcgroup-_are_configured:def:1
• oval:simp.cis.el8.6.1.9_Ensure_permissions_on_etcgshadow-_are_configured:def:1
• oval:simp.cis.el8.6.2.1_Ensure_password_fields_are_not_empty:def:1
• oval:simp.cis.el8.6.2.2_Ensure_no_legacy__entries_exist_in_etcpasswd:def:1
• oval:simp.cis.el8.6.2.3_Ensure_root_PATH_Integrity:def:1
• oval:simp.cis.el8.6.2.4_Ensure_no_legacy__entries_exist_in_etcshadow:def:1
• oval:simp.cis.el8.6.2.5_Ensure_no_legacy__entries_exist_in_etcgroup:def:1
• oval:simp.cis.el8.6.2.6_Ensure_root_is_the_only_UID_0_account:def:1
• oval:simp.cis.el8.6.2.7_Ensure_users_home_directories_permissions_are_750_or_more_restrictive:def:1
• oval:simp.cis.el8.6.2.8_Ensure_users_own_their_home_directories:def:1
• oval:simp.cis.el8.6.2.9_Ensure_users_dot_files_are_not_group_or_world_writable:def:1
• oval:simp.cis.el8.6.2.10Ensure_no_users_have.forward_files:def:1
• oval:simp.cis.el8.6.2.11Ensure_no_users_have.netrc_files:def:1
• oval:simp.cis.el8.6.2.12Ensure_users.netrc_Files_are_not_group_or_world_accessible:def:1
• oval:simp.cis.el8.6.2.13Ensure_no_users_have.rhosts_files:def:1
• oval:simp.cis.el8.6.2.14_Ensure_all_groups_in_etcpasswd_exist_in_etcgroup:def:1
• oval:simp.cis.el8.6.2.15_Ensure_no_duplicate_UIDs_exist:def:1
• oval:simp.cis.el8.6.2.16_Ensure_no_duplicate_GIDs_exist:def:1
• oval:simp.cis.el8.6.2.17_Ensure_no_duplicate_user_names_exist:def:1
• oval:simp.cis.el8.6.2.18_Ensure_no_duplicate_group_names_exist:def:1
• oval:simp.cis.el8.6.2.19_Ensure_shadow_group_is_empty:def:1
• oval:simp.cis.el8.6.2.20_Ensure_all_users_home_directories_exist:def:1
• oval:simp.cis.el8.1.2.3_Ensure_GPG_keys_are_configured:def:1
• oval:simp.cis.el8.1.2.4_Ensure_gpgcheck_is_globally_activated:def:1

Oracle Linux 8 (220/232 [94%])

• oval:simp.cis.el8.1.1.1.1_Ensure_mounting_of_cramfs_filesystems_is_disabled:def:1
• oval:simp.cis.el8.1.1.1.2_Ensure_mounting_of_vFAT_filesystems_is_limited:def:1
• oval:simp.cis.el8.1.1.1.3_Ensure_mounting_of_squashfs_filesystems_is_disabled:def:1
• oval:simp.cis.el8.1.1.1.4_Ensure_mounting_of_udf_filesystems_is_disabled:def:1
• oval:simp.cis.el8.1.1.2_Ensure_tmp_is_configured:def:1
• oval:simp.cis.el8.1.1.3_Ensure_nodev_option_set_on_tmp_partition:def:1
• oval:simp.cis.el8.1.1.4_Ensure_nosuid_option_set_on_tmp_partition:def:1
• oval:simp.cis.el8.1.1.5_Ensure_noexec_option_set_on_tmp_partition:def:1
• oval:simp.cis.el8.1.1.7_Ensure_separate_partition_exists_for_vartmp:def:1
• oval:simp.cis.el8.1.1.8_Ensure_nodev_option_set_on_vartmp_partition:def:1
• oval:simp.cis.el8.1.1.9_Ensure_nosuid_option_set_on_vartmp_partition:def:1
• oval:simp.cis.el8.1.1.10_Ensure_noexec_option_set_on_vartmp_partition:def:1
• oval:simp.cis.el8.1.1.14_Ensure_nodev_option_set_on_home_partition:def:1
