scap-security-guide
July 2012
scap-security-guide@lists.fedorahosted.org
- 12 participants
- 83 discussions
11 years, 9 months
- 3
- 2
[PATCH] Commented out unreferenced sysctl_net_ipv4_icmp_ignore_bogus_error_responses check/value
by Mike Palmiotto
The check/value pair doesn't appear in any rules.
11 years, 9 months
- 3
- 5
[PATCH] Added more NFS prose.
by Willy Santos
Signed-off-by: Willy Santos <wsantos(a)redhat.com>
---
RHEL6/input/services/nfs.xml | 50 +++++++++++++++++++++++++++++++++++++----
1 files changed, 45 insertions(+), 5 deletions(-)
diff --git a/RHEL6/input/services/nfs.xml b/RHEL6/input/services/nfs.xml
index 1d20041..7f5e049 100644
--- a/RHEL6/input/services/nfs.xml
+++ b/RHEL6/input/services/nfs.xml
@@ -256,8 +256,8 @@ can leave your NFS configuration more open than intended. Therefore, exercise ca
the file.
<br /><br />
The syntax of each line in <tt>/etc/exports</tt> is
-<pre>/DIR ipaddr1(opt1,opt2) ipaddr2(opt3)</pre>
-where <tt>/DIR</tt> is a directory or filesystem to export, <tt>ipaddrN</tt> is an IP address, netblock,
+<pre>/DIR host1(opt1,opt2) host2(opt3)</pre>
+where <tt>/DIR</tt> is a directory or filesystem to export, <tt>hostN</tt> is an IP address, netblock,
hostname, domain, or netgroup to which to export, and <tt>optN</tt> is an option.
</description>
</Group> <!-- configure_exports_restrictively -->
@@ -280,20 +280,60 @@ Authorized hosts can be specified in several different formats:
</description>
</Group> <!-- use_acl_enforce_auth_restrictions -->
+<Group id="export_filesystems_read_only">
+<title>Export Filesystems Read-Only if Possible</title>
+<description>If a filesystem is being exported so that users can view the files in a convenient
+fashion, but there is no need for users to edit those files, exporting the filesystem read-only
+removes an attack vector against the server. The default filesystem export mode is <tt>ro</tt>,
+so do not specify <tt>rw</tt> without a good reason.
+</description>
+</Group> <!-- export_filesystems_read_only -->
+
+<Group id="specify_anonymous_uid_gid">
+<title>Specify UID and GID for Anonymous Connections</title>
+<description>When an NFS server is configured to deny remote <tt>root</tt> access, a selected UID and GID
+are used to handle requests from the remote <tt>root</tt> user. The UID and GID should be chosen from the
+system to provide the appropriate level of non-privileged access. By default, the NFS server will
+map remote <tt>root</tt> users to the <tt>nobody</tt> local account. Specifying the anonymous UID and GID
+as -1 ensures that the remote <tt>root</tt> user is mapped to a local account which has no permissions on the
+system.
+<br /><br />
+To specify the UID and GID for remote <tt>root</tt> users, edit the <tt>/etc/exports</tt> file and add
+<tt>anonuid=-1</tt> and <tt>anongid=-1</tt> to the options list for each export.
+</description>
+</Group> <!-- specify_anonymous_uid_gid -->
+
<Rule id="use_root_squashing_all_exports">
<title>Use Root-Squashing on All Exports</title>
<description>If a filesystem is exported using root squashing, requests from root on the client
are considered to be unprivileged (mapped to a user such as nobody). This provides some mild
protection against remote abuse of an NFS server. Root squashing is enabled by default, and
should not be disabled.
-
-Ensure that no line in <tt>/etc/exports</tt> contains the option <tt>no_root_squash</tt>
+<br /><br />
+Ensure that no line in <tt>/etc/exports</tt> contains the option <tt>no_root_squash</tt>.
</description>
-<rationale>If the NFS server allows root access to local file systems from remote hosts, this access could be used to compromise the system.</rationale>
+<rationale>If the NFS server allows root access to local file systems from remote hosts, this
+access could be used to compromise the system.</rationale>
<ident cce="4544-3" />
<oval id="TO:DO" />
</Rule>
+<Rule id="restrict_nfs_clients_to_privileged_ports">
+<title>Restrict NFS Clients to Privileged Ports</title>
+<description>By default, Linux’s NFS implementation requires that all client requests be made
+from ports less than 1024. If your organization has control over machines connected to its
+network, and if NFS requests are prohibited at the border firewall, this offers some protection
+against malicious requests from unprivileged users. Therefore, the default should not be changed.
+<br /><br />
+Ensure that no line in <tt>/etc/exports</tt> contains the option <tt>insecure</tt>.
+</description>
+<rationale>Allowing client requests to be made from ports higher than 1024 could allow a unprivileged
+user to initiate an NFS connection. If the unprivileged user account has been compromised, an
+attacker could gain access to data on the NFS server.</rationale>
+<ident cce="4465-1" />
+<oval id="TO:DO" />
+</Rule>
+
</Group> <!-- nfs_configuring_servers -->
</Group>
--
1.7.7.6
11 years, 9 months
- 2
- 2
[PATCH] Requires python, python-lxml in spec file
by Mike Palmiotto
The python-lxml module is needed to make scap-security-guide.
Michael Palmiotto (1):
Make SSG require python and python-lxml
scap-security-guide.spec | 5 ++++-
1 files changed, 4 insertions(+), 1 deletions(-)
11 years, 9 months
- 2
- 3
[PATCH 0/5] Various additions
by Willy Santos
These patches include some CCI mappings that were documented as Trac tickets, documented V-IDs that can be satisfied by rpmverify, and added some more prose to the NFS section.
Willy Santos (5):
Mapped CCIs 196 and 197 to disable_telnet_service as reference in
trac ticket #45.
Added some NFSv4 guidance to the rpcbind section.
Added V-IDs to rules we can check using rpmverify so they will appear
in the notes column of the table.
Continued work on NFS service prose.
Continued work on NFS section of the guide.
RHEL6/input/auxiliary/transition_notes.xml | 8 +++-
RHEL6/input/services/nfs.xml | 66 +++++++++++++++++++++++++---
RHEL6/input/services/obsolete.xml | 2 +-
3 files changed, 67 insertions(+), 9 deletions(-)
--
1.7.7.6
11 years, 9 months
- 2
- 6
[PATCH] support for adding notes to support consensus discussion
by Jeffrey Blank
This patch includes a new file, transition_notes.xml, and also a new transform
that can output notes (with attribution) as part of a table of settings. This
supports open, transparent migration of the RHEL 5 STIG to consensus for RHEL
6.
Jeffrey Blank (1):
support for adding notes to RHEL 5 STIG content, for transparent
migration to consensus
RHEL6/Makefile | 1 +
RHEL6/input/auxiliary/transition_notes.xml | 31 ++++
RHEL6/transforms/xccdf2table-stig-addnotes.xslt | 172 +++++++++++++++++++++++
3 files changed, 204 insertions(+), 0 deletions(-)
create mode 100644 RHEL6/input/auxiliary/transition_notes.xml
create mode 100644 RHEL6/transforms/xccdf2table-stig-addnotes.xslt
11 years, 9 months
- 2
- 2
RHEL 5 STIG CCI IDs not in OS SRG
by Willy Santos
In the process of mapping CCI IDs from the OS SRG to Rules/Groups in the SSG, we found a number of rules/requirements in the RHEL 5 STIG that are mapping to CCI IDs not in the OS SRG.
In the SSG should we be mapping to CCI IDs not on the OS SRG, or is it preferred to map to items only in the OS SRG? Either one could be appropriate.
-Willy
11 years, 9 months
- 1
- 0
[PATCH] potentially disruptive patch
by Jeffrey Blank
This patch removes the rhel6/src directory, which is unnecessary.
It also capitalizes the toplevel directory to RHEL6, to be more
formal and classy.
Note that the actual patch is NOT included in the next message,
as it is 16MB. Although git can track file moves, it still treats the contents
of the moved files as part of the patch. However, this only increases the
size of the repo from 13M to 13.7M. Undesirable, but not a giant change.
Jeffrey Blank (1):
renaming of toplevel RHEL6 directory, removing unnecessary src
directory * updated specfile and Makefile accordingly (fingers
crossed)
Makefile | 8 +-
RHEL6/.gitignore | 2 +
RHEL6/Makefile | 96 +
RHEL6/README | 30 +
RHEL6/dist/README | 69 +
RHEL6/input/auxiliary/srg_support.xml | 52 +
RHEL6/input/checks/.gitignore | 3 +
RHEL6/input/checks/README | 24 +
.../checks/accounts_dangerous_path_for_root.xml | 41 +
.../checks/accounts_disable_post_pw_expiration.xml | 39 +
.../accounts_max_concurrent_login_sessions.xml | 34 +
.../checks/accounts_maximum_age_login_defs.xml | 34 +
.../checks/accounts_minimum_age_login_defs.xml | 35 +
RHEL6/input/checks/accounts_no_empty_passwords.xml | 23 +
.../accounts_no_nis_inclusions_etc_group.xml | 24 +
.../accounts_no_nis_inclusions_etc_passwd.xml | 24 +
.../accounts_no_nis_inclusions_etc_shadow.xml | 24 +
RHEL6/input/checks/accounts_no_uid_except_zero.xml | 24 +
RHEL6/input/checks/accounts_nologin_for_system.xml | 26 +
.../checks/accounts_password_all_shadowed.xml | 25 +
.../checks/accounts_password_hashing_algorithm.xml | 47 +
.../checks/accounts_password_minlen_login_defs.xml | 46 +
.../accounts_password_pam_cracklib_dcredit.xml | 44 +
.../accounts_password_pam_cracklib_difok.xml | 38 +
.../accounts_password_pam_cracklib_lcredit.xml | 44 +
.../accounts_password_pam_cracklib_ocredit.xml | 44 +
.../accounts_password_pam_cracklib_retry.xml | 35 +
.../accounts_password_pam_cracklib_ucredit.xml | 44 +
.../input/checks/accounts_password_reuse_limit.xml | 33 +
.../accounts_password_warn_age_login_defs.xml | 36 +
.../checks/accounts_passwords_pam_tally2_deny.xml | 32 +
.../checks/accounts_root_path_dirs_no_write.xml | 61 +
RHEL6/input/checks/accounts_su_wheel_only.xml | 31 +
RHEL6/input/checks/accounts_umask_bash_users.xml | 40 +
RHEL6/input/checks/accounts_umask_csh.xml | 40 +
RHEL6/input/checks/accounts_umask_etc_profile.xml | 40 +
RHEL6/input/checks/accounts_umask_login_defs.xml | 40 +
RHEL6/input/checks/accounts_wheel_exists.xml | 30 +
.../input/checks/audit_rules_dac_modification.xml | 41 +
.../checks/audit_rules_file_deletion_events.xml | 23 +
RHEL6/input/checks/audit_rules_immutable.xml | 24 +
.../checks/audit_rules_kernel_module_loading.xml | 50 +
RHEL6/input/checks/audit_rules_login_events.xml | 32 +
.../input/checks/audit_rules_mac_modification.xml | 23 +
RHEL6/input/checks/audit_rules_media_export.xml | 23 +
.../audit_rules_networkconfig_modification.xml | 60 +
.../checks/audit_rules_privileged_commands.xml | 32 +
.../input/checks/audit_rules_record_timechange.xml | 66 +
RHEL6/input/checks/audit_rules_session_events.xml | 41 +
.../input/checks/audit_rules_sysadmin_actions.xml | 23 +
RHEL6/input/checks/audit_rules_time_adjtimex.xml | 57 +
.../checks/audit_rules_time_clock_settime.xml | 57 +
.../input/checks/audit_rules_time_settimeofday.xml | 57 +
RHEL6/input/checks/audit_rules_time_stime.xml | 41 +
.../checks/audit_rules_time_watch_localtime.xml | 33 +
.../audit_rules_unsuccessful_file_modification.xml | 34 +
.../checks/audit_rules_usergroup_modification.xml | 59 +
.../auditd_data_retention_action_mail_acct.xml | 36 +
...ditd_data_retention_admin_space_left_action.xml | 36 +
.../checks/auditd_data_retention_max_log_file.xml | 36 +
.../auditd_data_retention_max_log_file_action.xml | 36 +
.../checks/auditd_data_retention_num_logs.xml | 36 +
.../auditd_data_retention_space_left_action.xml | 36 +
RHEL6/input/checks/banner_etc_issue.xml | 24 +
RHEL6/input/checks/banner_gui_enabled.xml | 23 +
RHEL6/input/checks/banner_gui_gdm.xml | 31 +
RHEL6/input/checks/bootloader_audit_argument.xml | 24 +
RHEL6/input/checks/bootloader_nousb_argument.xml | 24 +
RHEL6/input/checks/bootloader_password.xml | 24 +
.../console_device_restrict_access_desktop.xml | 42 +
.../console_device_restrict_access_server.xml | 42 +
.../checks/core_dump_suid_progs_limits_conf.xml | 31 +
RHEL6/input/checks/core_dumps_limitsconf.xml | 35 +
RHEL6/input/checks/cups_disable_browsing.xml | 43 +
RHEL6/input/checks/cups_disable_printserver.xml | 47 +
RHEL6/input/checks/cups_limit_browsing.xml | 24 +
.../checks/cups_limit_browsing_browseaddress.xml | 42 +
.../checks/cups_limit_browsing_browsedenyallow.xml | 55 +
RHEL6/input/checks/cups_limit_web_interface.xml | 31 +
RHEL6/input/checks/dir_perms_etc_httpd_conf.xml | 37 +
RHEL6/input/checks/dir_perms_var_log_httpd.xml | 37 +
.../dir_perms_world_writable_sticky_bits.xml | 29 +
.../dir_perms_world_writable_system_owned.xml | 29 +
.../checks/dovecot_disable_plaintext_auth.xml | 28 +
RHEL6/input/checks/dovecot_enable_ssl.xml | 28 +
.../input/checks/file_group_owner_etc_crontab.xml | 26 +
RHEL6/input/checks/file_group_owner_grub_conf.xml | 29 +
RHEL6/input/checks/file_groupowner_etc_group.xml | 32 +
RHEL6/input/checks/file_groupowner_etc_gshadow.xml | 32 +
RHEL6/input/checks/file_groupowner_etc_passwd.xml | 32 +
RHEL6/input/checks/file_groupowner_etc_shadow.xml | 32 +
.../checks/file_groupowner_ldap_server_bdb.xml | 32 +
.../checks/file_groupowner_ldap_server_files.xml | 32 +
RHEL6/input/checks/file_mode_etc_crontab.xml | 34 +
RHEL6/input/checks/file_owner_etc_group.xml | 32 +
RHEL6/input/checks/file_owner_etc_gshadow.xml | 32 +
RHEL6/input/checks/file_owner_etc_passwd.xml | 32 +
RHEL6/input/checks/file_owner_etc_shadow.xml | 33 +
RHEL6/input/checks/file_owner_ldap_server_bdb.xml | 32 +
.../input/checks/file_owner_ldap_server_files.xml | 32 +
RHEL6/input/checks/file_ownership_etc_skel.xml | 40 +
.../input/checks/file_ownership_samba_password.xml | 31 +
.../input/checks/file_ownership_var_log_audit.xml | 40 +
.../input/checks/file_permissions_etc_at_allow.xml | 37 +
RHEL6/input/checks/file_permissions_etc_group.xml | 40 +
.../input/checks/file_permissions_etc_gshadow.xml | 40 +
RHEL6/input/checks/file_permissions_etc_passwd.xml | 40 +
RHEL6/input/checks/file_permissions_etc_shadow.xml | 40 +
RHEL6/input/checks/file_permissions_etc_skel.xml | 55 +
RHEL6/input/checks/file_permissions_grub_conf.xml | 37 +
RHEL6/input/checks/file_permissions_home_dirs.xml | 34 +
.../file_permissions_httpd_server_conf_files.xml | 39 +
.../checks/file_permissions_ldap_server_bdb.xml | 40 +
.../checks/file_permissions_ldap_server_files.xml | 39 +
.../checks/file_permissions_samba_password.xml | 37 +
.../checks/file_permissions_unauthorized_sgid.xml | 32 +
.../checks/file_permissions_unauthorized_suid.xml | 32 +
...ile_permissions_unauthorized_world_writable.xml | 33 +
.../input/checks/file_permissions_ungroupowned.xml | 39 +
RHEL6/input/checks/file_permissions_unowned.xml | 39 +
.../checks/file_permissions_var_log_audit.xml | 37 +
.../file_ssh_host_keys_private_permissions.xml | 46 +
.../file_ssh_host_keys_public_permissions.xml | 46 +
RHEL6/input/checks/file_user_owner_etc_crontab.xml | 26 +
RHEL6/input/checks/file_user_owner_grub_conf.xml | 29 +
.../input/checks/gconf_gnome_disable_automount.xml | 42 +
...f_gnome_screensaver_idle_activation_enabled.xml | 26 +
.../checks/gconf_gnome_screensaver_idle_delay.xml | 27 +
.../gconf_gnome_screensaver_lock_enabled.xml | 26 +
.../checks/gconf_gnome_screensaver_mode_blank.xml | 26 +
RHEL6/input/checks/idtranslate.py | 1 +
RHEL6/input/checks/installed_OS_is_rhel6.xml | 54 +
RHEL6/input/checks/interactive_boot_disable.xml | 30 +
RHEL6/input/checks/iptables_avahi_disabled.xml | 44 +
RHEL6/input/checks/iptables_cupsd_disabled.xml | 42 +
.../input/checks/iptables_default_policy_drop.xml | 47 +
RHEL6/input/checks/iptables_icmp_disabled.xml | 106 +
RHEL6/input/checks/iptables_ldap_enabled.xml | 69 +
RHEL6/input/checks/iptables_smtp_enabled.xml | 42 +
RHEL6/input/checks/iptables_sshd_disabled.xml | 42 +
.../checks/kernel_module_bluetooth_disabled.xml | 38 +
.../input/checks/kernel_module_cramfs_disabled.xml | 30 +
RHEL6/input/checks/kernel_module_dccp_disabled.xml | 30 +
.../checks/kernel_module_freevxfs_disabled.xml | 30 +
RHEL6/input/checks/kernel_module_hfs_disabled.xml | 30 +
.../checks/kernel_module_hfsplus_disabled.xml | 30 +
.../checks/kernel_module_ipv6_option_disabled.xml | 24 +
.../input/checks/kernel_module_jffs2_disabled.xml | 30 +
RHEL6/input/checks/kernel_module_rds_disabled.xml | 30 +
RHEL6/input/checks/kernel_module_sctp_disabled.xml | 25 +
.../checks/kernel_module_squashfs_disabled.xml | 30 +
RHEL6/input/checks/kernel_module_tipc_disabled.xml | 30 +
RHEL6/input/checks/kernel_module_udf_disabled.xml | 30 +
.../checks/kernel_module_usb-storage_disabled.xml | 30 +
.../input/checks/ldap_client_pam_ldap_present.xml | 32 +
RHEL6/input/checks/ldap_client_start_tls.xml | 32 +
RHEL6/input/checks/ldap_client_tls_cacertpath.xml | 48 +
.../ldap_server_config_bdb_file_security.xml | 23 +
.../ldap_server_config_certificate_files.xml | 243 +
.../ldap_server_config_certificate_usage.xml | 79 +
.../ldap_server_config_directory_file_security.xml | 23 +
RHEL6/input/checks/ldap_server_config_logging.xml | 116 +
.../input/checks/ldap_server_config_olcaccess.xml | 57 +
.../input/checks/ldap_server_config_olcrootpw.xml | 33 +
.../ldap_server_config_olcsecurity_simple_bind.xml | 32 +
.../checks/ldap_server_config_olcsecurity_tls.xml | 32 +
.../input/checks/ldap_server_config_olcsuffix.xml | 32 +
.../ldap_server_config_olctlsciphersuite.xml | 37 +
RHEL6/input/checks/libuser_login_defs_import.xml | 32 +
RHEL6/input/checks/logrotate_rotate_all_files.xml | 21 +
.../input/checks/logwatch_configured_hostlimit.xml | 29 +
.../checks/logwatch_configured_splithosts.xml | 27 +
RHEL6/input/checks/mount_home_own_partition.xml | 25 +
RHEL6/input/checks/mount_option_dev_shm_nodev.xml | 27 +
RHEL6/input/checks/mount_option_dev_shm_noexec.xml | 27 +
RHEL6/input/checks/mount_option_dev_shm_nosuid.xml | 27 +
...mount_option_nodev_nonroot_local_partitions.xml | 37 +
RHEL6/input/checks/mount_option_nodev_on_tmp.xml | 31 +
.../mount_option_nodev_remote_filesystems.xml | 41 +
.../mount_option_nodev_removable_partitions.xml | 44 +
.../mount_option_noexec_removable_partitions.xml | 46 +
.../mount_option_nosuid_remote_filesystems.xml | 41 +
.../mount_option_nosuid_removable_partitions.xml | 44 +
.../checks/mount_option_smb_client_signing.xml | 79 +
RHEL6/input/checks/mount_option_tmp_nodev.xml | 27 +