• oval:simp.cis.el8.1.1.15_Ensure_nodev_option_set_on_devshm_partition:def:1
• oval:simp.cis.el8.1.1.16_Ensure_nosuid_option_set_on_devshm_partition:def:1
• oval:simp.cis.el8.1.1.17_Ensure_noexec_option_set_on_devshm_partition:def:1
• oval:simp.cis.el8.1.1.18_Ensure_nodev_option_set_on_removable_media_partitions:def:1
• oval:simp.cis.el8.1.1.19_Ensure_nosuid_option_set_on_removable_media_partitions:def:1
• oval:simp.cis.el8.1.1.20_Ensure_noexec_option_set_on_removable_media_partitions:def:1
• oval:simp.cis.el8.1.1.21_Ensure_sticky_bit_is_set_on_all_world-writable_directories:def:1
• oval:simp.cis.el8.1.1.22_Disable_Automounting:def:1
• oval:simp.cis.el8.1.1.23_Disable_USB_Storage:def:1
• oval:simp.cis.el8.1.2.1_Ensure_GPG_keys_are_configured:def:1
• oval:simp.cis.el8.1.2.2_Ensure_gpgcheck_is_globally_activated:def:1
• oval:simp.cis.el8.1.3.1_Ensure_sudo_is_installed:def:1
• oval:simp.cis.el8.1.3.2_Ensure_sudo_commands_use_pty:def:1
• oval:simp.cis.el8.1.3.3_Ensure_sudo_log_file_exists:def:1
• oval:simp.cis.el8.1.4.1_Ensure_AIDE_is_installed:def:1
• oval:simp.cis.el8.1.4.2_Ensure_filesystem_integrity_is_regularly_checked:def:1
• oval:simp.cis.el8.1.5.1_Ensure_permissions_on_bootloader_config_are_configured:def:1
• oval:simp.cis.el8.1.5.2_Ensure_bootloader_password_is_set:def:1
• oval:simp.cis.el8.1.5.3_Ensure_authentication_required_for_single_user_mode:def:1
• oval:simp.cis.el8.1.6.1_Ensure_core_dumps_are_restricted:def:1
• oval:simp.cis.el8.1.6.2_Ensure_address_space_layout_randomization_ASLR_is_enabled:def:1
• oval:simp.cis.el8.1.7.1.1_Ensure_SELinux_is_installed:def:1
• oval:simp.cis.el8.1.7.1.2_Ensure_SELinux_is_not_disabled_in_bootloader_configuration:def:1
• oval:simp.cis.el8.1.7.1.3_Ensure_SELinux_policy_is_configured:def:1
• oval:simp.cis.el8.1.7.1.4_Ensure_the_SELinux_state_is_enforcing:def:1
• oval:simp.cis.el8.1.7.1.6_Ensure_SETroubleshoot_is_not_installed:def:1
• oval:simp.cis.el8.1.7.1.7_Ensure_the_MCS_Translation_Service_mcstrans_is_not_installed:def:1
• oval:simp.cis.el8.1.8.1.1_Ensure_message_of_the_day_is_configured_properly:def:1
• oval:simp.cis.el8.1.8.1.2_Ensure_local_login_warning_banner_is_configured_properly:def:1
• oval:simp.cis.el8.1.8.1.3_Ensure_remote_login_warning_banner_is_configured_properly:def:1
• oval:simp.cis.el8.1.8.1.4_Ensure_permissions_on_etcmotd_are_configured:def:1
• oval:simp.cis.el8.1.8.1.5_Ensure_permissions_on_etcissue_are_configured:def:1
• oval:simp.cis.el8.1.8.1.6_Ensure_permissions_on_etcissue.net_are_configured:def:1
• oval:simp.cis.el8.1.8.2_Ensure_GDM_login_banner_is_configured:def:1
• oval:simp.cis.el8.1.9_Ensure_updates_patches_and_additional_security_software_are_installed:def:1
• oval:simp.cis.el8.1.10_Ensure_system-wide_crypto_policy_is_not_legacy:def:1