RHEL6/input/checks/mount_option_tmp_noexec.xml | 27 +
RHEL6/input/checks/mount_option_tmp_nosuid.xml | 27 +
RHEL6/input/checks/mount_option_var_tmp_bind.xml | 29 +
RHEL6/input/checks/mount_tmp_own_partition.xml | 23 +
.../checks/mount_var_log_audit_own_partition.xml | 24 +
RHEL6/input/checks/mount_var_log_own_partition.xml | 22 +
RHEL6/input/checks/mount_var_own_partition.xml | 25 +
.../input/checks/network_ipv6_default_gateway.xml | 33 +
.../checks/network_ipv6_disable_interfaces.xml | 60 +
RHEL6/input/checks/network_ipv6_disable_rpc.xml | 45 +
RHEL6/input/checks/network_ipv6_limit_requests.xml | 49 +
.../checks/network_ipv6_privacy_extensions.xml | 33 +
RHEL6/input/checks/network_ipv6_static_address.xml | 33 +
RHEL6/input/checks/network_sniffer_disabled.xml | 30 +
RHEL6/input/checks/no_rsh_trusted_host_files.xml | 39 +
RHEL6/input/checks/ntp_remote_server.xml | 32 +
RHEL6/input/checks/package_abrt_removed.xml | 26 +
RHEL6/input/checks/package_acpid_removed.xml | 26 +
RHEL6/input/checks/package_aide_installed.xml | 26 +
RHEL6/input/checks/package_at_removed.xml | 26 +
RHEL6/input/checks/package_audit_installed.xml | 26 +
RHEL6/input/checks/package_autofs_removed.xml | 26 +
RHEL6/input/checks/package_bind_removed.xml | 26 +
RHEL6/input/checks/package_certmonger_removed.xml | 26 +
RHEL6/input/checks/package_cpuspeed_removed.xml | 26 +
.../checks/package_cronie-anacron_removed.xml | 26 +
RHEL6/input/checks/package_cronie_installed.xml | 26 +
RHEL6/input/checks/package_cups_removed.xml | 26 +
RHEL6/input/checks/package_cyrus-sasl_removed.xml | 26 +
RHEL6/input/checks/package_dbus_removed.xml | 26 +
RHEL6/input/checks/package_dhcp_removed.xml | 26 +
RHEL6/input/checks/package_dhcpd_removed.xml | 27 +
RHEL6/input/checks/package_dovecot_removed.xml | 26 +
RHEL6/input/checks/package_hal_removed.xml | 26 +
RHEL6/input/checks/package_httpd_removed.xml | 26 +
.../input/checks/package_initscripts_installed.xml | 27 +
.../input/checks/package_ipsec-tools_installed.xml | 26 +
.../checks/package_iptables-ipv6_installed.xml | 26 +
RHEL6/input/checks/package_iptables_installed.xml | 26 +
RHEL6/input/checks/package_iputils_removed.xml | 23 +
RHEL6/input/checks/package_irda-utils_removed.xml | 26 +
.../input/checks/package_irqbalance_installed.xml | 26 +
.../input/checks/package_isdn4k-utils_removed.xml | 26 +
RHEL6/input/checks/package_kexec-tools_removed.xml | 26 +
RHEL6/input/checks/package_libcgroup_removed.xml | 26 +
RHEL6/input/checks/package_lvm2_installed.xml | 26 +
RHEL6/input/checks/package_mdadm_removed.xml | 26 +
RHEL6/input/checks/package_net-snmp_removed.xml | 26 +
RHEL6/input/checks/package_nfs-utils_removed.xml | 26 +
RHEL6/input/checks/package_ntp_installed.xml | 26 +
RHEL6/input/checks/package_ntpdate_installed.xml | 26 +
RHEL6/input/checks/package_oddjob_removed.xml | 26 +
.../checks/package_openldap-servers_installed.xml | 25 +
.../checks/package_openldap-servers_removed.xml | 25 +
RHEL6/input/checks/package_openldap_removed.xml | 26 +
.../checks/package_openssh-server_removed.xml | 26 +
RHEL6/input/checks/package_openswan_installed.xml | 26 +
RHEL6/input/checks/package_pam_ccreds_removed.xml | 27 +
RHEL6/input/checks/package_pam_ldap_removed.xml | 26 +
.../checks/package_policycoreutils_installed.xml | 26 +
RHEL6/input/checks/package_portreserve_removed.xml | 26 +
RHEL6/input/checks/package_postfix_installed.xml | 26 +
RHEL6/input/checks/package_psacct_installed.xml | 26 +
RHEL6/input/checks/package_quota_removed.xml | 26 +
.../input/checks/package_rhn_gpgkey_installed.xml | 27 +
RHEL6/input/checks/package_rhnsd_removed.xml | 26 +
RHEL6/input/checks/package_rpcbind_removed.xml | 26 +
RHEL6/input/checks/package_rsh-server_removed.xml | 26 +
RHEL6/input/checks/package_rsh_removed.xml | 26 +
RHEL6/input/checks/package_rsyslog_installed.xml | 26 +
.../input/checks/package_samba-common_removed.xml | 26 +
RHEL6/input/checks/package_samba_removed.xml | 26 +
RHEL6/input/checks/package_sendmail_removed.xml | 26 +
.../input/checks/package_smartmontools_removed.xml | 26 +
RHEL6/input/checks/package_squid_removed.xml | 26 +
RHEL6/input/checks/package_sssd_removed.xml | 26 +
.../package_subscription-manager_removed.xml | 26 +
RHEL6/input/checks/package_sysstat_removed.xml | 26 +
RHEL6/input/checks/package_talk-server_removed.xml | 26 +
RHEL6/input/checks/package_talk_removed.xml | 26 +
.../input/checks/package_telnet-server_removed.xml | 26 +
RHEL6/input/checks/package_tftp-server_removed.xml | 26 +
RHEL6/input/checks/package_vlock_installed.xml | 27 +
RHEL6/input/checks/package_vlock_removed.xml | 26 +
RHEL6/input/checks/package_vsftpd_installed.xml | 25 +
RHEL6/input/checks/package_vsftpd_removed.xml | 26 +
RHEL6/input/checks/package_xinetd_removed.xml | 26 +
.../package_xorg-x11-server-common_removed.xml | 26 +
RHEL6/input/checks/package_ypbind_removed.xml | 26 +
RHEL6/input/checks/package_ypserv_removed.xml | 26 +
RHEL6/input/checks/postfix_certificate_files.xml | 243 +
RHEL6/input/checks/postfix_logging.xml | 96 +
.../checks/postfix_network_listening_disabled.xml | 30 +
RHEL6/input/checks/postfix_server_banner.xml | 33 +
.../checks/postfix_server_denial_of_service.xml | 136 +
...tfix_server_mail_relay_for_trusted_networks.xml | 29 +
...server_mail_relay_require_tls_for_smtp_auth.xml | 118 +
...tfix_server_mail_relay_set_trusted_networks.xml | 65 +
...mail_relay_smtp_auth_for_untrusted_networks.xml | 108 +
RHEL6/input/checks/rpm_verify_hashes.xml | 40 +
RHEL6/input/checks/rpm_verify_permissions.xml | 56 +
.../checks/rsyslog_files_exist_permissions.xml | 22 +
.../input/checks/rsyslog_files_groupownership.xml | 22 +
RHEL6/input/checks/rsyslog_files_ownership.xml | 32 +
RHEL6/input/checks/rsyslog_files_permissions.xml | 22 +
RHEL6/input/checks/rsyslog_nolisten.xml | 32 +
RHEL6/input/checks/rsyslog_remote_loghost.xml | 31 +
RHEL6/input/checks/securetty_no_serial.xml | 28 +
.../checks/securetty_root_login_console_only.xml | 28 +
.../checks/selinux_all_devicefiles_labeled.xml | 27 +
.../checks/selinux_bootloader_notdisabled.xml | 24 +
RHEL6/input/checks/selinux_enabled.xml | 20 +
RHEL6/input/checks/selinux_mode.xml | 33 +
RHEL6/input/checks/selinux_policytype.xml | 42 +
RHEL6/input/checks/service_abrtd_disabled.xml | 97 +
RHEL6/input/checks/service_acpid_disabled.xml | 97 +
RHEL6/input/checks/service_atd_disabled.xml | 100 +
RHEL6/input/checks/service_auditd_enabled.xml | 100 +
RHEL6/input/checks/service_autofs_disabled.xml | 97 +
.../input/checks/service_avahi-daemon_disabled.xml | 97 +
RHEL6/input/checks/service_bluetooth_disabled.xml | 97 +
RHEL6/input/checks/service_certmonger_disabled.xml | 97 +
RHEL6/input/checks/service_cgconfig_disabled.xml | 100 +
RHEL6/input/checks/service_cgred_disabled.xml | 97 +
RHEL6/input/checks/service_cpuspeed_disabled.xml | 100 +
RHEL6/input/checks/service_crond_enabled.xml | 100 +
RHEL6/input/checks/service_cups_disabled.xml | 100 +
RHEL6/input/checks/service_dhcpd_disabled.xml | 100 +
RHEL6/input/checks/service_dovecot_disabled.xml | 100 +
RHEL6/input/checks/service_haldaemon_disabled.xml | 100 +
RHEL6/input/checks/service_httpd_disabled.xml | 100 +
RHEL6/input/checks/service_ip6tables_enabled.xml | 100 +
RHEL6/input/checks/service_iptables_enabled.xml | 100 +
RHEL6/input/checks/service_irqbalance_enabled.xml | 100 +
RHEL6/input/checks/service_isdn_disabled.xml | 100 +
RHEL6/input/checks/service_kdump_disabled.xml | 100 +
.../input/checks/service_lvm2-monitor_enabled.xml | 100 +
RHEL6/input/checks/service_mcstrans_disabled.xml | 97 +
RHEL6/input/checks/service_mdmonitor_disabled.xml | 100 +
RHEL6/input/checks/service_messagebus_disabled.xml | 100 +
RHEL6/input/checks/service_named_disabled.xml | 100 +
RHEL6/input/checks/service_netconsole_disabled.xml | 97 +
RHEL6/input/checks/service_netfs_disabled.xml | 97 +
RHEL6/input/checks/service_network_enabled.xml | 100 +
RHEL6/input/checks/service_nfs_disabled.xml | 100 +
RHEL6/input/checks/service_nfslock_disabled.xml | 100 +
RHEL6/input/checks/service_ntpd_enabled.xml | 100 +
RHEL6/input/checks/service_ntpdate_enabled.xml | 103 +
RHEL6/input/checks/service_oddjobd_disabled.xml | 100 +
.../input/checks/service_portreserve_disabled.xml | 100 +
RHEL6/input/checks/service_postfix_enabled.xml | 100 +
RHEL6/input/checks/service_psacct_enabled.xml | 100 +
RHEL6/input/checks/service_quota_nld_disabled.xml | 100 +
RHEL6/input/checks/service_rdisc_disabled.xml | 100 +
RHEL6/input/checks/service_restorecond_enabled.xml | 100 +
RHEL6/input/checks/service_rexec_disabled.xml | 26 +
RHEL6/input/checks/service_rhnsd_disabled.xml | 100 +
RHEL6/input/checks/service_rhsmcertd_disabled.xml | 100 +
RHEL6/input/checks/service_rlogin_disabled.xml | 26 +
RHEL6/input/checks/service_rpcbind_disabled.xml | 100 +
RHEL6/input/checks/service_rpcgssd_disabled.xml | 100 +
RHEL6/input/checks/service_rpcidmapd_disabled.xml | 100 +
RHEL6/input/checks/service_rpcsvcgssd_disabled.xml | 100 +
RHEL6/input/checks/service_rsh_disabled.xml | 26 +
RHEL6/input/checks/service_rsyslog_enabled.xml | 100 +
RHEL6/input/checks/service_saslauthd_disabled.xml | 100 +
RHEL6/input/checks/service_sendmail_disabled.xml | 100 +
RHEL6/input/checks/service_smartd_disabled.xml | 100 +
RHEL6/input/checks/service_smb_disabled.xml | 97 +
RHEL6/input/checks/service_snmpd_disabled.xml | 100 +
RHEL6/input/checks/service_squid_disabled.xml | 100 +
RHEL6/input/checks/service_sshd_disabled.xml | 100 +
RHEL6/input/checks/service_sssd_disabled.xml | 97 +
RHEL6/input/checks/service_sysstat_disabled.xml | 100 +
RHEL6/input/checks/service_telnet_disabled.xml | 100 +
RHEL6/input/checks/service_telnetd_disabled.xml | 97 +
RHEL6/input/checks/service_tftp_disabled.xml | 100 +
RHEL6/input/checks/service_vsftpd_disabled.xml | 100 +
RHEL6/input/checks/service_xinetd_disabled.xml | 100 +
RHEL6/input/checks/service_ypbind_disabled.xml | 100 +
RHEL6/input/checks/service_ypserv_disabled.xml | 100 +
RHEL6/input/checks/singleuser_password.xml | 32 +
RHEL6/input/checks/smb_client_signing_smb_conf.xml | 34 +
RHEL6/input/checks/sshd_banner_set.xml | 34 +
RHEL6/input/checks/sshd_clientalivecountmax.xml | 40 +
.../input/checks/sshd_hostbasedauthentication.xml | 24 +
RHEL6/input/checks/sshd_idle_timeout.xml | 35 +
RHEL6/input/checks/sshd_no_user_envset.xml | 35 +
.../input/checks/sshd_permitemptypasswords_no.xml | 35 +
RHEL6/input/checks/sshd_permitrootlogin_no.xml | 34 +
RHEL6/input/checks/sshd_protocol_2.xml | 24 +
RHEL6/input/checks/sshd_rsh_emulation_disabled.xml | 35 +
RHEL6/input/checks/sshd_use_approved_ciphers.xml | 28 +
RHEL6/input/checks/sysconfig_ipv6_autoconf.xml | 34 +
RHEL6/input/checks/sysconfig_ipv6_disable.xml | 38 +
RHEL6/input/checks/sysconfig_ipv6_networking.xml | 38 +
.../sysconfig_networking_bootproto_ifcfg.xml | 35 +
.../checks/sysconfig_networking_ipv6_ifcfg.xml | 38 +
RHEL6/input/checks/sysconfig_nozeroconf_yes.xml | 31 +
RHEL6/input/checks/sysctl_kernel_exec_shield.xml | 29 +
.../checks/sysctl_kernel_randomize_va_space.xml | 29 +
.../sysctl_net_ipv4_conf_all_accept_redirects.xml | 29 +
...ysctl_net_ipv4_conf_all_accept_source_route.xml | 29 +
.../sysctl_net_ipv4_conf_all_log_martians.xml | 29 +
.../checks/sysctl_net_ipv4_conf_all_rp_filter.xml | 29 +
.../sysctl_net_ipv4_conf_all_secure_redirects.xml | 29 +
.../sysctl_net_ipv4_conf_all_send_redirects.xml | 29 +
...sctl_net_ipv4_conf_default_accept_redirects.xml | 29 +
...l_net_ipv4_conf_default_accept_source_route.xml | 29 +
.../sysctl_net_ipv4_conf_default_rp_filter.xml | 29 +
...sctl_net_ipv4_conf_default_secure_redirects.xml | 29 +
...sysctl_net_ipv4_conf_default_send_redirects.xml | 29 +
...sysctl_net_ipv4_icmp_echo_ignore_broadcasts.xml | 29 +
...l_net_ipv4_icmp_ignore_bogus_error_messages.xml | 39 +
..._net_ipv4_icmp_ignore_bogus_error_responses.xml | 29 +
RHEL6/input/checks/sysctl_net_ipv4_ip_forward.xml | 29 +
.../checks/sysctl_net_ipv4_tcp_syncookies.xml | 29 +
.../sysctl_net_ipv6_conf_all_disable_ipv6.xml | 29 +
.../sysctl_net_ipv6_conf_default_accept_ra.xml | 32 +
...sctl_net_ipv6_conf_default_accept_ra_defrtr.xml | 32 +
...ysctl_net_ipv6_conf_default_accept_ra_pinfo.xml | 32 +
...tl_net_ipv6_conf_default_accept_ra_rtr_pref.xml | 32 +
...sctl_net_ipv6_conf_default_accept_redirects.xml | 29 +
.../sysctl_net_ipv6_conf_default_autoconf.xml | 32 +
.../sysctl_net_ipv6_conf_default_dad_transmits.xml | 32 +
.../sysctl_net_ipv6_conf_default_max_addresses.xml | 32 +
..._net_ipv6_conf_default_router_solicitations.xml | 32 +
RHEL6/input/checks/sysctl_net_ipv6_disabled.xml | 26 +
.../input/checks/system_info_architecture_x86.xml | 30 +
.../checks/system_info_architecture_x86_64.xml | 30 +
RHEL6/input/checks/templates/README | 13 +
.../templates/create_kernel_modules_disabled.py | 41 +
.../checks/templates/create_package_installed.py | 43 +
.../checks/templates/create_package_removed.py | 43 +
.../checks/templates/create_permission_checks.py | 86 +
.../checks/templates/create_services_disabled.py | 47 +
.../checks/templates/create_services_enabled.py | 47 +
.../input/checks/templates/create_sysctl_checks.py | 36 +
.../checks/templates/file_dir_permissions.csv | 4 +
.../checks/templates/kernel_modules_disabled.csv | 12 +
RHEL6/input/checks/templates/output/.gitignore | 2 +
.../input/checks/templates/packages_installed.csv | 15 +
RHEL6/input/checks/templates/packages_removed.csv | 51 +
RHEL6/input/checks/templates/services_disabled.csv | 51 +
RHEL6/input/checks/templates/services_enabled.csv | 12 +
RHEL6/input/checks/templates/sysctl_values.csv | 19 +
.../templates/template_kernel_module_disabled | 31 +
.../checks/templates/template_package_installed | 26 +
.../checks/templates/template_package_removed | 26 +
RHEL6/input/checks/templates/template_permissions | 35 +
.../checks/templates/template_service_disabled | 100 +
.../checks/templates/template_service_enabled | 100 +
RHEL6/input/checks/templates/template_sysctl | 29 +
RHEL6/input/checks/testcheck.py | 131 +
RHEL6/input/checks/tftpd_uses_secure_mode.xml | 24 +
RHEL6/input/checks/umask_for_daemons.xml | 37 +
RHEL6/input/checks/wireless_disable_drivers.xml | 27 +
RHEL6/input/checks/wireless_disable_interfaces.xml | 23 +
RHEL6/input/checks/xwindows_remote_listening.xml | 31 +
RHEL6/input/checks/xwindows_runlevel_setting.xml | 25 +
.../checks/yum_gpgcheck_global_activation.xml | 25 +
RHEL6/input/checks/yum_gpgcheck_never_disabled.xml | 27 +
RHEL6/input/fixes/bash-ks.xml | 4 +
RHEL6/input/fixes/puppet-example.xml | 4 +
RHEL6/input/guide.xml | 14 +
RHEL6/input/guide.xslt | 116 +
RHEL6/input/intro/intro.xml | 175 +
RHEL6/input/profiles/STIG-server.xml | 8 +
RHEL6/input/profiles/common.xml | 239 +
RHEL6/input/profiles/desktop.xml | 14 +
RHEL6/input/profiles/ftp.xml | 14 +
RHEL6/input/profiles/server.xml | 8 +
RHEL6/input/profiles/test.xml | 59 +
RHEL6/input/services/avahi.xml | 142 +
RHEL6/input/services/base.xml | 473 +
RHEL6/input/services/cron.xml | 153 +
RHEL6/input/services/dhcp.xml | 233 +
RHEL6/input/services/dns.xml | 267 +
RHEL6/input/services/ftp.xml | 182 +
RHEL6/input/services/http.xml | 844 +
RHEL6/input/services/imap.xml | 185 +
RHEL6/input/services/ldap.xml | 400 +
RHEL6/input/services/mail.xml | 391 +
RHEL6/input/services/nfs.xml | 249 +
RHEL6/input/services/ntp.xml | 96 +
RHEL6/input/services/obsolete.xml | 273 +
RHEL6/input/services/printing.xml | 116 +
RHEL6/input/services/services.xml | 13 +
RHEL6/input/services/smb.xml | 202 +
RHEL6/input/services/snmp.xml | 67 +
RHEL6/input/services/squid.xml | 46 +
RHEL6/input/services/ssh.xml | 340 +
RHEL6/input/services/xorg.xml | 100 +
RHEL6/input/system/accounts/accounts.xml | 13 +
RHEL6/input/system/accounts/banners.xml | 132 +
RHEL6/input/system/accounts/pam.xml | 377 +
RHEL6/input/system/accounts/physical.xml | 296 +
.../accounts/restrictions/account_expiration.xml | 58 +
.../accounts/restrictions/nis_inclusions.xml | 67 +
.../accounts/restrictions/password_expiration.xml | 164 +
.../accounts/restrictions/password_storage.xml | 54 +
.../system/accounts/restrictions/restrictions.xml | 13 +
.../system/accounts/restrictions/root_logins.xml | 177 +
RHEL6/input/system/accounts/session.xml | 276 +
RHEL6/input/system/auditing.xml | 719 +
RHEL6/input/system/logging.xml | 416 +
RHEL6/input/system/network/ipsec.xml | 24 +
RHEL6/input/system/network/iptables.xml | 238 +
RHEL6/input/system/network/ipv6.xml | 190 +
RHEL6/input/system/network/kernel.xml | 357 +
RHEL6/input/system/network/network.xml | 71 +
RHEL6/input/system/network/ssl.xml | 190 +
RHEL6/input/system/network/uncommon.xml | 91 +
RHEL6/input/system/network/wireless.xml | 122 +
RHEL6/input/system/permissions/execution.xml | 191 +
RHEL6/input/system/permissions/files.xml | 285 +
RHEL6/input/system/permissions/mounting.xml | 289 +
RHEL6/input/system/permissions/partitions.xml | 172 +
RHEL6/input/system/permissions/permissions.xml | 23 +
RHEL6/input/system/selinux.xml | 237 +
RHEL6/input/system/software/disk_partitioning.xml | 118 +
RHEL6/input/system/software/integrity.xml | 181 +
RHEL6/input/system/software/software.xml | 8 +
RHEL6/input/system/software/updating.xml | 115 +
RHEL6/input/system/system.xml | 5 +
RHEL6/output/.gitignore | 10 +
RHEL6/references/disa-cci-list.xml |18330 ++++++++++++++++++
RHEL6/references/disa-os-srg-v1r1.xml | 6963 +++++++
.../disa-stig-rhel5-v1r0.6-cpe-dictionary.xml | 8 +
.../references/disa-stig-rhel5-v1r0.6-cpe-oval.xml | 49 +
RHEL6/references/disa-stig-rhel5-v1r0.6-oval.xml |16024 +++++++++++++++
.../disa-stig-rhel5-v1r0.6-xccdf-manual.xml |20459 ++++++++++++++++++++
RHEL6/references/disa-stig-rhel5-v1r0.6-xccdf.xml |12133 ++++++++++++
.../usgcb-rhel5desktop-cpe-dictionary.xml | 19 +
RHEL6/references/usgcb-rhel5desktop-cpe-oval.xml | 176 +
RHEL6/references/usgcb-rhel5desktop-oval.xml |11260 +++++++++++
RHEL6/references/usgcb-rhel5desktop-xccdf.xml | 5689 ++++++
RHEL6/transforms/.gitignore | 3 +
RHEL6/transforms/cci2html.xsl | 129 +
RHEL6/transforms/combinechecks.py | 77 +
RHEL6/transforms/constants.xslt | 16 +
RHEL6/transforms/idtranslate.py | 86 +
RHEL6/transforms/relabelids.py | 83 +
RHEL6/transforms/shorthand2xccdf.xslt | 256 +
RHEL6/transforms/splitchecks.py | 95 +
RHEL6/transforms/table-sortbyref.xslt | 21 +
RHEL6/transforms/table-srgmap.xslt | 132 +
RHEL6/transforms/xccdf-addfixes.xslt | 38 +
RHEL6/transforms/xccdf-addprofiles.xslt | 36 +
RHEL6/transforms/xccdf-removeaux.xslt | 22 +
RHEL6/transforms/xccdf2shorthand.xslt | 64 +
RHEL6/transforms/xccdf2stigformat.xslt | 35 +
RHEL6/transforms/xccdf2table-byref.xslt | 147 +
RHEL6/transforms/xccdf2table-profileccirefs.xslt | 170 +
RHEL6/transforms/xccdf2table-profilenistrefs.xslt | 170 +
RHEL6/transforms/xccdf2table-stig.xslt | 118 +
RHEL6/utils/README | 36 +
RHEL6/utils/verify-input-sanity.py | 148 +
RHEL6/utils/verify-references.py | 124 +
rhel6/src/.gitignore | 2 -
rhel6/src/Makefile | 96 -
rhel6/src/README | 30 -
rhel6/src/dist/README | 69 -
rhel6/src/input/auxiliary/srg_support.xml | 52 -
rhel6/src/input/checks/.gitignore | 3 -
rhel6/src/input/checks/README | 24 -
.../checks/accounts_dangerous_path_for_root.xml | 41 -
.../checks/accounts_disable_post_pw_expiration.xml | 39 -
.../accounts_max_concurrent_login_sessions.xml | 34 -
.../checks/accounts_maximum_age_login_defs.xml | 34 -
.../checks/accounts_minimum_age_login_defs.xml | 35 -
.../input/checks/accounts_no_empty_passwords.xml | 23 -
.../accounts_no_nis_inclusions_etc_group.xml | 24 -
.../accounts_no_nis_inclusions_etc_passwd.xml | 24 -
.../accounts_no_nis_inclusions_etc_shadow.xml | 24 -
.../input/checks/accounts_no_uid_except_zero.xml | 24 -
.../input/checks/accounts_nologin_for_system.xml | 26 -
.../checks/accounts_password_all_shadowed.xml | 25 -
.../checks/accounts_password_hashing_algorithm.xml | 47 -
.../checks/accounts_password_minlen_login_defs.xml | 46 -
.../accounts_password_pam_cracklib_dcredit.xml | 44 -
.../accounts_password_pam_cracklib_difok.xml | 38 -
.../accounts_password_pam_cracklib_lcredit.xml | 44 -
.../accounts_password_pam_cracklib_ocredit.xml | 44 -
.../accounts_password_pam_cracklib_retry.xml | 35 -
.../accounts_password_pam_cracklib_ucredit.xml | 44 -
.../input/checks/accounts_password_reuse_limit.xml | 33 -
.../accounts_password_warn_age_login_defs.xml | 36 -
.../checks/accounts_passwords_pam_tally2_deny.xml | 32 -
.../checks/accounts_root_path_dirs_no_write.xml | 61 -
rhel6/src/input/checks/accounts_su_wheel_only.xml | 31 -
.../src/input/checks/accounts_umask_bash_users.xml | 40 -
rhel6/src/input/checks/accounts_umask_csh.xml | 40 -
.../input/checks/accounts_umask_etc_profile.xml | 40 -
.../src/input/checks/accounts_umask_login_defs.xml | 40 -
rhel6/src/input/checks/accounts_wheel_exists.xml | 30 -
.../input/checks/audit_rules_dac_modification.xml | 41 -
.../checks/audit_rules_file_deletion_events.xml | 23 -
rhel6/src/input/checks/audit_rules_immutable.xml | 24 -
.../checks/audit_rules_kernel_module_loading.xml | 50 -
.../src/input/checks/audit_rules_login_events.xml | 32 -
.../input/checks/audit_rules_mac_modification.xml | 23 -
.../src/input/checks/audit_rules_media_export.xml | 23 -
.../audit_rules_networkconfig_modification.xml | 60 -
.../checks/audit_rules_privileged_commands.xml | 32 -
.../input/checks/audit_rules_record_timechange.xml | 66 -
.../input/checks/audit_rules_session_events.xml | 41 -
.../input/checks/audit_rules_sysadmin_actions.xml | 23 -
.../src/input/checks/audit_rules_time_adjtimex.xml | 57 -
.../checks/audit_rules_time_clock_settime.xml | 57 -
.../input/checks/audit_rules_time_settimeofday.xml | 57 -
rhel6/src/input/checks/audit_rules_time_stime.xml | 41 -
.../checks/audit_rules_time_watch_localtime.xml | 33 -
.../audit_rules_unsuccessful_file_modification.xml | 34 -
.../checks/audit_rules_usergroup_modification.xml | 59 -
.../auditd_data_retention_action_mail_acct.xml | 36 -
...ditd_data_retention_admin_space_left_action.xml | 36 -
.../checks/auditd_data_retention_max_log_file.xml | 36 -
.../auditd_data_retention_max_log_file_action.xml | 36 -
.../checks/auditd_data_retention_num_logs.xml | 36 -
.../auditd_data_retention_space_left_action.xml | 36 -
rhel6/src/input/checks/banner_etc_issue.xml | 24 -
rhel6/src/input/checks/banner_gui_enabled.xml | 23 -
rhel6/src/input/checks/banner_gui_gdm.xml | 31 -
.../src/input/checks/bootloader_audit_argument.xml | 24 -
.../src/input/checks/bootloader_nousb_argument.xml | 24 -
rhel6/src/input/checks/bootloader_password.xml | 24 -
.../console_device_restrict_access_desktop.xml | 42 -
.../console_device_restrict_access_server.xml | 42 -
.../checks/core_dump_suid_progs_limits_conf.xml | 31 -
rhel6/src/input/checks/core_dumps_limitsconf.xml | 35 -
rhel6/src/input/checks/cups_disable_browsing.xml | 43 -
.../src/input/checks/cups_disable_printserver.xml | 47 -
rhel6/src/input/checks/cups_limit_browsing.xml | 24 -
.../checks/cups_limit_browsing_browseaddress.xml | 42 -
.../checks/cups_limit_browsing_browsedenyallow.xml | 55 -
.../src/input/checks/cups_limit_web_interface.xml | 31 -
.../src/input/checks/dir_perms_etc_httpd_conf.xml | 37 -
rhel6/src/input/checks/dir_perms_var_log_httpd.xml | 37 -
.../dir_perms_world_writable_sticky_bits.xml | 29 -
.../dir_perms_world_writable_system_owned.xml | 29 -
.../checks/dovecot_disable_plaintext_auth.xml | 28 -
rhel6/src/input/checks/dovecot_enable_ssl.xml | 28 -
.../input/checks/file_group_owner_etc_crontab.xml | 26 -
.../input/checks/file_group_owner_grub_conf.xml | 29 -
.../src/input/checks/file_groupowner_etc_group.xml | 32 -
.../input/checks/file_groupowner_etc_gshadow.xml | 32 -
.../input/checks/file_groupowner_etc_passwd.xml | 32 -
.../input/checks/file_groupowner_etc_shadow.xml | 32 -
.../checks/file_groupowner_ldap_server_bdb.xml | 32 -
.../checks/file_groupowner_ldap_server_files.xml | 32 -
rhel6/src/input/checks/file_mode_etc_crontab.xml | 34 -
rhel6/src/input/checks/file_owner_etc_group.xml | 32 -
rhel6/src/input/checks/file_owner_etc_gshadow.xml | 32 -
rhel6/src/input/checks/file_owner_etc_passwd.xml | 32 -
rhel6/src/input/checks/file_owner_etc_shadow.xml | 33 -
.../input/checks/file_owner_ldap_server_bdb.xml | 32 -
.../input/checks/file_owner_ldap_server_files.xml | 32 -
rhel6/src/input/checks/file_ownership_etc_skel.xml | 40 -
.../input/checks/file_ownership_samba_password.xml | 31 -
.../input/checks/file_ownership_var_log_audit.xml | 40 -
.../input/checks/file_permissions_etc_at_allow.xml | 37 -
.../input/checks/file_permissions_etc_group.xml | 40 -
.../input/checks/file_permissions_etc_gshadow.xml | 40 -
.../input/checks/file_permissions_etc_passwd.xml | 40 -
.../input/checks/file_permissions_etc_shadow.xml | 40 -
.../src/input/checks/file_permissions_etc_skel.xml | 55 -
.../input/checks/file_permissions_grub_conf.xml | 37 -
.../input/checks/file_permissions_home_dirs.xml | 34 -
.../file_permissions_httpd_server_conf_files.xml | 39 -
.../checks/file_permissions_ldap_server_bdb.xml | 40 -
.../checks/file_permissions_ldap_server_files.xml | 39 -
.../checks/file_permissions_samba_password.xml | 37 -
.../checks/file_permissions_unauthorized_sgid.xml | 32 -
.../checks/file_permissions_unauthorized_suid.xml | 32 -
...ile_permissions_unauthorized_world_writable.xml | 33 -
.../input/checks/file_permissions_ungroupowned.xml | 39 -
.../src/input/checks/file_permissions_unowned.xml | 39 -
.../checks/file_permissions_var_log_audit.xml | 37 -
.../file_ssh_host_keys_private_permissions.xml | 46 -
.../file_ssh_host_keys_public_permissions.xml | 46 -
.../input/checks/file_user_owner_etc_crontab.xml | 26 -
.../src/input/checks/file_user_owner_grub_conf.xml | 29 -
.../input/checks/gconf_gnome_disable_automount.xml | 42 -
...f_gnome_screensaver_idle_activation_enabled.xml | 26 -
.../checks/gconf_gnome_screensaver_idle_delay.xml | 27 -
.../gconf_gnome_screensaver_lock_enabled.xml | 26 -
.../checks/gconf_gnome_screensaver_mode_blank.xml | 26 -
rhel6/src/input/checks/idtranslate.py | 1 -
rhel6/src/input/checks/installed_OS_is_rhel6.xml | 54 -
.../src/input/checks/interactive_boot_disable.xml | 30 -
rhel6/src/input/checks/iptables_avahi_disabled.xml | 44 -
rhel6/src/input/checks/iptables_cupsd_disabled.xml | 42 -
.../input/checks/iptables_default_policy_drop.xml | 47 -
rhel6/src/input/checks/iptables_icmp_disabled.xml | 106 -
rhel6/src/input/checks/iptables_ldap_enabled.xml | 69 -
rhel6/src/input/checks/iptables_smtp_enabled.xml | 42 -
rhel6/src/input/checks/iptables_sshd_disabled.xml | 42 -
.../checks/kernel_module_bluetooth_disabled.xml | 38 -
.../input/checks/kernel_module_cramfs_disabled.xml | 30 -
.../input/checks/kernel_module_dccp_disabled.xml | 30 -
.../checks/kernel_module_freevxfs_disabled.xml | 30 -
.../input/checks/kernel_module_hfs_disabled.xml | 30 -
.../checks/kernel_module_hfsplus_disabled.xml | 30 -
.../checks/kernel_module_ipv6_option_disabled.xml | 24 -
.../input/checks/kernel_module_jffs2_disabled.xml | 30 -
.../input/checks/kernel_module_rds_disabled.xml | 30 -
.../input/checks/kernel_module_sctp_disabled.xml | 25 -
.../checks/kernel_module_squashfs_disabled.xml | 30 -
.../input/checks/kernel_module_tipc_disabled.xml | 30 -
.../input/checks/kernel_module_udf_disabled.xml | 30 -
.../checks/kernel_module_usb-storage_disabled.xml | 30 -
.../input/checks/ldap_client_pam_ldap_present.xml | 32 -
rhel6/src/input/checks/ldap_client_start_tls.xml | 32 -
.../input/checks/ldap_client_tls_cacertpath.xml | 48 -
.../ldap_server_config_bdb_file_security.xml | 23 -
.../ldap_server_config_certificate_files.xml | 243 -
.../ldap_server_config_certificate_usage.xml | 79 -
.../ldap_server_config_directory_file_security.xml | 23 -
.../input/checks/ldap_server_config_logging.xml | 116 -
.../input/checks/ldap_server_config_olcaccess.xml | 57 -
.../input/checks/ldap_server_config_olcrootpw.xml | 33 -
.../ldap_server_config_olcsecurity_simple_bind.xml | 32 -
.../checks/ldap_server_config_olcsecurity_tls.xml | 32 -
.../input/checks/ldap_server_config_olcsuffix.xml | 32 -
.../ldap_server_config_olctlsciphersuite.xml | 37 -
.../src/input/checks/libuser_login_defs_import.xml | 32 -
.../input/checks/logrotate_rotate_all_files.xml | 21 -
.../input/checks/logwatch_configured_hostlimit.xml | 29 -
.../checks/logwatch_configured_splithosts.xml | 27 -
.../src/input/checks/mount_home_own_partition.xml | 25 -
.../input/checks/mount_option_dev_shm_nodev.xml | 27 -
.../input/checks/mount_option_dev_shm_noexec.xml | 27 -
.../input/checks/mount_option_dev_shm_nosuid.xml | 27 -
...mount_option_nodev_nonroot_local_partitions.xml | 37 -
.../src/input/checks/mount_option_nodev_on_tmp.xml | 31 -
.../mount_option_nodev_remote_filesystems.xml | 41 -
.../mount_option_nodev_removable_partitions.xml | 44 -
.../mount_option_noexec_removable_partitions.xml | 46 -
.../mount_option_nosuid_remote_filesystems.xml | 41 -
.../mount_option_nosuid_removable_partitions.xml | 44 -
.../checks/mount_option_smb_client_signing.xml | 79 -
rhel6/src/input/checks/mount_option_tmp_nodev.xml | 27 -
rhel6/src/input/checks/mount_option_tmp_noexec.xml | 27 -
rhel6/src/input/checks/mount_option_tmp_nosuid.xml | 27 -
.../src/input/checks/mount_option_var_tmp_bind.xml | 29 -
rhel6/src/input/checks/mount_tmp_own_partition.xml | 23 -
.../checks/mount_var_log_audit_own_partition.xml | 24 -
.../input/checks/mount_var_log_own_partition.xml | 22 -
rhel6/src/input/checks/mount_var_own_partition.xml | 25 -
.../input/checks/network_ipv6_default_gateway.xml | 33 -
.../checks/network_ipv6_disable_interfaces.xml | 60 -
.../src/input/checks/network_ipv6_disable_rpc.xml | 45 -
.../input/checks/network_ipv6_limit_requests.xml | 49 -
.../checks/network_ipv6_privacy_extensions.xml | 33 -
.../input/checks/network_ipv6_static_address.xml | 33 -
.../src/input/checks/network_sniffer_disabled.xml | 30 -
.../src/input/checks/no_rsh_trusted_host_files.xml | 39 -
rhel6/src/input/checks/ntp_remote_server.xml | 32 -
rhel6/src/input/checks/package_abrt_removed.xml | 26 -
rhel6/src/input/checks/package_acpid_removed.xml | 26 -
rhel6/src/input/checks/package_aide_installed.xml | 26 -
rhel6/src/input/checks/package_at_removed.xml | 26 -
rhel6/src/input/checks/package_audit_installed.xml | 26 -
rhel6/src/input/checks/package_autofs_removed.xml | 26 -
rhel6/src/input/checks/package_bind_removed.xml | 26 -
.../input/checks/package_certmonger_removed.xml | 26 -
.../src/input/checks/package_cpuspeed_removed.xml | 26 -
.../checks/package_cronie-anacron_removed.xml | 26 -
.../src/input/checks/package_cronie_installed.xml | 26 -
rhel6/src/input/checks/package_cups_removed.xml | 26 -
.../input/checks/package_cyrus-sasl_removed.xml | 26 -
rhel6/src/input/checks/package_dbus_removed.xml | 26 -
rhel6/src/input/checks/package_dhcp_removed.xml | 26 -
rhel6/src/input/checks/package_dhcpd_removed.xml | 27 -
rhel6/src/input/checks/package_dovecot_removed.xml | 26 -
rhel6/src/input/checks/package_hal_removed.xml | 26 -
rhel6/src/input/checks/package_httpd_removed.xml | 26 -
.../input/checks/package_initscripts_installed.xml | 27 -
.../input/checks/package_ipsec-tools_installed.xml | 26 -
.../checks/package_iptables-ipv6_installed.xml | 26 -
.../input/checks/package_iptables_installed.xml | 26 -
rhel6/src/input/checks/package_iputils_removed.xml | 23 -
.../input/checks/package_irda-utils_removed.xml | 26 -
.../input/checks/package_irqbalance_installed.xml | 26 -
.../input/checks/package_isdn4k-utils_removed.xml | 26 -
.../input/checks/package_kexec-tools_removed.xml | 26 -
.../src/input/checks/package_libcgroup_removed.xml | 26 -
rhel6/src/input/checks/package_lvm2_installed.xml | 26 -
rhel6/src/input/checks/package_mdadm_removed.xml | 26 -
.../src/input/checks/package_net-snmp_removed.xml | 26 -
.../src/input/checks/package_nfs-utils_removed.xml | 26 -
rhel6/src/input/checks/package_ntp_installed.xml | 26 -
.../src/input/checks/package_ntpdate_installed.xml | 26 -
rhel6/src/input/checks/package_oddjob_removed.xml | 26 -
.../checks/package_openldap-servers_installed.xml | 25 -
.../checks/package_openldap-servers_removed.xml | 25 -
.../src/input/checks/package_openldap_removed.xml | 26 -
.../checks/package_openssh-server_removed.xml | 26 -
.../input/checks/package_openswan_installed.xml | 26 -
.../input/checks/package_pam_ccreds_removed.xml | 27 -
.../src/input/checks/package_pam_ldap_removed.xml | 26 -
.../checks/package_policycoreutils_installed.xml | 26 -
.../input/checks/package_portreserve_removed.xml | 26 -
.../src/input/checks/package_postfix_installed.xml | 26 -
.../src/input/checks/package_psacct_installed.xml | 26 -
rhel6/src/input/checks/package_quota_removed.xml | 26 -
.../input/checks/package_rhn_gpgkey_installed.xml | 27 -
rhel6/src/input/checks/package_rhnsd_removed.xml | 26 -
rhel6/src/input/checks/package_rpcbind_removed.xml | 26 -
.../input/checks/package_rsh-server_removed.xml | 26 -
rhel6/src/input/checks/package_rsh_removed.xml | 26 -
.../src/input/checks/package_rsyslog_installed.xml | 26 -
.../input/checks/package_samba-common_removed.xml | 26 -
rhel6/src/input/checks/package_samba_removed.xml | 26 -
.../src/input/checks/package_sendmail_removed.xml | 26 -
.../input/checks/package_smartmontools_removed.xml | 26 -
rhel6/src/input/checks/package_squid_removed.xml | 26 -
rhel6/src/input/checks/package_sssd_removed.xml | 26 -
.../package_subscription-manager_removed.xml | 26 -
rhel6/src/input/checks/package_sysstat_removed.xml | 26 -
.../input/checks/package_talk-server_removed.xml | 26 -
rhel6/src/input/checks/package_talk_removed.xml | 26 -
.../input/checks/package_telnet-server_removed.xml | 26 -
.../input/checks/package_tftp-server_removed.xml | 26 -
rhel6/src/input/checks/package_vlock_installed.xml | 27 -
rhel6/src/input/checks/package_vlock_removed.xml | 26 -
.../src/input/checks/package_vsftpd_installed.xml | 25 -
rhel6/src/input/checks/package_vsftpd_removed.xml | 26 -
rhel6/src/input/checks/package_xinetd_removed.xml | 26 -
.../package_xorg-x11-server-common_removed.xml | 26 -
rhel6/src/input/checks/package_ypbind_removed.xml | 26 -
rhel6/src/input/checks/package_ypserv_removed.xml | 26 -
.../src/input/checks/postfix_certificate_files.xml | 243 -
rhel6/src/input/checks/postfix_logging.xml | 96 -
.../checks/postfix_network_listening_disabled.xml | 30 -
rhel6/src/input/checks/postfix_server_banner.xml | 33 -
.../checks/postfix_server_denial_of_service.xml | 136 -
...tfix_server_mail_relay_for_trusted_networks.xml | 29 -
...server_mail_relay_require_tls_for_smtp_auth.xml | 118 -
...tfix_server_mail_relay_set_trusted_networks.xml | 65 -
...mail_relay_smtp_auth_for_untrusted_networks.xml | 108 -
rhel6/src/input/checks/rpm_verify_hashes.xml | 40 -
rhel6/src/input/checks/rpm_verify_permissions.xml | 56 -
.../checks/rsyslog_files_exist_permissions.xml | 22 -
.../input/checks/rsyslog_files_groupownership.xml | 22 -
rhel6/src/input/checks/rsyslog_files_ownership.xml | 32 -
.../src/input/checks/rsyslog_files_permissions.xml | 22 -
rhel6/src/input/checks/rsyslog_nolisten.xml | 32 -
rhel6/src/input/checks/rsyslog_remote_loghost.xml | 31 -
rhel6/src/input/checks/securetty_no_serial.xml | 28 -
.../checks/securetty_root_login_console_only.xml | 28 -
.../checks/selinux_all_devicefiles_labeled.xml | 27 -
.../checks/selinux_bootloader_notdisabled.xml | 24 -
rhel6/src/input/checks/selinux_enabled.xml | 20 -
rhel6/src/input/checks/selinux_mode.xml | 33 -
rhel6/src/input/checks/selinux_policytype.xml | 42 -
rhel6/src/input/checks/service_abrtd_disabled.xml | 97 -
rhel6/src/input/checks/service_acpid_disabled.xml | 97 -
rhel6/src/input/checks/service_atd_disabled.xml | 100 -
rhel6/src/input/checks/service_auditd_enabled.xml | 100 -
rhel6/src/input/checks/service_autofs_disabled.xml | 97 -
.../input/checks/service_avahi-daemon_disabled.xml | 97 -
.../input/checks/service_bluetooth_disabled.xml | 97 -
.../input/checks/service_certmonger_disabled.xml | 97 -
.../src/input/checks/service_cgconfig_disabled.xml | 100 -
rhel6/src/input/checks/service_cgred_disabled.xml | 97 -