• oval:simp.cis.el8.1.11_Ensure_system-wide_crypto_policy_is_FUTURE_or_FIPS:def:1
• oval:simp.cis.el8.2.1.1_Ensure_xinetd_is_not_installed:def:1
• oval:simp.cis.el8.2.2.1.1_Ensure_time_synchronization_is_in_use:def:1
• oval:simp.cis.el8.2.2.1.2_Ensure_chrony_is_configured:def:1
• oval:simp.cis.el8.2.2.2_Ensure_X_Window_System_is_not_installed:def:1
• oval:simp.cis.el8.2.2.3_Ensure_rsync_service_is_not_enabled:def:1
• oval:simp.cis.el8.2.2.4_Ensure_Avahi_Server_is_not_enabled:def:1
• oval:simp.cis.el8.2.2.5_Ensure_SNMP_Server_is_not_enabled:def:1
• oval:simp.cis.el8.2.2.6_Ensure_HTTP_Proxy_Server_is_not_enabled:def:1
• oval:simp.cis.el8.2.2.7_Ensure_Samba_is_not_enabled:def:1
• oval:simp.cis.el8.2.2.8_Ensure_IMAP_and_POP3_server_is_not_enabled:def:1
• oval:simp.cis.el8.2.2.9_Ensure_HTTP_server_is_not_enabled:def:1
• oval:simp.cis.el8.2.2.10_Ensure_FTP_Server_is_not_enabled:def:1
• oval:simp.cis.el8.2.2.11_Ensure_DNS_Server_is_not_enabled:def:1
• oval:simp.cis.el8.2.2.12_Ensure_NFS_is_not_enabled:def:1
• oval:simp.cis.el8.2.2.13_Ensure__RPC_is_not_enabled:def:1
• oval:simp.cis.el8.2.2.14_Ensure_LDAP_server_is_not_enabled:def:1
• oval:simp.cis.el8.2.2.15_Ensure_DHCP_Server_is_not_enabled:def:1
• oval:simp.cis.el8.2.2.16_Ensure_CUPS_is_not_enabled:def:1
• oval:simp.cis.el8.2.2.17_Ensure_NIS_Server_is_not_enabled:def:1
• oval:simp.cis.el8.2.2.18_Ensure_mail_transfer_agent_is_configured_for_local-only_mode:def:1
• oval:simp.cis.el8.2.3.1_Ensure_NIS_Client_is_not_installed:def:1
• oval:simp.cis.el8.2.3.2_Ensure_telnet_client_is_not_installed:def:1
• oval:simp.cis.el8.2.3.3_Ensure_LDAP_client_is_not_installed:def:1
• oval:simp.cis.el8.3.1.1_Ensure_IP_forwarding_is_disabled:def:1
• oval:simp.cis.el8.3.1.2_Ensure_packet_redirect_sending_is_disabled:def:1
• oval:simp.cis.el8.3.2.1_Ensure_source_routed_packets_are_not_accepted:def:1
• oval:simp.cis.el8.3.2.2_Ensure_ICMP_redirects_are_not_accepted:def:1
• oval:simp.cis.el8.3.2.3_Ensure_secure_ICMP_redirects_are_not_accepted:def:1
• oval:simp.cis.el8.3.2.4_Ensure_suspicious_packets_are_logged:def:1
• oval:simp.cis.el8.3.2.5_Ensure_broadcast_ICMP_requests_are_ignored:def:1
• oval:simp.cis.el8.3.2.6_Ensure_bogus_ICMP_responses_are_ignored:def:1
• oval:simp.cis.el8.3.2.7_Ensure_Reverse_Path_Filtering_is_enabled:def:1
• oval:simp.cis.el8.3.2.8_Ensure_TCP_SYN_Cookies_is_enabled:def:1
• oval:simp.cis.el8.3.2.9_Ensure_IPv6_router_advertisements_are_not_accepted:def:1
• oval:simp.cis.el8.3.3.1_Ensure_DCCP_is_disabled:def:1
• oval:simp.cis.el8.3.3.2_Ensure_SCTP_is_disabled:def:1
• oval:simp.cis.el8.3.3.3_Ensure_RDS_is_disabled:def:1
• oval:simp.cis.el8.3.3.4_Ensure_TIPC_is_disabled:def:1
• oval:simp.cis.el8.3.4.1.1_Ensure_a_Firewall_package_is_installed:def:1