.../src/input/checks/service_cpuspeed_disabled.xml | 100 -
rhel6/src/input/checks/service_crond_enabled.xml | 100 -
rhel6/src/input/checks/service_cups_disabled.xml | 100 -
rhel6/src/input/checks/service_dhcpd_disabled.xml | 100 -
.../src/input/checks/service_dovecot_disabled.xml | 100 -
.../input/checks/service_haldaemon_disabled.xml | 100 -
rhel6/src/input/checks/service_httpd_disabled.xml | 100 -
.../src/input/checks/service_ip6tables_enabled.xml | 100 -
.../src/input/checks/service_iptables_enabled.xml | 100 -
.../input/checks/service_irqbalance_enabled.xml | 100 -
rhel6/src/input/checks/service_isdn_disabled.xml | 100 -
rhel6/src/input/checks/service_kdump_disabled.xml | 100 -
.../input/checks/service_lvm2-monitor_enabled.xml | 100 -
.../src/input/checks/service_mcstrans_disabled.xml | 97 -
.../input/checks/service_mdmonitor_disabled.xml | 100 -
.../input/checks/service_messagebus_disabled.xml | 100 -
rhel6/src/input/checks/service_named_disabled.xml | 100 -
.../input/checks/service_netconsole_disabled.xml | 97 -
rhel6/src/input/checks/service_netfs_disabled.xml | 97 -
rhel6/src/input/checks/service_network_enabled.xml | 100 -
rhel6/src/input/checks/service_nfs_disabled.xml | 100 -
.../src/input/checks/service_nfslock_disabled.xml | 100 -
rhel6/src/input/checks/service_ntpd_enabled.xml | 100 -
rhel6/src/input/checks/service_ntpdate_enabled.xml | 103 -
.../src/input/checks/service_oddjobd_disabled.xml | 100 -
.../input/checks/service_portreserve_disabled.xml | 100 -
rhel6/src/input/checks/service_postfix_enabled.xml | 100 -
rhel6/src/input/checks/service_psacct_enabled.xml | 100 -
.../input/checks/service_quota_nld_disabled.xml | 100 -
rhel6/src/input/checks/service_rdisc_disabled.xml | 100 -
.../input/checks/service_restorecond_enabled.xml | 100 -
rhel6/src/input/checks/service_rexec_disabled.xml | 26 -
rhel6/src/input/checks/service_rhnsd_disabled.xml | 100 -
.../input/checks/service_rhsmcertd_disabled.xml | 100 -
rhel6/src/input/checks/service_rlogin_disabled.xml | 26 -
.../src/input/checks/service_rpcbind_disabled.xml | 100 -
.../src/input/checks/service_rpcgssd_disabled.xml | 100 -
.../input/checks/service_rpcidmapd_disabled.xml | 100 -
.../input/checks/service_rpcsvcgssd_disabled.xml | 100 -
rhel6/src/input/checks/service_rsh_disabled.xml | 26 -
rhel6/src/input/checks/service_rsyslog_enabled.xml | 100 -
.../input/checks/service_saslauthd_disabled.xml | 100 -
.../src/input/checks/service_sendmail_disabled.xml | 100 -
rhel6/src/input/checks/service_smartd_disabled.xml | 100 -
rhel6/src/input/checks/service_smb_disabled.xml | 97 -
rhel6/src/input/checks/service_snmpd_disabled.xml | 100 -
rhel6/src/input/checks/service_squid_disabled.xml | 100 -
rhel6/src/input/checks/service_sshd_disabled.xml | 100 -
rhel6/src/input/checks/service_sssd_disabled.xml | 97 -
.../src/input/checks/service_sysstat_disabled.xml | 100 -
rhel6/src/input/checks/service_telnet_disabled.xml | 100 -
.../src/input/checks/service_telnetd_disabled.xml | 97 -
rhel6/src/input/checks/service_tftp_disabled.xml | 100 -
rhel6/src/input/checks/service_vsftpd_disabled.xml | 100 -
rhel6/src/input/checks/service_xinetd_disabled.xml | 100 -
rhel6/src/input/checks/service_ypbind_disabled.xml | 100 -
rhel6/src/input/checks/service_ypserv_disabled.xml | 100 -
rhel6/src/input/checks/singleuser_password.xml | 32 -
.../input/checks/smb_client_signing_smb_conf.xml | 34 -
rhel6/src/input/checks/sshd_banner_set.xml | 34 -
.../src/input/checks/sshd_clientalivecountmax.xml | 40 -
.../input/checks/sshd_hostbasedauthentication.xml | 24 -
rhel6/src/input/checks/sshd_idle_timeout.xml | 35 -
rhel6/src/input/checks/sshd_no_user_envset.xml | 35 -
.../input/checks/sshd_permitemptypasswords_no.xml | 35 -
rhel6/src/input/checks/sshd_permitrootlogin_no.xml | 34 -
rhel6/src/input/checks/sshd_protocol_2.xml | 24 -
.../input/checks/sshd_rsh_emulation_disabled.xml | 35 -
.../src/input/checks/sshd_use_approved_ciphers.xml | 28 -
rhel6/src/input/checks/sysconfig_ipv6_autoconf.xml | 34 -
rhel6/src/input/checks/sysconfig_ipv6_disable.xml | 38 -
.../src/input/checks/sysconfig_ipv6_networking.xml | 38 -
.../sysconfig_networking_bootproto_ifcfg.xml | 35 -
.../checks/sysconfig_networking_ipv6_ifcfg.xml | 38 -
.../src/input/checks/sysconfig_nozeroconf_yes.xml | 31 -
.../src/input/checks/sysctl_kernel_exec_shield.xml | 29 -
.../checks/sysctl_kernel_randomize_va_space.xml | 29 -
.../sysctl_net_ipv4_conf_all_accept_redirects.xml | 29 -
...ysctl_net_ipv4_conf_all_accept_source_route.xml | 29 -
.../sysctl_net_ipv4_conf_all_log_martians.xml | 29 -
.../checks/sysctl_net_ipv4_conf_all_rp_filter.xml | 29 -
.../sysctl_net_ipv4_conf_all_secure_redirects.xml | 29 -
.../sysctl_net_ipv4_conf_all_send_redirects.xml | 29 -
...sctl_net_ipv4_conf_default_accept_redirects.xml | 29 -
...l_net_ipv4_conf_default_accept_source_route.xml | 29 -
.../sysctl_net_ipv4_conf_default_rp_filter.xml | 29 -
...sctl_net_ipv4_conf_default_secure_redirects.xml | 29 -
...sysctl_net_ipv4_conf_default_send_redirects.xml | 29 -
...sysctl_net_ipv4_icmp_echo_ignore_broadcasts.xml | 29 -
...l_net_ipv4_icmp_ignore_bogus_error_messages.xml | 39 -
..._net_ipv4_icmp_ignore_bogus_error_responses.xml | 29 -
.../input/checks/sysctl_net_ipv4_ip_forward.xml | 29 -
.../checks/sysctl_net_ipv4_tcp_syncookies.xml | 29 -
.../sysctl_net_ipv6_conf_all_disable_ipv6.xml | 29 -
.../sysctl_net_ipv6_conf_default_accept_ra.xml | 32 -
...sctl_net_ipv6_conf_default_accept_ra_defrtr.xml | 32 -
...ysctl_net_ipv6_conf_default_accept_ra_pinfo.xml | 32 -
...tl_net_ipv6_conf_default_accept_ra_rtr_pref.xml | 32 -
...sctl_net_ipv6_conf_default_accept_redirects.xml | 29 -
.../sysctl_net_ipv6_conf_default_autoconf.xml | 32 -
.../sysctl_net_ipv6_conf_default_dad_transmits.xml | 32 -
.../sysctl_net_ipv6_conf_default_max_addresses.xml | 32 -
..._net_ipv6_conf_default_router_solicitations.xml | 32 -
.../src/input/checks/sysctl_net_ipv6_disabled.xml | 26 -
.../input/checks/system_info_architecture_x86.xml | 30 -
.../checks/system_info_architecture_x86_64.xml | 30 -
rhel6/src/input/checks/templates/README | 13 -
.../templates/create_kernel_modules_disabled.py | 41 -
.../checks/templates/create_package_installed.py | 43 -
.../checks/templates/create_package_removed.py | 43 -
.../checks/templates/create_permission_checks.py | 86 -
.../checks/templates/create_services_disabled.py | 47 -
.../checks/templates/create_services_enabled.py | 47 -
.../input/checks/templates/create_sysctl_checks.py | 36 -
.../checks/templates/file_dir_permissions.csv | 4 -
.../checks/templates/kernel_modules_disabled.csv | 12 -
rhel6/src/input/checks/templates/output/.gitignore | 2 -
.../input/checks/templates/packages_installed.csv | 15 -
.../input/checks/templates/packages_removed.csv | 51 -
.../input/checks/templates/services_disabled.csv | 51 -
.../input/checks/templates/services_enabled.csv | 12 -
rhel6/src/input/checks/templates/sysctl_values.csv | 19 -
.../templates/template_kernel_module_disabled | 31 -
.../checks/templates/template_package_installed | 26 -
.../checks/templates/template_package_removed | 26 -
.../input/checks/templates/template_permissions | 35 -
.../checks/templates/template_service_disabled | 100 -
.../checks/templates/template_service_enabled | 100 -
rhel6/src/input/checks/templates/template_sysctl | 29 -
rhel6/src/input/checks/testcheck.py | 131 -
rhel6/src/input/checks/tftpd_uses_secure_mode.xml | 24 -
rhel6/src/input/checks/umask_for_daemons.xml | 37 -
.../src/input/checks/wireless_disable_drivers.xml | 27 -
.../input/checks/wireless_disable_interfaces.xml | 23 -
.../src/input/checks/xwindows_remote_listening.xml | 31 -
.../src/input/checks/xwindows_runlevel_setting.xml | 25 -
.../checks/yum_gpgcheck_global_activation.xml | 25 -
.../input/checks/yum_gpgcheck_never_disabled.xml | 27 -
rhel6/src/input/fixes/bash-ks.xml | 4 -
rhel6/src/input/fixes/puppet-example.xml | 4 -
rhel6/src/input/guide.xml | 14 -
rhel6/src/input/guide.xslt | 116 -
rhel6/src/input/intro/intro.xml | 175 -
rhel6/src/input/profiles/STIG-server.xml | 8 -
rhel6/src/input/profiles/common.xml | 239 -
rhel6/src/input/profiles/desktop.xml | 14 -
rhel6/src/input/profiles/ftp.xml | 14 -
rhel6/src/input/profiles/server.xml | 8 -
rhel6/src/input/profiles/test.xml | 59 -
rhel6/src/input/services/avahi.xml | 142 -
rhel6/src/input/services/base.xml | 473 -
rhel6/src/input/services/cron.xml | 153 -
rhel6/src/input/services/dhcp.xml | 233 -
rhel6/src/input/services/dns.xml | 267 -
rhel6/src/input/services/ftp.xml | 182 -
rhel6/src/input/services/http.xml | 844 -
rhel6/src/input/services/imap.xml | 185 -
rhel6/src/input/services/ldap.xml | 400 -
rhel6/src/input/services/mail.xml | 391 -
rhel6/src/input/services/nfs.xml | 249 -
rhel6/src/input/services/ntp.xml | 96 -
rhel6/src/input/services/obsolete.xml | 273 -
rhel6/src/input/services/printing.xml | 116 -
rhel6/src/input/services/services.xml | 13 -
rhel6/src/input/services/smb.xml | 202 -
rhel6/src/input/services/snmp.xml | 67 -
rhel6/src/input/services/squid.xml | 46 -
rhel6/src/input/services/ssh.xml | 340 -
rhel6/src/input/services/xorg.xml | 100 -
rhel6/src/input/system/accounts/accounts.xml | 13 -
rhel6/src/input/system/accounts/banners.xml | 132 -
rhel6/src/input/system/accounts/pam.xml | 377 -
rhel6/src/input/system/accounts/physical.xml | 296 -
.../accounts/restrictions/account_expiration.xml | 58 -
.../accounts/restrictions/nis_inclusions.xml | 67 -
.../accounts/restrictions/password_expiration.xml | 164 -
.../accounts/restrictions/password_storage.xml | 54 -
.../system/accounts/restrictions/restrictions.xml | 13 -
.../system/accounts/restrictions/root_logins.xml | 177 -
rhel6/src/input/system/accounts/session.xml | 276 -
rhel6/src/input/system/auditing.xml | 719 -
rhel6/src/input/system/logging.xml | 416 -
rhel6/src/input/system/network/ipsec.xml | 24 -
rhel6/src/input/system/network/iptables.xml | 238 -
rhel6/src/input/system/network/ipv6.xml | 190 -
rhel6/src/input/system/network/kernel.xml | 357 -
rhel6/src/input/system/network/network.xml | 71 -
rhel6/src/input/system/network/ssl.xml | 190 -
rhel6/src/input/system/network/uncommon.xml | 91 -
rhel6/src/input/system/network/wireless.xml | 122 -
rhel6/src/input/system/permissions/execution.xml | 191 -
rhel6/src/input/system/permissions/files.xml | 285 -
rhel6/src/input/system/permissions/mounting.xml | 289 -
rhel6/src/input/system/permissions/partitions.xml | 172 -
rhel6/src/input/system/permissions/permissions.xml | 23 -
rhel6/src/input/system/selinux.xml | 237 -
.../input/system/software/disk_partitioning.xml | 118 -
rhel6/src/input/system/software/integrity.xml | 181 -
rhel6/src/input/system/software/software.xml | 8 -
rhel6/src/input/system/software/updating.xml | 115 -
rhel6/src/input/system/system.xml | 5 -
rhel6/src/output/.gitignore | 10 -
rhel6/src/references/disa-cci-list.xml |18330 ------------------
rhel6/src/references/disa-os-srg-v1r1.xml | 6963 -------
.../disa-stig-rhel5-v1r0.6-cpe-dictionary.xml | 8 -
.../references/disa-stig-rhel5-v1r0.6-cpe-oval.xml | 49 -
.../src/references/disa-stig-rhel5-v1r0.6-oval.xml |16024 ---------------
.../disa-stig-rhel5-v1r0.6-xccdf-manual.xml |20459 --------------------
.../references/disa-stig-rhel5-v1r0.6-xccdf.xml |12133 ------------
.../usgcb-rhel5desktop-cpe-dictionary.xml | 19 -
.../src/references/usgcb-rhel5desktop-cpe-oval.xml | 176 -
rhel6/src/references/usgcb-rhel5desktop-oval.xml |11260 -----------
rhel6/src/references/usgcb-rhel5desktop-xccdf.xml | 5689 ------
rhel6/src/transforms/.gitignore | 3 -
rhel6/src/transforms/cci2html.xsl | 129 -
rhel6/src/transforms/combinechecks.py | 77 -
rhel6/src/transforms/constants.xslt | 16 -
rhel6/src/transforms/idtranslate.py | 86 -
rhel6/src/transforms/relabelids.py | 83 -
rhel6/src/transforms/shorthand2xccdf.xslt | 256 -
rhel6/src/transforms/splitchecks.py | 95 -
rhel6/src/transforms/table-sortbyref.xslt | 21 -
rhel6/src/transforms/table-srgmap.xslt | 132 -
rhel6/src/transforms/xccdf-addfixes.xslt | 38 -
rhel6/src/transforms/xccdf-addprofiles.xslt | 36 -
rhel6/src/transforms/xccdf-removeaux.xslt | 22 -
rhel6/src/transforms/xccdf2shorthand.xslt | 64 -
rhel6/src/transforms/xccdf2stigformat.xslt | 35 -
rhel6/src/transforms/xccdf2table-byref.xslt | 147 -
.../src/transforms/xccdf2table-profileccirefs.xslt | 170 -
.../transforms/xccdf2table-profilenistrefs.xslt | 170 -
rhel6/src/transforms/xccdf2table-stig.xslt | 118 -
rhel6/src/utils/README | 36 -
rhel6/src/utils/verify-input-sanity.py | 148 -
rhel6/src/utils/verify-references.py | 124 -
scap-security-guide.spec | 4 +-
1088 files changed, 124159 insertions(+), 124159 deletions(-)
create mode 100644 RHEL6/.gitignore
create mode 100644 RHEL6/Makefile
create mode 100644 RHEL6/README
create mode 100644 RHEL6/dist/README
create mode 100644 RHEL6/input/auxiliary/srg_support.xml
create mode 100644 RHEL6/input/checks/.gitignore
create mode 100644 RHEL6/input/checks/README
create mode 100644 RHEL6/input/checks/accounts_dangerous_path_for_root.xml
create mode 100644 RHEL6/input/checks/accounts_disable_post_pw_expiration.xml
create mode 100644 RHEL6/input/checks/accounts_max_concurrent_login_sessions.xml
create mode 100644 RHEL6/input/checks/accounts_maximum_age_login_defs.xml
create mode 100644 RHEL6/input/checks/accounts_minimum_age_login_defs.xml
create mode 100644 RHEL6/input/checks/accounts_no_empty_passwords.xml
create mode 100644 RHEL6/input/checks/accounts_no_nis_inclusions_etc_group.xml
create mode 100644 RHEL6/input/checks/accounts_no_nis_inclusions_etc_passwd.xml
create mode 100644 RHEL6/input/checks/accounts_no_nis_inclusions_etc_shadow.xml
create mode 100644 RHEL6/input/checks/accounts_no_uid_except_zero.xml
create mode 100644 RHEL6/input/checks/accounts_nologin_for_system.xml
create mode 100644 RHEL6/input/checks/accounts_password_all_shadowed.xml
create mode 100644 RHEL6/input/checks/accounts_password_hashing_algorithm.xml
create mode 100644 RHEL6/input/checks/accounts_password_minlen_login_defs.xml
create mode 100644 RHEL6/input/checks/accounts_password_pam_cracklib_dcredit.xml
create mode 100644 RHEL6/input/checks/accounts_password_pam_cracklib_difok.xml
create mode 100644 RHEL6/input/checks/accounts_password_pam_cracklib_lcredit.xml
create mode 100644 RHEL6/input/checks/accounts_password_pam_cracklib_ocredit.xml
create mode 100644 RHEL6/input/checks/accounts_password_pam_cracklib_retry.xml
create mode 100644 RHEL6/input/checks/accounts_password_pam_cracklib_ucredit.xml
create mode 100644 RHEL6/input/checks/accounts_password_reuse_limit.xml
create mode 100644 RHEL6/input/checks/accounts_password_warn_age_login_defs.xml
create mode 100644 RHEL6/input/checks/accounts_passwords_pam_tally2_deny.xml
create mode 100644 RHEL6/input/checks/accounts_root_path_dirs_no_write.xml
create mode 100644 RHEL6/input/checks/accounts_su_wheel_only.xml
create mode 100644 RHEL6/input/checks/accounts_umask_bash_users.xml
create mode 100644 RHEL6/input/checks/accounts_umask_csh.xml
create mode 100644 RHEL6/input/checks/accounts_umask_etc_profile.xml
create mode 100644 RHEL6/input/checks/accounts_umask_login_defs.xml
create mode 100644 RHEL6/input/checks/accounts_wheel_exists.xml
create mode 100644 RHEL6/input/checks/audit_rules_dac_modification.xml
create mode 100644 RHEL6/input/checks/audit_rules_file_deletion_events.xml
create mode 100644 RHEL6/input/checks/audit_rules_immutable.xml
create mode 100644 RHEL6/input/checks/audit_rules_kernel_module_loading.xml
create mode 100644 RHEL6/input/checks/audit_rules_login_events.xml
create mode 100644 RHEL6/input/checks/audit_rules_mac_modification.xml
create mode 100644 RHEL6/input/checks/audit_rules_media_export.xml
create mode 100644 RHEL6/input/checks/audit_rules_networkconfig_modification.xml
create mode 100644 RHEL6/input/checks/audit_rules_privileged_commands.xml
create mode 100644 RHEL6/input/checks/audit_rules_record_timechange.xml
create mode 100644 RHEL6/input/checks/audit_rules_session_events.xml
create mode 100644 RHEL6/input/checks/audit_rules_sysadmin_actions.xml
create mode 100644 RHEL6/input/checks/audit_rules_time_adjtimex.xml
create mode 100644 RHEL6/input/checks/audit_rules_time_clock_settime.xml
create mode 100644 RHEL6/input/checks/audit_rules_time_settimeofday.xml
create mode 100644 RHEL6/input/checks/audit_rules_time_stime.xml
create mode 100644 RHEL6/input/checks/audit_rules_time_watch_localtime.xml
create mode 100644 RHEL6/input/checks/audit_rules_unsuccessful_file_modification.xml
create mode 100644 RHEL6/input/checks/audit_rules_usergroup_modification.xml
create mode 100644 RHEL6/input/checks/auditd_data_retention_action_mail_acct.xml
create mode 100644 RHEL6/input/checks/auditd_data_retention_admin_space_left_action.xml
create mode 100644 RHEL6/input/checks/auditd_data_retention_max_log_file.xml
create mode 100644 RHEL6/input/checks/auditd_data_retention_max_log_file_action.xml
create mode 100644 RHEL6/input/checks/auditd_data_retention_num_logs.xml
create mode 100644 RHEL6/input/checks/auditd_data_retention_space_left_action.xml
create mode 100644 RHEL6/input/checks/banner_etc_issue.xml
create mode 100644 RHEL6/input/checks/banner_gui_enabled.xml
create mode 100644 RHEL6/input/checks/banner_gui_gdm.xml
create mode 100644 RHEL6/input/checks/bootloader_audit_argument.xml
create mode 100644 RHEL6/input/checks/bootloader_nousb_argument.xml
create mode 100644 RHEL6/input/checks/bootloader_password.xml
create mode 100644 RHEL6/input/checks/console_device_restrict_access_desktop.xml
create mode 100644 RHEL6/input/checks/console_device_restrict_access_server.xml
create mode 100644 RHEL6/input/checks/core_dump_suid_progs_limits_conf.xml
create mode 100644 RHEL6/input/checks/core_dumps_limitsconf.xml
create mode 100644 RHEL6/input/checks/cups_disable_browsing.xml
create mode 100644 RHEL6/input/checks/cups_disable_printserver.xml
create mode 100644 RHEL6/input/checks/cups_limit_browsing.xml
create mode 100644 RHEL6/input/checks/cups_limit_browsing_browseaddress.xml
create mode 100644 RHEL6/input/checks/cups_limit_browsing_browsedenyallow.xml
create mode 100644 RHEL6/input/checks/cups_limit_web_interface.xml
create mode 100644 RHEL6/input/checks/dir_perms_etc_httpd_conf.xml
create mode 100644 RHEL6/input/checks/dir_perms_var_log_httpd.xml
create mode 100644 RHEL6/input/checks/dir_perms_world_writable_sticky_bits.xml
create mode 100644 RHEL6/input/checks/dir_perms_world_writable_system_owned.xml
create mode 100644 RHEL6/input/checks/dovecot_disable_plaintext_auth.xml
create mode 100644 RHEL6/input/checks/dovecot_enable_ssl.xml
create mode 100644 RHEL6/input/checks/file_group_owner_etc_crontab.xml
create mode 100644 RHEL6/input/checks/file_group_owner_grub_conf.xml
create mode 100644 RHEL6/input/checks/file_groupowner_etc_group.xml
create mode 100644 RHEL6/input/checks/file_groupowner_etc_gshadow.xml
create mode 100644 RHEL6/input/checks/file_groupowner_etc_passwd.xml
create mode 100644 RHEL6/input/checks/file_groupowner_etc_shadow.xml
create mode 100644 RHEL6/input/checks/file_groupowner_ldap_server_bdb.xml
create mode 100644 RHEL6/input/checks/file_groupowner_ldap_server_files.xml
create mode 100644 RHEL6/input/checks/file_mode_etc_crontab.xml
create mode 100644 RHEL6/input/checks/file_owner_etc_group.xml
create mode 100644 RHEL6/input/checks/file_owner_etc_gshadow.xml
create mode 100644 RHEL6/input/checks/file_owner_etc_passwd.xml
create mode 100644 RHEL6/input/checks/file_owner_etc_shadow.xml
create mode 100644 RHEL6/input/checks/file_owner_ldap_server_bdb.xml
create mode 100644 RHEL6/input/checks/file_owner_ldap_server_files.xml
create mode 100644 RHEL6/input/checks/file_ownership_etc_skel.xml
create mode 100644 RHEL6/input/checks/file_ownership_samba_password.xml
create mode 100644 RHEL6/input/checks/file_ownership_var_log_audit.xml
create mode 100644 RHEL6/input/checks/file_permissions_etc_at_allow.xml
create mode 100644 RHEL6/input/checks/file_permissions_etc_group.xml
create mode 100644 RHEL6/input/checks/file_permissions_etc_gshadow.xml
create mode 100644 RHEL6/input/checks/file_permissions_etc_passwd.xml
create mode 100644 RHEL6/input/checks/file_permissions_etc_shadow.xml
create mode 100644 RHEL6/input/checks/file_permissions_etc_skel.xml
create mode 100644 RHEL6/input/checks/file_permissions_grub_conf.xml
create mode 100644 RHEL6/input/checks/file_permissions_home_dirs.xml
create mode 100644 RHEL6/input/checks/file_permissions_httpd_server_conf_files.xml
create mode 100644 RHEL6/input/checks/file_permissions_ldap_server_bdb.xml
create mode 100644 RHEL6/input/checks/file_permissions_ldap_server_files.xml
create mode 100644 RHEL6/input/checks/file_permissions_samba_password.xml
create mode 100644 RHEL6/input/checks/file_permissions_unauthorized_sgid.xml
create mode 100644 RHEL6/input/checks/file_permissions_unauthorized_suid.xml
create mode 100644 RHEL6/input/checks/file_permissions_unauthorized_world_writable.xml
create mode 100644 RHEL6/input/checks/file_permissions_ungroupowned.xml
create mode 100644 RHEL6/input/checks/file_permissions_unowned.xml
create mode 100644 RHEL6/input/checks/file_permissions_var_log_audit.xml
create mode 100644 RHEL6/input/checks/file_ssh_host_keys_private_permissions.xml
create mode 100644 RHEL6/input/checks/file_ssh_host_keys_public_permissions.xml
create mode 100644 RHEL6/input/checks/file_user_owner_etc_crontab.xml
create mode 100644 RHEL6/input/checks/file_user_owner_grub_conf.xml
create mode 100644 RHEL6/input/checks/gconf_gnome_disable_automount.xml
create mode 100644 RHEL6/input/checks/gconf_gnome_screensaver_idle_activation_enabled.xml
create mode 100644 RHEL6/input/checks/gconf_gnome_screensaver_idle_delay.xml
create mode 100644 RHEL6/input/checks/gconf_gnome_screensaver_lock_enabled.xml
create mode 100644 RHEL6/input/checks/gconf_gnome_screensaver_mode_blank.xml
create mode 120000 RHEL6/input/checks/idtranslate.py
create mode 100644 RHEL6/input/checks/installed_OS_is_rhel6.xml
create mode 100644 RHEL6/input/checks/interactive_boot_disable.xml
create mode 100644 RHEL6/input/checks/iptables_avahi_disabled.xml
create mode 100644 RHEL6/input/checks/iptables_cupsd_disabled.xml
create mode 100644 RHEL6/input/checks/iptables_default_policy_drop.xml
create mode 100644 RHEL6/input/checks/iptables_icmp_disabled.xml
create mode 100644 RHEL6/input/checks/iptables_ldap_enabled.xml
create mode 100644 RHEL6/input/checks/iptables_smtp_enabled.xml
create mode 100644 RHEL6/input/checks/iptables_sshd_disabled.xml
create mode 100644 RHEL6/input/checks/kernel_module_bluetooth_disabled.xml
create mode 100644 RHEL6/input/checks/kernel_module_cramfs_disabled.xml
create mode 100644 RHEL6/input/checks/kernel_module_dccp_disabled.xml
create mode 100644 RHEL6/input/checks/kernel_module_freevxfs_disabled.xml
create mode 100644 RHEL6/input/checks/kernel_module_hfs_disabled.xml
create mode 100644 RHEL6/input/checks/kernel_module_hfsplus_disabled.xml
create mode 100644 RHEL6/input/checks/kernel_module_ipv6_option_disabled.xml
create mode 100644 RHEL6/input/checks/kernel_module_jffs2_disabled.xml
create mode 100644 RHEL6/input/checks/kernel_module_rds_disabled.xml
create mode 100644 RHEL6/input/checks/kernel_module_sctp_disabled.xml
create mode 100644 RHEL6/input/checks/kernel_module_squashfs_disabled.xml
create mode 100644 RHEL6/input/checks/kernel_module_tipc_disabled.xml
create mode 100644 RHEL6/input/checks/kernel_module_udf_disabled.xml
create mode 100644 RHEL6/input/checks/kernel_module_usb-storage_disabled.xml
create mode 100644 RHEL6/input/checks/ldap_client_pam_ldap_present.xml
create mode 100644 RHEL6/input/checks/ldap_client_start_tls.xml
create mode 100644 RHEL6/input/checks/ldap_client_tls_cacertpath.xml
create mode 100644 RHEL6/input/checks/ldap_server_config_bdb_file_security.xml
create mode 100644 RHEL6/input/checks/ldap_server_config_certificate_files.xml
create mode 100644 RHEL6/input/checks/ldap_server_config_certificate_usage.xml
create mode 100644 RHEL6/input/checks/ldap_server_config_directory_file_security.xml
create mode 100644 RHEL6/input/checks/ldap_server_config_logging.xml
create mode 100644 RHEL6/input/checks/ldap_server_config_olcaccess.xml
create mode 100644 RHEL6/input/checks/ldap_server_config_olcrootpw.xml
create mode 100644 RHEL6/input/checks/ldap_server_config_olcsecurity_simple_bind.xml
create mode 100644 RHEL6/input/checks/ldap_server_config_olcsecurity_tls.xml
create mode 100644 RHEL6/input/checks/ldap_server_config_olcsuffix.xml
create mode 100644 RHEL6/input/checks/ldap_server_config_olctlsciphersuite.xml
create mode 100644 RHEL6/input/checks/libuser_login_defs_import.xml
create mode 100644 RHEL6/input/checks/logrotate_rotate_all_files.xml
create mode 100644 RHEL6/input/checks/logwatch_configured_hostlimit.xml
create mode 100644 RHEL6/input/checks/logwatch_configured_splithosts.xml
create mode 100644 RHEL6/input/checks/mount_home_own_partition.xml
create mode 100644 RHEL6/input/checks/mount_option_dev_shm_nodev.xml
create mode 100644 RHEL6/input/checks/mount_option_dev_shm_noexec.xml
create mode 100644 RHEL6/input/checks/mount_option_dev_shm_nosuid.xml
create mode 100644 RHEL6/input/checks/mount_option_nodev_nonroot_local_partitions.xml
create mode 100644 RHEL6/input/checks/mount_option_nodev_on_tmp.xml
create mode 100644 RHEL6/input/checks/mount_option_nodev_remote_filesystems.xml
create mode 100644 RHEL6/input/checks/mount_option_nodev_removable_partitions.xml
create mode 100644 RHEL6/input/checks/mount_option_noexec_removable_partitions.xml
create mode 100644 RHEL6/input/checks/mount_option_nosuid_remote_filesystems.xml
create mode 100644 RHEL6/input/checks/mount_option_nosuid_removable_partitions.xml
create mode 100644 RHEL6/input/checks/mount_option_smb_client_signing.xml
create mode 100644 RHEL6/input/checks/mount_option_tmp_nodev.xml
create mode 100644 RHEL6/input/checks/mount_option_tmp_noexec.xml
create mode 100644 RHEL6/input/checks/mount_option_tmp_nosuid.xml
create mode 100644 RHEL6/input/checks/mount_option_var_tmp_bind.xml
create mode 100644 RHEL6/input/checks/mount_tmp_own_partition.xml
create mode 100644 RHEL6/input/checks/mount_var_log_audit_own_partition.xml
create mode 100644 RHEL6/input/checks/mount_var_log_own_partition.xml
create mode 100644 RHEL6/input/checks/mount_var_own_partition.xml
create mode 100644 RHEL6/input/checks/network_ipv6_default_gateway.xml
create mode 100644 RHEL6/input/checks/network_ipv6_disable_interfaces.xml
create mode 100644 RHEL6/input/checks/network_ipv6_disable_rpc.xml
create mode 100644 RHEL6/input/checks/network_ipv6_limit_requests.xml
create mode 100644 RHEL6/input/checks/network_ipv6_privacy_extensions.xml
create mode 100644 RHEL6/input/checks/network_ipv6_static_address.xml
create mode 100644 RHEL6/input/checks/network_sniffer_disabled.xml
create mode 100644 RHEL6/input/checks/no_rsh_trusted_host_files.xml
create mode 100644 RHEL6/input/checks/ntp_remote_server.xml
create mode 100644 RHEL6/input/checks/package_abrt_removed.xml
create mode 100644 RHEL6/input/checks/package_acpid_removed.xml
create mode 100644 RHEL6/input/checks/package_aide_installed.xml
create mode 100644 RHEL6/input/checks/package_at_removed.xml
create mode 100644 RHEL6/input/checks/package_audit_installed.xml
create mode 100644 RHEL6/input/checks/package_autofs_removed.xml
create mode 100644 RHEL6/input/checks/package_bind_removed.xml
create mode 100644 RHEL6/input/checks/package_certmonger_removed.xml
create mode 100644 RHEL6/input/checks/package_cpuspeed_removed.xml
create mode 100644 RHEL6/input/checks/package_cronie-anacron_removed.xml
create mode 100644 RHEL6/input/checks/package_cronie_installed.xml
create mode 100644 RHEL6/input/checks/package_cups_removed.xml
create mode 100644 RHEL6/input/checks/package_cyrus-sasl_removed.xml
create mode 100644 RHEL6/input/checks/package_dbus_removed.xml
create mode 100644 RHEL6/input/checks/package_dhcp_removed.xml
create mode 100644 RHEL6/input/checks/package_dhcpd_removed.xml
create mode 100644 RHEL6/input/checks/package_dovecot_removed.xml
create mode 100644 RHEL6/input/checks/package_hal_removed.xml
create mode 100644 RHEL6/input/checks/package_httpd_removed.xml
create mode 100644 RHEL6/input/checks/package_initscripts_installed.xml
create mode 100644 RHEL6/input/checks/package_ipsec-tools_installed.xml
create mode 100644 RHEL6/input/checks/package_iptables-ipv6_installed.xml
create mode 100644 RHEL6/input/checks/package_iptables_installed.xml
create mode 100644 RHEL6/input/checks/package_iputils_removed.xml
create mode 100644 RHEL6/input/checks/package_irda-utils_removed.xml
create mode 100644 RHEL6/input/checks/package_irqbalance_installed.xml
create mode 100644 RHEL6/input/checks/package_isdn4k-utils_removed.xml
create mode 100644 RHEL6/input/checks/package_kexec-tools_removed.xml
create mode 100644 RHEL6/input/checks/package_libcgroup_removed.xml
create mode 100644 RHEL6/input/checks/package_lvm2_installed.xml
create mode 100644 RHEL6/input/checks/package_mdadm_removed.xml
create mode 100644 RHEL6/input/checks/package_net-snmp_removed.xml
create mode 100644 RHEL6/input/checks/package_nfs-utils_removed.xml
create mode 100644 RHEL6/input/checks/package_ntp_installed.xml
create mode 100644 RHEL6/input/checks/package_ntpdate_installed.xml
create mode 100644 RHEL6/input/checks/package_oddjob_removed.xml
create mode 100644 RHEL6/input/checks/package_openldap-servers_installed.xml
create mode 100644 RHEL6/input/checks/package_openldap-servers_removed.xml
create mode 100644 RHEL6/input/checks/package_openldap_removed.xml
create mode 100644 RHEL6/input/checks/package_openssh-server_removed.xml
create mode 100644 RHEL6/input/checks/package_openswan_installed.xml
create mode 100644 RHEL6/input/checks/package_pam_ccreds_removed.xml
create mode 100644 RHEL6/input/checks/package_pam_ldap_removed.xml
create mode 100644 RHEL6/input/checks/package_policycoreutils_installed.xml
create mode 100644 RHEL6/input/checks/package_portreserve_removed.xml
create mode 100644 RHEL6/input/checks/package_postfix_installed.xml
create mode 100644 RHEL6/input/checks/package_psacct_installed.xml
create mode 100644 RHEL6/input/checks/package_quota_removed.xml
create mode 100644 RHEL6/input/checks/package_rhn_gpgkey_installed.xml
create mode 100644 RHEL6/input/checks/package_rhnsd_removed.xml
create mode 100644 RHEL6/input/checks/package_rpcbind_removed.xml
create mode 100644 RHEL6/input/checks/package_rsh-server_removed.xml
create mode 100644 RHEL6/input/checks/package_rsh_removed.xml
create mode 100644 RHEL6/input/checks/package_rsyslog_installed.xml
create mode 100644 RHEL6/input/checks/package_samba-common_removed.xml
create mode 100644 RHEL6/input/checks/package_samba_removed.xml
create mode 100644 RHEL6/input/checks/package_sendmail_removed.xml
create mode 100644 RHEL6/input/checks/package_smartmontools_removed.xml
create mode 100644 RHEL6/input/checks/package_squid_removed.xml
create mode 100644 RHEL6/input/checks/package_sssd_removed.xml
create mode 100644 RHEL6/input/checks/package_subscription-manager_removed.xml
create mode 100644 RHEL6/input/checks/package_sysstat_removed.xml
create mode 100644 RHEL6/input/checks/package_talk-server_removed.xml
create mode 100644 RHEL6/input/checks/package_talk_removed.xml
create mode 100644 RHEL6/input/checks/package_telnet-server_removed.xml
create mode 100644 RHEL6/input/checks/package_tftp-server_removed.xml
create mode 100644 RHEL6/input/checks/package_vlock_installed.xml
create mode 100644 RHEL6/input/checks/package_vlock_removed.xml
create mode 100644 RHEL6/input/checks/package_vsftpd_installed.xml
create mode 100644 RHEL6/input/checks/package_vsftpd_removed.xml
create mode 100644 RHEL6/input/checks/package_xinetd_removed.xml
create mode 100644 RHEL6/input/checks/package_xorg-x11-server-common_removed.xml
create mode 100644 RHEL6/input/checks/package_ypbind_removed.xml
create mode 100644 RHEL6/input/checks/package_ypserv_removed.xml
create mode 100644 RHEL6/input/checks/postfix_certificate_files.xml
create mode 100644 RHEL6/input/checks/postfix_logging.xml
create mode 100644 RHEL6/input/checks/postfix_network_listening_disabled.xml
create mode 100644 RHEL6/input/checks/postfix_server_banner.xml
create mode 100644 RHEL6/input/checks/postfix_server_denial_of_service.xml
create mode 100644 RHEL6/input/checks/postfix_server_mail_relay_for_trusted_networks.xml
create mode 100644 RHEL6/input/checks/postfix_server_mail_relay_require_tls_for_smtp_auth.xml
create mode 100644 RHEL6/input/checks/postfix_server_mail_relay_set_trusted_networks.xml
create mode 100644 RHEL6/input/checks/postfix_server_mail_relay_smtp_auth_for_untrusted_networks.xml
create mode 100644 RHEL6/input/checks/rpm_verify_hashes.xml
create mode 100644 RHEL6/input/checks/rpm_verify_permissions.xml
create mode 100644 RHEL6/input/checks/rsyslog_files_exist_permissions.xml
create mode 100644 RHEL6/input/checks/rsyslog_files_groupownership.xml
create mode 100644 RHEL6/input/checks/rsyslog_files_ownership.xml
create mode 100644 RHEL6/input/checks/rsyslog_files_permissions.xml
create mode 100644 RHEL6/input/checks/rsyslog_nolisten.xml
create mode 100644 RHEL6/input/checks/rsyslog_remote_loghost.xml
create mode 100644 RHEL6/input/checks/securetty_no_serial.xml
create mode 100644 RHEL6/input/checks/securetty_root_login_console_only.xml
create mode 100644 RHEL6/input/checks/selinux_all_devicefiles_labeled.xml
create mode 100644 RHEL6/input/checks/selinux_bootloader_notdisabled.xml
create mode 100644 RHEL6/input/checks/selinux_enabled.xml
create mode 100644 RHEL6/input/checks/selinux_mode.xml
create mode 100644 RHEL6/input/checks/selinux_policytype.xml
create mode 100644 RHEL6/input/checks/service_abrtd_disabled.xml
create mode 100644 RHEL6/input/checks/service_acpid_disabled.xml
create mode 100644 RHEL6/input/checks/service_atd_disabled.xml
create mode 100644 RHEL6/input/checks/service_auditd_enabled.xml
create mode 100644 RHEL6/input/checks/service_autofs_disabled.xml
create mode 100644 RHEL6/input/checks/service_avahi-daemon_disabled.xml
create mode 100644 RHEL6/input/checks/service_bluetooth_disabled.xml
create mode 100644 RHEL6/input/checks/service_certmonger_disabled.xml
create mode 100644 RHEL6/input/checks/service_cgconfig_disabled.xml
create mode 100644 RHEL6/input/checks/service_cgred_disabled.xml
create mode 100644 RHEL6/input/checks/service_cpuspeed_disabled.xml
create mode 100644 RHEL6/input/checks/service_crond_enabled.xml
create mode 100644 RHEL6/input/checks/service_cups_disabled.xml
create mode 100644 RHEL6/input/checks/service_dhcpd_disabled.xml
create mode 100644 RHEL6/input/checks/service_dovecot_disabled.xml
create mode 100644 RHEL6/input/checks/service_haldaemon_disabled.xml
create mode 100644 RHEL6/input/checks/service_httpd_disabled.xml
create mode 100644 RHEL6/input/checks/service_ip6tables_enabled.xml
create mode 100644 RHEL6/input/checks/service_iptables_enabled.xml
create mode 100644 RHEL6/input/checks/service_irqbalance_enabled.xml
create mode 100644 RHEL6/input/checks/service_isdn_disabled.xml
create mode 100644 RHEL6/input/checks/service_kdump_disabled.xml
create mode 100644 RHEL6/input/checks/service_lvm2-monitor_enabled.xml
create mode 100644 RHEL6/input/checks/service_mcstrans_disabled.xml
create mode 100644 RHEL6/input/checks/service_mdmonitor_disabled.xml
create mode 100644 RHEL6/input/checks/service_messagebus_disabled.xml
create mode 100644 RHEL6/input/checks/service_named_disabled.xml
create mode 100644 RHEL6/input/checks/service_netconsole_disabled.xml
create mode 100644 RHEL6/input/checks/service_netfs_disabled.xml
create mode 100644 RHEL6/input/checks/service_network_enabled.xml
create mode 100644 RHEL6/input/checks/service_nfs_disabled.xml
create mode 100644 RHEL6/input/checks/service_nfslock_disabled.xml
create mode 100644 RHEL6/input/checks/service_ntpd_enabled.xml
create mode 100644 RHEL6/input/checks/service_ntpdate_enabled.xml