• oval:simp.cis.el8.3.4.2.1_Ensure_firewalld_service_is_enabled_and_running:def:1
• oval:simp.cis.el8.3.4.2.2_Ensure_iptables_is_not_enabled:def:1
• oval:simp.cis.el8.3.4.2.3_Ensure_nftables_is_not_enabled:def:1
• oval:simp.cis.el8.3.4.2.4_Ensure_default_zone_is_set:def:1
• oval:simp.cis.el8.3.4.2.5_Ensure_network_interfaces_are_assigned_to_appropriate_zone:def:1
• oval:simp.cis.el8.3.4.2.6_Ensure_unnecessary_services_and_ports_are_not_accepted:def:1
• oval:simp.cis.el8.3.4.3.1_Ensure_iptables_are_flushed:def:1
  • Only applies when nftables is used for firewall provider
• oval:simp.cis.el8.3.4.3.2_Ensure_a_table_exists:def:1
  • Only applies when nftables is used for firewall provider
• oval:simp.cis.el8.3.4.3.3_Ensure_base_chains_exist:def:1
  • Only applies when nftables is used for firewall provider
• oval:simp.cis.el8.3.4.3.4_Ensure_loopback_traffic_is_configured:def:1
  • Only applies when nftables is used for firewall provider
• oval:simp.cis.el8.3.4.3.5_Ensure_outbound_and_established_connections_are_configured:def:1
  • Only applies when nftables is used for firewall provider
• oval:simp.cis.el8.3.4.3.6_Ensure_default_deny_firewall_policy:def:1
  • Only applies when nftables is used for firewall provider
• oval:simp.cis.el8.3.4.3.7_Ensure_nftables_service_is_enabled:def:1
  • Only applies when nftables is used for firewall provider
• oval:simp.cis.el8.3.4.3.8_Ensure_nftables_rules_are_permanent:def:1
  • Only applies when nftables is used for firewall provider
• oval:simp.cis.el8.3.4.4.1.1_Ensure_default_deny_firewall_policy:def:1
  • Only applies when iptables is used for firewall provider
• oval:simp.cis.el8.3.4.4.1.2_Ensure_loopback_traffic_is_configured:def:1
  • Only applies when iptables is used for firewall provider
• oval:simp.cis.el8.3.4.4.1.3_Ensure_outbound_and_established_connections_are_configured:def:1
  • Only applies when iptables is used for firewall provider
• oval:simp.cis.el8.3.4.4.1.4_Ensure_firewall_rules_exist_for_all_open_ports:def:1
  • Only applies when iptables is used for firewall provider
• oval:simp.cis.el8.3.4.4.2.1_Ensure_IPv6_default_deny_firewall_policy:def:1
  • Only applies when iptables is used for firewall provider
• oval:simp.cis.el8.3.4.4.2.2_Ensure_IPv6_loopback_traffic_is_configured:def:1
  • Only applies when iptables is used for firewall provider
• oval:simp.cis.el8.3.4.4.2.3_Ensure_IPv6_outbound_and_established_connections_are_configured:def:1
  • Only applies when iptables is used for firewall provider
• oval:simp.cis.el8.3.4.4.2.4_Ensure_IPv6_firewall_rules_exist_for_all_open_ports:def:1
  • Only applies when iptables is used for firewall provider
• oval:simp.cis.el8.3.5_Ensure_wireless_interfaces_are_disabled:def:1
• oval:simp.cis.el8.3.6_Disable_IPv6:def:1