create mode 100644 RHEL6/input/checks/service_oddjobd_disabled.xml
create mode 100644 RHEL6/input/checks/service_portreserve_disabled.xml
create mode 100644 RHEL6/input/checks/service_postfix_enabled.xml
create mode 100644 RHEL6/input/checks/service_psacct_enabled.xml
create mode 100644 RHEL6/input/checks/service_quota_nld_disabled.xml
create mode 100644 RHEL6/input/checks/service_rdisc_disabled.xml
create mode 100644 RHEL6/input/checks/service_restorecond_enabled.xml
create mode 100644 RHEL6/input/checks/service_rexec_disabled.xml
create mode 100644 RHEL6/input/checks/service_rhnsd_disabled.xml
create mode 100644 RHEL6/input/checks/service_rhsmcertd_disabled.xml
create mode 100644 RHEL6/input/checks/service_rlogin_disabled.xml
create mode 100644 RHEL6/input/checks/service_rpcbind_disabled.xml
create mode 100644 RHEL6/input/checks/service_rpcgssd_disabled.xml
create mode 100644 RHEL6/input/checks/service_rpcidmapd_disabled.xml
create mode 100644 RHEL6/input/checks/service_rpcsvcgssd_disabled.xml
create mode 100644 RHEL6/input/checks/service_rsh_disabled.xml
create mode 100644 RHEL6/input/checks/service_rsyslog_enabled.xml
create mode 100644 RHEL6/input/checks/service_saslauthd_disabled.xml
create mode 100644 RHEL6/input/checks/service_sendmail_disabled.xml
create mode 100644 RHEL6/input/checks/service_smartd_disabled.xml
create mode 100644 RHEL6/input/checks/service_smb_disabled.xml
create mode 100644 RHEL6/input/checks/service_snmpd_disabled.xml
create mode 100644 RHEL6/input/checks/service_squid_disabled.xml
create mode 100644 RHEL6/input/checks/service_sshd_disabled.xml
create mode 100644 RHEL6/input/checks/service_sssd_disabled.xml
create mode 100644 RHEL6/input/checks/service_sysstat_disabled.xml
create mode 100644 RHEL6/input/checks/service_telnet_disabled.xml
create mode 100644 RHEL6/input/checks/service_telnetd_disabled.xml
create mode 100644 RHEL6/input/checks/service_tftp_disabled.xml
create mode 100644 RHEL6/input/checks/service_vsftpd_disabled.xml
create mode 100644 RHEL6/input/checks/service_xinetd_disabled.xml
create mode 100644 RHEL6/input/checks/service_ypbind_disabled.xml
create mode 100644 RHEL6/input/checks/service_ypserv_disabled.xml
create mode 100644 RHEL6/input/checks/singleuser_password.xml
create mode 100644 RHEL6/input/checks/smb_client_signing_smb_conf.xml
create mode 100644 RHEL6/input/checks/sshd_banner_set.xml
create mode 100644 RHEL6/input/checks/sshd_clientalivecountmax.xml
create mode 100644 RHEL6/input/checks/sshd_hostbasedauthentication.xml
create mode 100644 RHEL6/input/checks/sshd_idle_timeout.xml
create mode 100644 RHEL6/input/checks/sshd_no_user_envset.xml
create mode 100644 RHEL6/input/checks/sshd_permitemptypasswords_no.xml
create mode 100644 RHEL6/input/checks/sshd_permitrootlogin_no.xml
create mode 100644 RHEL6/input/checks/sshd_protocol_2.xml
create mode 100644 RHEL6/input/checks/sshd_rsh_emulation_disabled.xml
create mode 100644 RHEL6/input/checks/sshd_use_approved_ciphers.xml
create mode 100644 RHEL6/input/checks/sysconfig_ipv6_autoconf.xml
create mode 100644 RHEL6/input/checks/sysconfig_ipv6_disable.xml
create mode 100644 RHEL6/input/checks/sysconfig_ipv6_networking.xml
create mode 100644 RHEL6/input/checks/sysconfig_networking_bootproto_ifcfg.xml
create mode 100644 RHEL6/input/checks/sysconfig_networking_ipv6_ifcfg.xml
create mode 100644 RHEL6/input/checks/sysconfig_nozeroconf_yes.xml
create mode 100644 RHEL6/input/checks/sysctl_kernel_exec_shield.xml
create mode 100644 RHEL6/input/checks/sysctl_kernel_randomize_va_space.xml
create mode 100644 RHEL6/input/checks/sysctl_net_ipv4_conf_all_accept_redirects.xml
create mode 100644 RHEL6/input/checks/sysctl_net_ipv4_conf_all_accept_source_route.xml
create mode 100644 RHEL6/input/checks/sysctl_net_ipv4_conf_all_log_martians.xml
create mode 100644 RHEL6/input/checks/sysctl_net_ipv4_conf_all_rp_filter.xml
create mode 100644 RHEL6/input/checks/sysctl_net_ipv4_conf_all_secure_redirects.xml
create mode 100644 RHEL6/input/checks/sysctl_net_ipv4_conf_all_send_redirects.xml
create mode 100644 RHEL6/input/checks/sysctl_net_ipv4_conf_default_accept_redirects.xml
create mode 100644 RHEL6/input/checks/sysctl_net_ipv4_conf_default_accept_source_route.xml
create mode 100644 RHEL6/input/checks/sysctl_net_ipv4_conf_default_rp_filter.xml
create mode 100644 RHEL6/input/checks/sysctl_net_ipv4_conf_default_secure_redirects.xml
create mode 100644 RHEL6/input/checks/sysctl_net_ipv4_conf_default_send_redirects.xml
create mode 100644 RHEL6/input/checks/sysctl_net_ipv4_icmp_echo_ignore_broadcasts.xml
create mode 100644 RHEL6/input/checks/sysctl_net_ipv4_icmp_ignore_bogus_error_messages.xml
create mode 100644 RHEL6/input/checks/sysctl_net_ipv4_icmp_ignore_bogus_error_responses.xml
create mode 100644 RHEL6/input/checks/sysctl_net_ipv4_ip_forward.xml
create mode 100644 RHEL6/input/checks/sysctl_net_ipv4_tcp_syncookies.xml
create mode 100644 RHEL6/input/checks/sysctl_net_ipv6_conf_all_disable_ipv6.xml
create mode 100644 RHEL6/input/checks/sysctl_net_ipv6_conf_default_accept_ra.xml
create mode 100644 RHEL6/input/checks/sysctl_net_ipv6_conf_default_accept_ra_defrtr.xml
create mode 100644 RHEL6/input/checks/sysctl_net_ipv6_conf_default_accept_ra_pinfo.xml
create mode 100644 RHEL6/input/checks/sysctl_net_ipv6_conf_default_accept_ra_rtr_pref.xml
create mode 100644 RHEL6/input/checks/sysctl_net_ipv6_conf_default_accept_redirects.xml
create mode 100644 RHEL6/input/checks/sysctl_net_ipv6_conf_default_autoconf.xml
create mode 100644 RHEL6/input/checks/sysctl_net_ipv6_conf_default_dad_transmits.xml
create mode 100644 RHEL6/input/checks/sysctl_net_ipv6_conf_default_max_addresses.xml
create mode 100644 RHEL6/input/checks/sysctl_net_ipv6_conf_default_router_solicitations.xml
create mode 100644 RHEL6/input/checks/sysctl_net_ipv6_disabled.xml
create mode 100644 RHEL6/input/checks/system_info_architecture_x86.xml
create mode 100644 RHEL6/input/checks/system_info_architecture_x86_64.xml
create mode 100644 RHEL6/input/checks/templates/README
create mode 100755 RHEL6/input/checks/templates/create_kernel_modules_disabled.py
create mode 100755 RHEL6/input/checks/templates/create_package_installed.py
create mode 100755 RHEL6/input/checks/templates/create_package_removed.py
create mode 100755 RHEL6/input/checks/templates/create_permission_checks.py
create mode 100755 RHEL6/input/checks/templates/create_services_disabled.py
create mode 100755 RHEL6/input/checks/templates/create_services_enabled.py
create mode 100755 RHEL6/input/checks/templates/create_sysctl_checks.py
create mode 100644 RHEL6/input/checks/templates/file_dir_permissions.csv
create mode 100644 RHEL6/input/checks/templates/kernel_modules_disabled.csv
create mode 100644 RHEL6/input/checks/templates/output/.gitignore
create mode 100644 RHEL6/input/checks/templates/packages_installed.csv
create mode 100644 RHEL6/input/checks/templates/packages_removed.csv
create mode 100644 RHEL6/input/checks/templates/services_disabled.csv
create mode 100644 RHEL6/input/checks/templates/services_enabled.csv
create mode 100644 RHEL6/input/checks/templates/sysctl_values.csv
create mode 100644 RHEL6/input/checks/templates/template_kernel_module_disabled
create mode 100644 RHEL6/input/checks/templates/template_package_installed
create mode 100644 RHEL6/input/checks/templates/template_package_removed
create mode 100644 RHEL6/input/checks/templates/template_permissions
create mode 100644 RHEL6/input/checks/templates/template_service_disabled
create mode 100644 RHEL6/input/checks/templates/template_service_enabled
create mode 100644 RHEL6/input/checks/templates/template_sysctl
create mode 100755 RHEL6/input/checks/testcheck.py
create mode 100644 RHEL6/input/checks/tftpd_uses_secure_mode.xml
create mode 100644 RHEL6/input/checks/umask_for_daemons.xml
create mode 100644 RHEL6/input/checks/wireless_disable_drivers.xml
create mode 100644 RHEL6/input/checks/wireless_disable_interfaces.xml
create mode 100644 RHEL6/input/checks/xwindows_remote_listening.xml
create mode 100644 RHEL6/input/checks/xwindows_runlevel_setting.xml
create mode 100644 RHEL6/input/checks/yum_gpgcheck_global_activation.xml
create mode 100644 RHEL6/input/checks/yum_gpgcheck_never_disabled.xml
create mode 100644 RHEL6/input/fixes/bash-ks.xml
create mode 100644 RHEL6/input/fixes/puppet-example.xml
create mode 100644 RHEL6/input/guide.xml
create mode 100644 RHEL6/input/guide.xslt
create mode 100644 RHEL6/input/intro/intro.xml
create mode 100644 RHEL6/input/profiles/STIG-server.xml
create mode 100644 RHEL6/input/profiles/common.xml
create mode 100644 RHEL6/input/profiles/desktop.xml
create mode 100644 RHEL6/input/profiles/ftp.xml
create mode 100644 RHEL6/input/profiles/server.xml
create mode 100644 RHEL6/input/profiles/test.xml
create mode 100644 RHEL6/input/services/avahi.xml
create mode 100644 RHEL6/input/services/base.xml
create mode 100644 RHEL6/input/services/cron.xml
create mode 100644 RHEL6/input/services/dhcp.xml
create mode 100644 RHEL6/input/services/dns.xml
create mode 100644 RHEL6/input/services/ftp.xml
create mode 100644 RHEL6/input/services/http.xml
create mode 100644 RHEL6/input/services/imap.xml
create mode 100644 RHEL6/input/services/ldap.xml
create mode 100644 RHEL6/input/services/mail.xml
create mode 100644 RHEL6/input/services/nfs.xml
create mode 100644 RHEL6/input/services/ntp.xml
create mode 100644 RHEL6/input/services/obsolete.xml
create mode 100644 RHEL6/input/services/printing.xml
create mode 100644 RHEL6/input/services/services.xml
create mode 100644 RHEL6/input/services/smb.xml
create mode 100644 RHEL6/input/services/snmp.xml
create mode 100644 RHEL6/input/services/squid.xml
create mode 100644 RHEL6/input/services/ssh.xml
create mode 100644 RHEL6/input/services/xorg.xml
create mode 100644 RHEL6/input/system/accounts/accounts.xml
create mode 100644 RHEL6/input/system/accounts/banners.xml
create mode 100644 RHEL6/input/system/accounts/pam.xml
create mode 100644 RHEL6/input/system/accounts/physical.xml
create mode 100644 RHEL6/input/system/accounts/restrictions/account_expiration.xml
create mode 100644 RHEL6/input/system/accounts/restrictions/nis_inclusions.xml
create mode 100644 RHEL6/input/system/accounts/restrictions/password_expiration.xml
create mode 100644 RHEL6/input/system/accounts/restrictions/password_storage.xml
create mode 100644 RHEL6/input/system/accounts/restrictions/restrictions.xml
create mode 100644 RHEL6/input/system/accounts/restrictions/root_logins.xml
create mode 100644 RHEL6/input/system/accounts/session.xml
create mode 100644 RHEL6/input/system/auditing.xml
create mode 100644 RHEL6/input/system/logging.xml
create mode 100644 RHEL6/input/system/network/ipsec.xml
create mode 100644 RHEL6/input/system/network/iptables.xml
create mode 100644 RHEL6/input/system/network/ipv6.xml
create mode 100644 RHEL6/input/system/network/kernel.xml
create mode 100644 RHEL6/input/system/network/network.xml
create mode 100644 RHEL6/input/system/network/ssl.xml
create mode 100644 RHEL6/input/system/network/uncommon.xml
create mode 100644 RHEL6/input/system/network/wireless.xml
create mode 100644 RHEL6/input/system/permissions/execution.xml
create mode 100644 RHEL6/input/system/permissions/files.xml
create mode 100644 RHEL6/input/system/permissions/mounting.xml
create mode 100644 RHEL6/input/system/permissions/partitions.xml
create mode 100644 RHEL6/input/system/permissions/permissions.xml
create mode 100644 RHEL6/input/system/selinux.xml
create mode 100644 RHEL6/input/system/software/disk_partitioning.xml
create mode 100644 RHEL6/input/system/software/integrity.xml
create mode 100644 RHEL6/input/system/software/software.xml
create mode 100644 RHEL6/input/system/software/updating.xml
create mode 100644 RHEL6/input/system/system.xml
create mode 100644 RHEL6/output/.gitignore
create mode 100644 RHEL6/references/disa-cci-list.xml
create mode 100644 RHEL6/references/disa-os-srg-v1r1.xml
create mode 100644 RHEL6/references/disa-stig-rhel5-v1r0.6-cpe-dictionary.xml
create mode 100644 RHEL6/references/disa-stig-rhel5-v1r0.6-cpe-oval.xml
create mode 100644 RHEL6/references/disa-stig-rhel5-v1r0.6-oval.xml
create mode 100644 RHEL6/references/disa-stig-rhel5-v1r0.6-xccdf-manual.xml
create mode 100644 RHEL6/references/disa-stig-rhel5-v1r0.6-xccdf.xml
create mode 100644 RHEL6/references/usgcb-rhel5desktop-cpe-dictionary.xml
create mode 100644 RHEL6/references/usgcb-rhel5desktop-cpe-oval.xml
create mode 100644 RHEL6/references/usgcb-rhel5desktop-oval.xml
create mode 100644 RHEL6/references/usgcb-rhel5desktop-xccdf.xml
create mode 100644 RHEL6/transforms/.gitignore
create mode 100644 RHEL6/transforms/cci2html.xsl
create mode 100755 RHEL6/transforms/combinechecks.py
create mode 100644 RHEL6/transforms/constants.xslt
create mode 100755 RHEL6/transforms/idtranslate.py
create mode 100755 RHEL6/transforms/relabelids.py
create mode 100644 RHEL6/transforms/shorthand2xccdf.xslt
create mode 100755 RHEL6/transforms/splitchecks.py
create mode 100644 RHEL6/transforms/table-sortbyref.xslt
create mode 100644 RHEL6/transforms/table-srgmap.xslt
create mode 100644 RHEL6/transforms/xccdf-addfixes.xslt
create mode 100644 RHEL6/transforms/xccdf-addprofiles.xslt
create mode 100644 RHEL6/transforms/xccdf-removeaux.xslt
create mode 100644 RHEL6/transforms/xccdf2shorthand.xslt
create mode 100644 RHEL6/transforms/xccdf2stigformat.xslt
create mode 100644 RHEL6/transforms/xccdf2table-byref.xslt
create mode 100644 RHEL6/transforms/xccdf2table-profileccirefs.xslt
create mode 100644 RHEL6/transforms/xccdf2table-profilenistrefs.xslt
create mode 100644 RHEL6/transforms/xccdf2table-stig.xslt
create mode 100644 RHEL6/utils/README
create mode 100755 RHEL6/utils/verify-input-sanity.py
create mode 100755 RHEL6/utils/verify-references.py
delete mode 100644 rhel6/src/.gitignore
delete mode 100644 rhel6/src/Makefile
delete mode 100644 rhel6/src/README
delete mode 100644 rhel6/src/dist/README
delete mode 100644 rhel6/src/input/auxiliary/srg_support.xml
delete mode 100644 rhel6/src/input/checks/.gitignore
delete mode 100644 rhel6/src/input/checks/README
delete mode 100644 rhel6/src/input/checks/accounts_dangerous_path_for_root.xml
delete mode 100644 rhel6/src/input/checks/accounts_disable_post_pw_expiration.xml
delete mode 100644 rhel6/src/input/checks/accounts_max_concurrent_login_sessions.xml
delete mode 100644 rhel6/src/input/checks/accounts_maximum_age_login_defs.xml
delete mode 100644 rhel6/src/input/checks/accounts_minimum_age_login_defs.xml
delete mode 100644 rhel6/src/input/checks/accounts_no_empty_passwords.xml
delete mode 100644 rhel6/src/input/checks/accounts_no_nis_inclusions_etc_group.xml
delete mode 100644 rhel6/src/input/checks/accounts_no_nis_inclusions_etc_passwd.xml
delete mode 100644 rhel6/src/input/checks/accounts_no_nis_inclusions_etc_shadow.xml
delete mode 100644 rhel6/src/input/checks/accounts_no_uid_except_zero.xml
delete mode 100644 rhel6/src/input/checks/accounts_nologin_for_system.xml
delete mode 100644 rhel6/src/input/checks/accounts_password_all_shadowed.xml
delete mode 100644 rhel6/src/input/checks/accounts_password_hashing_algorithm.xml
delete mode 100644 rhel6/src/input/checks/accounts_password_minlen_login_defs.xml
delete mode 100644 rhel6/src/input/checks/accounts_password_pam_cracklib_dcredit.xml
delete mode 100644 rhel6/src/input/checks/accounts_password_pam_cracklib_difok.xml
delete mode 100644 rhel6/src/input/checks/accounts_password_pam_cracklib_lcredit.xml
delete mode 100644 rhel6/src/input/checks/accounts_password_pam_cracklib_ocredit.xml
delete mode 100644 rhel6/src/input/checks/accounts_password_pam_cracklib_retry.xml
delete mode 100644 rhel6/src/input/checks/accounts_password_pam_cracklib_ucredit.xml
delete mode 100644 rhel6/src/input/checks/accounts_password_reuse_limit.xml
delete mode 100644 rhel6/src/input/checks/accounts_password_warn_age_login_defs.xml
delete mode 100644 rhel6/src/input/checks/accounts_passwords_pam_tally2_deny.xml
delete mode 100644 rhel6/src/input/checks/accounts_root_path_dirs_no_write.xml
delete mode 100644 rhel6/src/input/checks/accounts_su_wheel_only.xml
delete mode 100644 rhel6/src/input/checks/accounts_umask_bash_users.xml
delete mode 100644 rhel6/src/input/checks/accounts_umask_csh.xml
delete mode 100644 rhel6/src/input/checks/accounts_umask_etc_profile.xml
delete mode 100644 rhel6/src/input/checks/accounts_umask_login_defs.xml
delete mode 100644 rhel6/src/input/checks/accounts_wheel_exists.xml
delete mode 100644 rhel6/src/input/checks/audit_rules_dac_modification.xml
delete mode 100644 rhel6/src/input/checks/audit_rules_file_deletion_events.xml
delete mode 100644 rhel6/src/input/checks/audit_rules_immutable.xml
delete mode 100644 rhel6/src/input/checks/audit_rules_kernel_module_loading.xml
delete mode 100644 rhel6/src/input/checks/audit_rules_login_events.xml
delete mode 100644 rhel6/src/input/checks/audit_rules_mac_modification.xml
delete mode 100644 rhel6/src/input/checks/audit_rules_media_export.xml
delete mode 100644 rhel6/src/input/checks/audit_rules_networkconfig_modification.xml
delete mode 100644 rhel6/src/input/checks/audit_rules_privileged_commands.xml
delete mode 100644 rhel6/src/input/checks/audit_rules_record_timechange.xml
delete mode 100644 rhel6/src/input/checks/audit_rules_session_events.xml
delete mode 100644 rhel6/src/input/checks/audit_rules_sysadmin_actions.xml
delete mode 100644 rhel6/src/input/checks/audit_rules_time_adjtimex.xml
delete mode 100644 rhel6/src/input/checks/audit_rules_time_clock_settime.xml
delete mode 100644 rhel6/src/input/checks/audit_rules_time_settimeofday.xml
delete mode 100644 rhel6/src/input/checks/audit_rules_time_stime.xml
delete mode 100644 rhel6/src/input/checks/audit_rules_time_watch_localtime.xml
delete mode 100644 rhel6/src/input/checks/audit_rules_unsuccessful_file_modification.xml
delete mode 100644 rhel6/src/input/checks/audit_rules_usergroup_modification.xml
delete mode 100644 rhel6/src/input/checks/auditd_data_retention_action_mail_acct.xml
delete mode 100644 rhel6/src/input/checks/auditd_data_retention_admin_space_left_action.xml
delete mode 100644 rhel6/src/input/checks/auditd_data_retention_max_log_file.xml
delete mode 100644 rhel6/src/input/checks/auditd_data_retention_max_log_file_action.xml
delete mode 100644 rhel6/src/input/checks/auditd_data_retention_num_logs.xml
delete mode 100644 rhel6/src/input/checks/auditd_data_retention_space_left_action.xml
delete mode 100644 rhel6/src/input/checks/banner_etc_issue.xml
delete mode 100644 rhel6/src/input/checks/banner_gui_enabled.xml
delete mode 100644 rhel6/src/input/checks/banner_gui_gdm.xml
delete mode 100644 rhel6/src/input/checks/bootloader_audit_argument.xml
delete mode 100644 rhel6/src/input/checks/bootloader_nousb_argument.xml
delete mode 100644 rhel6/src/input/checks/bootloader_password.xml
delete mode 100644 rhel6/src/input/checks/console_device_restrict_access_desktop.xml
delete mode 100644 rhel6/src/input/checks/console_device_restrict_access_server.xml
delete mode 100644 rhel6/src/input/checks/core_dump_suid_progs_limits_conf.xml
delete mode 100644 rhel6/src/input/checks/core_dumps_limitsconf.xml
delete mode 100644 rhel6/src/input/checks/cups_disable_browsing.xml
delete mode 100644 rhel6/src/input/checks/cups_disable_printserver.xml
delete mode 100644 rhel6/src/input/checks/cups_limit_browsing.xml
delete mode 100644 rhel6/src/input/checks/cups_limit_browsing_browseaddress.xml
delete mode 100644 rhel6/src/input/checks/cups_limit_browsing_browsedenyallow.xml
delete mode 100644 rhel6/src/input/checks/cups_limit_web_interface.xml
delete mode 100644 rhel6/src/input/checks/dir_perms_etc_httpd_conf.xml
delete mode 100644 rhel6/src/input/checks/dir_perms_var_log_httpd.xml
delete mode 100644 rhel6/src/input/checks/dir_perms_world_writable_sticky_bits.xml
delete mode 100644 rhel6/src/input/checks/dir_perms_world_writable_system_owned.xml
delete mode 100644 rhel6/src/input/checks/dovecot_disable_plaintext_auth.xml
delete mode 100644 rhel6/src/input/checks/dovecot_enable_ssl.xml
delete mode 100644 rhel6/src/input/checks/file_group_owner_etc_crontab.xml
delete mode 100644 rhel6/src/input/checks/file_group_owner_grub_conf.xml
delete mode 100644 rhel6/src/input/checks/file_groupowner_etc_group.xml
delete mode 100644 rhel6/src/input/checks/file_groupowner_etc_gshadow.xml
delete mode 100644 rhel6/src/input/checks/file_groupowner_etc_passwd.xml
delete mode 100644 rhel6/src/input/checks/file_groupowner_etc_shadow.xml
delete mode 100644 rhel6/src/input/checks/file_groupowner_ldap_server_bdb.xml
delete mode 100644 rhel6/src/input/checks/file_groupowner_ldap_server_files.xml
delete mode 100644 rhel6/src/input/checks/file_mode_etc_crontab.xml
delete mode 100644 rhel6/src/input/checks/file_owner_etc_group.xml
delete mode 100644 rhel6/src/input/checks/file_owner_etc_gshadow.xml
delete mode 100644 rhel6/src/input/checks/file_owner_etc_passwd.xml
delete mode 100644 rhel6/src/input/checks/file_owner_etc_shadow.xml
delete mode 100644 rhel6/src/input/checks/file_owner_ldap_server_bdb.xml
delete mode 100644 rhel6/src/input/checks/file_owner_ldap_server_files.xml
delete mode 100644 rhel6/src/input/checks/file_ownership_etc_skel.xml
delete mode 100644 rhel6/src/input/checks/file_ownership_samba_password.xml
delete mode 100644 rhel6/src/input/checks/file_ownership_var_log_audit.xml
delete mode 100644 rhel6/src/input/checks/file_permissions_etc_at_allow.xml
delete mode 100644 rhel6/src/input/checks/file_permissions_etc_group.xml
delete mode 100644 rhel6/src/input/checks/file_permissions_etc_gshadow.xml
delete mode 100644 rhel6/src/input/checks/file_permissions_etc_passwd.xml
delete mode 100644 rhel6/src/input/checks/file_permissions_etc_shadow.xml
delete mode 100644 rhel6/src/input/checks/file_permissions_etc_skel.xml
delete mode 100644 rhel6/src/input/checks/file_permissions_grub_conf.xml
delete mode 100644 rhel6/src/input/checks/file_permissions_home_dirs.xml
delete mode 100644 rhel6/src/input/checks/file_permissions_httpd_server_conf_files.xml
delete mode 100644 rhel6/src/input/checks/file_permissions_ldap_server_bdb.xml
delete mode 100644 rhel6/src/input/checks/file_permissions_ldap_server_files.xml
delete mode 100644 rhel6/src/input/checks/file_permissions_samba_password.xml
delete mode 100644 rhel6/src/input/checks/file_permissions_unauthorized_sgid.xml
delete mode 100644 rhel6/src/input/checks/file_permissions_unauthorized_suid.xml
delete mode 100644 rhel6/src/input/checks/file_permissions_unauthorized_world_writable.xml
delete mode 100644 rhel6/src/input/checks/file_permissions_ungroupowned.xml
delete mode 100644 rhel6/src/input/checks/file_permissions_unowned.xml
delete mode 100644 rhel6/src/input/checks/file_permissions_var_log_audit.xml
delete mode 100644 rhel6/src/input/checks/file_ssh_host_keys_private_permissions.xml
delete mode 100644 rhel6/src/input/checks/file_ssh_host_keys_public_permissions.xml
delete mode 100644 rhel6/src/input/checks/file_user_owner_etc_crontab.xml
delete mode 100644 rhel6/src/input/checks/file_user_owner_grub_conf.xml
delete mode 100644 rhel6/src/input/checks/gconf_gnome_disable_automount.xml
delete mode 100644 rhel6/src/input/checks/gconf_gnome_screensaver_idle_activation_enabled.xml
delete mode 100644 rhel6/src/input/checks/gconf_gnome_screensaver_idle_delay.xml
delete mode 100644 rhel6/src/input/checks/gconf_gnome_screensaver_lock_enabled.xml
delete mode 100644 rhel6/src/input/checks/gconf_gnome_screensaver_mode_blank.xml
delete mode 120000 rhel6/src/input/checks/idtranslate.py
delete mode 100644 rhel6/src/input/checks/installed_OS_is_rhel6.xml
delete mode 100644 rhel6/src/input/checks/interactive_boot_disable.xml
delete mode 100644 rhel6/src/input/checks/iptables_avahi_disabled.xml
delete mode 100644 rhel6/src/input/checks/iptables_cupsd_disabled.xml
delete mode 100644 rhel6/src/input/checks/iptables_default_policy_drop.xml
delete mode 100644 rhel6/src/input/checks/iptables_icmp_disabled.xml
delete mode 100644 rhel6/src/input/checks/iptables_ldap_enabled.xml
delete mode 100644 rhel6/src/input/checks/iptables_smtp_enabled.xml
delete mode 100644 rhel6/src/input/checks/iptables_sshd_disabled.xml
delete mode 100644 rhel6/src/input/checks/kernel_module_bluetooth_disabled.xml
delete mode 100644 rhel6/src/input/checks/kernel_module_cramfs_disabled.xml
delete mode 100644 rhel6/src/input/checks/kernel_module_dccp_disabled.xml
delete mode 100644 rhel6/src/input/checks/kernel_module_freevxfs_disabled.xml
delete mode 100644 rhel6/src/input/checks/kernel_module_hfs_disabled.xml
delete mode 100644 rhel6/src/input/checks/kernel_module_hfsplus_disabled.xml
delete mode 100644 rhel6/src/input/checks/kernel_module_ipv6_option_disabled.xml
delete mode 100644 rhel6/src/input/checks/kernel_module_jffs2_disabled.xml
delete mode 100644 rhel6/src/input/checks/kernel_module_rds_disabled.xml
delete mode 100644 rhel6/src/input/checks/kernel_module_sctp_disabled.xml
delete mode 100644 rhel6/src/input/checks/kernel_module_squashfs_disabled.xml
delete mode 100644 rhel6/src/input/checks/kernel_module_tipc_disabled.xml
delete mode 100644 rhel6/src/input/checks/kernel_module_udf_disabled.xml
delete mode 100644 rhel6/src/input/checks/kernel_module_usb-storage_disabled.xml
delete mode 100644 rhel6/src/input/checks/ldap_client_pam_ldap_present.xml
delete mode 100644 rhel6/src/input/checks/ldap_client_start_tls.xml
delete mode 100644 rhel6/src/input/checks/ldap_client_tls_cacertpath.xml
delete mode 100644 rhel6/src/input/checks/ldap_server_config_bdb_file_security.xml
delete mode 100644 rhel6/src/input/checks/ldap_server_config_certificate_files.xml
delete mode 100644 rhel6/src/input/checks/ldap_server_config_certificate_usage.xml
delete mode 100644 rhel6/src/input/checks/ldap_server_config_directory_file_security.xml
delete mode 100644 rhel6/src/input/checks/ldap_server_config_logging.xml
delete mode 100644 rhel6/src/input/checks/ldap_server_config_olcaccess.xml
delete mode 100644 rhel6/src/input/checks/ldap_server_config_olcrootpw.xml
delete mode 100644 rhel6/src/input/checks/ldap_server_config_olcsecurity_simple_bind.xml
delete mode 100644 rhel6/src/input/checks/ldap_server_config_olcsecurity_tls.xml
delete mode 100644 rhel6/src/input/checks/ldap_server_config_olcsuffix.xml
delete mode 100644 rhel6/src/input/checks/ldap_server_config_olctlsciphersuite.xml
delete mode 100644 rhel6/src/input/checks/libuser_login_defs_import.xml
delete mode 100644 rhel6/src/input/checks/logrotate_rotate_all_files.xml
delete mode 100644 rhel6/src/input/checks/logwatch_configured_hostlimit.xml
delete mode 100644 rhel6/src/input/checks/logwatch_configured_splithosts.xml
delete mode 100644 rhel6/src/input/checks/mount_home_own_partition.xml
delete mode 100644 rhel6/src/input/checks/mount_option_dev_shm_nodev.xml
delete mode 100644 rhel6/src/input/checks/mount_option_dev_shm_noexec.xml
delete mode 100644 rhel6/src/input/checks/mount_option_dev_shm_nosuid.xml
delete mode 100644 rhel6/src/input/checks/mount_option_nodev_nonroot_local_partitions.xml
delete mode 100644 rhel6/src/input/checks/mount_option_nodev_on_tmp.xml
delete mode 100644 rhel6/src/input/checks/mount_option_nodev_remote_filesystems.xml
delete mode 100644 rhel6/src/input/checks/mount_option_nodev_removable_partitions.xml
delete mode 100644 rhel6/src/input/checks/mount_option_noexec_removable_partitions.xml
delete mode 100644 rhel6/src/input/checks/mount_option_nosuid_remote_filesystems.xml
delete mode 100644 rhel6/src/input/checks/mount_option_nosuid_removable_partitions.xml
delete mode 100644 rhel6/src/input/checks/mount_option_smb_client_signing.xml
delete mode 100644 rhel6/src/input/checks/mount_option_tmp_nodev.xml
delete mode 100644 rhel6/src/input/checks/mount_option_tmp_noexec.xml
delete mode 100644 rhel6/src/input/checks/mount_option_tmp_nosuid.xml
delete mode 100644 rhel6/src/input/checks/mount_option_var_tmp_bind.xml
delete mode 100644 rhel6/src/input/checks/mount_tmp_own_partition.xml
delete mode 100644 rhel6/src/input/checks/mount_var_log_audit_own_partition.xml
delete mode 100644 rhel6/src/input/checks/mount_var_log_own_partition.xml
delete mode 100644 rhel6/src/input/checks/mount_var_own_partition.xml
delete mode 100644 rhel6/src/input/checks/network_ipv6_default_gateway.xml
delete mode 100644 rhel6/src/input/checks/network_ipv6_disable_interfaces.xml
delete mode 100644 rhel6/src/input/checks/network_ipv6_disable_rpc.xml
delete mode 100644 rhel6/src/input/checks/network_ipv6_limit_requests.xml
delete mode 100644 rhel6/src/input/checks/network_ipv6_privacy_extensions.xml
delete mode 100644 rhel6/src/input/checks/network_ipv6_static_address.xml
delete mode 100644 rhel6/src/input/checks/network_sniffer_disabled.xml
delete mode 100644 rhel6/src/input/checks/no_rsh_trusted_host_files.xml
delete mode 100644 rhel6/src/input/checks/ntp_remote_server.xml
delete mode 100644 rhel6/src/input/checks/package_abrt_removed.xml
delete mode 100644 rhel6/src/input/checks/package_acpid_removed.xml
delete mode 100644 rhel6/src/input/checks/package_aide_installed.xml
delete mode 100644 rhel6/src/input/checks/package_at_removed.xml
delete mode 100644 rhel6/src/input/checks/package_audit_installed.xml
delete mode 100644 rhel6/src/input/checks/package_autofs_removed.xml
delete mode 100644 rhel6/src/input/checks/package_bind_removed.xml
delete mode 100644 rhel6/src/input/checks/package_certmonger_removed.xml
delete mode 100644 rhel6/src/input/checks/package_cpuspeed_removed.xml
delete mode 100644 rhel6/src/input/checks/package_cronie-anacron_removed.xml
delete mode 100644 rhel6/src/input/checks/package_cronie_installed.xml
delete mode 100644 rhel6/src/input/checks/package_cups_removed.xml
delete mode 100644 rhel6/src/input/checks/package_cyrus-sasl_removed.xml
delete mode 100644 rhel6/src/input/checks/package_dbus_removed.xml
delete mode 100644 rhel6/src/input/checks/package_dhcp_removed.xml
delete mode 100644 rhel6/src/input/checks/package_dhcpd_removed.xml
delete mode 100644 rhel6/src/input/checks/package_dovecot_removed.xml
delete mode 100644 rhel6/src/input/checks/package_hal_removed.xml
delete mode 100644 rhel6/src/input/checks/package_httpd_removed.xml
delete mode 100644 rhel6/src/input/checks/package_initscripts_installed.xml
delete mode 100644 rhel6/src/input/checks/package_ipsec-tools_installed.xml
delete mode 100644 rhel6/src/input/checks/package_iptables-ipv6_installed.xml
delete mode 100644 rhel6/src/input/checks/package_iptables_installed.xml
delete mode 100644 rhel6/src/input/checks/package_iputils_removed.xml
delete mode 100644 rhel6/src/input/checks/package_irda-utils_removed.xml
delete mode 100644 rhel6/src/input/checks/package_irqbalance_installed.xml
delete mode 100644 rhel6/src/input/checks/package_isdn4k-utils_removed.xml
delete mode 100644 rhel6/src/input/checks/package_kexec-tools_removed.xml
delete mode 100644 rhel6/src/input/checks/package_libcgroup_removed.xml
delete mode 100644 rhel6/src/input/checks/package_lvm2_installed.xml
delete mode 100644 rhel6/src/input/checks/package_mdadm_removed.xml
delete mode 100644 rhel6/src/input/checks/package_net-snmp_removed.xml
delete mode 100644 rhel6/src/input/checks/package_nfs-utils_removed.xml
delete mode 100644 rhel6/src/input/checks/package_ntp_installed.xml
delete mode 100644 rhel6/src/input/checks/package_ntpdate_installed.xml
delete mode 100644 rhel6/src/input/checks/package_oddjob_removed.xml
delete mode 100644 rhel6/src/input/checks/package_openldap-servers_installed.xml
delete mode 100644 rhel6/src/input/checks/package_openldap-servers_removed.xml
delete mode 100644 rhel6/src/input/checks/package_openldap_removed.xml
delete mode 100644 rhel6/src/input/checks/package_openssh-server_removed.xml
delete mode 100644 rhel6/src/input/checks/package_openswan_installed.xml
delete mode 100644 rhel6/src/input/checks/package_pam_ccreds_removed.xml
delete mode 100644 rhel6/src/input/checks/package_pam_ldap_removed.xml
delete mode 100644 rhel6/src/input/checks/package_policycoreutils_installed.xml
delete mode 100644 rhel6/src/input/checks/package_portreserve_removed.xml
delete mode 100644 rhel6/src/input/checks/package_postfix_installed.xml
delete mode 100644 rhel6/src/input/checks/package_psacct_installed.xml
delete mode 100644 rhel6/src/input/checks/package_quota_removed.xml
delete mode 100644 rhel6/src/input/checks/package_rhn_gpgkey_installed.xml
delete mode 100644 rhel6/src/input/checks/package_rhnsd_removed.xml
delete mode 100644 rhel6/src/input/checks/package_rpcbind_removed.xml
delete mode 100644 rhel6/src/input/checks/package_rsh-server_removed.xml
delete mode 100644 rhel6/src/input/checks/package_rsh_removed.xml
delete mode 100644 rhel6/src/input/checks/package_rsyslog_installed.xml
delete mode 100644 rhel6/src/input/checks/package_samba-common_removed.xml
delete mode 100644 rhel6/src/input/checks/package_samba_removed.xml
delete mode 100644 rhel6/src/input/checks/package_sendmail_removed.xml
delete mode 100644 rhel6/src/input/checks/package_smartmontools_removed.xml
delete mode 100644 rhel6/src/input/checks/package_squid_removed.xml
delete mode 100644 rhel6/src/input/checks/package_sssd_removed.xml
delete mode 100644 rhel6/src/input/checks/package_subscription-manager_removed.xml
delete mode 100644 rhel6/src/input/checks/package_sysstat_removed.xml
delete mode 100644 rhel6/src/input/checks/package_talk-server_removed.xml
delete mode 100644 rhel6/src/input/checks/package_talk_removed.xml
delete mode 100644 rhel6/src/input/checks/package_telnet-server_removed.xml
delete mode 100644 rhel6/src/input/checks/package_tftp-server_removed.xml
delete mode 100644 rhel6/src/input/checks/package_vlock_installed.xml
delete mode 100644 rhel6/src/input/checks/package_vlock_removed.xml
delete mode 100644 rhel6/src/input/checks/package_vsftpd_installed.xml
delete mode 100644 rhel6/src/input/checks/package_vsftpd_removed.xml
delete mode 100644 rhel6/src/input/checks/package_xinetd_removed.xml
delete mode 100644 rhel6/src/input/checks/package_xorg-x11-server-common_removed.xml
delete mode 100644 rhel6/src/input/checks/package_ypbind_removed.xml
delete mode 100644 rhel6/src/input/checks/package_ypserv_removed.xml
delete mode 100644 rhel6/src/input/checks/postfix_certificate_files.xml
delete mode 100644 rhel6/src/input/checks/postfix_logging.xml
delete mode 100644 rhel6/src/input/checks/postfix_network_listening_disabled.xml
delete mode 100644 rhel6/src/input/checks/postfix_server_banner.xml
delete mode 100644 rhel6/src/input/checks/postfix_server_denial_of_service.xml
delete mode 100644 rhel6/src/input/checks/postfix_server_mail_relay_for_trusted_networks.xml
delete mode 100644 rhel6/src/input/checks/postfix_server_mail_relay_require_tls_for_smtp_auth.xml
delete mode 100644 rhel6/src/input/checks/postfix_server_mail_relay_set_trusted_networks.xml
delete mode 100644 rhel6/src/input/checks/postfix_server_mail_relay_smtp_auth_for_untrusted_networks.xml
delete mode 100644 rhel6/src/input/checks/rpm_verify_hashes.xml
delete mode 100644 rhel6/src/input/checks/rpm_verify_permissions.xml
delete mode 100644 rhel6/src/input/checks/rsyslog_files_exist_permissions.xml
delete mode 100644 rhel6/src/input/checks/rsyslog_files_groupownership.xml
delete mode 100644 rhel6/src/input/checks/rsyslog_files_ownership.xml
delete mode 100644 rhel6/src/input/checks/rsyslog_files_permissions.xml
delete mode 100644 rhel6/src/input/checks/rsyslog_nolisten.xml
delete mode 100644 rhel6/src/input/checks/rsyslog_remote_loghost.xml
delete mode 100644 rhel6/src/input/checks/securetty_no_serial.xml
delete mode 100644 rhel6/src/input/checks/securetty_root_login_console_only.xml
delete mode 100644 rhel6/src/input/checks/selinux_all_devicefiles_labeled.xml
delete mode 100644 rhel6/src/input/checks/selinux_bootloader_notdisabled.xml
delete mode 100644 rhel6/src/input/checks/selinux_enabled.xml