  • Disabled via sysctl instead of kernel command line
• oval:simp.cis.el8.4.1.1.1_Ensure_auditd_is_installed:def:1
• oval:simp.cis.el8.4.1.1.2_Ensure_auditd_service_is_enabled:def:1
• oval:simp.cis.el8.4.1.1.3_Ensure_auditing_for_processes_that_start_prior_to_auditd_is_enabled:def:1
• oval:simp.cis.el8.4.1.1.4_Ensure_audit_backlog_limit_is_sufficient:def:1
• oval:simp.cis.el8.4.1.2.1_Ensure_audit_log_storage_size_is_configured:def:1
• oval:simp.cis.el8.4.1.2.2_Ensure_audit_logs_are_not_automatically_deleted:def:1
• oval:simp.cis.el8.4.1.2.3_Ensure_system_is_disabled_when_audit_logs_are_full:def:1
• oval:simp.cis.el8.4.1.3_Ensure_changes_to_system_administration_scope_sudoers_is_collected:def:1
• oval:simp.cis.el8.4.1.4_Ensure_login_and_logout_events_are_collected:def:1
• oval:simp.cis.el8.4.1.5_Ensure_session_initiation_information_is_collected:def:1
• oval:simp.cis.el8.4.1.6_Ensure_events_that_modify_date_and_time_information_are_collected:def:1
• oval:simp.cis.el8.4.1.7_Ensure_events_that_modify_the_systems_Mandatory_Access_Controls_are_collected:def:1
• oval:simp.cis.el8.4.1.8_Ensure_events_that_modify_the_systems_network_environment_are_collected:def:1
• oval:simp.cis.el8.4.1.9_Ensure_discretionary_access_control_permission_modification_events_are_collected:def:1
• oval:simp.cis.el8.4.1.10_Ensure_unsuccessful_unauthorized_file_access_attempts_are_collected:def:1
• oval:simp.cis.el8.4.1.11_Ensure_events_that_modify_usergroup_information_are_collected:def:1
• oval:simp.cis.el8.4.1.12_Ensure_successful_file_system_mounts_are_collected:def:1
• oval:simp.cis.el8.4.1.13_Ensure_use_of_privileged_commands_is_collected:def:1
• oval:simp.cis.el8.4.1.14_Ensure_file_deletion_events_by_users_are_collected:def:1
• oval:simp.cis.el8.4.1.15_Ensure_kernel_module_loading_and_unloading_is_collected:def:1
• oval:simp.cis.el8.4.1.16_Ensure_system_administrator_actions_sudolog_are_collected:def:1
• oval:simp.cis.el8.4.1.17_Ensure_the_audit_configuration_is_immutable:def:1
• oval:simp.cis.el8.4.2.1.1_Ensure_rsyslog_is_installed:def:1
• oval:simp.cis.el8.4.2.1.2_Ensure_rsyslog_Service_is_enabled:def:1
• oval:simp.cis.el8.4.2.1.3_Ensure_rsyslog_default_file_permissions_configured:def:1
• oval:simp.cis.el8.4.2.1.4_Ensure_logging_is_configured:def:1
• oval:simp.cis.el8.4.2.1.5_Ensure_rsyslog_is_configured_to_send_logs_to_a_remote_log_host:def:1
• oval:simp.cis.el8.4.2.1.6_Ensure_remote_rsyslog_messages_are_only_accepted_on_designated_log_hosts.:def:1
• oval:simp.cis.el8.4.2.2.1_Ensure_journald_is_configured_to_send_logs_to_rsyslog:def:1
• oval:simp.cis.el8.4.2.2.2_Ensure_journald_is_configured_to_compress_large_log_files:def:1
• oval:simp.cis.el8.4.2.2.3_Ensure_journald_is_configured_to_write_logfiles_to_persistent_disk:def:1
• oval:simp.cis.el8.4.2.3_Ensure_permissions_on_all_logfiles_are_configured:def:1
• oval:simp.cis.el8.4.3_Ensure_logrotate_is_configured:def:1
• oval:simp.cis.el8.5.1.1_Ensure_cron_daemon_is_enabled:def:1
• oval:simp.cis.el8.5.1.2_Ensure_permissions_on_etccrontab_are_configured:def:1
• oval:simp.cis.el8.5.1.3_Ensure_permissions_on_etccron.hourly_are_configured:def:1
• oval:simp.cis.el8.5.1.4_Ensure_permissions_on_etccron.daily_are_configured:def:1
• oval:simp.cis.el8.5.1.5_Ensure_permissions_on_etccron.weekly_are_configured:def:1
• oval:simp.cis.el8.5.1.6_Ensure_permissions_on_etccron.monthly_are_configured:def:1
• oval:simp.cis.el8.5.1.7_Ensure_permissions_on_etccron.d_are_configured:def:1
• oval:simp.cis.el8.5.1.8_Ensure_atcron_is_restricted_to_authorized_users:def:1
• oval:simp.cis.el8.5.2.1_Ensure_permissions_on_etcsshsshd_config_are_configured:def:1
• oval:simp.cis.el8.5.2.2_Ensure_SSH_access_is_limited:def:1
• oval:simp.cis.el8.5.2.3_Ensure_permissions_on_SSH_private_host_key_files_are_configured:def:1
• oval:simp.cis.el8.5.2.4_Ensure_permissions_on_SSH_public_host_key_files_are_configured:def:1
• oval:simp.cis.el8.5.2.5_Ensure_SSH_LogLevel_is_appropriate:def:1
• oval:simp.cis.el8.5.2.6_Ensure_SSH_X11_forwarding_is_disabled:def:1
• oval:simp.cis.el8.5.2.7_Ensure_SSH_MaxAuthTries_is_set_to_4_or_less:def:1
• oval:simp.cis.el8.5.2.8_Ensure_SSH_IgnoreRhosts_is_enabled:def:1
• oval:simp.cis.el8.5.2.9_Ensure_SSH_HostbasedAuthentication_is_disabled:def:1
• oval:simp.cis.el8.5.2.10_Ensure_SSH_root_login_is_disabled:def:1
• oval:simp.cis.el8.5.2.11_Ensure_SSH_PermitEmptyPasswords_is_disabled:def:1
• oval:simp.cis.el8.5.2.12_Ensure_SSH_PermitUserEnvironment_is_disabled:def:1
• oval:simp.cis.el8.5.2.13_Ensure_SSH_Idle_Timeout_Interval_is_configured:def:1
• oval:simp.cis.el8.5.2.14_Ensure_SSH_LoginGraceTime_is_set_to_one_minute_or_less:def:1
• oval:simp.cis.el8.5.2.15_Ensure_SSH_warning_banner_is_configured:def:1
• oval:simp.cis.el8.5.2.16_Ensure_SSH_PAM_is_enabled:def:1
• oval:simp.cis.el8.5.2.17_Ensure_SSH_AllowTcpForwarding_is_disabled:def:1
• oval:simp.cis.el8.5.2.18_Ensure_SSH_MaxStartups_is_configured:def:1
• oval:simp.cis.el8.5.2.19_Ensure_SSH_MaxSessions_is_set_to_4_or_less:def:1
• oval:simp.cis.el8.5.2.20_Ensure_system-wide_crypto_policy_is_not_over-ridden:def:1
• oval:simp.cis.el8.5.3.1_Create_custom_authselect_profile:def:1
  • SIMP manages nsswitch and pam directly instead of using authselect.
• oval:simp.cis.el8.5.3.2_Select_authselect_profile:def:1
  • SIMP manages nsswitch and pam directly instead of using authselect.
• oval:simp.cis.el8.5.3.3_Ensure_authselect_includes_with-faillock:def:1
  • SIMP manages nsswitch and pam directly instead of using authselect.