delete mode 100644 rhel6/src/input/checks/selinux_mode.xml
delete mode 100644 rhel6/src/input/checks/selinux_policytype.xml
delete mode 100644 rhel6/src/input/checks/service_abrtd_disabled.xml
delete mode 100644 rhel6/src/input/checks/service_acpid_disabled.xml
delete mode 100644 rhel6/src/input/checks/service_atd_disabled.xml
delete mode 100644 rhel6/src/input/checks/service_auditd_enabled.xml
delete mode 100644 rhel6/src/input/checks/service_autofs_disabled.xml
delete mode 100644 rhel6/src/input/checks/service_avahi-daemon_disabled.xml
delete mode 100644 rhel6/src/input/checks/service_bluetooth_disabled.xml
delete mode 100644 rhel6/src/input/checks/service_certmonger_disabled.xml
delete mode 100644 rhel6/src/input/checks/service_cgconfig_disabled.xml
delete mode 100644 rhel6/src/input/checks/service_cgred_disabled.xml
delete mode 100644 rhel6/src/input/checks/service_cpuspeed_disabled.xml
delete mode 100644 rhel6/src/input/checks/service_crond_enabled.xml
delete mode 100644 rhel6/src/input/checks/service_cups_disabled.xml
delete mode 100644 rhel6/src/input/checks/service_dhcpd_disabled.xml
delete mode 100644 rhel6/src/input/checks/service_dovecot_disabled.xml
delete mode 100644 rhel6/src/input/checks/service_haldaemon_disabled.xml
delete mode 100644 rhel6/src/input/checks/service_httpd_disabled.xml
delete mode 100644 rhel6/src/input/checks/service_ip6tables_enabled.xml
delete mode 100644 rhel6/src/input/checks/service_iptables_enabled.xml
delete mode 100644 rhel6/src/input/checks/service_irqbalance_enabled.xml
delete mode 100644 rhel6/src/input/checks/service_isdn_disabled.xml
delete mode 100644 rhel6/src/input/checks/service_kdump_disabled.xml
delete mode 100644 rhel6/src/input/checks/service_lvm2-monitor_enabled.xml
delete mode 100644 rhel6/src/input/checks/service_mcstrans_disabled.xml
delete mode 100644 rhel6/src/input/checks/service_mdmonitor_disabled.xml
delete mode 100644 rhel6/src/input/checks/service_messagebus_disabled.xml
delete mode 100644 rhel6/src/input/checks/service_named_disabled.xml
delete mode 100644 rhel6/src/input/checks/service_netconsole_disabled.xml
delete mode 100644 rhel6/src/input/checks/service_netfs_disabled.xml
delete mode 100644 rhel6/src/input/checks/service_network_enabled.xml
delete mode 100644 rhel6/src/input/checks/service_nfs_disabled.xml
delete mode 100644 rhel6/src/input/checks/service_nfslock_disabled.xml
delete mode 100644 rhel6/src/input/checks/service_ntpd_enabled.xml
delete mode 100644 rhel6/src/input/checks/service_ntpdate_enabled.xml
delete mode 100644 rhel6/src/input/checks/service_oddjobd_disabled.xml
delete mode 100644 rhel6/src/input/checks/service_portreserve_disabled.xml
delete mode 100644 rhel6/src/input/checks/service_postfix_enabled.xml
delete mode 100644 rhel6/src/input/checks/service_psacct_enabled.xml
delete mode 100644 rhel6/src/input/checks/service_quota_nld_disabled.xml
delete mode 100644 rhel6/src/input/checks/service_rdisc_disabled.xml
delete mode 100644 rhel6/src/input/checks/service_restorecond_enabled.xml
delete mode 100644 rhel6/src/input/checks/service_rexec_disabled.xml
delete mode 100644 rhel6/src/input/checks/service_rhnsd_disabled.xml
delete mode 100644 rhel6/src/input/checks/service_rhsmcertd_disabled.xml
delete mode 100644 rhel6/src/input/checks/service_rlogin_disabled.xml
delete mode 100644 rhel6/src/input/checks/service_rpcbind_disabled.xml
delete mode 100644 rhel6/src/input/checks/service_rpcgssd_disabled.xml
delete mode 100644 rhel6/src/input/checks/service_rpcidmapd_disabled.xml
delete mode 100644 rhel6/src/input/checks/service_rpcsvcgssd_disabled.xml
delete mode 100644 rhel6/src/input/checks/service_rsh_disabled.xml
delete mode 100644 rhel6/src/input/checks/service_rsyslog_enabled.xml
delete mode 100644 rhel6/src/input/checks/service_saslauthd_disabled.xml
delete mode 100644 rhel6/src/input/checks/service_sendmail_disabled.xml
delete mode 100644 rhel6/src/input/checks/service_smartd_disabled.xml
delete mode 100644 rhel6/src/input/checks/service_smb_disabled.xml
delete mode 100644 rhel6/src/input/checks/service_snmpd_disabled.xml
delete mode 100644 rhel6/src/input/checks/service_squid_disabled.xml
delete mode 100644 rhel6/src/input/checks/service_sshd_disabled.xml
delete mode 100644 rhel6/src/input/checks/service_sssd_disabled.xml
delete mode 100644 rhel6/src/input/checks/service_sysstat_disabled.xml
delete mode 100644 rhel6/src/input/checks/service_telnet_disabled.xml
delete mode 100644 rhel6/src/input/checks/service_telnetd_disabled.xml
delete mode 100644 rhel6/src/input/checks/service_tftp_disabled.xml
delete mode 100644 rhel6/src/input/checks/service_vsftpd_disabled.xml
delete mode 100644 rhel6/src/input/checks/service_xinetd_disabled.xml
delete mode 100644 rhel6/src/input/checks/service_ypbind_disabled.xml
delete mode 100644 rhel6/src/input/checks/service_ypserv_disabled.xml
delete mode 100644 rhel6/src/input/checks/singleuser_password.xml
delete mode 100644 rhel6/src/input/checks/smb_client_signing_smb_conf.xml
delete mode 100644 rhel6/src/input/checks/sshd_banner_set.xml
delete mode 100644 rhel6/src/input/checks/sshd_clientalivecountmax.xml
delete mode 100644 rhel6/src/input/checks/sshd_hostbasedauthentication.xml
delete mode 100644 rhel6/src/input/checks/sshd_idle_timeout.xml
delete mode 100644 rhel6/src/input/checks/sshd_no_user_envset.xml
delete mode 100644 rhel6/src/input/checks/sshd_permitemptypasswords_no.xml
delete mode 100644 rhel6/src/input/checks/sshd_permitrootlogin_no.xml
delete mode 100644 rhel6/src/input/checks/sshd_protocol_2.xml
delete mode 100644 rhel6/src/input/checks/sshd_rsh_emulation_disabled.xml
delete mode 100644 rhel6/src/input/checks/sshd_use_approved_ciphers.xml
delete mode 100644 rhel6/src/input/checks/sysconfig_ipv6_autoconf.xml
delete mode 100644 rhel6/src/input/checks/sysconfig_ipv6_disable.xml
delete mode 100644 rhel6/src/input/checks/sysconfig_ipv6_networking.xml
delete mode 100644 rhel6/src/input/checks/sysconfig_networking_bootproto_ifcfg.xml
delete mode 100644 rhel6/src/input/checks/sysconfig_networking_ipv6_ifcfg.xml
delete mode 100644 rhel6/src/input/checks/sysconfig_nozeroconf_yes.xml
delete mode 100644 rhel6/src/input/checks/sysctl_kernel_exec_shield.xml
delete mode 100644 rhel6/src/input/checks/sysctl_kernel_randomize_va_space.xml
delete mode 100644 rhel6/src/input/checks/sysctl_net_ipv4_conf_all_accept_redirects.xml
delete mode 100644 rhel6/src/input/checks/sysctl_net_ipv4_conf_all_accept_source_route.xml
delete mode 100644 rhel6/src/input/checks/sysctl_net_ipv4_conf_all_log_martians.xml
delete mode 100644 rhel6/src/input/checks/sysctl_net_ipv4_conf_all_rp_filter.xml
delete mode 100644 rhel6/src/input/checks/sysctl_net_ipv4_conf_all_secure_redirects.xml
delete mode 100644 rhel6/src/input/checks/sysctl_net_ipv4_conf_all_send_redirects.xml
delete mode 100644 rhel6/src/input/checks/sysctl_net_ipv4_conf_default_accept_redirects.xml
delete mode 100644 rhel6/src/input/checks/sysctl_net_ipv4_conf_default_accept_source_route.xml
delete mode 100644 rhel6/src/input/checks/sysctl_net_ipv4_conf_default_rp_filter.xml
delete mode 100644 rhel6/src/input/checks/sysctl_net_ipv4_conf_default_secure_redirects.xml
delete mode 100644 rhel6/src/input/checks/sysctl_net_ipv4_conf_default_send_redirects.xml
delete mode 100644 rhel6/src/input/checks/sysctl_net_ipv4_icmp_echo_ignore_broadcasts.xml
delete mode 100644 rhel6/src/input/checks/sysctl_net_ipv4_icmp_ignore_bogus_error_messages.xml
delete mode 100644 rhel6/src/input/checks/sysctl_net_ipv4_icmp_ignore_bogus_error_responses.xml
delete mode 100644 rhel6/src/input/checks/sysctl_net_ipv4_ip_forward.xml
delete mode 100644 rhel6/src/input/checks/sysctl_net_ipv4_tcp_syncookies.xml
delete mode 100644 rhel6/src/input/checks/sysctl_net_ipv6_conf_all_disable_ipv6.xml
delete mode 100644 rhel6/src/input/checks/sysctl_net_ipv6_conf_default_accept_ra.xml
delete mode 100644 rhel6/src/input/checks/sysctl_net_ipv6_conf_default_accept_ra_defrtr.xml
delete mode 100644 rhel6/src/input/checks/sysctl_net_ipv6_conf_default_accept_ra_pinfo.xml
delete mode 100644 rhel6/src/input/checks/sysctl_net_ipv6_conf_default_accept_ra_rtr_pref.xml
delete mode 100644 rhel6/src/input/checks/sysctl_net_ipv6_conf_default_accept_redirects.xml
delete mode 100644 rhel6/src/input/checks/sysctl_net_ipv6_conf_default_autoconf.xml
delete mode 100644 rhel6/src/input/checks/sysctl_net_ipv6_conf_default_dad_transmits.xml
delete mode 100644 rhel6/src/input/checks/sysctl_net_ipv6_conf_default_max_addresses.xml
delete mode 100644 rhel6/src/input/checks/sysctl_net_ipv6_conf_default_router_solicitations.xml
delete mode 100644 rhel6/src/input/checks/sysctl_net_ipv6_disabled.xml
delete mode 100644 rhel6/src/input/checks/system_info_architecture_x86.xml
delete mode 100644 rhel6/src/input/checks/system_info_architecture_x86_64.xml
delete mode 100644 rhel6/src/input/checks/templates/README
delete mode 100755 rhel6/src/input/checks/templates/create_kernel_modules_disabled.py
delete mode 100755 rhel6/src/input/checks/templates/create_package_installed.py
delete mode 100755 rhel6/src/input/checks/templates/create_package_removed.py
delete mode 100755 rhel6/src/input/checks/templates/create_permission_checks.py
delete mode 100755 rhel6/src/input/checks/templates/create_services_disabled.py
delete mode 100755 rhel6/src/input/checks/templates/create_services_enabled.py
delete mode 100755 rhel6/src/input/checks/templates/create_sysctl_checks.py
delete mode 100644 rhel6/src/input/checks/templates/file_dir_permissions.csv
delete mode 100644 rhel6/src/input/checks/templates/kernel_modules_disabled.csv
delete mode 100644 rhel6/src/input/checks/templates/output/.gitignore
delete mode 100644 rhel6/src/input/checks/templates/packages_installed.csv
delete mode 100644 rhel6/src/input/checks/templates/packages_removed.csv
delete mode 100644 rhel6/src/input/checks/templates/services_disabled.csv
delete mode 100644 rhel6/src/input/checks/templates/services_enabled.csv
delete mode 100644 rhel6/src/input/checks/templates/sysctl_values.csv
delete mode 100644 rhel6/src/input/checks/templates/template_kernel_module_disabled
delete mode 100644 rhel6/src/input/checks/templates/template_package_installed
delete mode 100644 rhel6/src/input/checks/templates/template_package_removed
delete mode 100644 rhel6/src/input/checks/templates/template_permissions
delete mode 100644 rhel6/src/input/checks/templates/template_service_disabled
delete mode 100644 rhel6/src/input/checks/templates/template_service_enabled
delete mode 100644 rhel6/src/input/checks/templates/template_sysctl
delete mode 100755 rhel6/src/input/checks/testcheck.py
delete mode 100644 rhel6/src/input/checks/tftpd_uses_secure_mode.xml
delete mode 100644 rhel6/src/input/checks/umask_for_daemons.xml
delete mode 100644 rhel6/src/input/checks/wireless_disable_drivers.xml
delete mode 100644 rhel6/src/input/checks/wireless_disable_interfaces.xml
delete mode 100644 rhel6/src/input/checks/xwindows_remote_listening.xml
delete mode 100644 rhel6/src/input/checks/xwindows_runlevel_setting.xml
delete mode 100644 rhel6/src/input/checks/yum_gpgcheck_global_activation.xml
delete mode 100644 rhel6/src/input/checks/yum_gpgcheck_never_disabled.xml
delete mode 100644 rhel6/src/input/fixes/bash-ks.xml
delete mode 100644 rhel6/src/input/fixes/puppet-example.xml
delete mode 100644 rhel6/src/input/guide.xml
delete mode 100644 rhel6/src/input/guide.xslt
delete mode 100644 rhel6/src/input/intro/intro.xml
delete mode 100644 rhel6/src/input/profiles/STIG-server.xml
delete mode 100644 rhel6/src/input/profiles/common.xml
delete mode 100644 rhel6/src/input/profiles/desktop.xml
delete mode 100644 rhel6/src/input/profiles/ftp.xml
delete mode 100644 rhel6/src/input/profiles/server.xml
delete mode 100644 rhel6/src/input/profiles/test.xml
delete mode 100644 rhel6/src/input/services/avahi.xml
delete mode 100644 rhel6/src/input/services/base.xml
delete mode 100644 rhel6/src/input/services/cron.xml
delete mode 100644 rhel6/src/input/services/dhcp.xml
delete mode 100644 rhel6/src/input/services/dns.xml
delete mode 100644 rhel6/src/input/services/ftp.xml
delete mode 100644 rhel6/src/input/services/http.xml
delete mode 100644 rhel6/src/input/services/imap.xml
delete mode 100644 rhel6/src/input/services/ldap.xml
delete mode 100644 rhel6/src/input/services/mail.xml
delete mode 100644 rhel6/src/input/services/nfs.xml
delete mode 100644 rhel6/src/input/services/ntp.xml
delete mode 100644 rhel6/src/input/services/obsolete.xml
delete mode 100644 rhel6/src/input/services/printing.xml
delete mode 100644 rhel6/src/input/services/services.xml
delete mode 100644 rhel6/src/input/services/smb.xml
delete mode 100644 rhel6/src/input/services/snmp.xml
delete mode 100644 rhel6/src/input/services/squid.xml
delete mode 100644 rhel6/src/input/services/ssh.xml
delete mode 100644 rhel6/src/input/services/xorg.xml
delete mode 100644 rhel6/src/input/system/accounts/accounts.xml
delete mode 100644 rhel6/src/input/system/accounts/banners.xml
delete mode 100644 rhel6/src/input/system/accounts/pam.xml
delete mode 100644 rhel6/src/input/system/accounts/physical.xml
delete mode 100644 rhel6/src/input/system/accounts/restrictions/account_expiration.xml
delete mode 100644 rhel6/src/input/system/accounts/restrictions/nis_inclusions.xml
delete mode 100644 rhel6/src/input/system/accounts/restrictions/password_expiration.xml
delete mode 100644 rhel6/src/input/system/accounts/restrictions/password_storage.xml
delete mode 100644 rhel6/src/input/system/accounts/restrictions/restrictions.xml
delete mode 100644 rhel6/src/input/system/accounts/restrictions/root_logins.xml
delete mode 100644 rhel6/src/input/system/accounts/session.xml
delete mode 100644 rhel6/src/input/system/auditing.xml
delete mode 100644 rhel6/src/input/system/logging.xml
delete mode 100644 rhel6/src/input/system/network/ipsec.xml
delete mode 100644 rhel6/src/input/system/network/iptables.xml
delete mode 100644 rhel6/src/input/system/network/ipv6.xml
delete mode 100644 rhel6/src/input/system/network/kernel.xml
delete mode 100644 rhel6/src/input/system/network/network.xml
delete mode 100644 rhel6/src/input/system/network/ssl.xml
delete mode 100644 rhel6/src/input/system/network/uncommon.xml
delete mode 100644 rhel6/src/input/system/network/wireless.xml
delete mode 100644 rhel6/src/input/system/permissions/execution.xml
delete mode 100644 rhel6/src/input/system/permissions/files.xml
delete mode 100644 rhel6/src/input/system/permissions/mounting.xml
delete mode 100644 rhel6/src/input/system/permissions/partitions.xml
delete mode 100644 rhel6/src/input/system/permissions/permissions.xml
delete mode 100644 rhel6/src/input/system/selinux.xml
delete mode 100644 rhel6/src/input/system/software/disk_partitioning.xml
delete mode 100644 rhel6/src/input/system/software/integrity.xml
delete mode 100644 rhel6/src/input/system/software/software.xml
delete mode 100644 rhel6/src/input/system/software/updating.xml
delete mode 100644 rhel6/src/input/system/system.xml
delete mode 100644 rhel6/src/output/.gitignore
delete mode 100644 rhel6/src/references/disa-cci-list.xml
delete mode 100644 rhel6/src/references/disa-os-srg-v1r1.xml
delete mode 100644 rhel6/src/references/disa-stig-rhel5-v1r0.6-cpe-dictionary.xml
delete mode 100644 rhel6/src/references/disa-stig-rhel5-v1r0.6-cpe-oval.xml
delete mode 100644 rhel6/src/references/disa-stig-rhel5-v1r0.6-oval.xml
delete mode 100644 rhel6/src/references/disa-stig-rhel5-v1r0.6-xccdf-manual.xml
delete mode 100644 rhel6/src/references/disa-stig-rhel5-v1r0.6-xccdf.xml
delete mode 100644 rhel6/src/references/usgcb-rhel5desktop-cpe-dictionary.xml
delete mode 100644 rhel6/src/references/usgcb-rhel5desktop-cpe-oval.xml
delete mode 100644 rhel6/src/references/usgcb-rhel5desktop-oval.xml
delete mode 100644 rhel6/src/references/usgcb-rhel5desktop-xccdf.xml
delete mode 100644 rhel6/src/transforms/.gitignore
delete mode 100644 rhel6/src/transforms/cci2html.xsl
delete mode 100755 rhel6/src/transforms/combinechecks.py
delete mode 100644 rhel6/src/transforms/constants.xslt
delete mode 100755 rhel6/src/transforms/idtranslate.py
delete mode 100755 rhel6/src/transforms/relabelids.py
delete mode 100644 rhel6/src/transforms/shorthand2xccdf.xslt
delete mode 100755 rhel6/src/transforms/splitchecks.py
delete mode 100644 rhel6/src/transforms/table-sortbyref.xslt
delete mode 100644 rhel6/src/transforms/table-srgmap.xslt
delete mode 100644 rhel6/src/transforms/xccdf-addfixes.xslt
delete mode 100644 rhel6/src/transforms/xccdf-addprofiles.xslt
delete mode 100644 rhel6/src/transforms/xccdf-removeaux.xslt
delete mode 100644 rhel6/src/transforms/xccdf2shorthand.xslt
delete mode 100644 rhel6/src/transforms/xccdf2stigformat.xslt
delete mode 100644 rhel6/src/transforms/xccdf2table-byref.xslt
delete mode 100644 rhel6/src/transforms/xccdf2table-profileccirefs.xslt
delete mode 100644 rhel6/src/transforms/xccdf2table-profilenistrefs.xslt
delete mode 100644 rhel6/src/transforms/xccdf2table-stig.xslt
delete mode 100644 rhel6/src/utils/README
delete mode 100755 rhel6/src/utils/verify-input-sanity.py
delete mode 100755 rhel6/src/utils/verify-references.py
11 years, 9 months
- 4
- 5
[PATCH] transform to support visibility of CCIs
by Jeffrey Blank
This is designed to allow for easy viewing of the CCIs which are
(or aren't) mapped to Rules in the scap-security-guide content and the RHEL 5 STIG.
This is intended to ensure that the scap-security-guide leverages all previous
CCI mapping work from the RHEL 5 STIG for its RHEL 6 content.
Jeffrey Blank (1):
augmented transforms to display CCIs with STIG tables, generate STIG
table sorted by CCI * interestingly, some CCIs referenced in
the RHEL 5 STIG are not in the OS SRG * and CCIs in the OS SRG
are not fully mapped to items in the STIG
rhel6/src/Makefile | 1 +
rhel6/src/transforms/xccdf2table-stig.xslt | 5 +++--
2 files changed, 4 insertions(+), 2 deletions(-)
11 years, 9 months
- 2
- 2