• oval:simp.cis.el8.5.4.1_Ensure_password_creation_requirements_are_configured:def:1
• oval:simp.cis.el8.5.4.2_Ensure_lockout_for_failed_password_attempts_is_configured:def:1
• oval:simp.cis.el8.5.4.3_Ensure_password_reuse_is_limited:def:1
• oval:simp.cis.el8.5.4.4_Ensure_password_hashing_algorithm_is_SHA-512:def:1
• oval:simp.cis.el8.5.5.1.1_Ensure_password_expiration_is_365_days_or_less:def:1
• oval:simp.cis.el8.5.5.1.2_Ensure_minimum_days_between_password_changes_is_7_or_more:def:1
• oval:simp.cis.el8.5.5.1.3_Ensure_password_expiration_warning_days_is_7_or_more:def:1
• oval:simp.cis.el8.5.5.1.4_Ensure_inactive_password_lock_is_30_days_or_less:def:1
• oval:simp.cis.el8.5.5.1.5_Ensure_all_users_last_password_change_date_is_in_the_past:def:1
• oval:simp.cis.el8.5.5.2_Ensure_system_accounts_are_secured:def:1
• oval:simp.cis.el8.5.5.3_Ensure_default_user_shell_timeout_is_900_seconds_or_less:def:1
• oval:simp.cis.el8.5.5.4_Ensure_default_group_for_the_root_account_is_GID_0:def:1
• oval:simp.cis.el8.5.5.5_Ensure_default_user_umask_is_027_or_more_restrictive:def:1
• oval:simp.cis.el8.5.6_Ensure_root_login_is_restricted_to_system_console:def:1
• oval:simp.cis.el8.5.7_Ensure_access_to_the_su_command_is_restricted:def:1
• oval:simp.cis.el8.6.1.2_Ensure_permissions_on_etcpasswd_are_configured:def:1
• oval:simp.cis.el8.6.1.3_Ensure_permissions_on_etcshadow_are_configured:def:1
• oval:simp.cis.el8.6.1.4_Ensure_permissions_on_etcgroup_are_configured:def:1
• oval:simp.cis.el8.6.1.5_Ensure_permissions_on_etcgshadow_are_configured:def:1
• oval:simp.cis.el8.6.1.6_Ensure_permissions_on_etcpasswd-_are_configured:def:1
• oval:simp.cis.el8.6.1.7_Ensure_permissions_on_etcshadow-_are_configured:def:1
• oval:simp.cis.el8.6.1.8_Ensure_permissions_on_etcgroup-_are_configured:def:1
• oval:simp.cis.el8.6.1.9_Ensure_permissions_on_etcgshadow-_are_configured:def:1
• oval:simp.cis.el8.6.2.1_Ensure_password_fields_are_not_empty:def:1
• oval:simp.cis.el8.6.2.2_Ensure_no_legacy__entries_exist_in_etcpasswd:def:1
• oval:simp.cis.el8.6.2.3_Ensure_root_PATH_Integrity:def:1
• oval:simp.cis.el8.6.2.4_Ensure_no_legacy__entries_exist_in_etcshadow:def:1
• oval:simp.cis.el8.6.2.5_Ensure_no_legacy__entries_exist_in_etcgroup:def:1
• oval:simp.cis.el8.6.2.6_Ensure_root_is_the_only_UID_0_account:def:1
• oval:simp.cis.el8.6.2.7_Ensure_users_home_directories_permissions_are_750_or_more_restrictive:def:1
• oval:simp.cis.el8.6.2.8_Ensure_users_own_their_home_directories:def:1
• oval:simp.cis.el8.6.2.9_Ensure_users_dot_files_are_not_group_or_world_writable:def:1
• oval:simp.cis.el8.6.2.10Ensure_no_users_have.forward_files:def:1
• oval:simp.cis.el8.6.2.11Ensure_no_users_have.netrc_files:def:1
• oval:simp.cis.el8.6.2.12Ensure_users.netrc_Files_are_not_group_or_world_accessible:def:1
• oval:simp.cis.el8.6.2.13Ensure_no_users_have.rhosts_files:def:1
• oval:simp.cis.el8.6.2.14_Ensure_all_groups_in_etcpasswd_exist_in_etcgroup:def:1
• oval:simp.cis.el8.6.2.15_Ensure_no_duplicate_UIDs_exist:def:1
• oval:simp.cis.el8.6.2.16_Ensure_no_duplicate_GIDs_exist:def:1
• oval:simp.cis.el8.6.2.17_Ensure_no_duplicate_user_names_exist:def:1
• oval:simp.cis.el8.6.2.18_Ensure_no_duplicate_group_names_exist:def:1
• oval:simp.cis.el8.6.2.19_Ensure_shadow_group_is_empty:def:1
• oval:simp.cis.el8.6.2.20_Ensure_all_users_home_directories_exist:def:1